What kind of Privacy is the IDESG creating?

Ryan, respectfully, I don’t agree with your plan forward. Also to further this discussion I have opened slots on the IDESG taxonomy wiki where we can capture this discussion and hopefully come to agreement on what we are trying to protect in the Identity

Image by Ann Racuya-Robbins Copyright 2012 — Social Cooperation and Privacy

Ecosystem Framework. I suggest human attributes but whatever is decided we need to build a reference model definition for others to be guided by. As I have already mentioned human attributes and personal information belong to the same domain namely human capability. It is human capability that we are trying to protect and encourage. While Bob’s Pinheiro’s definition has some merit it is too narrow to protect dynamic human capability and is already out of date as to human attributes not to mention the Big Data challenges. This is one reason among many why we need to claim and acknowledge the dynamic nature of human capabilities and align the human attributes these capabilities create with something more encompassing and universal such as human rights. Ryan you said “The IDESG is attempting to create an identity ecosystem framework intended to govern those identity service providers and RPs that voluntarily choose to adopt the rules, requirements, and standards embodied in that framework.” More than that we are working on creating and providing a certification program a “Trustmark” that will enhance the standing of an Identity Providers or Service Provider to potential customers. The IDESG is giving, or giving away something valuable. Distrust in cyberspace and online is growing. If IDESG creates a ”Trustmark” plan that misses the mark by a mile, trust will be even harder to re-establish. Ryan you said “We are not creating legislation and we are not going to regulate the entire internet and mobile world. So—at least to start—I suggest we begin by answering this question within the context of what we have begun to lay out as our target transaction; namely one which is authenticated and involves “personal information” (as suggested above). What security requirements should we seek to put into place to protect metadata in this instance? “ But the IDESG is creating a contract for compliance. The self attestation and assessment has requirements. This is exactly the right place to identify and make clear what we are trying to protect. Metadata can not be left to security alone but must have privacy protections. What is going to happened with the data in providers’ audit and security logs? Metadata is personal information or human attributes and must be protected by privacy whenever it exists. We have not reached agreement that our target transaction is authentication. We must begin with Registration because that is the touch point with human capabilities, human attributes and personal information. User managed access (UMA) while constructive is not enough of an answer. We can’t begin with access. If end users are able to evaluate providers based on informed valuation of what his or her human attributes are worth they will chose the partners that offer them a good value proposition. Any “Trustmark” that obscures that value will not be trusted. Regards, Ann Racuya-Robbins

Human Attributes Arise from Human Capabilities

“Hi Ann – could you please help me understand better by giving a few specific examples of human capabilities, and the human attributes that arise from those capabilities? The description you’ve provided is a bit too abstract for me to get my head around it.”

Thank you for your question Andrew.

Human capabilities are sometimes described as functions. More generally human capabilities refers to things a person can do, how a person can act.

For example, speaking (speech) is a human capability. When, by what means, how long, the pitch of the person’s voice, how loud a person speaks, where a person spoke from, whether a person used sign language… are human attributes that arise from the human capability to speak. Because human capabilities are dynamic and expanding so too human attributes are dynamic and expanding. In cyberspace and online environments human capabilities and the human attributes they create is a dynamic and expanding kind of information.
To protect this human capability, for example, American democracy created a right to free speech (with some provisos) which covers more or less all the human attributes that arise from speaking. For this reason we don’t have a right to speak limited to a device. So for example we don’t have a human right to speak limited to speaking on a telephone. This would limit and discourage the dynamic and expanding human function of speech. If a third party takes the human attributes created by a human capability and uses it to make money we would consider that an appropriation and a violation of copyright.

In cyberspace, online environments and information systems we draw on privacy provisions to protect the human capability and human attributes of speech.

In America there is general agreement (consensus if you will) that limiting the right to speak or appropriating speech erodes social cooperation in a society.

Regards,

Ann Racuya-Robbins

Social Cooperation and Privacy

Personal information is a dynamic and expanding kind of information emergent from human capabilities

Social Cooperation, Human Capabilities and Privacy

An excerpt

Ann Racuya-Robbins

November 2, 2014

What is personal information and why does it matter for privacy and social cooperation?

Personal information is a dynamic and expanding kind of information emergent from human capabilities and life experience. Personal information belongs to each person in the same way that human rights and dignities do and each person creates his or her own personal information. When human capabilities are protected and encouraged human capabilities can continue to emerge and grow. This continues to expand the personal information available. Without protection human capabilities’ personal information will be exploited by the strong against the weak and the inequities in our current societies will be replicated. Generally speaking the protection of human capabilities is the raison d’etre of privacy. Human life and capabilities is the essential source of wealth in the world. Privacy of human capabilities’ personal information is distinct in many ways from the security of personal information. But I won’t go further into that here.

Because personal information of human capabilities is valuable in so many ways including commercially, attempts will continue to be made to separate people from his or her personal information. One of the recent strategies has been to fracture the human life personal information into bits, attributes, such as a person’s gender, hair color, weight, eye color, height, with the rationale that this fracturing separates the attribute from person, making that piece of human personal information available to be exploited without the person of origin benefiting. Similarly there is an attempt to make the “things” of the Internet of Things separate from the person in order in part to exploit and name the device information as something other than personal.

Personal information from human capabilities is, as I said, an emergent and expanding domain. Human attributes and personal information belong to the same domain of human capabilities. Through analysis many inferences from human attributes and or personal information can be discovered, revealed and acted upon. There is no perceptible end today to human capabilities for good. There has emerged over the last 75 years a very clear and palpable end to the human capabilities for destruction. It is fair to say that it is within all of our best interest to reduce the capabilities for destruction and protect capabilities for good.

I also agree with much of Bob Pinheiro’s definition below as a beginning point for personal information.

“So instead I’ll use the term “personal information” to refer to two kinds of information that I believe we’re concerned about: (a) the information that people specifically provide about themselves, as well as information that people directly generate about themselves, and (b) information or “intelligence” about people that others infer based on our observable online activities and behaviors. Included under (a) would be every piece of information that people specifically provide about themselves to service providers, social media, etc., including PII such as name, address, etc. Also included would be our calling and messaging histories, and browsing histories, as recorded on our personal devices. Examples of (b) would be the credit scores that credit bureaus develop about us based on our financially-related activities, intelligence about our preferences, likes, dislikes, etc that third parties develop and sell based on our online activities, and of course the metadata that the NSA develops based on our telephone records.” Bob Pinheiro

Personal Information in Commercial Transactions

Transactions in cyberspace or the internet are unique in many ways. Commonly, for example the entity that owns or holds the data of a website in a server has a built-in advantage over the visitor to a site. In commercial transactions the visitor typically exchanges at least one item of monetary value just by visiting a location—his or her personals ip address and/or a referring site’s ip address. These are personal attributes and information of commercial value “the new money” as Anhil John describes it.

Personal information from human capabilities is, as I said, an emergent and expanding domain. Human attributes and personal information belong to the same domain of human capabilities. Today there is no perceptible end to human capabilities for good. There has emerged over the last 75 years a very clear and palpable end to the human capabilities for destruction. It is fair to say that it is within all of our best interest to reduce the capabilities for destruction and protect capabilities for good.

However, I see no reason why addressing these fundamental challenges are out of scope or need to wait. After all that is one of the advantages of the private sector is the ability to create and operate under contract law.

I recommend that the completion of a Memorandum of Social Cooperation the spells out the fairness of the relationship in clear and understandable language and that protects all parties in a commercial relationship including the equitable resolution of the distribution of the monetary value of personal information. It should be the first step in all online transactions.

How to Measure Human Trust Online and in Cyberspace

Human Trust Experience Metrics

in a nutshell

Online, In Trust Frameworks, In Cyberspace and in the Identity Ecosystem

Approach/Goal

1. Assisting the human user in understanding the user’s evolving vulnerabilities in cyberspace and how an evolving NSTIC compliant certification “Trustmark” facilitates the user in understanding and making informed choices when establishing relationships, within an IDEF Identity Ecosystem. Such choices should be informed as to security, privacy, usability, and interoperability capabilities and protections provided by the NSTIC compliant “Trustmark” presented by a given class or set service providers, community of interest or other IDEF certified entity.

2. Content

Measurement should begin by creating a metrics of

human understanding of his or her evolving vulnerabilities in cyberspace
the ability and satisfaction the human user has in making informed choices online.

Once a human-user understanding-baseline has been agreed upon and established then further metrics can be developed and folded in to the measurement criteria regarding the human user’s experience with other aspects of interacting and transacting with the NSTIC compliant IDEF Identity Ecosystem.

Design Patterns and Human Trust Experience

Responses to questions from Mary Hodder about Design Patterns, the Human Trust Experience and Privacy

Thank you Mary for this thoughtful response. I will be replying over the next several days in a number of ways.

ARR: In Bold

To begin—

Why is Identity_Design_Patterns and related material on its own section on the wiki and not under “User Experience Approaches” or something like that? It makes it seem that there is agreement that this is the right approach and language. I don’t think that has been ventilated. I don’t think there is anything intrinsically more valuable from the individual human user’s perspective about a design pattern approach. It could be but it could not be as well. There are however many privacy and other human rights and human dignity issues involved in extracting human behavioral characteristic from data sets including analyzing those behaviors and making design decisions based on this approach. The larger the dataset(s), while not linear necessarily, the more specificity is achieved in identifying individual human user’s living behavior. Unfortunately we will have to do the hard work of sorting this out probably by context. The context of a natural disaster emergency have very difference requirements than commercial settings where organizations want an individual to buy something. For this reason the ethical considerations need to lead the discussion. I might add that from my experience with Christopher Alexander much of his inspiration for his Pattern Language was to empower individual humans and communities to build their own housing solutions and not have to depend on architects. In our current Identity setting we are not teaching/empowering individuals to express their own requirement but extracting and perhaps modifying behavior.

More comments interleaved below.

From: Userexp_wg [mailto:userexp_wg-bounces@idecosystem.org] On Behalf Of M a r y H o d d e r

Sent: Tuesday, September 23, 2014 6:41 PM
To: userexp_wg@idecosystem.org
Subject: [Userexp_wg] Design Patterns question

Hi All,

In our meeting today, we discussed Design Patterns, generally and specifically (a bit) that Tom has worked on for our group.

They are located on the UXC wiki and here is a specific Design Pattern on Identity:

https://www.idecosystem.org/wiki/Identity_Design_Patterns

I will be adding comments on the Discussion pages on the Wiki as well.

You can find more (there are several) by searching for “pattern” in the wiki search box.

The purpose of Design Patterns or Anti-Patterns is to show a positive or negative pattern of activity that is useful or not useful.

What is a positive or negative pattern of activity? Who decides this? What is useful or not useful? From whose perspective and to what ends? Without answering these questions there is no ethical frame of reference or context.

We sent some time today addressing Ann’s questions and issues around Design Patterns as a category of work

for IDESG, as well as her specific concern about data collection and privacy issues to do with Design Patterns.

My concern is not merely data collection as I have tried to begin to amplify here. But I do think it is an important question to ask who does a pattern of activity belong to? The individual human that generated/created the pattern of activity? A “pattern of activity” tends to make invisible how that pattern of activity was obtained. Obtaining a pattern of activity could also be described surveillance.

Ann, I would invite you to discuss this in email with the group as I have not likely fleshed out your concerns completely.

But I will also say that during the meeting, I couldn’t see how a Design Pattern would involve specific data collection

that would cause a specific privacy violation. I can see that if a vendor or provider used a design pattern, that in their specific

implementation, they would likely collect identifying data about individuals. But the Design Patterns aren’t really designed to manage that.

Doesn’t that depend on the implementation? There is no out of the box guarantee.

Instead, there are places to mitigate this potential problem: 1. for our purposes, a UXC-made Design Pattern will go through a Privacy Committee review.

The role of the Privacy Committee and the Privacy Committee Liaison is to note privacy challenges as the work product is being developed and work to modify the work product to eliminate the privacy challenge before it goes through a Privacy Review.

2. Vendors or providers that want to do something that IDESG would certify, or allow as

a standard, or allow to use a Trustmark, would, if they didn’t protect individual privacy, not pass the Privacy Committee’s

reviews because they wouldn’t comply with the NSTIC requirements.

This is part of the problem I brought up about the complexity of the requirements and interactions including within the Functional Model and “Trustmarks”. There are so many steps and so many processes so many levels of expertise needed to track and evaluate all the moving parts that clarity as to trustworthiness is extremely difficult and more importantly impractical. If someone wanted to create a system where the parts most especially individual human users were to make judgments about trustworthiness someone would not go about it this way! It is dangerous in my view to conclude that IDESG certifications, privacy reviews and standards will solve this problem. It may and it may not. It may for a time and then fail. The important consideration is how much people care about the system they are creating and how much agreement there is about the purposes it should serve.

Our job here is to focus on usability, and usability of privacy issues if necessary. But the Privacy Committee is first responsible for that.

Does that make sense?

They are interdependent and more so in ways that some other working areas may not be.

In my view, Design Patterns are a very useful way to communicate a pattern of activity we would like to see vendors or providers follow,

outside of other concerns like Privacy, Security or Standards, for example.

You may be right about that. However I don’t know that the design patterns so far listed do that. Still I have been trying to get a recording of your session at the Plenary so I can review it. It may be possible to co-create such a pattern.

Lastly, you were concerned about whether Design Patterns were a good fit for UXC to focus on for fulfilling the NSTIC requirements

and since I use them a lot in my other work, I do find them very useful. Others here do as well.

As I mentioned I need to understand what is meant by useful. And how that is measured. I think that discussion could bring a lot of clarity.

Can you elaborate on what the issue is, so that we can understand your concerns?

Or, if you’d like, we can translate the UXC Guidelines doc we have just had the Chairs group looking at onto our wiki,

and try to suss through the options and hierarchy of work possibilities there?

Not sure I understand the choices here. I am planning to comment and provide input on the UXC Guideline doc.

I do want to address your concerns, but also want to keep the group moving, so if we could work through this in the next couple

of days here in email, and then resume our agenda right where we left off, on Tuesday, that would be very helpful.

I don’t think a couple of days is adequate although I do agree that we need to continue to make progress. It has already been a couple of days and I am just now getting to this…to be sure it is not for lack of effort.

Regards,

Ann Racuya-Robbins

Thank you,

Mary

The Human Trust Experience in an Era of Big Data

Consumer, Manager, Domain Expert Proposal
Subtopic: Unmet Big Data requirements

Ann Racuya-Robbins Image — tHTRX Logo graphic

1. Title
The Human Trust Experience (HTX) in an Era of Big Data

2. Point of Contact (Name, affiliation, email address, phone)
Ann Racuya-Robbins
World Knowledge Bank: Human Trust Experience Initiative

3. Working Group URL
https://www.humantrustexperience.net

4. Proposed panel topic: Unmet Big Data requirements

5. Abstract
The Human Trust Experience Initiative’s mission is to use Big Data to explore and lay the ground work for understanding the parameters, characteristics, attributes, information architecture, and reference and interaction models of the human trust experience in motion and at rest. Central premises of this work to be evaluated and interpreted are that:
• The human trust experience is foundational to Privacy, to the uptake of ICT innovation, education and the challenges of democratic governance.
• The human trust experience is a central component of all human labor and to individual and community well-being and survival.
• The human trust experience can be a measure and standard by which we understand and prioritize problem solving.

6. Working Group summary
• Create the human trust experience use case.
• Create the human trust experience context.
• Create a semiotics and information architecture of the human trust experience.
• Facilitate through CMS conversation about the tHTRX in a Big Data context.

7. Number of Participants, data working group began, frequency of meetings
December 2013

8. Target Audience
Individuals, Consumers and Producers of Big Data, Businesses, Government

9. Current initiatives
The Human Trust Experience Initiative

10. Specific Big Data Challenges:
Value, Valuation, Contextual Veracity, Identity, Pseudonymity, Anonymity, Privacy, Vetting, Contextual Vetting

11. Urgent research needs

12. Related Projects or Artifacts The Human Trust Experience: Informed Valuation Project

13. Big Data metrics (describe your data to make a Big impression)
Search, discovery, revelation, creation and analysis of the human trust experience from cyberspace data.

14. Keywords
human trust experience, value, valuation, informed valuation, informed contextual value, informed contextual valuation, contextual veracity, identity, pseudonymity, anonymity, privacy, risk management

Human Trust Experience is not spelled “Functional Model”

We need to intentionally build an id ecosystem that is transparent and open and teach each other how to use it.

We need to intentionally build an id ecosystem—a way for human beings to interact online—that is transparent and open and teach each other how to use it.

Data Marking, data tagging…just another dilemma falling into the metadata bucket. I think in general data tagging and data marking are desirable only from the RP et al point view not the “subject attributes” [sic] human users point of view and I don’t support it. But reasoning that human users can’t understand these concepts is groundless. Instead we need to a much better job of developing information systems using commonly understandable terms, functional models, what have you and letting the ecosystem emerge from the common ground. To wit I am submitting a Minority Function Model Report as a small step in that direction. This common ground needs to be aligned to universal human rights. The concepts being referred to here are not that hard to understand but the infrastructure now being built at IDESG may take a rocket scientist to translate and untangle. That is in part intentional. It doesn’t have to be this way. We need to intentionally build an id ecosystem that is transparent and open and teach each other how to use it.

From my perspective by encouraging individual users to do more “tagging” the server/organization that collects, uses, passes around that tagging simply has more information about that user…how they think…what they do. While problematic, difficult, and posing its own dilemmas for democratic countries, it stands to reason that intelligence and defense agencies would want to use such an approach. Is there something that is not relevant to know about the “enemy”?

Making attributes public doesn’t make them facts nor is the claim compelling that there is little of personal privacy significance. These issues are more or less about metadata. They need to come into public discussion. The IDESG is one of the places this discussion should happen. At last the 800lb metadata elephant is seeming a little less invisible.

For more visit AnnRacuya-Robbins,com

Human Trust Experience Meets Big Data

Developing Standards for a Human Trust Experience in a Time of Big Data

Over the last two months I have been participating in the Big Data Technology Roadmap through the NIST Public Working Group for Big Data. I think one of the needs here is the development of “Standards for a Human Trust Experience in a Time of Big Data”. I have requested to submit such a paper for a discussion group for the upcoming meeting in Washington DC.

Best Practices for Human Attributes

How to Move towards Trustworthy ground with Human Attributes

Human Attributes—all the aspects of a life—in online transaction environments—should progress towards the creation of Standards for the attributes-lifecycle. Such Standards should include how to respect, care and creatively treat those attributes. I think this is the right direction.

I think there should be a base Standard of assurance that will allow for the greatest range of transactions by the greatest number of participants. More on this later. Such a base standard of assurance should be agreeable by all stakeholders including individuals. This will require individuals to better understand monetization of human attributes and the crucial complex of the meaning of human attributes.

To move towards and achieve Standards for the attribute lifecycle a central challenge and dilemma must be undertaken to transparently articulate the relationship between Personally Identifiable Information (PII), attributes over a lifecycle and attributes that create PII through aggregation, provenance or other time related processes. We must acknowledge that PII and attributes are, more or less, on a continuum. The truth needs to be told that privacy requirements are not meaningful without taking on this challenge. I have some suggestions for standards in this area that I would like to forward at the proper time.
Here lie many perils and much promise.