PDEC's Blog

PDEC's posts

Send ideas for posts to phil@pde.cc. Guest authors welcome. We love to announce events with notice and to review new personal data designs and products.

Harvard Law Review: Four principles for surveillance law

3 April 2013 by Phil Wolff 4 Comments

Professor Neil M. Richards from Washington University in Saint Louis – School of Law has a paper on The Dangers of Surveillance in the next Harvard Law Review. The abstract’s call-to-action:

I propose a set of four principles that should guide the future development of surveillance law, allowing for a more appropriate balance between the costs and benefits of government surveillance.

First, we must recognize that surveillance transcends the public-private divide. Even if we are ultimately more concerned with government surveillance, any solution must grapple with the complex relationships between government and corporate watchers.

Second, we must recognize that secret surveillance is illegitimate, and prohibit the creation of any domestic surveillance programs whose existence is secret.

Third, we should recognize that total surveillance is illegitimate and reject the idea that it is acceptable for the government to record all Internet activity without authorization.

Fourth, we must recognize that surveillance is harmful. Surveillance menaces intellectual privacy and increases the risk of blackmail, coercion, and discrimination; accordingly, we must recognize surveillance as a harm in constitutional standing doctrine.

[Read more...]

There’s a new pain

3 April 2013 by Phil Wolff Leave a Comment

There’s a new pain.

The public is redefining “privacy” to include new powers. Rights to access personal data. Scope widened to include data co-created with other people and observed data. Frustration Rights to delete, destroy, redact. Granular control over sharing. Protection from casual inspection by employers, family, and governments. Rights to safe and highly private default policies and behavior. Rights to due process and humane treatment. And we demand these whether the data lives in our homes, on our mobiles or on some company’s servers.

These heightened expectations are ahead of corporate practices, government policy, established law, and software design conventions by years. In some cases by decades.

The gap between raised expectations of what’s right and how businesses and civic institutions deal with them makes people unhappy. Sometimes frustrated. Often angry.

This gap is useful. Pain calls for relief, so policy wonks, business suits, and tech geeks have incentives to innovate.

We’re seeing progress. Startups like those in PDEC’s Startup Circle, projects like those demoing at Thursday night’s Personal Cloud Meetup in San Francisco, and teams doing enterprise pilots are coming at these problems from eery angle. They’re all motivated to close the gap.

We must embrace pain and burn it as fuel for our journey.”
– Kenji Miyazawa

Microsoft’s Marc Davis, PDEC’s own Kaliya “Identity Woman” Hamlin and others contributed to World Economic Forum‘s latest report, Unlocking the Value of Personal Data: From Collection to Usage. It’s worth the solid 20 minute reading time dive into how people psychologically value their data, how their behavior is affected by institutional privacy communications and offers, and economic drivers for treating personal data in a socially responsible way.

For a quicker take, see the New York Times’s Big Data and a Renewed Debate Over Privacy from last week.

photo: frustration cc-by-sa Cubmundo.

Sequester hits NIST, spares active NSTIC pilots

31 March 2013 by Phil Wolff Leave a Comment

A few weeks ago, John Fontana at Identity Matters reported NIST’s sequestration budget cuts will affect the NSTIC program management office but spare awarded NSTIC pilots.

The Commerce Department official said, “The reductions required by sequestration will adversely affect all NIST cybersecurity related efforts through cutbacks on travel, contracts, grants, and other operational expenses. NIST currently does not anticipate eliminating or reducing NSTIC pilots or programs.”

Are new (not yet awarded) pilot funds still vulnerable? Will cut travel funds mean the IESG meetings must move to the Beltway to be near the NSTIC PMO staff? Will the PMO be able to staff up as the project grows?

Could the Fiscal Cliff Kill NSTIC? (pde.cc)
White Paper: What Could Kill NSTIC? A friendly threat assessment (pde.cc)
NSTIC-led ID plan earmarks $4 million to secure state government services (zdnet.com)
DMV driving Virginia’s next-gen identity system (zdnet.com)

VRM Day the Monday before IIW

30 March 2013 by Phil Wolff Leave a Comment

Doc Searls (Photo credit: Wikipedia)

Doc Searls announced VRM Day to the ProjectVRM list:

IIW… <http://www.InternetIdentityWorkshop.com> … is happening at the usual place, and the usual way, in Mountain View, CA, in the middle of the first full week of May. Specifically, 7-9 May, Tuesday to Thursday.

VRM Day will happen the day before: Monday, 6 May, somewhere in San Francisco or the Peninsula.

VRM Day is for planning what we’ll work on at IIW, which began by focusing on identity, but includes whatever we want. VRM has been one of the main things for the last few years.

We need a location. Ideas and connections are invited. Last time we met at the Computer History Museum. But it can be anywhere.

Come if you’re going to be at IIW or want to contribute to planning what we’ll be working on.

This year much new stuff is going on and moving forward.

- Personal Clouds didn’t exist as a topic a year ago, although its rhetorical ancestor, Personal Event Networks, did. The difference is that it’s hot now, and possibly at the core of everything else we do with VRM and/or the Internet of Things (or The Internet of Me and My Things).

- Intentcasting was still Personal RFP last year. Now it’s a newer thing, and all the .orgs and .coms working on it are working differently than they did only a few weeks or months ago.

- Persona, formerly BrowserID, from Mozilla, may finally give us social login that’s not in some giant company’s silo.

- Microsoft is clearly drifting toward serving individuals first and corporates second, if all we have to go by is its defaulting Do Not Track in the ON position.

- Customer Commons both exists and is working with Berkman’s Cyberlaw Clinic at Harvard on terms and policies that individuals can assert.

- Tracking and ad blocking are the hottest browser add-ons, and there is a huge need felt by both developers and site-builders for finding ways to harmonize intentions and means toward agreeable ends on both sides. In addition there is a need to harmonize the experiences of detecting and understanding tracking, and viewing the whole complex whatever-it-is that tracking and advertising has become. There is a good chance that advertising folk will be there as well. We need to meet them with open code, standards and intentions, as well as arms (of the human sort).

- Health Care VRM (by whatever name) is heating up. Much to talk and work toward there, including everything happening in QS (Quantified Self). Other verticals, such as real estate and banking, are also heating up and on the table.

- Sovereign vs./+ Administrative identities. This is very much a VRM topic, and at some distance from the administrative identity focus IIW was created to transcend, and continues to bog down identity solutions still. Will Persona make a difference here, since it’s less administrative than anything else that looks like it?

- Personal data in general is, as always a hot topic. This is more in Kaliya and PDE.Cc’s camp, but it’s bound to be discussed at IIW, and we need to be talking to each other about it.

Q. What will be the most important issues in data ownership over the next ten years?

22 March 2013 by Phil Wolff 3 Comments

Quora asked What will be the most important issues in data ownership over the next ten years? My answer…

You’re asking for predictions, so:

familyflyingsaucer By 2022 news services will have reported…

A million people joined a class action lawsuit against Facebook demanding more transparency over personal data re-sharing after a very public crisis.
Courts ruled whether US constitutional privacy rights over personal data can be waived by signing a company’s Terms Of Service or whether those rights are inalienable (e.g. you cannot sell yourself into slavery)
Treaty negotiations failed to harmonize US, EU, Chinese, and other regional personal data laws, leaving very different policies in place.
A large personal data vault was raided by law enforcement on behalf of Big Copyright, destroying and/or releasing millions of private data objects.
A law journal on personal data became required reading.
Twenty companies specializing in the personal data economy reached billion dollar valuations.
Antitrust regulators attempted to force disclosure of how companies use personal data; enforcement failed
Three churches started not-for-profit personal data vaults, protecting members against government inspection.
A consortium of 1000 businesses advocated personal control over personal data.
A last will and testament leaving user accounts and personal data to a family member was contested all the way to SCOTUS.
The extreme disclosure fad flashed wide quickly but left behind a small hardcore subculture.
Courts ordered lawful interception of augmented reality eyeware data streams.
The first movie customized for each viewer based on personal data outsold the sixth 3DD sequel.
A bank loaned money to a business using personal data as collateral.
A bank loaned money to a homebuyer using personal data as collateral.
100 million people left Facebook and Google for a Chinese professional network, bringing their profiles, relationships, and histories with them.
Car companies became large custodians of personal data as worldwide auto fleets generated flood of Vehicle-to-Vehicle data, produced vehicle sensor data, and carried rider/passenger internet communications. They denied car owners access to the data.

These should be verifiable in ten years.

What should I add?

Roundup, 21 March 2013 – Personal Data at SXSW, JAMA, and Pandora

21 March 2013 by Phil Wolff Leave a Comment

It’s been an interesting week in personal data. Here’s the scoop.

Mark your calendar:

STL New Digital Economics, Silicon Valley, 19-20 March
QS SV Meetup with Stanford Medicine X, Stanford, 20 March
Quantified Self Show&Tell, Berkeley, 22 March
Personal Cloud Community Gathering #3, Microsoft, San Francisco, 4 April
PDNYC meetup #2, Manhattan, (early April)
Internet Identity Workshop #16, Mountain View, California, 7-9 May
International Day of Privacy (Anonymous’ @OpBigBrother), 1 June

More events on our http://pde.cc/calendar.

SXSW is just starting to name personal data concerns

PDEC’s Cathleen Ash and Joseph Boyle followed the personal data conversations from SXSW Interactive. See our blog’s sxsw tag for the whole series.

In SXSW starts it off right!, Cat reported on the “Who owns the data?” panel. The big takeaway: for now, data custody has all the power of ownership with little of the responsibility.
A session on cloud identity raised more questions than answers about cloud ID’s fractal and fragmented nature.
Another day in data heaven asks if children should have similar data rights to adults.
Big Data, Better Democracy, the Rise of Analytics brought in IT leaders from the Obama and Romney 2012 presidential campaigns, comparing notes on how data science drives voter and funding behavior.
Cat took in the coercion of take-it-or-leave-it terms of service, seeking new options with more personal power.
Joseph’s field notes from the What’s In A Name? session cover a thorough history of anonymity’s evolution, back from 17th century Europe, through revolutions and civil wars, to more recent times when ideas like collective nyms, stable vs. disposable pseudonyms, doxing, and a growing cold war between anonymization and deanonymization.

A big thanks to Personal‘s Josh Galper for our south-by festival tickets. Made our week.

In our Evernotes…

JAMA Our friends at the Health Record Banking Alliance argue personal data stores are better than health information exchanges for the whole healthcare system. (fyi: HIEs leave patients without control of their clinical data). Smack dab in the Journal of the American Medical Association!

Would you give up your personal data for development? Personal data as a charitable contribution or “data philanthropy.”

Liability Part 1. Google to pay $7 million for collecting personal health, other data

If the Internet is a surveillance state, as Bruce Schneier says on CNN.com, would you mind so much if you had access and control over their observations about you?

Let My Data Go, Pandora!

RIM’s new enterprise software carves out a part of your personal mobile for your workplace apps, web, and data. Sounds like the enterprise counterpart to personal clouds.

NewImage

Stop The Cyborgs organizes resistance to Google Glass ruining what little public privacy remains by banning personal surveillance systems in bars and other spaces. Get your Banned Here signs for your favorite grocery store, pub, or dental waiting room.

Seen the AngelList Personal Data Startups category? 70 startups in that market. 51 under Quantified Self.

TNW’s Dana Oshiro interviewed Doc Searls about the intention economy and ProjectVRM. “Searls: We need mechanisms where customers can signal intent across multiple vendors without being trapped inside any one vendor’s containment system, and without having separately siloed relationships with each of them.”

Image: Henrik Molte via Vimeo. http://vimeo.com/12695095

Care to caption Doc’s portrait?

Until next time.

Phil Wolff,

Anonymous announces #OpBigBrother for 1 June Day of Privacy

20 March 2013 by Phil Wolff

Anonymous today released a video and poster art for its 1 June 2013 “International Day of Privacy” #OpBigBrother action. The @OpBigBrother twitter account has been active for some time, urging opposition to drone surveillance, US congressional anti-privacy bills, and general government intrusion. Summer should be interesting .

Operation BigBrother poster

#OpBigBrother on twitter

Anonymous – International Day of Privacy 02/23/2013 (panoffolin.wordpress.com)
February 2013 Cyber Attacks Statistics (hackmageddon.com)
Community Manager Appreciation Day: 25+ Experts Share Their Social Media Tips (business2community.com) (heh)

Hey, Pandora! Let My Data Go!

20 March 2013 by Phil Wolff 1 Comment

Let My Data Go! project

Pandor

I sent an email to Pandora today.

Is there some way I can download a list of my information from Pandora?
- My channels?
- My thumbs?
- My social follows?
- My listening behavior? (what I actually hear, for how long, and when?)

How about some of the music genome conclusions Pandora draws about my listening? The whole “Phil likes songs with a walking tempo in this channel” thing?

I’d like to analyze my data to see what patterns I produce.

All the best.

- Phil

Pandora, Let My Data Go!

Giving my data back will drive usage and subscriptions.

I will trust you more, feel safer that you know what I listen to and that I always have an out.

I will share more and discuss my Pandora experience more because I have more ways to understand my data and myself.

This little bit of power for me could create a lot of value for you.

I live in Oakland, if you’d care to talk sometime. Happy Listening.

Phil Wolff
long time Pandora listener and fan
Strategy Director, Personal Data Ecosystem Consortium
phil@pde.cc or +1-510-444-8234.

I’m Tim, and I work at Pandora. (pandora.com)
On Tour: 6 Pandora Employees Show Us Around Their East Bay HQ! (refinery29.com)
Pandora limits mobile users to 40 hours of free streaming per month (slashgear.com)

Introduction to Mydex CIC Personal Data Stores

17 March 2013 by Phil Wolff Leave a Comment

Came across this walk through of Mydex CIC’s personal data store products, philosophy, strategy, pilots, and prospects. CEO David Alexander serves up a massive sculpture of personal data joy in spoken form. Light on technical geekery and public policy. Deep on how personal data stores are used by individuals, how they fit into the world of business-process owners, why the Mydex developer platform is interesting to application publishers, and how personal data is changing interaction between organizations and people. btw, Mydex is a member of the PDEC Startup Circle.

If you want to read more about this, take a look at their Understanding Personal Data Stores tutorial.

For desert: Kaliya spoke at a London pub about her view of the future of personal data in Europe. About a minute long…

Sense, Sensibility and Security @ SXSW

15 March 2013 by Cathleen Ash 6 Comments

Sense, Sensibility, and Security @SXSW
(or Focus Fragmented Fractals)

It’s no wonder I love playing in data fields, my OCD librarian traits come to the fore. But as I play, I give way to a little ADD and usually, hopefully, a whole lot of fun. Because what’s the point if you can’t have fun? And while fun might be relative, it definitely needs balance to ensure safety…even more so in today’s digital environment.
I work with teens throughout the school year, so ensuring their safety in the digital world is important. After a Cloud ID meet-up @SXSW, I was speaking with a member of JanRain about how I encourage students to create personas online for various aspects of their life. I do not want them to apply for college with their only email as iamapimpdaddy@yahoo.com, nor should they be posting pictures of underage parties and drinking on their Facebook accounts that proudly display their real names.
The JanRain member was aghast that I encourage students to “break the digital law” of creating accounts, where you are required to put your real information whenever you sign up for services. At present, there is no place in the cloud to create your own personal repertoire of data, shelling out pieces as YOU see fit when they’re demanded as you register for services. Is it coming soon? I hope so. There is currently legislation on the table, a step in the right direction.
What I saw at this wonderful blend of consumers, vendors, politicians, geeks, and fun-loving, cutting-edge technologists that make up SXSW is that the need is now, not tomorrow. And the need is great; start-ups, rights activists, even leading security folks in industry believe regulation of some nature is necessary to ensure companies have a clear map of the digital rights and privacy scenarios on the web.
What was clearly UNclear is that there is no one driving schema to set this up.
At an after-conference hallway tete-a-tete, one young man suggested if you build it, the time will come. Well, it’s time to build it. Actually, it’s way past time to build it. Designing guidelines that protect individual rights and securing personal identity data on the web, while ensuring the companies seeking, using and too oft sharing that data get enough of what they need to survive, is a must. Having at least some form of structured guidance to hand political committees as they begin to look at privacy legislation on the web is what’s needed… right here, right now, else we run the risk of someone else’s agendas determining our use of the web and loss of ownership of our data.
It’s clear there are forays into the process. California is one of a few states that already employ some of level of digital rights legislation on the web. Start from there. What’s good about the legislation already in play? What works for consumers and corporations? Take it and modify it to work better for both parties. Put together the dream digital workbox that takes the fragments of all that is already adopted, seals the fractures that allow digital data bits to slip through, and be ready to hand it to agencies and organizations moving personal ID, privacy and security of personal data forward. It’s going to take sense, sensibility and focus to forward digital rights of individuals on the web in a harmonious, non-fragmented way.

PDEC's Blog

Related articles