Hi Joseph,
At 07:00 18-12-2013, Joseph Lorenzo Hall wrote:
Many of us from academia (in my case, having recently jumped ship for
civil society) that study privacy are more persuaded by Helen
Nissenbaum's notion of privacy as "contextual integrity". Here's the
skiny in shorter-than-book-length form:
"I give an account of privacy in terms of expected flows of personal
information, modeled with the construct of context-relative
informational norms. The key parameters of informational norms are
actors (subject, sender, recipient), attributes (types of
information), and transmission principles (constraints under which
information flows). Generally, when the flow of information adheres to
entrenched norms, all is well; violations of these norms, however,
often result in protest and complaint. In a health care context, for
example, patients expect their physicians to keep personal medical
information confidential, yet they accept that it might be shared with
specialists as needed. Patients' expectations would be breached and
they would likely be shocked and dismayed if they learned that their
physicians had sold the information to a marketing company. In this
event, we would say that informational norms for the health care
context had been violated." [1]
Much of the scholarship these days in privacy thinking is increasingly
based on this kind of contextual definition of privacy (and in the
U.S., at least, the Obama administration embraced this in a recasting
of fair information principles in their Consumer Privacy Bill of Rights).
At CDT, we argue that "abuse" or "harm" is an anemic framing, and that
there are important privacy interests implicated after information has
been fixed and collected but before any use has been made. See
Brookman and Hans [2], if you're interested in reading more.
Thanks for the links. I have to read the material again.
The health care context is relatively easier to argue for as a
patient would expect that his/her medical information would be kept
secret. There is the legal context for privacy, e.g. see message
from Nat Sakimura about torts. The discussion is usually around that
as the body of work is focused on the legal arguments which have been
made over the years.
It could be said that there are several schools of thought about the
topic. For example, the above (see quoted text) looks at privacy in
terms of the flow of information. It may seem a better fit in the
context of technology. Some people will likely look at privacy in
terms of harm or abuse. It is difficult to argue against that in an
IETF discussion. Privacy considerations, up to now, can be described
as lacking.
Regards,
S. Moonesamy
_______________________________________________
ietf-privacy mailing list
ietf-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-privacy
