We’re pleased to announce that Ilya Marritz will be contributing to our blog. Ilya is a journalist based in Brooklyn, and he reports for public radio on energy, the environment, and the economy. We’ve always planned for this blog to become a forum for engaged and thoughtful debate on how information-sharing and privacy issues are relevant to all of us. We’re excited to be adding a new voice and perspective, and we look forward to hearing your thoughts on Ilya’s posts as well.
Archive for the ‘CDP Announcements’ Category
Introducing a new blogger, Ilya Marritz
Tuesday, January 20th, 2009Trying to “show, not tell” CDP’s values
Tuesday, January 6th, 2009Let’s be honest—it’s not easy to explain what we at the Common Data Project are trying to do.
It’s been a year since we incorporated as a nonprofit organization, and over the past year, we’ve had conversations with a lot of people, from media professors to actuaries, about why we decided to found this organization. Different people have been excited about possibilities in different areas. A friend who works in housing advocacy saw possibilities in addressing the subprime mortgage crisis; a law professor saw possibilities in analyzing federal tax policy. It’s what makes our work exciting—that it can be applicable to so many contexts—but it’s also what makes it difficult to explain in simple terms.
So we’ve decided to follow our grade school English teacher’s advice: “SHOW, don’t tell.” Instead of trying to describe what we want to do, we hope to demonstrate our information and privacy values through the launch of a new web-based application.
The site will be focused on the issue of healthcare reform, and we will be giving people a new way to voice their support for comprehensive, effective healthcare reform in this country. It’s an issue that we’re passionate about, and we know other people are passionate about. Even before the Obama transition team began holding community discussions on healthcare, we’ve been amazed how much people were already talking about healthcare in deeply personal ways. There is already so much organized energy around this issue, groups and communities working together to accomplish their goals, that we could see a real value to providing a new outlet for that energy. Although the issue touches upon health, one of the most sensitive and private areas of people’s lives, it’s also an area in which the value of sharing information is so obvious, people have been trying new, imaginative things to make that sharing happen.
So what does all this have to do with “real privacy, more data”? Stay tuned for more.
DIMACS Workshop on Internet Privacy
Thursday, September 25th, 2008
Slide from our presentation; image from Harpeth Presbyterian Church
The Common Data Project recently attended the DIMACS Workshop on Internet Privacy at Rutgers University. Since we’d already introduced the basic idea of a datatrust at the last DIMACS workshop we attended in February, we decided to do a presentation on a more specific aspect of our work—how an individual user might interact with the datatrust. We want to create a new paradigm, a completely new way for individuals to collect their own personal information and share it with others—whether friends, researchers, or businesses—in ways individuals dictate. Alex emphasized how such a model must be more intuitive than the opt-in/opt-out models available today, and walked through how this might be possible.
Given that the topic “Internet Privacy” covers a range of issues, the workshop drew a diverse group of participants. We heard a presentation by Adam Smith at Penn State University on differential privacy, a new area of research that we’ve been interested in for some time now, with the hope that it could be useful to our datatrust. Daniel Howe from NYU and Felipe Saint-Jean from Yale presented on TrackMeNot and Private Web Search, two different approaches to obscuring identification by search engines, leading to an intense discussion on the ethics of purposefully messing with the business model of Google and the other search engines. EJ Jung from the University of Iowa gave a fascinating talk on the ways controls have been placed on access to data in the Medical Image File Archive (MIFAR) at the Radiology Department. We found her talk particularly compelling, as her project deals very practically with existing data and the obvious needs of doctors, researchers, and patients. Solon Barocas at NYU, who also spoke on our panel, shared his research on how data-mining is used by political campaigns for voter profiling, which raises interesting and possibly troubling implications for democracy.
We were also struck by Naftaly Minsky’s presentation on preventing servers from abusing their clients, as he discussed the possibility of hypothetical “trusted third parties” to act as intermediaries between individuals with information and businesses and other organizations that seek information. His description of the ”trusted third party” seemed to us somewhat similar to our conception of a datatrust. We’re looking forward to exploring further how his research, as well as the other research we learned about, could shape our work.
Upcoming CDP Presentation at DIMACS
Tuesday, September 16th, 2008The Common Data Project is excited to announce we will be presenting at the DIMACS conference this week. Officially called the “Workshop on Internet Privacy: Facilitating Seamless Data Movement with Appropriate Control,” the conference is organized by Dan Boneh, Ed Felten, and Helen Nissenbaum.
Alex Selkirk will be speaking on a panel on Thursday, September 18, called, “Aggregation, Mining, Profiling: Who should be in control?” We’re looking forward to the feedback we’ll get at the conference, as we’re eager to share our ideas and learn from others who are on the program. We’ll provide more information on our presentation after the conference, and we look forward to hearing your thoughts.
The Common Datatrust Foundation Changes Name to The Common Data Project
Monday, August 18th, 2008We are excited to announce that we have a new name, The Common Data Project. We’ve changed our name for a couple of reasons, to avoid confusion around our use of the words “trust” and “foundation.” As an organization trying to create a new kind of nonprofit institution, we were interested in using these words to help explain our work through analogies to existing institutions–a datatrust that holds an individual’s personal information like a personal financial account, an organization that provides “grants” of information to researchers and nonprofit organizations. But given the specific legal definitions of a financial “trust” and “foundation,” we’ve decided that it’s more important to avoid public confusion. After all, we’re very decidedly not an investment company nor a private foundation.
In any case, we like the immediacy of the word “project”! We’re excited about moving forward on our Project and we hope you’ll get involved with our Project as well.
Raising privacy expectations by raising privacy standards
Tuesday, August 5th, 2008It’s great that Google is becoming more transparent about how they use your data to tailor your search results. It’s the kind of thing we’d like to see more of. However, is it enough to merely state the status quo? Or should we really be demanding not only transparency but control and ownership as well? Saul Hansell has it right, the data Google collects from you is *yours*, not theirs. So not only should we all get a better look at what Google is doing with “our” information, we need to be able to set some ground rules about what is used and how its used. And by “setting ground rules,” I don’t mean choosing between opt-in and opt-out radio buttons.
Today, privacy policies are meant more to protect companies from liability than protect individuals’ privacy rights. Even though a lot of people don’t fully understand how their information is being collected, we all know that it’s a one-way street. While businesses buy, sell, and share sensitive, personal information, we can’t even access our own information. More and more people are becoming wary of data collection in general, and as a result, the debate between privacy advocates and businesses has become framed as a conflict, privacy versus information. However, we as a society should seek solutions that promote both privacy and information.We at CDTF want to change the culture of data collection from one where one where businesses and other data collectors have all the control to one where individual users are secure enough in their privacy to become active participants and consumers of data. We’ll need new technologies, policies, and possibly legislation, but perhaps most crucial is our need to come to some consensus about how to balance individual privacy rights with our societal interest in information-sharing.We think an important first step is to develop new industry standards that describe what should be happening, not just what is happening in data collection. If more information-sharing is to happen, individual users have to become more confident about their privacy. So privacy standards have to be raised, not maintained.
For example, the first step in certification by privacy companies today is determining whether a company has a privacy policy. Although a company should certainly have a written policy, providing credit for merely having a written policy doesn’t raise the ante in any way.
Currently, many companies’ privacy policies don’t even cover all traffic to a website, as they disclaim responsibility for the practices of their partners and/or third-party advertisers. A standard that declares as a “best practice” the use of an all-inclusive privacy policy that covers all traffic to a site would certainly raise the bar.
Although few companies now would meet this standard, by declaring it to be a possibility, users would become better aware how most privacy policies are not all-inclusive, while companies willing to meet the standard would be able to signal more clearly how they are different from their competitors.
We think the bar should be raised on the following issues as well:
1. How much notice is required when the terms of a privacy policy change;
2. How changes in privacy policy apply to data collected under the previous policy;
3. How long data is stored;
4. How explicitly companies describe how data is used;
5. How data is secured and anonymized before it is shared with 3rd parties in order to provide an “appropriate” level of protection.
At the same time, user awareness of the potential benefits of multi-directional information-sharing, to both individuals and society as a whole, has to increase. We think new standards for user participation in the management of their data should be created around these issues:
1. User access to collected data;
2. User control over whether data is shared and for what purpose;
3. Use control over the “level of anonymization” applied to data before it is shared;
4. Availability of data for public secondary use.
We’re not here to say, “Ta-da! Here are the perfect standards for reconciling the goals of privacy and information-sharing.” Instead, we want to start a conversation on how such standards could be useful, how they could be developed, and how they could be promoted.
Geoffrey Desa joining the board of the Common Datatrust Foundation
Tuesday, April 22nd, 2008We’re very pleased to announce that Geoffrey Desa has joined the board of the Common Datatrust Foundation. Geoff is currently finishing up his doctoral dissertation on technology social entrepreneurship at the University of Washington, Seattle, and will soon begin teaching and continuing his research at San Francisco State University. His research is on small ventures that develop and deploy technology for a social purpose, recognizing that many forms of technology can be replicated and used by large numbers of people at low cost. Geoff has studied organizations and projects from all over the world, from secure documentation programs for human rights field investigators to improved technology for Kenyan beekeepers. In particular, Geoff is interested in how these innovative organizations are launched, how they access and use resources, and how early decisions impact future work.
We’re thrilled that Geoff will be bringing his expertise on nonprofit organizational structure to the Common Datatrust Foundation as we work on creating a nonprofit that sets new standards for transparency, accountability, and trustworthiness.
CDTF’s Presentation at the Workshop on Data Privacy
Friday, February 22nd, 2008The Common Datatrust Foundation recently attended and made a short presentation at the Workshop on Data Privacy, hosted by Rutgers University’s Center for Discrete Mathematics & Theoretical Computer Science (DIMACS).
There were spirited conversations across disciplines as statisticians, mathematicians, computer scientists, and media experts discussed how to balance the public’s interest in both privacy and information sharing. The presentations ranged from tutorials on new security and privacy technology to the management of existing databases of personal information, such as the U.S. Census, as well as thought-provoking presentations on more abstract but highly relevant questions, such as what we mean when we say we want to protect “privacy.” As Professor Helen Nissenbaum from NYU Law School pointed out, certain kinds of information flow are appropriate for certain situations; there is no uniform way to understand privacy protection.
We were excited to see how our presentation provoked questions and conversations as well. Alex Selkirk introduced the concept of a “datatrust,” a secure, structured data storage system where each record in each dataset has a set of rules defining who may use it, what it may be used for, and with what level of anonymity it may be disclosed. The presentation focused primarily on one example of the current limits of data disclosure: the subprime mortgage crisis. Although there is a great deal of data held by banks and mortgage companies on subprime loans, investigators and researchers are unable to analyze the data because the data holders are bound by confidentiality agreements to individual borrowers. CDTF proposed that a datatrust, as a third party, could use new technology to anonymize and aggregate the data in a way that would allow researchers to query the loan data without forcing the disclosure of identifying details about the borrowers. Such data-sharing would further CDTF’s mission to both protect individual privacy and encourage the sharing of information for the public good.
We hope that the conversation we began at DIMACS will continue to engage conference participants and others in the coming months.
Announcing the Incorporation of The Common Datatrust Foundation
Sunday, February 3rd, 2008We’re proud to announce that this blog, “My Place in the Crowd,” has found a new purpose.The issues and ideas that originally gave rise to this blog have led to the recent incorporation of a 501(c)(3), not-for-profit organization, The Common Datatrust Foundation. Our mission is to:
- Raise awareness of privacy challenges we face today
- Broker the exchange of data between individuals, institutions, businesses, and government; and
- Advance new solutions for securely storing and sharing personal information.
We will soon be providing more information on our website, www.commondatatrust.org, about our ideas for achieving these goals. But as the official blog of CDTF, “My Place in the Crowd” will serve as our main forum for developing ideas, raising questions about how personal data is being used by businesses and government, and pushing to define the distinction between real privacy protection and legal posturing. We ask you to join in as well!
As an organization, we value transparency and openness, both in the way we operate internally and the way we promote our goals. We want your thoughts and your participation, as concerned individuals and as representatives of institutions, agencies and businesses. We look forward to hearing from you.
