Re: privacy in OWL

Rigo-
  thanks for your comments to WebOnt about the privacy section in our 
Guide Document.  We have extended our discussion to integrate your 
comments -- here is the wording from the Editor's Draft of the Guide 
document (similar wording in the Editor's Draft of the Reference).
   Please let us know if this satsifies your comment
    thanks
     Jim Hendler for WebOnt

2.3 Data Aggregation and Privacy OWL's ability to express ontological 
information about instances appearing in multiple documents supports 
linking of data from diverse sources in a principled way. The 
underlying semantics provides support for inferences over this data 
that may yield unexpected results. In particular, the ability to 
express equivalences using owl:sameAs can be used to state that 
seemingly different individuals are actually the same. 
Owl:InverseFunctionalProperty can also be used to link individuals 
together. For example, if a property such as "SocialSecurityNumber" 
is an owl:InverseFunctionalProperty, then two separate individuals 
could be inferred to be identical based on having the same value of 
that property. When individuals are determined to be the same by such 
means, information about them from different sources can be merged. 
This aggregation can be used to determine facts that are not directly 
represented in any one source. The ability of the Semantic Web to 
link information from multiple sources is a desirable and powerful 
feature that can be used in many applications. However, the 
capability to merge data from multiple sources, combined with the 
inferential power of OWL, does have potential for abuse. Users of OWL 
should be alert to the potential privacy implications. Detailed 
security solutions were considered out of scope for the Workng Group. 
Work currently underway is expected to address these issues with a 
variety of security and preference solutions. See for example SAML 
and P3P.



At 3:44 PM +0200 5/6/03, Rigo Wenning wrote:
>On Thu, May 01, 2003 at 09:53:12AM -0500, Dan Connolly wrote:
>>  If you have any comments on it, please send them
>>  to public-webont-comments@w3.org
>
>
>Comment on Privacy in Web-ont
>
>It is honorable, that the Webont Working Group thought about
>including something about Privacy into their guide.
>
><for the impatient>
>As usual in privacy, nearly everybody is aware of potential
>privacy issues or has some kind of bad conciousness about it.
>In the absence of real solutions, this bad consciousness is
>discharged by some rather general privacy warning. The result is
>that implementers of OWL will share bad consciousness, but lack a
>solution.
>
>The good news is, that there might be some remedy. The remedy
>lies in OWL itself, as the approach is mainly based on metadata.
>The P3P Specification WG has thought about integrating the P3P
>semantics into the Semantic Web. For this reason -in cooperation
>with the RDF IG- a RDF-Schema representing P3P was developed[1]. It
>might be good to reference this schema and verify, whether it is
>importable into OWL (or what is missing/has to be changed, 
>to make it importable). This way, OWL-Ontologies treating persons
>would be able to also include those persons' preferences. This
>way, the inference engine can respect those preferences (or
>policies attached to an individual).
>
>In the future, we might want to use the preference-language
>APPEL[2] but I'm actually not able to determine if it would
>better fit into OWL.
></for the impatient>
>
>I would suggest the following text. You can still change it as
>you like:
>
>OWL's ability to express ontological information about
>individuals -even appearing in multiple documents-, it's
>support for linking of data about individuals from diverse
>sources in a principled way may raise privacy issues.
>Privacy, by it's definition, protects individuals. Only if
>dealing with natural persons, one must be aware of the privacy
>implications. Goal is to protect against the disclosure of
>sensitive personal data but also against the creation of profiles
>making the individual and it's personality completly transparent
>to others. If we talk about privacy, we want to the opaqueness of
>someones personality and intimacy to the outside world. This can
>be overturned by the individual's will to disclose information.
>As a consequence, there is a need for the individuals kept in an
>ontology to be able to express their preferences. This can be
>done using the RDF-syntax for P3P [link] or APPEL [link].
>
>In particular, the ability to express equivalences using
>owl:sameIndividualAs can be used to state that seemingly
>different individuals are actually the same.
>Owl:InverseFunctionalProperty can also be used to link
>individuals together. For example, if a property such as
>"SocialSecurityNumber" is an owl:InverseFunctionalProperty, then
>two separate individuals could be inferred to be identical based
>on having the same value of that property. When individuals are
>determined to be the same by such means, information about them
>from different sources can be merged. This aggregation can be
>used to determine facts that are not directly represented in any
>one source.
>
>The ability of the Semantic Web to link information from multiple
>sources is a desirable and powerful feature that can be used in
>many applications. However, the capability to merge data from
>multiple sources, combined with the inferential power of OWL,
>does have potential for abuse. Users of OWL should be alert to
>the potential privacy implications.
>
>
>
>   1. http://www.w3.org/TR/p3p-rdfschema/
>   2. http://www.w3.org/TR/P3P-preferences/
>
>Best,
>
>--
>Rigo Wenning            W3C/ERCIM
>Policy Analyst          Privacy Activity Lead
>mail:rigo@w3.org        2004, Routes des Lucioles
>http://www.w3.org/      F-06902 Sophia Antipolis

-- 
Professor James Hendler				  hendler@cs.umd.edu
Director, Semantic Web and Agent Technologies	  301-405-2696
Maryland Information and Network Dynamics Lab.	  301-405-6707 (Fax)
Univ of Maryland, College Park, MD 20742	  *** 240-277-3388 (Cell)
http://www.cs.umd.edu/users/hendler      *** NOTE CHANGED CELL NUMBER ***