Privacy Revisited - Protect and Project

LIFT France 10
7th July 2010 Marseilles

This is the text of my talk, the presentation slides can be found

in a separate file on scribed.

Introduction
Privacy is not a configuration of settings, it has little to do with
privacy policies that you find on websites. It's my own policy
that governs my behaviour. Privacy is certainly not dead, it is
essential to my autonomy and identity.

I'll be talking about the Mine! and VRM - a couple of projects

that take the view that privacy starts from the individual user,
not a platform or a web service. They are both based on the
need for users online to be the point of integration for their data
and its sharing. Privacy is 'protected' and 'projected' through a
'user-driven' design as well as through UX/UI.

As an individual interacting with others I am the best judge of

my privacy requirements. When I talk to my friends I know what
to tell them and what not to share. If I mess up, I suffer the
consequences and learn not to gossip with those who betray
confidences.

Beyond my immediate social circles and when money or

reputation is at stake, I need to understand the consequences
of sharing information so I can manage my privacy. But if my
privacy is not up to me to manage, there can be no demand for
such knowledge to be available. As a result many people have
no idea about how their data is used and abused.

The best privacy settings are in my head. At the moment, I

have little ability to ‘execute’ my privacy policy. Why assume
that such ability has to come from the legal world and why not
start building tools that help individuals manage their data and
help them to determine their privacy behaviour themselves?

*[Privacy regression
Privacy is under threat because our autonomy online is under
threat.

From technical perspective, the regression of privacy can be

associated with the rise of platforms - platforms own your data,
your interactions and ultimately your ability to share or withhold
that data. That goes to the very heart of privacy.

From commercial perspective, anything that helps others

influence your behaviour and decisions is of value - your data
reflecting your preferences & choices is a perfect means of
doing that. So getting access or ownership over that data is
valuable.

From practical perspective, anything that make my life easier,

convenient is preferred by the user, no matter how much the
tool or application deprives the user of autonomy or has
undesirable long-term consequences. From potential loss of
data and archives, to downtime and narrowing of functionality
and other limitation such as censorship. ]

Behaviour and ownership

There are two levels on which privacy needs to be considered:

behavioural i.e. sharing

ownership, access or control of your data (meta-data, logs etc)
a) what can YOU do with your data
b) what can OTHERS do with your data
They are intrinsically linked and I'd argue you can't have the
first without the second. I'd also argue that people tend to think
of one or the other, depending whether they are coming from
the client or the server side...

Why does the second point matters as much, if not more, as

the first. Because privacy is not “the one secret I don’t want
revealed” The problem is all the stuff that I create in my online
existence - the data dandruff of life, which is not secret in any
way but which aggregates to stuff that we don’t want anybody
to know. It also aggregates to predictive models about us that
we would be very creeped out could exist at all.

So what is to be done?
There is much wailing and gnashing of teeth over Facebook's
encroachment on users privacy. This goes for most platforms,
web services and applications but Facebook is the poster
whipping boy for this one, to mix metaphors. And for good
reasons.

And yet, their user base does not diminish. FB does something
useful for people and until better and freer and more privacy
alternatives exist it will continue to grow.

But privacy matters and unless we have autonomy, i.e. freedom

to pursue it, it will be elusive.

Privacy remains an issue with such web services and platforms

- as long as I have to depend on a third party to protect my
privacy, it will be exposed by accident or incompetence, force
by authorities or abuse - marketing and advertising.

*[More than binary choice

Privacy has become a binary choice, often regarded as a more
or less acceptable trade-off that 'consumers' are only too willing
to make in return for some benefits to them.

I tend to think it is an issue of choice. If there is no meaningful

choice and people feel this, they might just as well forgo a bit of
privacy in exchange for what appears tangible benefit to them -
a discount, a better deal etc, but as tools arise to help people to
take charge of their own data, their mindset will shift too.

So on the practical level online privacy is about creating tools

that help the individual to control access to data to the point
where he/she decides directly who gets to see what, without
reliance upon a third party or an intermediary.]

*[Privacy tolerance
Peoples' tolerance for privacy violations will decrease, just as
our tolerance for lack of connectivity or quality is dropping;
these are different issues but the same behaviour pattern. For
now, we are used to our data not being 'respected' - that the
choice we have with regard to our privacy is only a binary
choice: either you play and give up your data or you don't and
exist in splendid isolation. The latter is not a way to benefit
from the web, whether it comes to social networking or
shopping.

People do care about privacy and examples of how easily they

give up their data in exchange for trinkets are not convincing.
So until people feel that they have a real choice such skewed
behaviour is not illogical.]

*[Privacy settings are not social

At the moment I don’t drive "who gets to see what" beyond
simple decisions about who is ‘in’ and who is ‘out’. Social
interactions and relationships are far more granular than social
networks allow them to be. Usually, this is seen as a privacy
issue and leads to complicated access management, e.g.
Facebook privacy settings.

Privacy is merely the other side of the coin of complexity in

human relationships. My ‘privacy settings’ are inherent in my
behaviour. My privacy policy should not be embedded in any
software. Software privacy settings limit my ability to be truly
social i.e. capable of maintaining complex relationships and
interactions with others, arguably the purpose of such tools.

Truly social software needs to satisfy both requirements of

online life - to allow its users to organise their data according to
their needs, and to support people’s relationships as defined by
themselves.]

*[Privacy as policy for behaviour

Privacy may be a policy of the individual, but not in a sense of a
privacy policy for the individual chosen from a given selection in
(say) the style of "Creative Commons".

There is a huge difference: for instance, I have a policy about

who I let into my house. I don’t need to display it on my doors
or attach it to my address or business cards. It is far more
convenient and flexible for me to decide there and then, when
someone’s knocking at the door. It is my implicit privacy policy
that kicks in. Sure, I don’t want junk mail or door-to-door
salesmen but just because I can display notices to that effect,
doesn’t mean that is the way to deal with the rest of the
humankind. Online privacy is about creating tools that help the
individual to control access to data to the point where he/she
decides practically and directly who gets to see what - without
reliance upon a third party or intermediary.]

Building privacy systems, instead of letting people implement

their own privacy 'policies', makes privacy an awkward bolt-on
when it should be natural and integral to our behaviour. The
more people who learn what "privacy" means and understand
its merits and the price of its abuse, the better ‘policies’ they
can devise for themselves...

Bazaar: conversations, relationships and transactions

Yes, markets are conversations - as the Cluetrain Manifesto
states, but they are also relationships and transactions - as the
anniversary edition of Cluetrain adds.

Imagine a marketplace - a bazaar, souk, your local stall market

- you can talk to the stall holders, the sellers about their
product, you see the person, not the company first. If you
frequent the market, you might even recognise the seller and
develop more continuous conversations i.e. relationship. And
occasionally you buy something, i.e. transact. These
components of market exchange are not evenly distributed but
they are all part of a balanced commerce. In theory.

Alas, the modern commerce is all about transactions.

Advertising and marketing are not conversations, CRM is not
relationships…

The social web at least has brought some changed about...

I have far more conversations than I have relationships -

already true.
The number of transactions is smaller than the number of
relationships, in other words, not all relationships lead to
transactions - at the moment, my transactions are not a
result of conversations and relationships with vendors.
Conversations and relationships are sound foundations for
transactions - already my conversations and relationships
with friends and contacts are increasingly affecting my
 decisions about who to transact with but still a long way to
go.
It's not all about vendors; the conversations and relationships
are with my friends and contacts - vendors need to
become part of my network in order to improve
transactions

When it comes to transactions we have little to almost no ability

to influence it. Offline you go to a shop, you buy a product and
you pay for it at the till. Online, you go to site, you jump through
various hoops to buy a product. We have a long way to go to
redress the current balance of power between vendors and
customers.

Customer-vendor see-saw
Customers and vendors are in a locked see-saw with one side
hugely outweighing the other. Like with a real world see-saw in
such position, the fun is spoiled for both.

VRM is about providing customers with tools that make them

both independent actors in the marketplace and better
equipped to engage with vendors.

This is not possible when all the tools of engagement are

provided by suppliers, and all those tools are different.

VRM Principles
Relationships are voluntary.
Customers are born free and independent of vendors.
Customers control their own data. They can share data
selectively and control the terms of its use.
Customers are points of integration and origination for their own
data.
Customers can assert their own terms of engagement and
service.
Customers are free to express their demands and intentions
outside any company’s control.
Free customers are more valuable than captive ones.

All these can be bridged by the last principle… VRM is based

on the belief that free customers are more valuable than
captive ones — to themselves, to vendors, and to the larger
economy.

Balance of power
By giving individuals tools to redress the balance of power, the
pressure from customers should help level the playing field.
Independence from vendors, platforms or anyone who would
like to benefit from your data without permission will be key.

One of the ways is to help people to become the point of

integration of their data - that will serve as a springboard for
their ability to manage, analyse and mine it in ways that’s
currently not possible.

Types of personal data

Speaking of data and personal data in particular, it ain’t what it
used to be... There are now several kinds of personal data:
date of birth, address, phone number, passport number, social
security number, mother’s maiden name, etc

This kind of personal data is mostly static, your address or

phone number can change from time to time, and although it is
possible to change your name, the date of birth or your
mother’s maiden name is unchangeable. This is the *last* kind
of information I would share online, usually if it is required for a
transaction, and even then I think twice.

Then there is the kind of ‘personal data’ that came with the
web, is the 'data pertaining to a person' - created, collected and
shared by a person. This data is dynamic, at any time only a
snapshot of the person and the more data can be created and
captured, the more granular and valuable it can become.

On the web such flows of data often act as a proxy for a

relationship. People subscribing to my blog, Friendfeed, Twitter,
Facebook updates etc. perceive such data as personal, as in
related to my person and yet, its existence revolves around
sharing it with others. As a result, we have few means of
harnessing the dynamic data i.e. making it work for us further,
though we have many ways of generating and communicating
it.

Another type is data that others collect or have about me,

whether or not I have access to it myself. Click stream, meta-
data, logs etc. The 'end user' is often not aware of existence of
such data, let alone allowed to control or manage them.

Fractured online existence

On the social web, the number of third-party defined spaces
designed to ‘contain’ bits of my data - photos, content,
relationships, transactions, purchase history, locations,
knowledge, privacy requirements - grows by the week.

They allow me to create stuff and share it with others online.

This is all good and empowering. But over time, my fractured
existence across various platforms becomes evident.
Currently, I lack the means to perform three simple functions -
capture, manipulate and share my data on the web before and
above anyone else and on my own terms.

Personal data vision - my data in my hands

I want a place where my data lives in its raw unrefined form and
is under my control so I can apply functionality that helps me do
what I want.
Another reason for privacy is ability to analyse your own data,
in ways that nobody else can, adding value to the data sets
only I can - context, understanding, direct knowledge etc

There is value even before sharing, getting to know my own

behavioural patterns, verifying or disproving my impressions (I
really do drink more than I thought), countering the cognitive
biases human mind is so easy to adopt (it always rains in
London but actually the records tell otherwise).

For example, I'd like to be able to learn from all the data and
purchase history I have on Amazon, in a place that I can call
my own. I'd like to mine or analyse it myself. Combine it with
my reading habits, travels (to make sure I have reading
material for those long airport waits), with my calendar for
people’s birthday to buy them a book, with my notes on
vendors i.e. Amazon's payment and delivery practices, my
purchase history, my opinion about their prices, publishing
trends and then share that with my friends as I see fit.

The Mine! Project

Mine! strives to be user-driven and to see how much privacy
awareness and user 'policy' can be done through UX/UI, which
need to be immediate, intuitive and actionable. This means that
the user has to see, understand and be able to act on the
implications of his or her actions on sharing and disclosure.
Mine! can handle granular to obsessively detailed control over
sharing of data.

[It has to allow for certain messiness in 'ontologies' - the only

ontology that made sense is the one created by the user. Tag
taxonomies are not ideal but all the others are an imposition.
In other words, Mine! allows you to release your inner librarian
or OCD geek for your own data organisation or just enjoy more
specific sharing with others.

Mine! also try to increase privacy awareness by providing and

displaying various data that inform the user about what's
happening to their data/objects they create and share, namely
meta-data and access logs (slides 17-20).]

We always looking for people to join the project, whether as

coders, UI experts or users who don't mind a bit of a rough ride
in the early days.

For more information about VRM or the Mine! project see

www.themineproject.org and/or contact Adriana Lukas:

adriana dot lukas at gmail dot com

___________________

*text between square brackets [ xx ] was not included in my

LIFT presentation but is part of my talks on privacy