Notes and Photos from PrivacyAppCamp

Here’s notes from our PrivacyCamp in Mt. View! Check out the CDT flickr account for pictures.


Morning Sessions

  • User expectation / responsibility
    • Privacy responsibility lies with the platform because that’s what the user expects
    • User privacy expectations change with context
    • Should have control over privacy on the fly instead of a single setting that applies to everything
  • Identity
    • Data minimization vs. identifiers = co-mingling of authentication, authorization, tracking, id
      • Authentication proves the truth of a claim of identity, authorization is a permission for an action
      • ID is not always necessary to prove permission, but is used as such constantly
      • If ID is always tied to permission, then all actions permitted can be tied to identity (i.e., behavioral tracking)
      • Is there a way to mitigate this tracking? Can ID be separated from permission and still allow the ease of use users want?
  • Location
    • Location notice and use or storage challenges
      • Communicating to the user about their location privacy is difficult to do when it matters (when it’s being used)
      • You might auth your app for location and then forget about it
    • Children
      • How do you handle parents that want to track location of their child?
      • This might accidentally allow tracking of spouse, others
      • Age identification is hard
    • Apps to trace or log data path
    • Ad-networks make collecting location data easy
      • Ad apps (iApp, etc) make it easy to get location data even if it isn’t needed for the user’s experience
    • Many SDKs default to sharing
    • Location retention isn’t generally addressed
      • There might be location correlation made over time without the user knowing it’s used more than spuriously

Afternoon Sessions

  • Responsibility
    • Platforms manage relationship w/consumers
      • So they bear a lot of the responsibility for managing privacy on behalf of the user
    • Need for government clarification
      • By law or precedent that identifies free speech / intermediary vs. negligence
    • Transparency in Data profit
      • Would be good to show user how the company is using user data for profit
  • Privacy by design / Privacy Apps
    • If you had a formal list of criteria for an app, what would it be?
      • Feedback and control – a stronger voice for users as a part of the development process
      • Data Access
        • Users should have constant access to their information no matter how much the product evolves
        • Right to deletion
      • Privacy fixing SDKs / library
        • One could create an SDK / library for app developers that would generate a privacy subset (location settings, data settings, etc).  Like a privacy framework to jump-start your app with good initial privacy settings.
  • User Experience
    • User as admin
      • The user shouldn’t always have to be administering their user experience
    • Iconography challenge
      • No great standards to represent privacy ideas
    • No negotiations
      • It’s really hard for users to negotiate with corporations
      • How to pool negotiation for good consumer <-> vendor conversation

Filed under: Uncategorized

Guest Post: Alternative Idea for a “Privacy API”

This post was contributed by Sandy Klausner of CoreTalk

The idea of “The Privacy API” was raised at last May’s PrivacyCamp event.  The idea is premised on numerous social websites publishing closed APIs, with no assurance that a high profile privacy mishap could not occur.  Perhaps, event participants can consider an alternative idea?

I recently authored two blog entries on the Science Enhanced Networked Domains and Secure Social Spaces (SENDS) website that address the framework challenge to aid application developers across all platforms in designing privacy for their apps.  The second entry premises that scalable solutions to the identity and privacy challenges require holistic policy-aware software architecture where a user’s identity is fused to a legal entity.  Anything created by a user is traceable to the entity, allowing apps to share personal data that can expand into a rich contextualized cyberspace presence.

The first A Vision for Personal Information Management entry reflects on the current effort to redefine cyber-security and what the opportunities to empower individuals to manage their identity and privacy might look like.  The second entry, A Context-aware Internet, describes a vision for a new Internet architecture that is context-aware, a key requirement to automate and secure online transactions, as well as provide trusted identities and enhanced privacy.  This entry suggests a mechanism to provide users with fine-grained control over their data from a simple user interface, while supporting the rapid development of a broad range of high-value commercial applications.

Such architecture could provide an efficient and resilient information and communications infrastructure for generations to come.  The Cubicon team has done extensive work in exploring the practical deployment of such architecture and warmly invites dialog on the associated opportunities and implications.


Filed under: Uncategorized

About Privacy Camp

PrivacyCamp is an multi-city unconference about privacy focusing on government policy and social networking.