SUMMARY OF PRIVACY DISCUSSION
Danny O'Brien from EFF's talk Sunday morning -- by RossMayfield
Strong crypto vs. radical transparency. How to define policy when you don’t know which direction the technology will take us. We know that both work against centralized control. Want work to constitutional privacy statute.
Email: illegal to wiretap, warrants required. On a third party server, protections evaporate after 90 days. Gmail was archiving everything for all time, the bulk of your email was no longer statutory protected, and Google was sending Googlebots to run through email for serving ads – bad precedents for machine reading which will be privacy violating. Invasion of privacy by machines.
Geeks are the first to experience new ways of having privacy violations, such as: aggregate information that is revealing (if you know the first name of someone, you can with 700 searches find someone without their last name)
Social graph privacy problem. Radical transparency is viral.
Slow transformation from false belief in security to trying to anticipating security problems. (third step of completely giving up on it?) It isn’t possible for people to design
I wonder if I could sue someone for Liable if they sell my contact information into Jigsaw’s social graph
There was also a BarCampBlock Privacy Session yesterday
ROUGH TRANSCRIPT FROM IRC:
by Liz Henry & Kent Bye
that's my thought, take it and run
danny: geeks have 20/20 hindsight about privacy
No one estimates the undermining of privacy that is potential w/ technology.
Slashdot comment -- if they don't want their privacy violated, then don't upload the picture to Flickr We don't like to admit the truth of that.
Cyberpunks friended him first on Friendster -
kentbye that doesn't mean we can't make policy about openness etc
or about what govt is allowed to do with data even public data. Or, insurance companies
lizhenry: FYI doing a live transcription...
for example all social network and dating site data that's public could get slurped and analyzed and we all get denied medical insurance
Aggregate information is often very revaealing. e.g. Jonathon Moore
ohhh look your friends are all smokers
so you are more of a health risk
no medical insurance for you
that is the sort of thing that is possible, and it is public data, but, we could make laws about how the data can be used
Searching for private information for people -- e-mail isn't given on dating sites. In the future it might become a lot easier. If it's useful.
Joke: May be useful -- People who dated this person also dated this person...
on okcupid you can do a search on someone's email addy and get their profile
i wonder if we shouldn't be logging this in a separate pibb channel
oh look so and so has dated 5 people in 2 years -- health risk no insurance!
JayDedman: People want anonymity? Answer: When we provide info, we have a model for what that means. e.g. uploading flickr: I'm okay here because people can't search for my face.
posts that he made on Usenet when he made when he was 13 year olds are now searchable -- change name at 21 years old -- or give you a name that's not googlible: John Smith
Recapping SOcial network portiblity -- already went through this w/ enterprise
Someone you know shares info about you to someone like Plaxo -- Enter who YOU met. That info can be tracked later and mined.
What if everything you say at any moment is googible at any time?
RADICAL TRANSPARENCY IS VIRAL
woops
"radical transparency is viral" and we leak information about other people
that is a nice phrase gabew
Radical tranparency is viral -- If you're going to do it, then all of your friends are also going to be de facto a part of it whether they like it or not.
it is nice
Brad Fitz does a hash of your e-mail address to find other friends -- It's then REALLY interesting to do this w/ other people. Could probably have people authenticate your info, but this is PUBLIC info. But someone else can do the same thing, and it's really inefficient to authenticate twice.
fix it danny
Is there a fix for this privacy stuff are we just talking about it. Yes. he does.
tantek and brad "even if they were the pure gods of privacy...." hehehehe
Solution 1: See privacy as same geeks see security
danny declares himself philosopher-god-king...
Treat everything like it should be private data
Different mindset: Anticipate and patch insecurities, then you see your system in a totally new light.
Joke: Step 3 is giving up completely on security
thats not a joke
!
har
IT's complex, and we need a tradeoff -- Anticipate how it'll effect people. Classic PR nightmare: AOL leaking search info and reverse engineer who were doing the searches via egosearching, etc.
Think about usability and other stuff, but we need to think about it referenced for down the road.
But It's a rapidly changing target -- how to design for ti --- Answer: only anticipate it
right if the world knew how often we all egosearched it would be pretty damn funny
WHat if your parents had a record of all of your movements from 0-18 years old
hard to do the "protect the little children from their own parents act of 2008"
Hard to protect children from their parents in a statutory sense.
ahhh just chip them all
chip em all and let google sort em out
this is a fascinating session
thanks to liz & kent
Parents go weird when they're parents -- Joke: Let google sort them out...
tantek talking bout extremely rapid cultural evolution
tra la la
Tantek pushing back: Cultural evolution that's extremely rapid -- can't view it in a rear view mirror
"like trying to drive through the rear view mirror"
kent you are taking better notes than me, thanks
When uploading pix to flickr they didn't think that Date would be coordinating w/ location w/ face recogniation -- retrospectively map yourself and your friends.
i have to go take a phone call dammit
Easy to do -- deduce w/ some probability WHO someone is -- WHo is in your social graph -- who you're are
Tantek: That's the Whole pupose of adding social network chaff -- extra data to divert and flood the system -- You can POLUTE the system by adding random people.
Half Joke: But no one other than Tantek knows to do that. Hate to tell you: You're not my real friend. You're my social network chaff
dB admins are last line of privacy -- and so you need hashes in reverse (er something.)
Tantek: Can't design a negative like that -- but you can w/ no logs or filling dB w/ chaff or using introductin probability chaff, etc.
Joke; Market for fakefriends.com -- It's called friendster
Ross; Wants to sue Jiggsaw for selling social graph
Jiggsaw = B2B world -- You can sell Ross' business card to them to Jiggsaw. Ross wants to sue for libel
But it has to be false -- It's a harmful statement to fixed medium. Jokes...
shrink wrap that biz card with a license agreement hehehehe
Privacy laws that define use of the data -- not going to sell your info
Point out that we're over time...
the discussion can continue; nothing else is scheduled in this room
kent i dnot know who you are in the room
Tantek: Good exploitation of privacy -- Mapping out how lobbiest are corrupting govt. Design for "Privacy Leaky" -- to get more info about Govt. What is better for society? Leaky gets more accountable govt.
Video rental info can't be provided by others -- Congressman's porn habits got discovered and BAM -- it's pretty well protected legislatively now.
Bring into privacy debate sooner. What kind of society do we want? Then we can get better anticipatory legislation.
building anticipatory legislation might be possible. it will happen, and we need to get involved in that debate in order to steer it a little.
most of us are not comfortable with this, but if we dont participate then the legislation wll happen without our input (us the software people and net users/creators)
Need to get into the debate, and we can actually steer where we want this to go.
See the transformation in Google -- new kid on the block -- Oops, determinisitic world about technology -- who cares about privacy.
Now they get smacked down -- by the public or even the govt.
Automatic upload photos to Flickr + Face recognition.... joke...
let's all go to the strip club in darth vader mask and voice disguiser with exploding self destruct business models
business cards
hehehe wino kredyt mieszkaniowy sprzedam mieszkanie sprzedam bilet
Health insurance -- can draw protections for how data is used. W/ large institutions. At the moment you can't use health info to determine your rates. But they can determine who your friends are in the future and possibly tie that into their rates
May not want health insurance folks don't do that...
we were talking about these ideas with health insurance last night
Go see SiCKO -- and health insurance is probably a good ending point for this discussion. People breaking up. That's it.