Talk:Student Projects:Privacy Internet

From CSEP590TU
Jump to: navigation, search

Patchwork Laws

[TedZ]: I'm almost done reading the chapter in Asprey re: privacy. One point that I find interesting is that US law is a "piecewise patchwork" (my own interpretation of the text) of laws, and apparently that's ok with everybody in the legal system. Europe appears to have a more unified approach to privacy. Comments?

Ryank The author states that privacy is a nebulous concept and that different people will have different interpretations of what it means. I think the sectoral policy approach in the US is a direct result of this. I'm curious as to how satisfied people are with the EU omnibus legislation.

Possible Topics -- random thoughts for outlining

[TedZ] One possible hot topic that Ryan and I have exchanged several emails on is the use of RFID chips, particularly the recently FDA approved human-implantable RFID chip. Would you get one? I've also considered the use of cookies (and other spyware) as possible topics.

[TedZ]

  • US Privacy Laws (contrast to European law?)
  • European Union Safe Harbor Program
  • Is technology outstripping the law? Witness several recent cases of stalking, where the stalkers utilized high tech equipment such as GPS transmitters, webcams, and spyware to harass victims -- in many cases, the stalkers' actions were "on the edge" of current law. In some cases, the court/lawyers had trouble even describing the technology that the stalker had used.
  • Relevant Internet technologies -- cookies, spyware (including remote-install no-warning versions!), forms and "voluntary" information.
    • Ryank http://www.cs.washington.edu/homes/gribble/papers/spyware.pdf is a first cut at measuring the spread of spyware. The author first created models for 4 different types of spyware. A packet sniffer was then setup on UW's network and used to capture all network traffic for one week. The number of packets matching one of the model's signature was used to to determine the total number of infected machines on the network. The author found that 1,587 clients (5.1%) were infected with 1 or more spyware programs. Considering that there are hundreds of different types of spyware in the wild and only 4 were checked for this is a definite lower bound.
    • Ryank Can technology be used to ensure privacy rather than waiting for laws to be enacted? One of the reasons Firefox is gaining ground on IE is due to the fact that it is not as susceptible to hijacking attempts and spyware. Are self-regulation and grass roots organizations like EFF sufficient?
  • Ryank Carnivore (the FBI Internet 'wiretapping' toolkit)
  • P3P
  • Smart cards
  • Problems/Solutions


Ryank I realize its the name of the topic but did you guys want to focus exclusively on Internet technologies? That would rule out looking into things like smart cards and RFID chips. Then again, maybe its better to narrow the focus some. It looks like we have a mishmash of different subtopics now and I'm not sure how to tie them all together.

Ted Zuvich At this point, I don't have a problem with tossing up lots of ideas for consideration. I'm thinking of this as a sort of whiteboard brainstorming session. Maybe we could go with "IT and Privacy", which would be a little more inclusive of technologies like RFID chips. Here's my goal: by 10 PM PST on Thursday, Nov 04 2004, I want to have a rough outline up on this discussion page. I think I can pull this together for the group, if lots of discussion takes place.

Ryank: Unfortunately, I won't be able to contribute much to this page today as I am at work now and class is tonight.

Ted Zuvich Ryan, could you post a link to some general information about FireFox?

Ryank: Here's a few articles talking about how Firefox's market share is growing due to security issues with IE:

Ryank: I read a blurb today about the MPAA following the RIAA's lead and deciding to sue individuals who illegally trade movies. The relevant bit of interest are in regards to a company called BayTSP. This company tracks the distribution of copyrighted material online and can find the IP addresses of offending individuals. The RIAA can take this information and issue subpoenas to ISP's in order to get them to release the names of individuals who are trading the files. Is this a violation of online privacy? Is there any reasonable expectation of privacy on P2P networks anyway? The data that they accumulate also has marketing value. Would it be fair for them to sell this information to advertisers without consent? Here's another article about them: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2003/07/21/BU289815.DTL

Privacy and the Internet

(User John): The civil right of privacy is a composite of federal and state statutory law, administrative rulings, constitutional innuendo, common law traditions, and activist judicial case rulings. Traditionally, Americans have been concerned with the power of governments, and as those powers grow, so does the individual citizen's need for privacy. Today, the explosion of computer based technology provides the uncrupulous and the fearful with vast opportunities to invade the individual citizen's privacy. As a member of this research team, I would like to see at least four sub-areas of this privacy issue explored: 1) a history of the building of the right to privacy; 2) a study of the flaws in the present patchwork of the right to privacy; 3) a serious look at the technological threats to privacy available for use, today and tomorrow; 4) a proposal for effective options to the present system - perhaps a Constitutional Amendment of Individual Privacy. I have some data on the technological threat, such as Tempest related technologies. Some of our more technically inclined members might enjoy such research. As attorneys, Jim and I should be able to cover items 1 and 2, to a certain extent. After basic research has been completed, all of us could have a good bull session or two, and we should be able to create a serious proposal for item 4. Since the U.S. Constitution was mostly conceived in Taverns, I suggest that we consider similar accoutrements - to enhance the creative mood, of course. Comments? Alternative ideas? We need to get our heads out of the clouds and grind away on something concrete.

Ryank: I think this is a fine idea. Thank you for grounding the discussion. I would like to throw my hat into the technological threats ring. As a counterbalance, I think some examination of privacy enhancing technology would be interesting to look at. Certainly the latter can be a component of whatever proposal we make in subtopic 4. And yes, beer is always a good idea...

Ted Zuvich: Beer would be nice. Unfortunately, I'm out of the Seattle area and will be for the foreseeable future. And I'm in the middle of finalling a project. So no beer for me. I would suggest using IM, but I think its better if we keep discussion on the Wiki, as much as possible.

Jim Jantos: Third on the beer. I see some early narrowing topics as follows: Technology threats and/or technology enhancements to privacy? Internet vs. IT as a whole? EU vs. US patchwork privacy rights?

I thinks a basic outline could be (1) background on privacy and related underpinnings, (ii) an examination of U.S. privacy rights (i.e. basic laws, etc.) (iii) threats/enhancements to privacy related to IT (maybe pick a particular threat from a tech side - spyware, govt. investigation software noted above, etc.); and (iv) possible solutions/proposals (including a possible look at EU law).

Group Roles

Ted Zuvich: I think it would be helpful if we provide a bit of background on each other so that we can see how everyone is going to fit into the project.

Myself, I'm a technical guy. I'm a senior programmer with a background in games development. I also have significant experience with technical writing and editing, which should come in useful.

It sounds like we have two technical people (myself and Ryan) and two attorney/IP people (John and Jim). That should be a good mix.

Ryank: I'm also a tech guy with a background in information retrieval and information extraction. Developments in these areas can definitely be used to create automated systems to monitor user's email, IMs, etc.

Jim Jantos: My basic background is linked with my name on the Wiki somehow. Although I have an engineering background, I am an attorney (now 10+ years - I am somewhat shocked to admit it!) with a strong tax (probably not too useful here) and IP background. John and I are both in the masters IP program at the UW law school on a part-time basis. As far as attorneys are concerned, I am close to the tech side, if that is possible.

(User John, 11/3/2004) Jim and I have patent law backgrounds, so we should be able to keep up with the tech data. I like the idea of bringing in the EU approach somewhere in the project. I have some ideas and data regarding Tempest, Carnivore, and other eavesdropping technology, but I think you tech guys might be better suited to discuss those things. Please be aware that we need an outline to give Ed by Monday. Maybe, we can discuss these things further at class, tonight. What do you all think?

Project Schedule

[TedZ] Given that we've got a deadline and not much time left, here's a proposed schedule for the next few days:

Nov 4, end of day: rough outline up on Wiki for comment. I will provide this.

Nov 5-7: comments, refinement, and arguing.

Nov 8: prepare final draft of outline, submit.

Rough Project Outline

Privacy In/On/And the Internet

1. Privacy in the US 

       A.  What it means
       B.  A brief history of privacy law
       C.  Current state of privacy law
       D.  Contrast with EU law

2. The impact of the internet on privacy 

       A.  Notification/Consent/Opt-In/Retribution, etc.
       B.  Threats to privacy/new opportunities for invasion
         1. Data Mining
         2. Cookies
         3. Spyware
         4. Government "spyware," with emphasis on the post-9/11 era
       C.  Shortfalls and problems because of current privacy law
       D.  Technological failings -- shortfalls in IE and other internet software
       E.  Sneaky ways around current laws: scams, tricks, and hustles

3. Solutions 

       A.  More laws?
       B.  Constitutional ammendment?
       C.  Countermeasures -- a technological solution?
       D.  Self regulation
       E.  Grass roots organizations
       F.  Things that are working.

4. Conclusions/Summary


Ryank: Thanks for putting this together Ted! Some random thoughts:

  • I think the Notification/Consent/Opt-In/Retribution section can be a subcategory of Sneaky ways around current laws.
  • Data mining (algorithms for extracting novel nuggets of information from huge repositories of data) does not directly relate to the Internet. However, the Internet does facilitate the creation of these huge databases. For example, web sites can create click-stream logs that track how long a user looks at a particular page, which links were clicked on, referrer sites, etc. Without data mining techniques, it would be near impossible to manually extract anything useful out of the vast quantities of data.
  • The Internet focus will cut out technologies like RFID and Tempest. This is fine with me but John had expressed some interest in the latter.
  • Re: Contrast with EU law. I found a memo that briefly discusses individual state privacy laws. It turns out that 13 states already have omnibus privacy laws. One of them, Hawaii, was considering the adoption of EU-style laws for protecting medical information. The memo is dated 1997 so perhaps Hawaii has already adopted such measures. Even if the proposal was thrown out, their reasons for doing so would also be instructive. This could serve as a test case for what would happen if the US as a whole adopts EU laws. Of course, trying to quantify the effectiveness of privacy legislation is the problem to begin with...
  • I don't know apriori what good solutions are. This subtopic is going to require all of us to do our background research and write our individual sections before we can come up with anything reasonable. This means that we will have to set an internal deadline before that of the real rough draft due date so we can discuss this. Also, are we all going to contribute to this section? Given the distributed nature of the group that could prove difficult to manage.

Ryank: I've created a skeleton project description page that we can turn in on Monday.

Ryank: What subtopics do people want to work on? We should probably split the paper up into 4 subtopics (not including the summary/conclusion). I'd like to work on a chapter surveying either the threats or privacy enhancing technologies.

Jantos: Based on Ryan's and Ted's work, the comments above, and my discussions with John, I have created a final page that can be used as our final product due today.

As you can see, I have left the techies with the tech topics: Ryan would like to examine technological threats and Ted would like to examine self-regulation with an emphasis on tech enhancing measures. I have left the legal related topics open for John and me: current law, laws abroad, and proposed legislative solutions. The difficulty with separate contributions will be the interaction of each contribution. For example, it is difficult to analyze a threat without a background on the law. Likewise, it is difficult to propose further laws without understanding the technoligical threat (although this is the way it probably works in real life!).

Feel free to edit and improve the work, with or without comments. Since the Wiki encourages it, I have no problem with a continuation of adding comments to the final project description, as long as they are substanative and not merely critique or procedural. Last, someone should probably email Tap with the link.

(User: John) I like the outline proposed by Jim. My only recommendation would be to include a separate conclusory segment that incorporates our collective technological and legal positions, post research. In response to RyanK regarding the exclusion of Tempest and similar technologies due to limiting the project to Internet applications, I don't think such limitations are necessary. The greatest threat to privacy is going to be technological in nature. Discussion of exotic technological advances that potentially affect citizen privacy is a legitimate subtopic for this project. Thanks for th4e effort, guys! The great mix of team member's backgrounds will enhance the quality of our project discussion.

Ryank: Do you guys think we should setup separate Wiki pages for each of the subtopics and post the findings of our research as we go? I think that would help idea generation for the policy recommendations section.

Ted Zuvich: The separate contributions will probably make things a bit more difficult, but I don't see a way around it. I envision a process that will have several rounds. As an example, I'll write a draft of the technological threats topic. Then you (Jim, John, and Ryan) will read it and offer comments. You will incorporate some of the material into your sections, possibly expanding on some of the legal issues. Then I will read your stuff and revise my section. Iterate until change -> 0.

Revising the Scope of the Project

(User:John) After reviewing Professor Maurer's and Professor Lazowska's comments, it seems we need to rein in the scope of our Privacy project. I have a Privacy outline that is rather long, and I think they may be right. Perhaps, we should limit our discussion to a certain aspect of privacy law and technology. What do you guys think? In any event, we need to do something right away. I still think we should meet somewhere this week and hash this out. Suggestions?

Ryank: One of the papers in the references section discusses Moor's control/restricted access theory of privacy. Moor argues that privacy depends heavily on the situation. A private situation can vary from culture to culture, place to place, and time to time. Privacy should be attached to the context rather than the information itself.

We can use this theory as a basis for evaluating the effectiveness of current legislation and the proposed solutions. It also fits in nicely with Prof. Lazowska's suggestion of exploring the tradeoff between "the collection of information" and "the use of information".

In the self-regulation section, I can use the theory to argue that current privacy tools operate at a granularity level that is too large and don't provide enough control for the user.

As far as meeting goes, we could talk before that dinner on Thursday. I'm free tonight and tomorrow if you wanted to meet before then. However, for Ted's sake we should probably keep as much of this on the Wiki as we can.

(User: John) Perhaps, I have a rather restricted view of the Privacy issue. From my perspective, privacy is an inherent right that is implied in the U.S. Constitution. I think it should be clearly spelled out as an Amendment. I have little faith in the government to respect our privacy (reference Echelon, Tempest related technologies, HK satellites, mind control experimentation like MK Ultra, non-lethal weaponry techniques, etc.) and I firmly believe that police and military mentality is to completely control society. Our powerful intelligence gathering agencies have now been turned against the citizenry under the excuse that we need "protection" from terrorists. The internet is the latest commercial market, mail system, and library system of the American public. By eavesdropping into it, information gatherers can totally bypass even the nominal privacy protections that we citizens have had - until recently. Threats to privacy are twofold in nature: first, there must exist a mentality that does not respect anyone's privacy; and second, there must be technological means to collect data and eavesdrop surrepticiously. Assuming that one does not like such anti-privacy activity, then he must counter this attack by: 1) making his fellow citizens aware of the problem, 2) somehow putting pressure on those who violate his privacy, and 3) countering the technology that allows the collecting and snooping. The first thing I would do, is to canvass the country with an education campaign, and then pass a federal statute or constitutional amendment to create a zone of privacy for all citizens vs. the government and commercial enterprise. Technological defense techniques will almost always lag behind. Originally, I envisioned a paper that addressed strictly legal concerns and solutions, and purely technological solutions. It now appears that Maurer and Ed think such an enterprise is too large. I posit that the discussion of privacy as a right is not impossible to adequately cover within this project paper. A discussion of the known major technological internet threats and the technology to defeat these threats is workable within the limitations of this paper, too. Comments?

Jim Jantos: I do not think that John's position is unattainable, but it will require focus on certain privacy "threats." Perhaps we can take an internet related issue (e.g. spyware) and decide whether it violates "privacy" and propose solutions to ensure privacy rights are upheld.

I plan to meet with John sometime between 3:30 and 4PM tomorrow, Nov. 18, in the atrium at the comp. sci. building. I hope that Ryan will be able to join us. I will have my laptop, so I will update this page as we debate, for Ted's sake.

Ryank: I can get there around 4PM. Feel free to start without me if you both show up earlier.

Results of Meeting: Revising the Scope of the Project

Jim Jantos: First, here are a couple of websites that I was looking at this morning regarding privacy (I know some have already been mentioned elsewhere):

Electronic Freedom Foundation Electronic Privace Information Center (Both mentioned by Prof. Maurer in his comments.) Privacy.org Global Internet Liberty Campaign paper from GLIC

For Ted's sake, Ryan, John and I met before class for a couple of hours on Thursday. We discussed several issues based on the comments provided by the instructors regarding our project outline. The main criticism was scope, and we attempted to narrow our scope while still staying within the basic proposed outline. We decided to narrow the scope to the internet and privacy concerns regarding data collection via the internet.

Based on our discussion, my thought is that we should have an initial position on the subject, i.e. internet data collection violates certain privacy rights. Many commentators have discussed the philisophical underpinnings as to why the internet impacts privacy. I would like to avoid a full-blown philosophical discussion. John discussed privacy in terms of individual rights - each individual has their own zone of privacy. If we start from a position supporting a large zone of individual privacy, internet data collection is likely to cross into the zone and violate an individual's notion of privacy. Why? The collection of data about an individual's surfing habits may allow a third person to create a profile about a person. However, such process requires many assumptions and a subjective interpretation of data. As Ryan pointed out, data collection is preferable in some instances to create an enhanced experience (i.e. Amazon suggesting other titles consistent with a person's prior browsing). However, profiling can certainly be incorrect and used by third parties in a negative fashion (the government, insurance companies, credit bureaus, etc.).

Once we assume that internet data collection is bad for privacy (and people may agree or disagree with this basic assumption), the paper flows as orginally planned - Do current laws (here and abroad) adequately protect individuals from internet privacy concerns? What tech devises are used to collect data on the internet and how do they work (spyware, etc.)? What non-legislative solutions are possible to limit internet data collection with respect to privacy? What legal solutions are possible - legislative efforts, constitutional amendment?

Ted Zuvich: Thanks for getting that scoped downward, guys. I wish I could have been there. I think that the outline that I'm developing will work nicely with this. My outline is boiling down to a discussion of the technological means (legal, tricky, and otherwise) used to gather data about a person on the internet.

Ted Zuvich: One additional comment: I don't think you have to assume "that internet data collection is bad for privacy"; you only have to assume that internet data collection impacts privacy.

Data Collection And Privacy: WIP

Tedz: in the interest of keeping things transparent, I'm going to do something that I would not normally do: post the random collection of thoughts and information that is my current "research dump." The page is here:Technological means link

I have uploaded the rough draft of my section, available here.

Ryank:

Self Regulation

Ryank: I've created a separate page for my subtopic.

Ted Zuvich: A few comments. I'll add more as I read more: 

What about the use of a web anonymizer or similar technology to dodge the bullet on web beacons?

Ryank: If I understand correctly, web beacons are typically implemented as IMG tags. If this is the case, then the HTML scrubber used by an anonymizer would be sufficient for protecting individuals. From the home server's perspective the web beacon is 'phoning home' from the anonymizer and not the real user's machine. On the other hand, Web bugs implemented using a scripting language like JavaScript might be able to bypass the anonymizer.

New Ideas of Focus

Jim Jantos: In continuation of our efforts to narrow our focus, John and I have had additional long discussions.

After reading through several inches of research materials, my current thoughts are as follows: Internet data mining and profiling is not inherently evil from a privacy perspective - the main fear that I have is when profiling is used by the government, e.g. for investigative purposes, discrimination, etc. The internet is about information gathering and sharing, and limiting the uses of the internet between private parties based on priacy concerns may not be a good idea. However, providing privacy as a social right that protects from government intrusion is an important and currently lacking area. As a result, my focus is on obtaining a basic right to privacy (i.e. a constitutional right to privacy as to our nation and its government) while allowing self-regulation, technical advances, and specialized legislation to protect privacy as between private parties (i.e. status quo is still viable).

Overall, internet profiling by private parties is not evil, but it can be evil if the government obtains and uses profiling data. Technological measures, self-regulation, and existing legislation remain viable to address individual privacy concerns against online information gathering and profiling. A social right to privacy is required, but such right should be dealt with on a constitutional basis protecting individuals from government.

Ted Zuvich: Shouldn't be a particular problem. My section of the report basically focuses on how ad networks go about building an online profile -- it doesn't say anything about what happens to that profile once its built. The literature that I've read (as you say, several inches so far) suggests that there was much noise and thunder about online profiling, and in the end they decided that self-regulation would suffice. I would be very leary of what could happen to that profile, however. Could "the government" look at it and datamine it? Could it be subpoenaed into court? Hmm.

Ted Zuvich: And another random thought. What about the use of the profile by credit bureaus and insurance companies, as you mentioned in one of the earlier discussions? What about the practice of "weblining" according to profile data? Are those uses bad?

Ryank: My section focuses primarily on the problem of making sure that users are adequately informed about a web sites privacy practices so they can make an informed decision. I don't say anything about punishing rogue web sites that say one thing and do another. It sounds like your section is going to cover enforcement (protection against governmental abuse anyway) which would be good.

Rough Drafts

Ted Zuvich: If everyone can get a rough draft of their section up on the wiki by the end of the class on Thursday, I will take an initial pass at linking the sections and editing for continuity, as well as writing an appropriate introduction. I will post this to an appropriate wiki page and let Tap know on Friday.

Jim Jantos: Thursday evening may be a tall order for me - I will probably still be working on my part Friday morning. I appreciate your offer to attempt to link the sections together. Additionally, we have most of next week to link the sections. I am most concerned about getting 40 or so pages of something together by Friday afternoon. I will be in touch with John and we will try to email our sections to eachother as soon as possible.

Ted Zuvich: Do you mean that your section is 40 or so pages? If so, that seems a little excessive. Can you cut it to around 8-12 pages?

Jim Jantos: Sorry, I intended 40 or so pages for the entire group! From what I am working on now, I expect 10-15 pages.

Since Ted volunteered, I suggest that everyone email their separate sections to everyone else, and Ted can paste and post (or email as a word doc). How about by 3pm today?

Ted Zuvich: Jim, John? Where are your rough drafts?

(User: John) I want to thank TedZ for the effort he made with collating the various work done by the other three authors. I think the paper needs some more massaging to bring out the best ideas from all of us. We might want to consider a smoother sequencing of subtopics. I know that the last portion of my contribution should go at the end of the paper. Also, if anyone has any further ideas on how to draft the Amendment, please give a holler.

Ryank: I'd like to give my kudos to TedZ as well. After reading through the draft, I have a couple of comments regarding the Amendment issue. The first is a bit pedantic but I don't think its possible to allow individuals to 'control' their personal information given that we lose ownership of it once we divulge it to another entity. Its not quite the same as being able to control property or self. I think being able to 'restrict access' to personal information is a more reasonable expectation. Second, the criticisms of the EU Data Protection Directive include the fact that it interferes with other rights such as free speech and that "all data collection and processing is prohibited unless certain conditions are met." Wouldn't an Amendment have the same problems?

Ted Zuvich: Thanks guys. A few points: I'll go through and make an updated copy of the paper, including an introduction and a conclusion, with linking paragraphs. We can compare notes and hopefully come up with a good paper. Anyone who is working on a rewrite, please finish by Wednesday night so that we can start the process of arguing about the final form.

Second, some specific critiques of John's section. This section contains quite a bit of editorializing and tilted language. I don't think that belongs in a policy paper. Just present the facts. And statements like "Profiling of individuals is a very real, immediate, and serious threat to the privacy rights and civil liberties of all of us", should be thoroughly backed up with references that detail "says who."

Third, you really should not quote from a dictionary when writing a scholarly paper. I think you can find a better reference for privacy definitions. See some of the papers on Moor's definition, for example.

Fourth, I do not think that this section adequately presents the case for a constitutional ammendment. Maybe its just a matter of a better transition paragraph.

A comment in one of the emails (can we post that? OK with everyone?) said that we "reserved most of our comments for privacy threats from the public sector and not the private sector." I think that this is almost entirely backwards from the thrust of our comments. Anyone else have a comment?

Preparing the final draft: an email thread

[Tedz]

Jim, John, and I had a discussion that started out as an email thread, but ended up being very Wiki-worthy. I've attempted to reconstruct this chronoligically and completely. Any errors are my own. The main points are: it shows how we (successfully) addressed some problems with the group dynamic, and it show that you can reach an agreement with enough discussion.



From: "Ted" <ted_zuvich@knifeedge.com> To: "James S. Jantos" <jantos@speakeasy.net> Cc: "'Peterson, John W'" <john.w.peterson@boeing.com> Subject: Revised John W. Peterson section Date: Wednesday, December 08, 2004 11:24 AM

Per our discussion, please see the attached document.

This section of the document needs substantial work. I cannot approve it in its current form.

It contains several instances of "diatribing" against the government that need to be removed (I've already removed several). Its ok to take stand, as Maurer urged in his comments. In this case, the stand is "government should have limited and restricted access to information gathered via online profiling, and there should be a constitutional ammendment (or law?) to enforce such restriction." The case should NOT be "government is bad, big government is bad, we're moving away from what the founding fathers intended and we need to fix it". Even if its true. Those are subjects for a different set of papers.

I have also marked several places in the paper that need better references or clarification. My comments are typically enclosed in brackets [ ].

Feel free to give me another call if you wish to discuss this further.

From: "Peterson, John W" <john.w.peterson@boeing.com> To: "Ted" <ted_zuvich@knifeedge.com> Cc: <jantos@speakeasy.net> Subject: RE: Revised John W. Peterson section Date: Wednesday, December 08, 2004 12:14 PM

Thanks for the response. I do not intend to change that which I have already written because you don't like the style or subject matter. It is too late in the game to change what you have suggested. I have written on those matters we collectively agreed upon. The only thing really original in our paper is the proposed Constitutional Amendment as a solution to privacy threats. In the introduction, I tried to limit the scope of the privacy umbrella primarily to governmental threats because Lazowska and Maurer suggested that we needed to limit the scope. Further, they advised us to take a genuine stand on something to avoid the "book report" syndrome. Your comments about "diatribing" are incorrect and out of line. Some of your critical comments placed within my text are ridiculous. I've been writing scholarly papers for years, and they include a variety of disciplines. I've got my doctorate and I am working on a post doctorate law degree. Your background may not have prepared you for legal style research. Your role in editing was to collate, reposition paragraphs within the whole, and check for simple mistakes, not make last minute petty critiques. I have no problem with coherent critiques, but this is not the time to do what you are attempting to do. You should have noticed that none of the rest of us is doing that to you. I do not know if you intend to confine your commentary to just my portion, but I suspect not. As a result, you will now need to decide if you want your portion of the final paper turned in with the rest of us, or not. I intend to turn my portion of the paper into Lazowska as I wish it to read. You, of course, are free to do as you please. I hope this ends the waste of time on collateral issues.


From: "Ted" <ted_zuvich@knifeedge.com> To: "Peterson, John W" <john.w.peterson@boeing.com> Cc: <jantos@speakeasy.net> Subject: Re: Revised John W. Peterson section Date: Wednesday, December 08, 2004 12:56 PM

The modifications that I have suggested to your paper are within the realm of 10 minutes of editing. This is the only opportunity that we have had to review and comment on each other's works, so we had better take advantage of it. If you have critiques or suggestions regarding my section, I want to hear them.

Note that I thoroughly agree with you that the paper needs to make stand.

These are not collateral issues -- they are the point.

From: "James S. Jantos" <jantos@speakeasy.net> To: "'Ted'" <ted_zuvich@knifeedge.com> Cc: "'Peterson, John W'" <john.w.peterson@boeing.com>; <ryank@cs.washington.edu> Subject: RE: Revised John W. Peterson section Date: Wednesday, December 08, 2004 1:05 PM

Ted:

I appreciate your comments. However, my perspective does not fully coincide with yours.

This is a group project with a limited time frame. We are strangers with limited ability to survey each other to determine whether our background, views, values, and writing styles mesh. I certainly do not "approve" or what you, Ryan, and John wrote. Each represents a perspective and writing style different from mine. However, that is the nature of a group paper - we choose a common topic and agreed to write separate sections. I fully recognize the drawbacks and believe that Lazowska and Maurer also understand the dynamic involved.

I really do not want to edit each other's sections, whether I approve or not. It is too much work at this stage. I do want to take what everyone has written and cut and paste with minimal substantive editing to produce a final product that has a semblance of organization. John and I are meeting today with that goal.

In line with your ideas, I will attempt to mollify John's section. However, I am generally in agreement with his view - I do not trust government and I believe that privacy rights of individuals as related to government is the crux of the matter. John's viewpoint is a subject for the paper. In line with your comments on John's draft: online data gathering and profiling does worry American citizens (this has been demonstrated in countless surveys and the position has been espoused in a supermajority of every commentary on the subject - we can disagree as to whether or not a citation to references is necessary); citing Webster's dictionary is perfectly fine and not unscholarly - it is a basic source to support a basic premise to make a basic point; and, what bad things will government do with online profiling? - I think that history speaks for itself (e.g. Germany during the Nazi reign, the Balkans in the 80's and 90's, etc.) and that this point does not have to be "spelled-out."

I can certainly go through your section and criticize your style, references, and point of view. But I do not want to - your section is your work product, it will remain a part of the paper as you wrote it, and will continue to represent your perspective. The outline explains who was responsible for each section so Lazowska and Maurer will know. If you are still worried, we can footnote the subheading of each subsection stating the author of the subsection.

Jim



From: "Peterson, John W" <john.w.peterson@boeing.com> To: "Ted" <ted_zuvich@knifeedge.com> Cc: <jantos@speakeasy.net> Subject: RE: Revised John W. Peterson section Date: Wednesday, December 08, 2004 1:23 PM

Well, I'm not sure I understand what you are now saying. Ted, with rspect to your comments, I think you are simply mistaken. There is no way to change the paper's slant at this juncture. Nor, should we want to. The paper is due on Friday. All of us works until the evening, including Wednesday, Thursday, and Friday. That leaves us little time to complete an end product. The rest of us have additional modifications to make to the paper. We want to make sure that the ideas are sequenced within the body of the paper in a coherent fashion. The conclusion to adopt a Constitutional Amendment needs to be placed at the end of the paper, for example, not at the front. The technical portions should come after the legal framework has been fleshed out. There may be a need to add a paragraph or two to blend the collective ideas. We may want to add a few footnotes. The last thing we have time for is to debate collateral detail. Your suggestions have been noted and will be dealt with as needed. If you wish feedback on your section, perhaps Ryan can help. If you are done with your section, please forward it to Jim. I understand that we have not scheduled much time to hone this paper. If you do not like the tone of the paper, you can always add a postscript comment describing same. I would suggest that you carefully consider such an action, however, as it may affect the appearance of unity with regard to the paper, and consequently, our grade.

From: "Ted" <ted_zuvich@knifeedge.com> To: "James S. Jantos" <jantos@speakeasy.net> Cc: "'Peterson, John W'" <john.w.peterson@boeing.com>; <ryank@cs.washington.edu> Subject: Re: Revised John W. Peterson section Date: Wednesday, December 08, 2004 1:25 PM

Hmm. Put that way, I can understand the situation a little better. I do, however, think that we have time enough for a little back and forth about the style and content. I think that we can do a little better than a cut, paste, and basic merge job if we argue about this a bit.

Personally, I agree with John's viewpoint as well. I don't want the government knowing anything about me that it shouldn't, and I don't trust it with what it does know. I simply feel that our paper should very narrowly focus on restricting the government's access to online profiling information, without editorializing about the size of government. This is an extraneous point -- we just want them NOT to have access to online profiling information.

I agree that major editing is beyond us at this point. I believe, however, that the things that I have proposed are thoroughly attainable with very minor editing. I also believe that we will have a stronger paper if we discuss each other's sections a bit.

From: "Ted" <ted_zuvich@knifeedge.com> To: "Peterson, John W" <john.w.peterson@boeing.com> Cc: <jantos@speakeasy.net> Subject: Re: Revised John W. Peterson section Date: Wednesday, December 08, 2004 1:36 PM

I repeat my earlier statement: the changes that I have proposed amount to deleting a few key sentences and phrases. Making these changes does not alter the point of the paper.

I do not expect my concerns to be dealt with "as needed." I expect them to be dealt with seriously and with great consideration for the fact that this is a collective effort.

From: "Ted" <ted_zuvich@knifeedge.com> To: "Peterson, John W" <john.w.peterson@boeing.com> Cc: <jantos@speakeasy.net> Subject: Re: Revised John W. Peterson section Date: Wednesday, December 08, 2004 1:44 PM

To phrase my concerns another way: I'm trusting you and Jim to do the final rewrite. Thanks for volunteering, and I appreciate it greatly. I have some concerns and have made some suggestions, however, and I want you to seriously consider them as you perform the rewrite (which should be fairly minor). I would be remiss in my duties as a team member if I did not voice my concerns, even the minor ones. At this point, you guys are doing the final work, I'm just shouting from the sidelines.

From: "Peterson, John W" <john.w.peterson@boeing.com> To: "Ted" <ted_zuvich@knifeedge.com> Cc: <jantos@speakeasy.net> Subject: RE: Revised John W. Peterson section Date: Wednesday, December 08, 2004 1:52 PM

Again, we simply disagree Ted. The primary point about the governmental threat to privacy is that it is the byproduct of expanding government and technology. You don't have this problem with small weak government. Now, whether or not your political perspective agrees with that is not the point. It makes a perfect emotive lead-in to the privacy issue for the reader, and the position upon which we are founding the paper. It was necessary to select either private sector threats to privacy or governmental ones. We chose the latter, for two fundamental reasons: 1) no one else has done a paper on the subject matter, and 2) our Constitution is designed to protect the citizens from the acts of the federal government. And, our federal government is much more dangerous than the business enterprises operating on the web. The government has the most advanced technology imaginable. It controls the police, the courts, and the army. Any private sector invention can be confiscated by the federal government and its agencies and research thereon, stopped. It can force any business enterprise to sell its technology to it. Consequently, it is the big bear in the baby playpen. If you read my piece, you would understand that once a federal constitutional amendment is passed, then it automatically impacts the state's constitutions and laws, and any contractor or person working for any level of government. Now, the sources cited are all pretty much afraid of the government's growth. As it grows, and has grown, it has caused tension with our civil liberties - including privacy. You may support an ever growing federal government, politically, but that position is inconsistent with this paper. Such concern should have been made quite some time ago. This paper does not tie you personally to any political viewpoint. But the one espoused in my piece is necessary for the theme of this paper. It is simply too late to change that theme.

From: "James S. Jantos" <jantos@speakeasy.net> To: "'Ted'" <ted_zuvich@knifeedge.com>; "'Peterson, John W'" <john.w.peterson@boeing.com> Subject: RE: Revised John W. Peterson section Date: Wednesday, December 08, 2004 1:56 PM

Ok, that is enough for now. I understand everyone's position and will edit with that in mind.

From: "James S. Jantos" <jantos@speakeasy.net> To: "'Peterson, John W'" <john.w.peterson@boeing.com>; "'Ted'" <ted_zuvich@knifeedge.com> Subject: RE: Revised John W. Peterson section Date: Wednesday, December 08, 2004 1:59 PM

OK, that is enough already. Actually, John's comments may be incorporated in the paper! We need to post these messages to the Wiki to show that we have attempted to address the problems with the group dynamic.

From: "Ted" <ted_zuvich@knifeedge.com> To: "Peterson, John W" <john.w.peterson@boeing.com> Cc: <jantos@speakeasy.net> Subject: Re: Revised John W. Peterson section Date: Wednesday, December 08, 2004 2:13 PM

This paragraphs clearly explains the link between the technology and the government, especially the line about "You don't have this problem with [a] small weak government." Can you make sure the paper clearly makes this point? To me, the paragraph below makes things a lot clearer.

From: "Peterson, John W" <john.w.peterson@boeing.com> To: "Ted" <ted_zuvich@knifeedge.com> Cc: <jantos@speakeasy.net> Subject: RE: Revised John W. Peterson section Date: Wednesday, December 08, 2004 2:13 PM

Your comments have been noted for the record. I sincerely hope you have considered mine, in response. You have done your duty in bringing your concerns to our collective attention. We will now get on with the final collective draft.

From: "Ted" <ted_zuvich@knifeedge.com> To: "James S. Jantos" <jantos@speakeasy.net>; "'Peterson, John W'" <john.w.peterson@boeing.com> Subject: Re: Revised John W. Peterson section Date: Wednesday, December 08, 2004 2:15 PM

Fair enough. Everybody OK with posting this thread to the Wiki? I am. Should make good reading.

From: "Ted" <ted_zuvich@knifeedge.com> To: "James S. Jantos" <jantos@speakeasy.net>; "'Peterson, John W'" <john.w.peterson@boeing.com> Subject: Re: Revised John W. Peterson section Date: Wednesday, December 08, 2004 2:16 PM

Further to Jim: Yes! John's paragraph below is exactly the sort of thing that I'd like to see in the paper!

Retrieved from "http://cubist.cs.washington.edu/CSEP590TU-wiki/index.php?title=Talk:Student_Projects:Privacy_Internet&oldid=5078"