Musings on law, tech, chess & other topics by a geek

This is white to play, how do you win?

Gwen and I stopped by Crossroads Mall yesterday looking for some books and we ended up playing a few games of chess on the giant board there. I went 3 wins 0 losses and 1 draw. The most interesting of the games was against another local chess teacher Vincent Marr.  I find that you can learn more from losses and draws then from wins. The above tactic is one I missed from the drawn game. I knew I had missed something at the time… time to work on my own tactics. Taking the time to review your own games is a great way to improve your own chess game. Here is the full game with my comments and a board to step through the game: Rowe v. Marr @ Crossroads Mall 2010.

Here is an article done by Bill Hinsee that is extremely relevant to the current discussion, it reviews a “Nutrition Label” for Privacy: by Patrick Kelly, Joanna Bresee, Lorrie Cranor and Robert Reeder.

Website privacy policies can be complicated and confusing. The lack of a standard in both presentation and terminology makes it difficult for the average consumer to understand a website’s privacy policy, an understanding which is necessary to make an informed choice whether to use a particular website’s services. In A “Nutrition Label” for Privacy, Patrick Kelly, Joanna Bresee, Lorrie Cranor and Robert Reeder present a way to display online privacy policies in a consumer friendly manner in the spirit of the ubiquitous nutrition label.

The authors’ proposed label, the “Privacy Nutrition Label”, uses a grid to display the privacy policy with the rows displaying the types of information collected and the columns showing how the information might be used and to whom the information might be shared. A privacy symbol is displayed in the intersection of each row and column representing the severity of the privacy practice. The label consists of ten rows of information collected with five ways of using the information and two outlets for sharing the information totaling seventy cells, each displaying a privacy symbol. This is a large amount of information to sort through no matter how cleanly organized. Multiply this by every website that you might interact and do business with and it only gets worse. I personally prefer an earlier iteration of the authors’ label, the “Simplified Label”, which displays the privacy policy in a series of Yes/No statements. Although it lacks the detail of the grid and may exaggerate the permissiveness of the policy because of grouping categories together for simplicity, it is easy to understand and quick to read. A possible compromise might be to allow the Yes/No statement to be expanded into a more detailed breakdown if the user feels the policy is too permissive and wants to know more about it.

Privacy Nutrition Label	Simplified Label

The authors’ project is a great start to simplify privacy policies but should be expanded to address two more concerns, the permanency of the information collected and mutability of the privacy policy. The first issue is simply how long the company will store the information collected about you. If I purchase a book from an online seller, how long will the company keep my credit card information? How long will it keep my address and phone number? This can be addressed simply by supplying a column in the “Privacy Nutrition Label” to display the length of time data is kept or a time range in the “Simplified Label” that can be expanded for more detail if desired. The second issue addresses what happens when the company changes its privacy policy. Will the company notify the consumers whose information the company has already collected when it makes a change to the privacy policy? How will the consumers know the policy has changed otherwise? What happens to the information already collected? Will that information now be subject to the new terms? A Big Mac purchased under the “terms” of one nutrition label is not going to be retroactively affected if McDonalds changes the recipe at a later date whereas data residing on Facebook might. The solution to this is a mechanism to show how and when a policy has changed.

The Electronic Frontier Foundation (EFF) has developed TOSBack to address this very issue. TOSBack monitors the privacy policies of various websites and publishes the changes made to those policies. Something like this would be very helpful if incorporated into the privacy label itself to allow the consumer to see a policy change when revisiting a particular website. This of course would not help a consumer who uses a website for a one-time purchase and never returns but it is a start.

A larger problem with the privacy label project in general is with its adoption. A project such as this is only as useful as the size of its implemented base. Moreover, companies must agree on how to implement it. It would defeat the purpose to have different companies presenting their privacy labels differently, such as using different colors or symbols for privacy statuses. Such inconsistencies would only further complicate and confuse the consumer. Maybe this is a case where government regulation would be helpful. A regulatory agency such as the Federal Trade Commission could ensure that the use of such labels were widespread as well as preventing the proliferation of dissimilar privacy labels.

Overall the authors’ project is a noble one and one that I think whose time has come. Consumers deserve to understand the policies surrounding the data collected about them without having to struggle through pages and pages and legalese. The keys to the project’s success are adoption and standardization, without which the project is simply a great idea.

Jeff Jarvis gave a great talk on the value of being open. I love what Jeff has done with his online presence, he talks about many personal things in his life online at buzzmachine.

My favorite slide from his presentation was on Digital Rights here is Jeff’s Digital Bill of Rights:

A Bill of Rights in Cyberspace

I. We have the right to connect.
II. We have the right to speak.
III. We have the right to speak in our languages.
IV. We have the right to assemble.
V. We have the right to act.
VI. We have the right to control our data.
VII. We have the right to our own identity.
VIII. What is public is a public good.
IX. The internet shall be built and operated openly.

Full blog post on the digital bill of rights

Critic: My only negative here is that he does not deal well unpopular ideas facts.  Jeff argues that taboos will fade with more information about people.  This sounds good until it is you that losses a job or worse.

Great talk I strongly agree with a rights based approach to privacy.

But, I am questionable whether IP are the rights rights to follow I would like to look to the moral rights of Europe. Additionally I advocate for limited regulation and safe harbors that embrace best practices that protect users.

I will reload this video tonight, I am cutting it up to make it shorter now.

InfoCamp has announced their keynote speakers.   Info camp only has 2 preplanned speaker and all other sessions are run by us the participants!

Aaron Schmidt, UX Librarian at Large
Aaron Schmidt is half of INFLUX, a user experience (UX) consultancy that focuses on helping libraries create amazing experiences. Though he lives in Portland, Oregon, he is the Digital Initiatives Librarian for the District of Columbia Public Library where he helped create the first library iPhone and Blackberry applications, and helps the library with other interface and social media decisions. He works with the Global Libraries Program of the Bill and Melinda Gates Foundation on innovation in libraries and frequently speaks at library conferences. Sometimes he writes about library design and usability at his site Walking Paper.

Samantha Starmer, eCommerce Experience Manger at REI
Over the last 12 years, Samantha Starmer has worked on a wide variety of experience and information projects while at Amazon, SchemaLogic and Microsoft. She is currently a senior manager at REI, where she is creating and leading teams to drive improved customer experiences. Samantha holds a Master’s of Library and Information Science from the University of Washington’s iSchool and regularly teaches there. Samantha has served on the boards of the Information Architecture Institute and Content Management Professionals, and is currently on the Oversight Committee for the Dublin Core Metadata Initiative. You can follow her musings on customer experience, IA and other topics via @samanthastarmer.

Tickets are still available on Eventbrite, last I checked it was 1/3 sold out.

Here are my notes on the pre-privacy identity innovation confernce.  This first day had a social event with wine and cheese followed by a start up pitch slam.  Each start up was given 5 minutes to talk and was grilled for 5 more by a panel of experts.  I have some low quality videos of each and will add them to the post as they get uploaded.

Bynamite – This is a browser app that lets you control the information that is shared with other, kind of no rights to delete and when you download / install you get lots of scary warnings.  I love the idea the features and marketing need work.

IdeaScale – Decent idea rating platform with some ration on government sites.  This was the only one to mention Bobby 508 or any accessibility standards!

Optify SEO & ROI for web content & social network content – No clue how this one won, there are others in this space and I heard little new from them.  They have a big team and lots of capital.

Pathable – I like this start up.  It was the only one I personally used.  They have done well connecting people at local Bar Camps.  It is a social interaction tool for conferences.

Tweetajob – Geo / skill based job listing target at your wants via twitter, but not twitter specific.  If it works for other services they may want to revisit the name.

Unvarnished Professional review site – could learn a lot from Avvo… it is still in beta and does not get the need to build community yet.

Yoursphere – How to we protect the children from the big bad internet, well this presentation promoted fear as the answer along with a walled garden.  I am skeptical of a for profit that forms a 501(c)3 to act as an “education” / marketing arm of the corp. At least she mentions COPA, the Child Online Protection Act which is great although I am skeptical over her read of COPA. Show me what is cool about your site, do not try to scare me into using your service.

I all got a few videos from the Audience Choice candidates. These start ups had only one minute to talk and 1 of them moved on to give a 5 minute pitch.

Intern Match Great speaker for the 1 min part, an intern in fact! Which got them into the 5 minute presentations!

Open Mobile Solution - sorry i blinked and missed this one

Puzzazz Puzzle of the day site, cute but not amazing or incredibly new.

Secret 1-2-3 This is the one I voted for, it was the only one that had to do with privacy… It is an encrypted email solution.

Wishpot - online wish list, I like the idea but did not hear how it was better then Amazon.

There was one big area where this could be improved Q&A.   Only the “experts” were allow to ask questions from the audience this is very  Gen X or even baby-boomer in style. This conference was filled with smart people why turn them into tv watchers.

I will be live blogging parts of pii 2010 for the next three days.  This should be an interesting conference, pii stands for Privacy Identity & Innovation.  The speakers list is very corporate and includes Mircosoft, Google, Paypal, Perkins Coie, Oracle, CBS news & AT&T. Topics for the conference include:

• How emerging technologies & business models are impacting the way data is created, shared and aggregated
• Effective approaches for building online trust with users
• Ways in which user preferences and social norms are shifting
• Changes in the regulatory landscape, in the U.S. and internationally
• The role of anonymity and the future of reputation management on the Web
• The latest developments in user-centric identity management

The speakers list is notably missing three organization that do the most to protect privacy in the US: the Electronic Frontier Foundation (EFF), The American Civil Liberties Union and the Electronic Privacy Information Center. This seems like a large oversight given the topic. In fact this is the first conference I have been to on the West Coast with PFF a libertarian think tank out of DC but not EFF, maybe that is due to my free culture leanings when choosing conferences to attend.

PK has an email campaign to contact the legislators over FCC v. Comcast and the recent Google talks with Verizon.  Here is the message I sent:

Since the Comcast v. FCC decision, the rules protecting consumers on the Internet have become unclear. Without clear rules in place, the industry’s largest companies have been making rules of their own, designed to protect their bottom lines and not the public interest. We can see this today in recent reports that Google and Verizon have an agreement on how to manage Internet traffic. With the breakdown in negotiations at the FCC among the biggest industry players, there is almost no chance for a short-term legislative solution.

Therefore, the FCC must act to protect consumers with the authority that Congress has already given it in the Communications Act. The FCC needs to finish the job it has started to re-establish clear rules of the road for broadband Internet providers now. If the FCC does not take action, consumers like me will be left vulnerable to future “Google-Verizon” deals that will benefit the largest Internet companies, harm competition, and ultimately transform the open Internet into the corporate Internet. Please demand that the FCC take action now to protect innovation, competition and American broadband consumers.

Please feel free to contact me over this issue directly! I run a local organization, Freedom for IP, dedicated to balancing end user rights with corporate and other interests.  I also teach Information Privacy Law at Seattle University Law and am deeply concerned over implication of Comcast v. FCC on privacy rights. As an independent blogger I am worried that corporate favoritism for internet traffic has the potential to kill free speech online. Contact info: xxx-xxx-xxxx  Email: Brian <at> freedomforip.org. (I added this section)

Write your own message at Google Sold Out the Open Internet.

Remember to customize the letter with why this maters  to you.  Is this a privacy issue, a free market issue, a free speech issue or a user rights issue.  Additionally add why you matter, legislators like to hear from active influential people, and how they can contact you to discuss the issue further.

Another great TED talk this time from 12 year old  Adora_Svitak
What adults can learn from kids

PS she even uses my favorite presentation software Prezi