[LINK] Microsoft tracks people with RFID tags
jwhit at melbpc.org.au
Fri Aug 22 09:12:37 EST 2008
At 08:38 AM 22/08/2008, Roger Clarke wrote:
>Working through the list:
>- risk assessment
> You need it. (And you're doing it right now)
> Yours needs to be bigger than the back of an envelope, but not expensive
> You need to see it from the perspective of the diverse array of delegates
> that may turn up.
> And of course you need to think about the potential negative impact of
> unconsented use, data leakage, scepticism, and plain old misunderstanding
> Jan may be able to help with some references to codes or guidelines -
> although I'm not aware of any existing that would get the tick from any
> privacy advocacy organisation
The code I was involved with was for retail applications ONLY. The
need is for something much broader.
If the Privacy Acts that govern any technology or even non-technology
behaviour is too broad for making implementation decisions, then the
sorts of areas that Roger mentions need to be considered in instances
when these sorts of information collection procedures are introduced.
It does no one any good to take the high level principles and say
merely 'we comply' without analysing the actual project and processes
and their implications.
what is done or not done to comply with the Act.
> You'd be ill-advised not to check out the ideas on a suitable spread of
> people. (And you're doing some of it right now)
and that includes the stakeholders who will be involved at the coal
face and those who will be offered the opportunity to use the system.
The person whose info will be collected should be someone NOT
involved in spruiking it under the rationale of 'well, I'll be doing
it, so everyone else will feel the same'. Better to have an
independent researcher with no bias toward the system to ask a range
of people NOT involved in the project.
This is probably work to be done by the company offering the system
so the buyers don't have to spend resources over and over doing the
same thing. However, that research needs to be open, including the
methodology used, the number of people responding, the questions
asked, and any incentives used as part of the research process to
show the answers weren't 'sweetened'.
>- risk management plan
> Depending on the outcomes of the assessment, you'll need something, and
> more than just a statement or two. Training for the people involved so
> that they can provide convincing answers is an important aspect. The
> design aspects (at a level a bit deeper than the sketch you provided)
> need to be looked at by a sceptical outsider
Yeah, I think the check-out staff at Safeway/Woolies are tired of my
short lectures about their latest 'loyalty' card. They had nothing to
do with it!
>- post implementation audit
> You'll test that it works as it was intended, and that the database isn't
> open to abuse, and that the staff actually understood what they were told
And is there/was there a clear complaints chain? If there were
complaints, is that information available for the post audit or was
it just 'she'll be right' answers to the complainant to get them out
of there so the organisers could get on to 'more important' things?
How many times have you stood on the platform of some train station
cursing that you're about to miss a meeting, but the train operators
'get off the hook' with a mere 'we are sorry for any inconvenience
caused'? I don't think the operators understand how much the anger
increases and smolders in the individual every bloomin' time that line is used.
>- ensure enforceable undertakings
> The wording of your statements determines whether you're actually giving
> undertakings or just providing the vacuous waffle your lawyer would write
see above re stating comliance versus actualising the compliance
>- ensure enforcement process and appropriate sanctions
> It would be really nice if there were a framework in place, but it's
> pitiful, and you have lots of loop-holes available to you
>My quick reaction is that the scale of effort required depends very
>much on whether "voluntary" is meaningful.
Not only meaningful, but fulfilled through the entire process.
Imagine a computer program or a network [to bring this somewhat back
to Link issues] where your message or task gets almost to the end,
but then falls into a black hole, never to be seen again. There is a
huge amount of faith in the holding organisation that says they will
'destroy' the collected data *when no longer needed* [my words and
emphasis]. Who checks? How do you prove a negative? It's just not
done. I would not be surprised if in all the hubbub that is involved
in living through a conference that these final steps are NOT done.
So then what?
Just some more things to add to the mix.
Melbourne, Victoria, Australia
jwhit at janwhitaker.com
Our truest response to the irrationality of the world is to paint or
sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer
Writing Lesson #54:
Learn to love revision. Think of it as polishing the silver for
guests. - JW, May, 2007
_ __________________ _
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.526 / Virus Database: 270.6.6/1626 - Release Date: 21/08/2008 6:54 PM
More information about the Link