[governance] So Who (or What) is Managing Privacy for/by the 1 Billion+

Sun Dec 30 17:17:33 EST 2012

Roland,

On Dec 30, 2012, at 4:04 AM, Roland Perry <roland at internetpolicyagency.com> wrote:
>> As Avri points out, this is probably a contract law issue.
> Privacy (or as we call it Data Protection) is one area that is covered.

My understanding (IANAL) is that  a contract does not excuse either party from obeying the law.  In the scenario you were proposing, I was assuming that the ISP was acting legally in the venue in which it was operating.

> This goes straight to the heart of my original point, which is that ordinary consumers don't see a difference between the connectivity provided by their ISP (to the wider Internet) and the connectivity provided by Facebook (to their friends and their photo albums etc).

Even assuming this is true (I have not seen studies that either corroborate or refute your assertion), I do not believe the solution to this problem is to try to impose a global regulatory regime that defines my rights to privacy just as I do not believe the solution to (e.g.,) spam is a global regulatory regime that tries to define what is appropriate content for email (or pretty much any of the other WCIT hot topics).

As opposed to a global regulatory regime, I think something like EPEAT (epeat.net) for privacy would be a better model.

The fact that some people have confused an application that is operated by a single company with the infrastructure operated by myriad independent entities globally suggests to me that ISOC (et al.) have many educational opportunities, not that we should cater to those people's misunderstandings.

>> There's a reason "security by obscurity" is considered pejorative :). As security by obscurity can't be relied upon, I believe "privacy by obscurity" is functionally equivalent to "no privacy", particularly as data warehouses continue to grow and data mining techniques continue to improve over time.
> 
> That's almost exactly the argument that Facebook is using to justify withdrawing the ability for people to hide their user names from Search.

The fact that Facebook uses the same argument does not detract from the argument.

>> To me, it's simple: if you want to keep something private, don't put it on the Internet, regardless of whether the vehicle for posting is Facebook or anything else.
> So maybe you wouldn't mind me publishing your Facebook email address?

My Facebook email address (along with all other information I've ever put on Facebook) is, as you point out, already published so no, I actually don't mind.

Do you somehow think that my (and your) Facebook email address and other information hasn't already been harvested and sold?

Once again: if I care about keeping an email address of mine private, I would not post it to public mailing lists/social networks/etc. The fact that I agreed to Facebook's terms and conditions means I have accepted the fact that the information I post on Facebook is no longer private. 

> I make a distinction between information that's published to at least a subset of the public, and that which is intended to be restricted to a supplier/customer relationship, like utility billing information.

Ignoring the question of what "subset of the public" means, how does the distinction you make matter when someone discovers one of the myriad security flaws in the web portal for your utility service, downloads all of your utility billing and usage information, and posts it on Wikileaks?

Regards,
-drc

-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t