PrimeLife meeting in Frankfurt

Well, as the Twitter channel wasn’t working for me at the time, here’s a quick update about the PrimeLife workshop I have jsut attended in Frankfurt. PrimeLife is an EU part-funded project which follows on from the PRIME (PRivacy and Identity Management in Europe) project. It seeks, among other things, to turn some of PRIME’s principles into practical privacy-protection over (and beyond) the life of the citizen/data subject. I am fortunate enough to have been invited to be on its Advisory Group – hence the trip to Frankfurt.

It’s a little unfair to pick specific sessions from what was a very productive and thought-provoking workshop, but I’m going to do so anyway… life isn’t always fair, after all. The two discussions which I found particularly interesting were on ‘identity and privacy in social networking’ and ‘managing personal information throughout life’.

I won’t try to reproduce either of them here, but for instance, the social networking session raised intriguing questions about implicit and explicit disclosure, and the risk assessments users make on the basis of perceived risk. As you might expect, those risk assessments are often likely to be fundamentally flawed.

Here are a couple of examples which I found particularly striking:

– “I’ve uploaded some photos from last weekend’s party – but it’s OK; I haven’t labelled who’s in them, so the only people who will recognise you are the people who know you anyway”. Except that facial recognition software can render that assumption invalid. You might argue that the face-matching capability is not in the hands of every individual… but I’d counter that that’s only a matter of time (grid/cloud computing and Moore’s Law being what they are), and the photos will still be there when it is. In the meantime, there are plenty of organisations with the capability and the motivation to crawl the web matching faces to individuals and individuals to market segmentation profiles.

– “I have a MySpace account I use for social stuff, and a FaceBook account I use for family stuff. But I want to keep them separate, so one of them is pseudonymous.” Apparently not only facial recognition, but also ‘background recognition’ algorithms are good enough now to start making matches on that basis, and that kind of capability can nullify a lot of other steps you might have taken to try and enforce separation between personas. Even if you’re not in the photo, there could well be enough data there (background, time/date) to make it linkable.

Worried? Then you probably shouldn’t read this.

The discussion about life-long management of personal data of course raised the issue of what to do when the data subject is not capable of managing either their personal data or their privacy on their own behalf – for instance, through illness, incapacity or, in extreme cases, death. The latter is not a trivial case, and there was much debate about whether systems should be designed with a ‘recovery mode’ in mind. Not, I hasten to clarify, for reanimating the deceased… but to make it possible for executors and/or trustees to get appropriately controlled access to someone’s ‘digital legacy’. After all, the more we live our lives online, the more of our information and assets are likely to be found there (rather than in a dusty box of papers in the attic).

Fascinating stuff, and looking at the PrimeLife participants, I think their investigations and conclusions are going to be well worth keeping an eye on over the next two years.