Re: Consent

On Wed, Aug 22, 2001 at 03:33:25PM -0400, Rosen, Brian wrote:
> Don't we have to distinguish between consent that is granted
> beforehand and consent that is granted at the time of disclosure?

I don't see a case where that would be so. Could you offer an example?

> Don't we have to distinguish consent that is given out of band
> (by contract, for example, or some website action) from consent
> that is given within message exchanges in the protocol to which
> the object is attached?

I don't see how these differ from a privacy or protocol perspective;
once meaningful consent exists, the only way in which it differs will
be the scope of consent which was granted.

> Don't we want to deal with the range of policy decisions?
> I wonder if your "Default-consent-action" is exactly a policy
> based consent or not.
>
> I propose that the requirement be that consent must be
> obtained before location is revealed. Consent can be
> obtained by any means prior to revealing location.

I'd really like that, but I don't see how we can do that, ensure that
service providers can meet their driving requirement of E911, and
leave any meaning in the word consent.

> Consent must be tied to some form of strong authentication.
> Consent may be implied by contract, law, local policy or
> service selection, but in such cases it is strongly recommended
> that users be informed under what circumstances location
> will be revealed and to whom.

I think this goes to the core of how what we want differs. I think
that meaningful consent is not implied, but is explicit, and that
there are situations where laws require the provision of information
without consent, for example, a search warrant.

I'm trying to define a set of non-consensual disclosures so that the
information revealed under them is clearly not consensually disclosed,
which causes limits to be placed on its use in a great many places. A
broad definition of consent has lead to privacy experts needing to use
the phrase "meaningful consent" in new discussions. See for example,
http://www.ftc.gov/os/2000/05/privacyanthony.htm,
http://www.noie.gov.au/projects/information_economy/strategic_framework/consultations/submit9b.html,
http://www.nacm.org/bcmag/bcarchives/2001/articles2001/apr/ca_insert2_4_01.html

> Where the use case of the location
> object permits direct user interaction, protocols implementing
> the object shall have provisions for presenting the authenticated
> identity of entities requesting location and requesting explicit
> consent from the user immediately prior to revealing location.
> Such provisions should be used wherever practical.

That sounds great.

Adam

> Brian
>
> > -----Original Message-----
> > From: Adam Shostack [mailto:adam@zeroknowledge.com]
> > Sent: Wednesday, August 22, 2001 2:58 PM
> > To: James M. Polk
> > Cc: geopriv@mail.apps.ietf.org
> > Subject: Re: Consent
> >
> >
> > On Mon, Aug 20, 2001 at 02:07:56PM -0500, James M. Polk wrote:
> > >
> > > Adam
> > >
> > > I'm glad someone brought this up as a starting point for
> > discussion....
> > > comments below
> > >
> > > At 02:46 PM 8/20/2001 -0400, Adam Shostack wrote:
> > > >I'm finding myself asking a lot of questions about what
> > people mean by
> > > >phrases they use including the word "consent."
> > > >
> > > >May I suggest that we use the following terminology:
> > > >
> > > >Consentual-disclosure: The end-user has chosen to reveal
> > > >information. This choice is freely given, not mandated or
> > required.
> > >
> > > But is this given explicitly or implicitly (and yes I've
> > read below)? Is
> > > everyone defaulted to be allowed or not-allowed to discover
> > location of
> > > another. What about in letting others discover my location?
> >
> > I think there are two issues, one of which is how we reach a consent
> > decision, and then second, what we do with it. This set of ideas was
> > (implicitly) designed for signalling what form of consent is being
> > asked for or assumed.
> >
> > My location is personally identifiable information in which I have a
> > strong privacy interest. Under the Fair Information Practices, I need
> > to have notice and consent if that information is given to others.
> > There are exceptions, such as for law enforcement or 911, which is why
> > theres the mandated-disclosure category.
> >
> > If we can agree that these are useful categories, we can start to
> > decide how to put things into categories and use them.
> >
> > I think that in Europe, Canada, Australia, and other places where data
> > protection laws apply to private firms, the default would need to be
> > that your consent is required before the disclosure of information to
> > friends, family, or companies that want to see it.
> >
> > > >Mandated-disclosure: There is a legal requirement to reveal
> > > >information.
> > >
> > > again, explicitly or implicitly?
> >
> > I'm not sure I understand your question. How can a law imply that you
> > must do something? Don't laws need to be explicit?
> >
> > If you're asking in the context of a protocol, then I think that a
> > disclosure is mandated by law should accompany
> > - the demand for data (if the end user device is involved in the
> > request, the user preference software can't ignore it. There are also
> > authorization requirements, otherwise I'll just tag all my packets
> > with a mandatory bit)
> >
> > - the data as it goes elsewhere. The fact that it was demanded
> > probably places limits on how it can be used and revealed onwards.
> > For example, while there are a set of uses for E911 data that have
> > been listed, the fact that I dialed 911 should not mean that the
> > service provider can now reveal my location to starbucks.
> >
> > Adam
> >
> >
> > > >Needed-disclosure: There is a requirement to reveal the
> > > >information in order to make the service work. For
> > example, if I call
> > > >1-800-find-gas to get the nearest gas station, I may expect that my
> > > >location will be transmitted.
> > > >
> > > >Explicit-consent-action: The user performs a GUI action to
> > reveal or
> > > >conceal information at the time of the request
> > > >
> > > >Default-conset-action: The user has set a preference for some
> > > >recipient, class of recipient, etc.
> > > >
> > > >Adam
> > >
> > > *************************************
> > > "People generally demand more respect for their own rights
> > than they are
> > > willing to allow for others"
> > >
> > > James M. Polk
> > > Consulting Engineer
> > > Office of the CTO
> > >
> > > Cisco Systems
> > > 18581 N. Dallas Parkway
> > > Dallas, Texas 75287
> > > w) 972.813.5208
> > > f) 972.813.5280
> > > www.cisco.com
> > --
> > "It is seldom that liberty of any kind is lost all at once."
> > -Hume
> >
> >

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume