We've commonly heard (at workshops in July '10, December '10 and April '11, for example) that W3C should have a venue for discussing and addressing ongoing and upcoming privacy issues. To that end, we're proposing a Privacy Interest Group, with a draft charter now available.

http://www.w3.org/2011/07/privacy-ig-charter

Feedback from the public (and this list in particular) would be most helpful.

I'm imagining this group as a place to discuss new issues (via public-privacy), spin off Recommendation-track work as necessary, develop guidelines for handling privacy considerations and provide advice to other groups for handling privacy in Web specifications. How do *you* think a group like this should function?

Discussion is welcome on this list, or feel free to send me feedback offline.

Thanks,
Nick



Following up on the Princeton workshop [1] and widespread interest from both industry and regulators [2] in standardizing Do Not Track technologies, we're proposing a Tracking Protection Working Group, with a draft charter now available.

http://www.w3.org/2011/tracking-protection/charter-draft

Feedback from the public (and this list in particular) would be most helpful.

Next steps will be to send the charter to the W3C Advisory Committee for review. After that step and approval from the Director, we expect the group to form and work to begin by the end of August.

Discussion is welcome on this list; if you wish to send comments offline, please contact me <npdoty@w3.org> and Thomas Roessler <tlr@w3.org>.

Thanks,
Nick

[1] http://www.w3.org/2011/track-privacy/report.html
[2] http://www.w3.org/QA/2011/06/do_not_track_the_regulators_ch.html


Subject: Comments of Nick Doty on Docket #101214614-0614-01
From: npdoty@ischool.berkeley.edu
Date: 1/28/2011 08:57:00 PM To: ntia.doc.gov Cc: Deirdre Mulligan Bcc: https://bcc.npdoty.name/

Comments are attached.

Nick Doty
Lecturer / Researcher
UC Berkeley, School of Information



Mr. Kravitz,

Back at home near DC for the holidays, I happened to read your article "More body scanners are coming to an airport near you" in Sunday's Washington Post. I'm glad the Post is pursuing this "Agony at the airport" series and found your article to be both interesting, and having just flown home for the holidays, very relevant.

I was concerned, however, about the neutrality of how the TSA's statements were presented. In the infographic accompanying the article there is a list of "privacy safeguards", including the following:

"The TSA and manufacturers say images cannot be saved, printed, transmitted or uploaded. Once passengers are cleared, their images are erased."
Although I agree that the TSA makes such statements (both on their website and to the press), these points are strongly disputed by the Electronic Privacy Information Center, which has argued that the TSA's own procurement specifications documents contradict the TSA's statements. According to those documents, body scanners are specifically required to be built with the capability for storing images and with USB and Ethernet interfaces for transmitting data, though those capabilities should be disabled during regular use. This is a significant privacy concern considering the potential risk of security vulnerabilities and the unknown number of employees who can turn these capabilities on and off.

I recognize that limitations of space prevent you from including every relevant detail, but it seems misleading in the list of privacy safeguards to cite a TSA assurance without at least acknowledging the ongoing dispute and lawsuit.

Thanks,
Nick Doty

P.S. Also, I applaud the Washington Post on providing email bylines at the ends of articles, which enables electronic feedback even for articles in a paper newspaper. I hope that you generally find readers' responses useful.


Subject: Wikileaks vs. sunshine laws
From: npdoty@gmail.com
Date: 1/28/2010 04:12:00 PM To: Ben Cohen Bcc: https://bcc.npdoty.name/

Hey Ben,

Do you have any particular thoughts on today's Wikileaks release of confidential diplomatic cables?

I've thought about writing in depth about this myself, but I feel both underqualified and overscheduled (grading, PhD applications, syllabus writing). I figure with your experience with San Francisco Open Email, you've probably seen most of these issues in real world specific examples, as opposed to my blanket speculation.

What surprises me is that in some ways I'm more bothered by this release than by the war memos release. I feel like releasing wholesale dumps of diplomatic cables discourages future use of these internal tools for discussion of diplomatic strategy and strains international relationships in ways that are unnecessary and unhelpful.

I'm not sure if the California Public Records Act has a provision like this, but FOIA contains exemptions not just for national security and individual privacy but also "deliberative process". You can't get internal agency email discussions or meeting minutes discussing an ongoing topic using a FOIA request: Congress decided that to open up such documents to public release would discourage frank internal discussion in recorded media like email, and that would hurt the actual process of government more than it would help in the sunshine disinfectant way. Similarly, "executive privilege" is asserted by the White House for the sake of protecting and thus promoting "candid" internal exchanges in giving advice to the President. It's easy for secretive, corrupt or simply oversensitive governments to abuse these exceptions of course, but they nonetheless seem reasonable to me. Frankly, I want embassy employees (full disclosure: I once was one) to be able to freely, efficiently and effectively share their on-the-ground wisdom with others in the State Department; I want the US government to be planning negotiating strategies with foreign governments based on their personal readings of other officials; I want the Secretary of State and the President to be aware of the latest rumors, confidential reports, sensitive meetings in various countries around the world.

Perhaps my interest in this area is in the privacy question involved. Not just privacy in the narrow sense of personal individual information being disclosed to the public unexpectedly (though that's an interesting consequence as well), but privacy in the sense that the flows of information, or more specifically the lack of flows of information, can substantially affect various communicative practices that we think are valuable. Did you see any evidence in the police email project that police would be hesitant to use email for important discussions if they knew it would be made public? That investigations would regress into hard-to-search paper records and backroom conversations instead of electronic systems? In the same way that our personal relationships only really work if irrelevant or inappropriate information can be kept out of the way (sometimes a challenge on Facebook), government processes can only continue effectively if not every email and document is released in a paroxysm of radical transparency.

And I wonder even if this doesn't hurt the cause of open government. If WikiLeaks hadn't released all the cables but had just shared some of the most important ones with the New York Times and other news organizations and those organizations hadn't decided to just publish whatever was interesting but use them as starting points for investigative reporting backed up by various other sources and limited in scope, wouldn't the check on government be just as effective while the harm to the diplomatic process was minimized? If the State Department responds to these releases by keeping less information in electronic form, will the New York Times future investigations into particular important topics actually be held back by the lack of records?

Where else should we be reading about this? I think that "Against Transparency" article from Lessig is a pretty great start, but are there other (perhaps more empirical) examples people should be talking about? Are there excerpts or conclusions of your report that we should be talking more about in relation to this?

Anyway, would love to hear your thoughts. Hope all's well in the City, and that you had a pleasant Thanksgiving.

Nick