Consent is Broken – Privacy Implications for SSI

From IIW

Consent is Broken: Privacy Implications for SSI

Wednesday 9J

Convener: Amanda Stanhause

Notes-taker(s): Amanda Stanhause

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Informed consent is broken: privacy implications for self-sovereign identity

Creative Commons - I am comfortable at this level. Broad societal norms of what is appropriate and what is not? Instagram model and work for the government so keep things separate. 

Explore options available vs defaults 

No transparency today

First step is transparency and then can start writing tools to check 

No way to give scoped consent today

Making transparency actionable / revocable

What is the tipping point

As society we aren’t willing to pay for services we are receiving. Paying for it to go online by “informed consent”

Most people won’t know what to do with it

We need some sort of agent or guide

Consent receipts and get delivered to some place. Then businesses analyze those receipts and give you recommendations. 

You shouldn’t be screwed over bc they don’t care about privacy

Social contracts with different social media providers 

To their user experience, it goes away but it really doesn’t (content)

How do you even design consent in a rational way if you want it to be done right?

Sarah Allen Answer: if I want to keep data from a user, how do I keep it for them not just for me and I happen to be holding it for them and they can see all the patterns I’m tracking. Don’t have hidden features. 

A lot of data value is in aggregates. 

Giving them data analysis that might relate to them or show them they are learning. 

Big companies make money off of data. 

Start ups can be disruptive if people like it better they don’t make money off data. 

These companies need to make sure this isn’t a burden 

we don’t necessarily have to get people to care but make it as easy or easier than how it is now. 

Compensation for user if company uses their data. But do I want them to do that with my data is in the first place? Even if I do get money for it. 

Could also get coercive if people don’t have money. So can only the rich have privacy?

We need to be pragmatic about the way approach privacy. Dangerous for us to assume all services on the internet should be free and take care of my data. More and more sites are putting up pay walls. 

If you want content, you have to pay for it. 

You are always paying whether in monetary or loss of your data. People who are poor are benefitting from free services. 

The more data you give out the less valuable it is.  

Looking at GDPR compliance where it is now and where it is going. 

Should be illegal for parents to put kids on the Internet. Personas that cannot be tied back to kid. 

AI looking at behavior but what defaults to start what AI is looking at

Can AI tell what my intentions are and act accordingly?

Browser plugin to look at cookie consent green to red. 

Grades of privacy for search engines but trade offs for making this simplistic. 

Camera surveillance you aren’t owner of home but you are visiting friends so do they have consent to take video of you?

Where is the privacy violation? How long should they have it? Transitive if consent to record but then it goes to another company. 

Should be a sign in front of house that shows consent. 

CCTV example. Private person has been found bc of wrong installation for cctv camera. 

Facebook messaging listening right now. 

Consent makes illegitimate legitimate 

GDPR consent is hardly ever a legal reason for releasing information. Monopoly on data then consent is not legal. 

We will get smarter at defining and finding technical solutions for consent problem. Will it be normal populace?