Use Case 3

Use Case 3 attempts to explore some of the technological measures that Privacy Commons might employ to help users safeguard their data. As such, it is industry agnostic but represents a potential implementation structure.  The structure uses SSL (Secure Sockets Layer) as a model.  Several example scenarios are presented below.

Because the PC framework is envisioned as a voluntary market-driven scheme, questions of enforceability naturally arise.  This can be alleviated somewhat by using a number of technological measures architected into and complementing the PC framework, any combination of which could aid in placing privacy concerns in the spotlight for average users.  

Assumptions

It is assumed that applicable privacy policy markup has been formulated and defined, and that it is available for generation of compliant privacy policies.

Goals

• Prominently expose issues of privacy to average web users
• Integrate architectural components seamlessly into the web experience
• Moderate privacy policies through market forces and crowdsourced activity

Components

• Web Privacy Layer: A browser addon, extension, or integration that is capable of detecting a site's machine-readable privacy policy and indicating some level of compliance.  It alerts web users in a manner similar to Firefox's and Chrome's SSL warnings if some level of conformance or compliance is not met.  It should be configurable as to alert threshhold, but have a sane configuration out of the box.
  

• Privacy Commons Registrars: A marketplace for generating and registering PC-compliant privacy policies, similar to SSL's certificates marketplace.  Some number of companies could be recognized as trusted authorities with respect to PC-compliant privacy policies.
• Moderation/Reporting Layer: A web service (or collection of services) that can allow and report on user-centered activities, such as reports of violation of a noncompliant policy, reporting of a noncompliant policy, and user-requested reports of compliance activity for the site in question.

Scenario UC3(A)

In this scenario, all of the architectural components are in place.  User visits the web site for the (nonexistent!) Office of Federal Acronyms, a US Federal Agency, whose privacy policy is compliant with Privacy Commons Federal Government Privacy Policy Requirements Version X.  Upon visiting the site, User's browser addon peforms a number of checks: 1) that a privacy policy exists and is auto-detectable, 2) that the privacy policy was issued by a trusted source (that is, it's not self-signed or issued by a non-registered or nonexistent entity), 3) that there are no serious discrepancy reports active for the site.  Only by passing all three checks will the browser then display the site.

Scenario UC3(B)

In this scenario, User is not equipped with a browser or browser addon capable of automatically interacting with the other Privacy Commons architectural components, but the agency's site is nevertheless fully compliant.  When User visits the site of the Office of Federal Acronyms, the site displays with no warnings.  Since the site does have a valid PC-compliant privacy policy, the agency has placed a prominently-displayed link to the policy text.  The text includes a link back to the PC site, which informs User of some browser enhancements that will help in managing privacy concerns.

Scenario UC3(C)

In this scenario, User's browser is equipped to automatically process PC-compliant privacy policies, but the Office of Federal Acronyms has either supplied a noncompliant privacy policy (i.e., they wrote it themselves with boilerplate legalese), supplied no privacy policy, implemented a self-signed or other non-trusted privacy policy, or there is sufficient evidence of a serious discrepancy between stated behavior and actual behavior (recent data breach or unauthorized discolsure event, credible report of data misuse, etc.)  User's browser performs checks as expected, but upon encountering any one of the above situations, displays a red screen instead of the page.  The text on the alert screen indicates the nature of the problem, indicates its severity, and provides options to a) Get me out of here, b) Proceed this time, or c) I trust this site, add an exception.

Scenario UC3(D)

This scenario involves crowdourced policy compliance.  User reads about or otherwise becomes aware of a data breach on the Office of Federal Acronyms's web site.  User submits a discrepancy report to the Moderation/Reporting service, including evidence of the discrepancy.  Because the discrepancy is a verifiable data breach, the discrepancy report is processed quickly and, immediately upon implementation into the service, alerts all users equipped with automated policy detection tools of the breach when they next visit the site.  Upon remediation, the Office of Federal Acronyms provides proof of remediation, which marks the breach as mitigated, lowering the alert category.  To combat erroneous discrepancy reports, the OFA may also file discrepancy disputes in the same manner that discrepancy reports are submitted.

Final Thoughts

This architecture only works if it strikes a balance between 1) usability as measured by burden on users and companies with regard to adoption of the tools and policies and 2) management of actual privacy concerns.