Logged in: Logged in as: Log in
Search:
Page last modified 16:35, 16 Feb 2010 by aaron.helton
Privacy Commons > Use Case 3

Use Case 3

Table of contents
No headers

Use Case 3 attempts to explore some of the technological measures that Privacy Commons might employ to help users safeguard their data. As such, it is industry agnostic but represents a potential implementation structure.  The structure uses SSL (Secure Sockets Layer) as a model.  Several example scenarios are presented below.

Because the PC framework is envisioned as a voluntary market-driven scheme, questions of enforceability naturally arise.  This can be alleviated somewhat by using a number of technological measures architected into and complementing the PC framework, any combination of which could aid in placing privacy concerns in the spotlight for average users.  

 

Assumptions

It is assumed that applicable privacy policy markup has been formulated and defined, and that it is available for generation of compliant privacy policies.

 

Goals

  • Prominently expose issues of privacy to average web users
  • Integrate architectural components seamlessly into the web experience
  • Moderate privacy policies through market forces and crowdsourced activity

 

Components

  • Web Privacy Layer: A browser addon, extension, or integration that is capable of detecting a site's machine-readable privacy policy and indicating some level of compliance.  It alerts web users in a manner similar to Firefox's and Chrome's SSL warnings if some level of conformance or compliance is not met.  It should be configurable as to alert threshhold, but have a sane configuration out of the box.
  • Privacy Commons Registrars: A marketplace for generating and registering PC-compliant privacy policies, similar to SSL's certificates marketplace.  Some number of companies could be recognized as trusted authorities with respect to PC-compliant privacy policies.
  • Moderation/Reporting Layer: A web service (or collection of services) that can allow and report on user-centered activities, such as reports of violation of a noncompliant policy, reporting of a noncompliant policy, and user-requested reports of compliance activity for the site in question.

 

Scenario UC3(A)

In this scenario, all of the architectural components are in place.  User visits the web site for the (nonexistent!) Office of Federal Acronyms, a US Federal Agency, whose privacy policy is compliant with Privacy Commons Federal Government Privacy Policy Requirements Version X.  Upon visiting the site, User's browser addon peforms a number of checks: 1) that a privacy policy exists and is auto-detectable, 2) that the privacy policy was issued by a trusted source (that is, it's not self-signed or issued by a non-registered or nonexistent entity), 3) that there are no serious discrepancy reports active for the site.  Only by passing all three checks will the browser then display the site.

 

Scenario UC3(B)

In this scenario, User is not equipped with a browser or browser addon capable of automatically interacting with the other Privacy Commons architectural components, but the agency's site is nevertheless fully compliant.  When User visits the site of the Office of Federal Acronyms, the site displays with no warnings.  Since the site does have a valid PC-compliant privacy policy, the agency has placed a prominently-displayed link to the policy text.  The text includes a link back to the PC site, which informs User of some browser enhancements that will help in managing privacy concerns.

 

Scenario UC3(C)

In this scenario, User's browser is equipped to automatically process PC-compliant privacy policies, but the Office of Federal Acronyms has either supplied a noncompliant privacy policy (i.e., they wrote it themselves with boilerplate legalese), supplied no privacy policy, implemented a self-signed or other non-trusted privacy policy, or there is sufficient evidence of a serious discrepancy between stated behavior and actual behavior (recent data breach or unauthorized discolsure event, credible report of data misuse, etc.)  User's browser performs checks as expected, but upon encountering any one of the above situations, displays a red screen instead of the page.  The text on the alert screen indicates the nature of the problem, indicates its severity, and provides options to a) Get me out of here, b) Proceed this time, or c) I trust this site, add an exception.

 

Scenario UC3(D)

This scenario involves crowdourced policy compliance.  User reads about or otherwise becomes aware of a data breach on the Office of Federal Acronyms's web site.  User submits a discrepancy report to the Moderation/Reporting service, including evidence of the discrepancy.  Because the discrepancy is a verifiable data breach, the discrepancy report is processed quickly and, immediately upon implementation into the service, alerts all users equipped with automated policy detection tools of the breach when they next visit the site.  Upon remediation, the Office of Federal Acronyms provides proof of remediation, which marks the breach as mitigated, lowering the alert category.  To combat erroneous discrepancy reports, the OFA may also file discrepancy disputes in the same manner that discrepancy reports are submitted.

 

Final Thoughts

This architecture only works if it strikes a balance between 1) usability as measured by burden on users and companies with regard to adoption of the tools and policies and 2) management of actual privacy concerns.

Tag page
What links here

Files 0

Attach file or image
 

Images 0

 
Viewing 1 of 1 comments: view all
#1
Edit
Anonymous says:
Nice story about this.
Great Nice Pictures
causes back pain knee high shoes lizlange maternity fishing boats sale flu incubation period remedies sore throat cost breast implants muscle weight gain surgery breast reduction girls party ideas women laptop bags car brake parts continuing nursing education cost breast augmentation protein whey powder baby slings carriers bed bugs pictures bedding duvet covers phone pay as you go outdoor swing sets discount dinnerware sets coffee espresso machines salton yogurt maker hair color pictures pictures of haircuts asvab practice test herpes photos easy cooking recipes toy dog breeds herpes simplex 1 personalized dog tags stress fracture foot occupational therapy schools frontline plus cats fleas on humans physical therapy salary scabies pictures pictures of shingles what is blood pressure ibuprofen side effects pictures of ringworm gendongan bayi kain cukin ring sling pouch sling perlengkapan bayi selendang bayi nursing cover selendang baby perlengkapan bayi baru lahir bayi bayi lucu foto bayi parish vintage ebooks download tv series download manga free download make money online health information cell phone review disorders anxiety psat practice test blood preasure smart water filter filter pur water weight loss effects blood pressure side effects socks over knee socks dress food dehydrator tray massage chair ijoy homedics massage shiatsu evening gown dress evening wedding dress dry face skin gold toe sock window coverings blinds blinds for windows lip gloss cosmetics folding table chairs women high heels stockings high heels treatment of pain chlorine generation makeup lighted mirror pain management specialist lawn pest control garden pest control joint pain causes
Posted 06:55, 22 Jun 2010
Viewing 1 of 1 comments: view all
You must login to post a comment.
Powered by MindTouch Deki Express: open source enterprise collaboration and wiki software