Re: ACTION-255: Work on financial reporting text as alternative to legal requirements

Hi Rigo - 

I appreciate your taking the time - and the willingness to engage in
dialog. However, you really did not directly answer my questions. You are
providing high level examples of privacy issues - most of which will not
be addressed by DNT unless we radically change our approach.



On 10/1/12 4:27 PM, "Rigo Wenning" <rigo@w3.org> wrote:

>Alan, 
>
>On Monday 01 October 2012 13:52:56 Alan Chapell wrote:
>> It would be helpful if you and others were able to provide some
>> more thoughts on the specific harms that you see out there - so
>> that as industry innovates, we can keep those ideas in mind. Thus
>> far, I've heard very little on that front.
>
>I think we talked about the harms many times already. I'm ready to
>repeat them. If you really want to understand the issue deeply,
>there is no way around Beate Rösslers "The Value of Privacy, Polity
>Press 2005". She mainly concludes that the main reason for privacy
>is to avoid the forced reduction of autonomy (of decision making and
>opinion building). There are two high level categories:
>
>1/ Consumer protection
>Data secretly collected and used to discriminate for optimizations
>of all sorts. My preferred one is about plane tickets that you
>select during work-hours. In the evening you negotiate with your
>wife. She agrees. At 10pm you try to book your flight and it is $30
>more. You won't renegotiate the flight with your wife. Now log out,
>use a different browser and a new profile and the flight is still at
>its initial price. As a consumer, you want to be able to influence
>the reaction of the system you are confronted with. You can do
>either by DNT or blocking tools. I can show you how easy it is. If
>this is still an issue in 5 years, this may even be more damaging to
>the industry than DNT ever could be.

How is DNT going to stop this practice? If I'm buying my tickets via
Delta.com, Delta is a 1st party and would not be subject to a DNT signal
for these purposes.
>
>2/ Democratic values
>In confirmation of Godwin's law let me tell you that I think that
>totalitarianism doesn't need computers. But it makes life easier for
>them. The concentration of high amounts of personal data in few
>hands is a risk in the power balance.

I agree - concentration of data in a small number of players is
problematic. How do you see DNT addressing this issue? In fact, I think
one can make a plausible argument that DNT will concentrate data in a
smaller number of entities. I believe that's a horrible outcome that many
in this group may be missing and/or choosing to ignore.

>We've been through that
>discussion for governments in the seventies. We have governmental
>privacy laws and FOIA (the EU countries only start slowly to adopt
>the latter). But the internet has changed things and now massive
>amounts of personal data are in private hands. Here also go chilling
>effects ( http://en.wikipedia.org/wiki/Panopticism Foucault is
>central). Even worse than any possible governmental censorship is
>the self censoring of the people because they fear to be watched.
>This is the key assertion of the 1984 decision of the German
>constitutional court on data self determination.
>
>To burn it down to PCMCP, the former Egyptian government would have
>loved to determine whether an someone is inside Egypt or outside.
>All the world hailed the Internet for helping the revolution. The
>help was effective because the above was not easy.
>
>So there are real reasons. I tried to collect some of them. My
>favorite is the dog-shit case. A woman entered a bank with a (rather
>young) kid on her hand. The kid had dog-shit under the shoe and
>sullied the carpet. The folks in the bank used the video logs
>combined with the ATM logs to find the accounting information, real
>name and address of that woman. They invoiced 110€ for the cleaning
>of the carpet and took it directly from the identified account.

That's an unfortunate scenario. However, that same video tape, etc was
also used to identify the person who helped rob that bank a few days
later. And similar records were used to help someone who didn't receive
the proper credit to his account.

My point - There are going to be legitimate exceptions for the use of
data. And each exception should be weighed on the merits - benefit to
creating the exception vs risks of keeping the exception. My issue with
your approach is that you aren't really explaining what you think the harm
is to allowing my specific exception.
>
>This small misuse may inspire you what you could do if you know the
>entire search history of a person. Or the entire clickstream of the
>last 2 years. For the moment, the possible manipulation is used for
>commercial profit, but we already see the beginning of the use of
>all this in elections.
>
>It is therefore essential that somebody can just indicate to the
>system not to be recorded. And that the system just does not record,
>or at least throws away after a very short time. So DNT is just a
>tiny tool, a little aspect in this overall picture. But it could be
>a useful tool. Now you may understand that recording the same
>information for accounting or PCMCP (a pure use limitation that is)
>is not sufficient for most people.

What are these people you cite? Are you representing the interests of
consumers in the same way that Jeff and John are?
> 
>
>Note that the EU folks can simply ignore this debate as they have
>laws anyway that prohibits you to collect (retain for Roy) or store
>that retargeting - information without a right out of consent or out
>of legal permissions. So this is a debate for the unregulated
>market. How far does commerce go to save democracy? An interesting
>question. For the moment it is just the consumer protection dialog
>we have. And the PCMCP case is good, because it shows that there can
>be a conflict between 1/ and 2/ above, because of measures for
>consumer protection that can only be achieved with more control and
>data collection about consumers.
>
>Best, 
>
>Rigo
>
>
>

Received on Monday, 1 October 2012 20:52:19 UTC