[MyData & Open Data] Introductions

Fri Mar 15 17:12:53 UTC 2013

heyhey,

i think we ventured quite far from the mydata topic, but i feel inspired by
your response. (i also joined your two mails into one, in case you wondered)

On Thu, Mar 14, 2013 at 02:07:25PM +0000, Hare, Jason wrote:
> Perhaps we are not talking about the same thing.

i try.

> Personal data is something which most PSAs already collect on their constituents. Whether you trust them or not every time you interact with an agency there is some kind record created. You may not trust the city planning department but if you require a permit for an addition to your house some PII information is collected to ensure you meet all of the regulations and codes regarding the modification of a structure. 

i am aware of such needs. however i believe, that with ICT technologies have
transformed or are transforming all parts of life. the struggle of the music
industry to reinvent itself is a similar such process. some parts are changed
earlier than others. governance and law being traditionally slow in this. the
way ICT is used in governance is an afterthought, traditional processes are
supported by ICT.  unfortunately it is quite impossible to anonymize, and to
contain information - imagine a mandatory reporting requirement for all data
leaks, how would http://datalossdb.org look like? With ICT you need to
reorganize your processes, some stakeholders might become unnecessary, some
transform and some new appear.

ICT makes all kind of things more economic. Not only copying music or movies,
but take for example the east-german STASI, that needed 800.000 informants to
operate. Although the STASI surveillance did have a chilling effect, but the
surveillance was not as good as today with data retention, lawful interception
interfaces, botnets and facebook etal. So with ICT it becomes more accurate
and cheap to misuse all this data. mydata like "like" clicks on facebook, can
easily turn into sexual, political, etc profiling:
http://www.bbc.co.uk/news/technology-21699305

people are building their own kompromat online:
https://en.wikipedia.org/wiki/Kompromat with long-term chilling effects, it's
enough to know they have your misdemeanors and deviations from social
expectations on file, and if there's a need to suppress you, you know it's on
record.

> My post is not about trust. My question is more to how can we in the US do a better job of protecting PII information while operating within the law.
> I do want to address some of the statements you made in your response to me. "Government" as a single monolithic entity does not really exist. The "government" is a collection of departments, agencies and actors that all have their own agendas. 

that is correct, this is also its reason for being unable to handle such data
responsibly. i think Cablegate is a fantastic example of one brave soldier
leaking some material to the public, while unknown amounts of similarly
sensitive or private data gets leaked to private for-profit companies, which
we rarely hear about. 

i understand that most of these organizations are full with honest
well-meaning staff, however information needs to be copied only by one person
heroically, maliciously or accidentally, the cost of reproduction is near
zero. and when you have 3 million people accessing SIPRnet things invariably
leak.

> Governments collect data in different departments/agencies for different reasons. Permit data, for modifying a house, widening a street, creating a parking lot, contain various PII data points through showing the address of the work to be permitted. The police collect data on a crime event which contains the name of the victim, the location of the crime event and the crime event itself. Emergency responders collect information on the event and those affected by the event. All of these situations require PII information to be collected for the benefit of those affected by an event whether it be a fire, crime or to install a swimming pool.
> Your statement about collecting the minimum information required is something already practiced by most municipalities. In the case of where I work, I often find I have too little data on an event (poor geo-location information with crime data for example). No department I work with uses paper nor wishes to spend additional time collecting information that is not absolutely essential to perform their duties.

indeed, and i do not question this need on a local basis. but i do question
this data as centralized databases, in long-term digital storage. it is only a
question of time until someone wants to do "predictive behavioural analytics"
on the data. as the above example with the STASI shows, analog data is much
more expensive to exploit. and by creating such natural economic barriers by
keeping stuff offline and analog we can avoid a lot of problems, while still
serving the public. so paper is actually not so bad.

as ohm also shows, data is either useful or anonymous. privacy is an
inconvenience which is externalized on the data subjects. what is worse, your
data might be useless to you, and still be sensitive for the data subjects.
so if you have too little data, you might want to review if the benefits and
the social costs are balanced.

> Like everyone else, public servants have had reductions in force until we no longer have enough people to fulfill basic government functions. I cannot speak for the federal level but here locally we are looking for ways to reuse skillsets and make our teams more agile by decoupling workers from applications management to a more service oriented architecture. 

i think until we have mandatory reporting on incidents to private data and
financial and criminal liability for irresponsible data handling, there will
be no efforts made to limit the inevitable leaking of data. with such
sanctions however, the incentives are there to have a chance of developing
some ICT-based processes, that have a less negative effect on privacy.

> Maybe it is different where you live but here the scenario you describe does not exist here. 

i usually say i come from the internet. but i have some experiences living in
contemporary Hungary and earlier under the watchful eyes of the STASI.

i guess our thread is the most extensive introduction of any members you can
read on this list :)

thanks for making inspiring me to write this.
s

-- 
pgp: https://www.ctrlc.hu/~stef/stef.gpg
pgp fp: FD52 DABD 5224 7F9C 63C6  3C12 FC97 D29F CA05 57EF
otr fp: https://www.ctrlc.hu/~stef/otr.txt