Group Privacy

From IIW

Group Privacy

Wednesday 3A

Convener: Justin Richer

Notes-taker(s): Danielle Johnson

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Group Privacy… what does that mean?... A group discussion on what this could possibly be Small hop link Differential Privacy

Privacy We are building tech systems such that they ask for permission ahead of time

Group Privacy (also a book by Dr. Taylor) How do privacy and consent change when talking about more than one person? My privacy vs my privacy in this group

Define Privacy What group? What are the groups? What type of setting are we trying to protect

Consensus/Group Control over security that involves us knowing what privacy/protection settings exist

Ex: Someone consents to be tagged in a photo on Facebook, but asks that the location is not included. While the person taking the photo has recently shared their location (but does not specify it in the picture itself)

Now the person who asked for the location not to be shared in the person’s photo can be pinned to a location by someone who sees the photographer’s recent location sharing.

One on one comfortability vs group settings where one person is less private and breaks down the whole privacy level (only as strong as your weakest link… or less secure/private in this case)

Vegas Rules: Just don’t talk about it (informal rule which is known, but has no written specifications) Chatham Rules: Formal set of rules, written down and easy to follow… as long as you read them and know them

Socionormative vs technological privacy (what we are trying to solve)

Two individual consents that neither could send individually, but in a group setting, they can suddenly communicate to each other. What needs to be protected here?

Boundary Turbulence. What are the boundaries? What are we hurting by pushing certain boundaries?

We understand endpoint rules (what we are trying to obtain), but how does technology catch up to what we are asking?

Ex: When factories were first established, we had child labor because children were the only ones small enough to get around equipment to fix things. Eventually, technology caught up and we could use machines to take the place of what children were forced to do. We protected children and workers by advancing technology.

Public privacy controls: Even though someone who doesn’t know you posts something with you in it (and cannot tag you), doesn’t mean that someone who does know you won’t see it and identify you. The world of the internet is vast and social media connects us quicker than ever.

How is privacy controlled in a public space? Anyone can take a picture of you and post it however they please Public space causes different behaviors from people because they always have this nagging thought that they might see someone they know (like how some people have a “phone voice”)

Private spaces allow us to let our walls down and express what we want without feeling like there will be many repercussions.

Public space: outside a home (figuratively) Private space: inside the home (but even then, we require specific rules to prevent others we allow in our home to follow the privacy rules that we have set for ourselves)

Rules of what we can apply for privacy are too limited (this is the problem. It’s vague and we don’t understand what we are trying to protect)

Privacy/security vs usability/functionality Usability will always win We want the new shiny right now instead of wanting to make sure it’s protected

Online disinhibition effect (aka general dickwad theory of the internet) We can’t stop what some other idiot is going to do

Facebook has started the idea of Group privacy. Public groups Everyone can see them, and unless a setting is made, anyone can add them Closed groups You can search for it and see who is in it, but you cannot join without permission, and most posts are protected to a certain degree Private/secret groups You cannot search for these groups or see who is in them. You must be added by someone already on the inside

How do we set rules that allow people to understand security and how their choices effect everyone by becoming part of a group?

We can’t control what other people are doing, but how do we get people to follow a policy? How do we do it if we want to? And how do we protect those who do want to follow this policy if someone doesn’t?

When data mining becomes data in the future it may harm us and we may not be prepared to deal with it.

Privacy issues happen at collection, not at the use of the data collected Like with Equifax, someone has your information, but we are constantly forced to wonder if and when it will be used. How do we protect ourselves before and after the collection of the data?

How sophisticated does a user need to be to protect their own identity/information based on what someone else is doing with it?

Knowing a policy, but not expressing what you want from it A big issue of not protecting ourselves… not knowing how

Has the price of privacy become to simply not become involved with society?

Adapting to the newest tools and technology change our sociobehaviors. We as humans adapt as a whole to what technology is and what we expect from it People are changing their expectations of what all these social media tools can do We also bring past tools and experiences and apply expectations to the new tools Different generations have different expectations of things

Even private groups can be leaked (copy and paste, screenshots, etc)

Ideal of platonic solid (Plato) vs shadow of the real world

Design pattern for group privacy over ideal of platonic solid? Can we attempt closest perfection to reach these policies?

Mapping of human interaction onto a graph effecting privacy wishes of certain people (this is a goal to move us towards what time of privacy goals we wish to reach)

Group privacy a subset of public privacy policy? What can we use as a base to build into what we want from something we already have?

Social contracts to respect each other It is typically in our human nature to have some sort of respect for others (even if it’s only those we hold to certain standards)

Specifying language of what it means when someone says “I don’t want my picture taken” Defining the language of human privacy

What’s reasonable to expect? What’s reasonable to ask of others?

As a society, we come up with expectations and rules as we experience things We are building that plane as we are taking off How can we prepare the plane to be ready before takeoff?