Month: March 2012

Whether you call it ‘visceral’ notice or privacy in context, the goal should be a better understanding of the tacit agreement between parties about the use of information.

I’ll be putting on a 3 hour privacy by design workshop in June. As far as I know, the workshop is free (I’m not making arrangements so I’m not sure). I will post an update in a month or so with more details.

I don’t think the Stanford experiment is quite as amazing as some of the things I’ve seen out of Khan Academy. However, I am taking the Cryptography class and learning quite a lot. But I would say that it’s more like a traditional learning experience: watch video lectures, tackle problems. Slightly more interactive but not revolutionary. I guess the shear size of the audience is what’s revolutionary.

This past weekend I participated in StartUp Weekend in Orlando. From their website: “Startup Weekend is a global network of passionate leaders and entrepreneurs on a mission to inspire, educate, and empower individuals, teams and communities. Come share ideas, form teams, and launch startups.” “Startup Weekend is an intense 54 hour event which focuses on building a web or mobile application which could form the basis of a credible business over the course of a weekend. The weekend brings together people with different skillsets – primarily software developers, graphics designers and business people – to build applications and develop a commercial case around them.”

I’m happy to announce that my team came in 4th place out of 16 teams in the competition. While we didn’t win any direct prizes, we still have an opportunity if one of the top 3 teams fails to incorporate and move forward. Myself and Andrew Miller with assistance from Jeremy Holstein came up with an idea to shift the uncertainty that merchants face in achieving sales to the uncertainty that some consumers are willing to accept in reduced choice of product. If we incorporate and follow through with our business idea, we have a chance for getting $10k in seed money.

You can review our deck though this might not give one the entire picture without the talk we gave along with it. If anybody wants to learn more or invest millions of dollars (Disclaimer: said tongue in cheek not a solicitation for money or an offer to sell :-))

It was so much fun, I wish I could go to Tampa Startup Weekend but I’ll be at the Wall Street Journal Data Transparency Weekend.

I, also, just found out I’ll have the pleasure of attending the NYU/Princeton Conference on Mobile and Location Privacy: A Technology and Policy Dialog.

Matt Gemmell provided a much more detailed investigation into a solution for PATH’s privacy problem in his blog. I only touched upon the need the think about privacy. Kudos to Matt for his solution. Clearly, I need to start writing more indepth solutions to today’s privacy problems.

*Hat tip to Jon Udell’s Wired Article for point out the blog post.

I’ve always had this thought experiment going on in my head. What if subliminal advertising were real? What if by inserting something in my ad, I could guarantee that you bought it? What if it was effective on your 90% of the time? 75%?

What does big data say about us?

A recent post on the InfoLawGroup blog and my recent reading of Ryan Calo’s paper on privacy harm had me thinking.

The disconnect between the government and industry is that industry wants to prevent objective harm, the actual use of the information, and the government seems to want to protect against subjective harm, the knowledge that you are being observed. It would seem, on first blush, that industry doesn’t really get much by making this argument. However, even if they don’t target someone for specific ads, they can still get information about demographics of the audience for more broad based targeting.

The government’s argument should be about the potential for chilling effect on people if they are aware they are being tracked (though not targeted). Though it would be interesting for someone to do an empirical study on this, if one has not already been done.

As readers of my blog will already know, I’ll be attending the Wall Street Journal hackathon, also known as the Data Transparency Project in April. In searching for more information I came upon this one day conference, Mobile and Location Privacy A technology and policy dialog, starting the day of the hackathon. My plane arrives 15 minutes before the conference and I submitted a request to attend, so hopefully I’ll get to spend my day there!

I’ve been thinking about a categorization of information systems as to how they relate to privacy. This has mostly been in the context of and in preparation for my speech on privacy engineering in the cloud. I want to give people a sense of the differences between approaches. So here is my breakdown:

Privacy Pretending is essentially when a system owner says “Trust us. We respect your privacy. Your privacy is important to us” but doesn’t really take any steps to protect or preserve privacy.

Privacy Protecting means information security. Steps are taken by the system owner to protect confidential information, be that encryption, physical security measures, policies or procedures.

Privacy Preserving is the pinnacle where privacy is preserved and by privacy I mean the decision making capabilities of the data subject as to the confidentiality.

When you frame privacy as a matter of decisional control over information, it’s easy to see the three options. Pretending you respect privacy means control is neither retained by the data subject nor are previous indications of what to do with information respected. Protecting privacy means that previous decisions are respected but control is ceded to the system owner. Privacy preserving allows the data subject to retain control.

This article on the economics of privacy shows something that I’ve been saying for a while: people generally won’t pay for privacy but they will choose privacy protective options over privacy invasive ones when the protective options are available.