Privacy - Enhanced Attribute Management / Help me understand "Privacy"'

From IIW

Session Topic: Privacy - Enhanced Attribute Management / Help me understand "Privacy"' (Th1J)

Convener: Jim Fenton and Nat Sakimura

Note-Taker(s):

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

The session was co-hosted by Jim Fenton of OneID and Nat Sakimura of OpenID Foundation / Nomura Research Institute.

The session was attended by about 40 people.

Scott David explained the legal definition of privacy and its difference to data protection. Data protection has many laws in the US.

[table to be added]

Hannes supplimented it with explanation of European Directive.

Ian Glazer explained about the gaps between society's expectation and the legal requiremnt drawing a graph on the white board.

[fig to be added.]

Nat pointed out that "right to be let alone" is not about the right to be in solitude but it is about the personal immunity. In fact, it is very close to what we know of as "Liberty".

An audience pointed out that there can be no complete liberty in a society. Scott pointed out that notion of corresponding duty is very important.

Nat went back to Justis Cooley's paper and read out "...".

In addition, Nat quoted a passage from Victor Hugo's Les Miserables.

"From a political point of view, there is but a single principle; the sovereignty of man over himself. This sovereignty of myself over myself is called Liberty. Where two or three of these sovereignties are combined, the society begins. But in that association there is no abdication. Each sovereignty concedes a certain quantity of itself, for the purpose of forming the common right. This quantity is the same for all of us. This identity of concession which each makes to all, is called Equality. "

Then, he explained that the confusion might be arising from the fact that when we speak of privacy, we are just talking about "Privacy (Liberty)" - various rights defined elsewhere pointing out a figure 1 in his blog (http://nat.sakimura.org/2012/05/02/why-privacy-confuses/) . This will certainly results in different definition of "privacy (in narrow sense)" from jurisdiction to jurisdiction.

In the remaining 10 minutes, Jim Fenton explained the potential benefit of encrypting the personal information which is signed by the authoritative data source at the attribute provider including the claim name so that the attribute provider would not know what is being released. Eve mailer pointed out that attribute provider not knowing what has been released may not be so important, and that there may be cases that it would be a disadvante. An audience pointed out that it would not work if the attribute is highly volatile, such as location data.