3PHealth Blog

Privacy and the Human in the Loop

Wednesday, October 17th, 2012

When considering any system sometimes we forget that there’s a ‘Human in the Loop’. I’ve just finished reading a great white paper by Lori Cranor (A Framework for Reasoning About the Human in the Loop), and whilst this paper talks about security, it’s kissing cousin is Privacy. So a lot of the ideas presented here are interchangeable.

In this paper Lori talks about keeping humans out of the loop when it comes to security unless it’s absolutely unavoidable. In which case she talks about a framework that can be used to identify problem areas before a system is built.

Here are the components in her framework:

1. Communication: How are you communicating with the user (Notices, Warnings Status lights)?
2. Communications impediments: Can communications be interfered with (malicious 3rd parties)?
3. Personal variables: Human behavior and relevant knowledge about the system?
4. Intentions: Can the system be trusted and are users motivated to take appropriate action?
5. Capabilities: Are users capable of taking the appropriate action?

So what has all of this got to do with the proposed Do Not Track standard? Well actually, a lot. Systems live and die based on the ‘Human in the Loop’ so if the solution is poorly designed or cannot be trusted there is little chance of it succeeding.

The current proposed Do Not Track standard has an incredibly simple Human Interface. The user goes to the browser menu, selects Privacy and then checks the box marked ‘Ask Web Sites Not To Track Me’. That’s it. That one check box is all the human intervention required. So what could possibly go wrong? Well a lot.

The standard makes it very simple for a user to communicate an intention to a Web server – and then (dare I say it) deliberately removes the need for a Web server to communicate that it ‘acknowledges and understands’ the users intention. Right there is the fatal design flaw. (Image if HTTPS worked this way). A malicious 3rd party can easily change the users intention to an alternative undesired outcome i.e. ‘Track Me’. As there’s no need for the Web server to acknowledge what it received you can easily make the case that it can simply ignore everything and continue as normal. In short there’s NO verification (as in Trust but Verify) required. So Do Not Track fails both item 1 & 2 in the framework.

As we go on we see that there are similar problems with all of the other framework items as well. Humans have really NO idea how their private data is being used on the Web. They love all the FREE services but fail to understand that ‘pie is not free at the truck stop’. Their data is shared in an attempt to market new services to them. So Do Not Track fails item 3.

Lets look at the final two items. Intentions and Capabilities – again we have a ‘swing and a miss’ scenario. If I cannot verify what I sent then I cannot trust the system. I have to trust the content provider and due to the lack of transparency when it comes to privacy (NOT security) the Human has no idea what is really taking place under the covers. Finally – capabilities. Can I take appropriate action IF I find out my privacy is being abused. Not really – I can go to another Web site but that might be the same as jumping from the fire pan in to the fire. I cannot change my browser settings any further so essentially i’m stuck sharing my data if I want that free service.

However the user can fight back – and FaceBook is a good example of that. Approximately 25% of a FaceBook users use a fake profile. That’s 250 million people all lying about who they are. And herein lies (pun intended) the real Privacy issue – where’s the motivation for both parties (Human and Content Provider) to deliver meaningful value?

It’s like everyone is stuck in the mud with the current status quo where everything is free and everything (my privacy) is for sale. The only solution that i’ve seen that comes really, really close to meeting Lori’s framework guidelines is the RePriv idea from Microsoft. Why? Because it adds accountability back into the system.

As the old saying goes – 50% of all advertising is worthless – the trick is in figuring out which 50%. A better designed system as Microsoft proves in the RePriv paper showcases that it can be done and the benefits are significant for the ‘Human in the Loop’.

---

Why Johnny Can’t Opt Out

Tuesday, October 16th, 2012

In light of all the ‘discussions’ over at the Tracking Protection Working Group regarding the advertising industry claims that their polices ‘really do work’ I thought it might be a good idea to search for some more empirical data by a respected university. And as luck would have it I found this: Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising – revised May 10th 2012, so it’s fresh off the press.

Spoiler alert…

We found serious usability flaws in all nine tools evaluated. Our results suggest that the current approach for advertising industry self-regulation through opt-out mechanisms is fundamentally flawed. Users’ expectations and abilities are not supported by existing approaches that limit OBA by selecting particular companies or specifying tracking mechanisms to block. There are significant challenges in providing easy-to-use tools that give users meaningful control without interfering with their use of the web. Even with additional education and better user interfaces, it is not clear whether users are capable of making meaningful choices about trackers.

Oh dear, another black eye for self regulation. For it to be meaningful a solution it has to be fundamentally ‘sound’ vs flawed. Is a solution possible? – Yes. Microsoft wrote a great paper on how it could be achieved – see my previous blog

Something will have to be done about the lack of privacy on the Web. All that remains is the ‘How’. It’s obvious that current approaches like DNT with their all or nothing ‘binary’ approach will not satisfy the ad industry anymore than their own style of self regulated ‘opt-out’ cookies.

Lets see who gets serious first, before the regulators get called in.

---

Re-Envisioning In-Browser Privacy

Tuesday, October 16th, 2012

I’ve been planning on writing about an alternative approach to In-Browser Privacy. Obviously we’re very much in favor of a better solution than the current Do Not Track standard that’s being offered, and to that end we set out over 6 years ago now to build a fully standards based solution that seamlessly integrates into all current Web infrastructures – we call it Choice®.

So with the idea in mind I set out to do some research to see if anyone else thought that it would be a good idea. And the answer is ‘Yes’. I’m linking to a Microsoft Research Report titled ‘Re-Envisioning In-Browser Privacy’which I think is probably the best paper i’ve seen on the Web that not only showcases a solution, but also clearly shows how powerful a solution would be to drive new value and experiences for the ad industry and consumer alike.

I do disagree with two of their ideas: 1) Build a new browser & 2) Build a new protocol to layer in on top of HTTP – but that’s all.

We designed Choice® to integrate with all existing browsers AND use the current HTTP protocol. This allows seamless integration across all infrastructures. With the exception of those two items we’re in alignment on everything. The value proposition is simply huge – a true win – win for all concerned.

If you’re interested in privacy and want to be ‘part of the solution’ then I urge you to read this. If you want to see it in action then download a copy of Choice® today and see how far we’ve taken the idea.

---

DNT and the Tracking Protection Working Group – Did they “Just Jump the Shark”?

Thursday, October 11th, 2012

If you have a spare hour or so and a large bucket of popcorn, you might want to head over to the Tracking Protection Working Group Public Mailing list forum – link

You don’t have to read all of the emails – it’s way to confusing, however spend some time in Octobers list to get a hint of what is going on. It’s like the IAB, DAA and DMA all decided that DNT has failed (Jumped the Shark) and even with speeches from people like Neelie Kroes (An update on Do Not Track The Centre for European Policy Studies (CEPS)/Brussels, 11 October 2012), it doesn’t make any difference, because there really isn’t a privacy problem because online trust has never been so high as it is right now. (This is a great email).

What people on the forum fail to realize is that this is just the first innings. The protocol is not even finished and it can be made to do more (you can extend it to carry more data). The advertising industry needs to get onboard with the improvement phase, and NOT keep trying to kill the current phase. It would be in their best interests to have a something vs. the alternative which is regulation.

Nothing is ever perfect in the first rev – give it a chance before you make it ‘Jump the Shark.’

---

Consumer Protection – the Do Not Track standard – & the W3C

Thursday, October 11th, 2012

 

 

The Do Not Track standard is now live in every major OEM browser. Consumers who are interested can check a box marked ‘Tell Web sites not to track me’ and the browser will add a ‘header’ (a message) to every request the user makes in the browser, indicating to the Web server that the person does not wish to be tracked.
 

It really is incredibly simple – and it’s biased towards Consumer Protection, as it should be. However that’s not the end of the story. The W3C is being pressured to water down the spec via the advertising industry. Instead of the Tracking Protection Working Group it’s fast becoming the ‘Please God Don’t Let Us Lose Any Money’ Working Group. If you want to see how bad things are spend a few minutes/hours reading through the mailing lists – link (you’ll be shocked)

There have been lots of blog posts in the last few days on this subject – it’s culminated with Neelie Kroes Vice-President of the European Commission responsible for the Digital Agenda Online privacy and online business giving us an update on Do Not Track The Centre for European Policy Studies (CEPS)/Brussels, 11 October 2012 – link

If the W3C is going to retain ANY credibility from this process they have to ship a standard that is in favor on the consumer. Failure to do so is really not an option as the stakes are so enormous. The alternative is to bring in the regulators which is what Neelie’s next statement will be focusing on if Do Not Track fails to do the job it promised to do.

Every browser now supports sending the Do Not Track signal – what’s taking so long is figuring out all the myriad ways that the Web servers can ‘game the system’ to avoid it. They’d be better off served accepting it and moving forward, because if they don’t like Do Not Track they’re sure not going to like what the regulators have in store for them.

---

Search

Email Subscription

Email Subscription

Subscribe

Categories

Categories Select Category #Choice  (49) #mobile  (87) #privacy  (30) #webperf  (62) #wpo  (28) APM  (2) BYOD  (6) Care Delivery  (7) Choice  (25) connected health  (4) Context  (30) digital health  (13) e-health  (7) Enterprise Mobility  (9) EUE  (4) Health IT  (5) healthcare delivery  (8) Hospitals  (3) Identity  (7) Patient Engagment  (12) Performance  (42) Personalization  (23) Privacy  (81) Quality of Experience  (16) Telemedicine  (2) Uncategorized  (30) User Experience  (26) Virtual Care  (3) WCO  (2) Web Standards  (1) What: Device Information  (9) Where: Location Information  (9) Who: User Information  (7)