On 26-Mar-15 20:59, Sam Lanfranco wrote:
> Stephanie,
> <br>
> <br>This has been on the agenda and worried about for some time. The
> "connected-car" is but one data source in the Internet of Things (IoT).
> Everything written in this piece will apply to your IoT stove, frig,
> children's coat, garage door, furnace, light switch....you name it. One
> approach is to say all data is privately owned and that the data miners
> have to negotiate for what they have access to within the privately
> owned data.
> <br>
> <br>Sam L.
> <br>
> <br>
> <br>On 26/03/2015 4:59 PM, Stephanie Perrin wrote:
> <br><blockquote type=cite>Folks interested in privacy may find this
> report on the connected car
> interesting, if alarming. The report was written by Philippa
> Lawson,
> a well known Canadian privacy lawyer who was for several years heading
> up CIPPIC in Ottawa. This privacy research was funded under the
> Canadian Privacy Commissioner's grants and contributions
> program.
> https://fipa.bc.ca/connected-car/
> <br>Stephanie Perrin
> <br></blockquote>
> <br>
> <br></body>
> </html>
> </html>
> One
> approach is to say all data is privately owned and that the data miners
> have to negotiate for what they have access to within the privately
> owned data.
Regrettably, this is unlikely to be effective, as the result will be
about the same as the click-through licenses in every software update.
Or the ones that really annoy me - you have to find an 'advanced' button
in grey type on a white background to prevent the default install from
changing your browser, home page & search options. That's mainline
products, like Adobe FLASH - every update, of which there are many. And
all those mobile devices applications... Not to mention Facebook's "we
believe your life should be an open book, so we'll keep doing things to
accomplish that, changing settings, hiding settings, and only say
'sorry' when caught". One reason I've never signed up...
In any case, such rules will be skirted, evaded, and lawyered around -
compliance will be to the letter of the law - and far from its spirit.
Privacy controls are only as strong as their weakest link; it only takes
one one weak element to expose you.
In any case, the challenge is *informed* consent. That's a really hard
problem. Not just the mechanics, the understanding of what you're
giving up. And the IOT just amplifies the problem.
People don't get that all those "free" services aren't. "If you're not
paying for it, you're not the customer. If you're not the customer,
you're the product..."
Who do you think you're going to "negotiate" with? The clerk at the
checkout counter when you're buying that coat, thermostat or
refrigerator? They aren't even empowered to correct a pricing error
without calling a manager. Plus, the terms and conditions will be
inside the box, or flash on the screen during first install. While your
house is cold, are you going to read 5 screens of small print before the
furnace turns on? Or go back to the store when you discover that
"energy saving" means that data about when you're at home is sent to the
utility and its affiliated advertising partners & burglars? I doubt
it. Not only will those facts be buried; when you're cold, they won't
seem as important :-)
I suspect that the only thing that has a chance of working is very
strong penalties, enforcement (which today is rare) and some sort of
central "these are my privacy demands" database. That would help avoid
the erosion on every install/device/update problem. Of course, by now,
"central database" probably has you ready to scream about the privacy
risks of that. Me too.
So I'm not at all optimistic -- privacy is hard, as is educating the
public. And there is a lot of money in invasion of privacy; advocates
will be outspent and out lobbied.
However, that's a global issue. There's plenty to do within this groups
charter - privacy with respect to the DNS' metadata. Trying to solve
bigger issues in this forum will only dilute those efforts and result in
frustration. (Which plays into the hands of the exploiters of our
personal information.)
Let's stay focused.
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
|
