Monday, October 03, 2005

Do you trust me?

I have talked a lot about Link Contracts lately, so why stop now. As I have said, Link Contracts are composed of several, signed, parts. Some of the parts are network enforceable and some are not. The non-network enforceable bits are meant to be enforced in some social system of accountability. These non-network enforceable bits are what I refer to as the ‘Terms and Conditions’ of the data sharing. The bit that says “You may not sell my data. You may not use my data for any purpose other than the original purpose of this agreement”, that kind of stuff. The problem with these terms and conditions is, they aren’t meant to be network enforceable or, therefore, machine understandable.

So if we don’t do this right this is what happens:

I address an email to you with your i-name. My email client asks your authority for your current email address. Your authority returns a response that says; you can have that info if you agree to these terms and conditions. My client is meant to sign these terms and conditions and return them to your authority in order to get the data I require. SO, the problem is; I don’t want to read some terms and conditions every time I do anything that involves someone else’s data. You know I’m not going to read it anyway, but I don’t even want to have to do that extra click. I mean, who knows what’s in those terms and conditions? What’s to stop you from adding some line 20 pages down that says “By signing this agreement you agree to pay me $500”. If this is how it worked, the Dataweb would be broken before it even started.

So… what do we do?

Rather than us all writing and using our own DSA (Data Sharing Agreements; terms and conditions) we will use ones provided by ‘trusted third parties’. I can read IDC (Identity Commons) Standard DSA #5 once and setup a preference that I am always willing to accept data under those terms. So in future when I ask for your email, you will say “under IDC DSA #5 (version 1.3)” my email client will simply sign the contract and send it back.

Now, the reality is, I’m probably not even going to read the IDC DSAs but that’s the point of having it provided by an organization that is ALL about trust. I know that if IDC publishes this DSA under their name… it must be ok. Ultimately there may be other organizations that provide DSAs that we can all trust, or at least use; Visa, HIPAA, SEC, etc…

For now we need to bootstrap this ecosystem. I have worked with Owen of IDC to outline three basic DSAs that can get us started;-

1. Basic – This one will put some simple constraints on the consumer of the data to ‘respect’ the owner’s privacy. This is the first real step toward giving the individual some control over their virtual self. It will include:
    • No selling my data
    • No giving my data away
    • Only use my data in the context in which this agreement was forged
    • Upon request or discontinuation of this agreement you will anonymize or remove my data, remove all PII (Personally Identifying Information) and any contact channel information (address info). I call for anonymization as an option as companies must have the ability to execute their operational reporting and auditing.
2. Wild West – This is for the organization that wants to take advantage of the higher quality data source that the Dataweb provides, but cannot, for technical, business or other reasons, conform to the restrictions of the Basic DSA. Accepting this agreement would be no different from filling out a registration form at a service today, just easier for all concerned.

3. Full Empowerment – This agreement is for the truly forward thinking organization. Under this agreement the requester of the data offers reciprocation. They say they will give you a copy of your transaction records in exchange for having access to your data. In practice this would mean that I give netflicks access to my contact info and they will, automatically, programmatically, give me a copy of the list of movies I have rented ( and how much I spent, and how long I kept them and all that good stuff). When the contract ends, I still have a copy of that information that I can take with me to my new movie rental provider.
I characterize option 1 as individuals having privacy statements instead of organizations. Option 2 as, status quo and option 3 as the next step in the evolution toward a fully empowered consumer.

Ultimately, I believe, option 3 evolves to a point where vendors simply use our repositories as the place that they keep the data about us. By giving us that level of control, and trust, and respect; why would we go to another vendor?

Please let me know if you think we need another DSA, or that I am totally off base!!


=andy.dale said...

I've been reading your posts about link contracts. One thing I don't see mentioned is the issue related to "limitations" or "exceptions". What I mean is that in certain circumstances a contract between two parties may well be binding as to those parties but might not bind parties such as the government. I'm thinking about court orders etc that would allow the government access to data regardless the enforceability of the contract relative to the two "principle" parties.

I'm not sure where and how this might be handled but it is worth some consideration in my opinion.

-Aldo CastaƱeda

=andy.dale said...

Your post on DSAs contains a lot of useful aspects.

The basic idea you are pursuing is great. Most people, whether individuals as consumers, or IT folk, or business people are looking for the answer to "how do I...?". They need to benefit from the deep thinking, but really are looking for a tool, like these standardized agreement types.

Regarding "full empowerment", I have two (negative, unfortunately) comments. First, this doesn't seem like a practical method. There are so many interactions between individuals and organizations, and between organizations, that managing all those mini-info-stores would become onerous. It's even worse than trying to remember today what privacy policies you've supposedly read and agreed to. Second, it reinforces the concept of commoditization of personal information. Even if I, the owner, am the one doing the transacting, I'm not sure this should be encouraged.

There are a couple of tricky areas in the basic DSA that I would like to point out. (I don’t have answers to suggest.)

The point about “context” doesn’t provide a way to define it, so that both parties have a common understanding. For example, one party may think the context is narrow, focused on the immediate transaction, while the other party may see a broader relationship or purpose. Or, one party may be part of a larger organization, and it wouldn’t necessarily be apparent if the DSA applied to the smaller or the larger entity.

When/how does an agreement get “discontinued”? There are many situations where there wouldn’t be a clear end-point. For example, if I give Amazon personal information to fulfill my order, I also am accustomed to them keeping it to facilitate future orders. How do they know when our agreement ends? There is also no concensus in the privacy world (as far as I know) as to whether permission expires on principle.

Lastly, to further flesh out what a DSA is, could you highlight how your approach differs from P3P?

Thanks very much.

John Matyskiel