Interesting discussion. I am not sure the following
will help, but I have to agree that any standard for an interface or encoding
explicitly (or implicitly) supports the ability to lie. In the OGC, we
always live with the adage that "maps can lie". While our interfaces
or encodings would allow an application to access and communicate bad data (the
lie), we do not have any specific parameters or encoding rules that would allow
for the changing or degradation of the content being communicated. How content
is massaged at the client side or the server side is application dependent and
could any "massaging" of content to be misleading would be the result of a user
setting specific preferences at the application level - not at the
encoding/transmission level.
So, for what its worth, the following is from the
OMA/LIF Privacy guidelines. They are basically saying that user preferences
control what the application does with location - and that the encoding
should do noting more than transmit location and metadata for
location. I should point out that there is the Mobile Location Platform API for
transmission and encoding of location content from the location gateway server
(the thing that captures location) to the application server (the thing that
processes the location).
Cheers
Carl
Principles for the handling of personal data
were developed in the seventies as a reaction to the ability of computers to
process registers of personal data fast and in an automated manner. The purpose
of the early principles was to prevent the misuse of the technology. Fair
Information Principles (FIP) for handling personal information have been
formulated by many organisations. The OECD (Organisation for
Economic Co-operation and Development) formulated its principles in 1980, and
these are commonly accepted as a good baseline for proper handling of personal
information. The relevant part is quoted in appendix i. For location based
services these principles are directly applicable. It is strongly recommended to
comply with the OECD FIP guideline. In addition it is also recommended to comply
with the following principles. The intent is to sharpen the OECD principles
specifically for location data.
1. Collection
limitation: Location data shall only be collected
when the location of the target is required to provide a certain service.
2.
Consent: Before any location data collection can
occur, the informed consent of the controller has to be obtained. Consent may be
restricted in several ways, to a single transaction, certain service providers
etc. The controller must be able to access and change his or her
preferences. It must be possible at
all times to withdraw all consents previously given, to opt-out with simple
means, free of additional charges and independent of the technology
used.
3. Usage and disclosure:
The processing and disclosure of location data shall
be limited to what consent is given for. Anonymity shall be used when the
service in question does not need to know the identity being served.
4. Security safeguards:
Location data shall be erased when the requested
service has been delivered or made (under given consent)
aggregate.
From this it should be clear that the LIF recommendation is to offer
location services in such a way that the controller must be able to give his/her
informed consent for collection and disclosure of location data. This consent is
referred to as the opt-in principle in this document, in contrast to the opt-out
principle, where the controller actively must decline location data from being
shared with others.
This is one small piece of the LIF Privacy
document
----- Original Message -----
Sent: Wednesday, September 17, 2003 4:29
PM
Subject: Georpiv and actively
lying
> comments below
>
> ** I've added the Geopriv list to
this discussion because this thread has
> whittled down to the one issue
(lying) and it hasn't been commented on yet
> there, and if a previous WG
agreement is being called into question (which
> is OK) - more people
should see this discussion
>
> At 05:48 PM 9/17/2003 -0400,
Jonathan Rosenberg wrote:
>
>
> >James M. Polk
wrote:
> >
> >>At 04:02 AM 9/17/2003 -0400, Jonathan
Rosenberg wrote:
> >>
> >>>Henning,
>
>>>
> >>>Also, how does this handle lying? I raised this
question on the list as
> >>>well.
> >>
>
>>We had this discussion over two meetings last year and the consensus was
> >>that in Geopriv, we shouldn't explicitly allow lying (as in,
defining how
> >>to do it - yet knowing we can't prevent it). That
was resolved in the POV
> >>that one can always give "less precise"
location information (replying
> >>that I'm in North America (only)
when I know I'm at 123 Main St., Dallas,
> >>TX, USA).
>
>>This is where permissions can be mapped to a template or table that
> >>equates to the level of resolution of the target's location a
particular
> >>requester can learn.
> >
> >That
works for geoloc, and can be mapped nicely into the model Henning is
>
>proposing. "resolution" can be considered an integer, such that the
>
>maximum resolution is the value that is communicated.
> >
>
>It doesnt work for presence, and it won't work for geoloc later on when
> >you do decide to lie. It seems lying is really crucial there too.
THe
> >classic "mistress" problem applies here - if your wife only
sees "I'm in
> >North America" as opposed to "I'm at the office in
Parsippany, NJ", the
> >mere fact that the information has been made
less precise conveys that
> >there is a problem. You need to be able
to say "I'm in Parsippany" when
> >you are really in Las
Vegas.
>
> Why should we design for permissible lying in an IETF
effort?
>
> If your server or service is configured to give out
misinformation, that's
> one thing - but to build it into the protocol as
a requirement lacks
> technical justification at this point. A compliant
protocol implementation
> shouldn't be required to be able to lie just to
be compliant. A protocol
> that chooses not to be compliant can always
misbehave.
>
>
> >As such, I am somewhat surprised this
was dismissed.
>
> One argument for this dismissal was that if this
were built into Geopriv,
> the IETF would be actively, explicitly
endorsing (through functionality of
> the base protocol) the ability to
lie.
>
> Doesn't seem like something to be proud of, when all is
said and done
>
> >I understand its hard, but it seems crucial,
no?
>
> There just hasn't been a good technical reason for allowing
this into the
> protocol as a requirement of compliance yet. What I
believe you are
> pointing to is a (debatable) societal reason for
this
>
>
> >-Jonathan R.
> >--
>
>Jonathan D. Rosenberg,
Ph.D.
600 Lanidex Plaza
> >Chief Technology
Officer
Parsippany, NJ 07054-2711
> >dynamicsoft
>
>jdrosen <at> dynamicsoft.com
FAX: (973) 952-5050
>
>http://www.jdrosen.net
PHONE: (973) 952-5000
> >http://www.dynamicsoft.com
>
>
>
>
> cheers,
> James
>
>
*******************
>
Truth is not to be argued... it is to be presented
>
RSS Feed