Re: [ontolog-forum] Strawman Privacy Ontology

[John McClure <jmcclure@xxxxxxxxxxxxxx>]

Hello Michael-
I agree with you that the P3P ontology is the sort of information that needs to be transmitted.

But its 93 (!) properties and classes, and more than 600 individuals (many being classes themselves), are an example of the unnecessary complexity that I rail about in ontologies being produced today. So it's no wonder to me institutional uptake is poor to non-existent as a direct result of its complexity; it exhibits problems of over-specification on the one hand, and intense techno-jargon on the other.

Nevertheless the ontology does represent a good effort to indicate some important functional requirements that must be addressed. If only there was a little funding around to support creation of a more useable alternative.
thanks/jmc

On 1/18/2014 8:09 AM, Michael Brunnbauer wrote:

Hello John,

why start from scratch when others already have spent much time to create
distinctions?

P3P 1.1: http://www.w3.org/TR/P3P11/

As this vocabulary is meant for user agents to compare privacy preferences of
their users with machine readable privacy practices stated by a website, most
of the terms are suitable to describe a users privacy preferences and attach
them to information meant for communication or publishing - even in a non 
HTTP context:

-Type of transferred data
-Allowed PURPOSE
-Intended RECIPIENT
-Intended RETENTION

And here is the RDF version of the vocabulary:

 http://www.w3.org/TR/2002/NOTE-p3p-rdfschema-20020125/

There is an implicit closed world assumption to this vocabulary as preferences
or practices not mentioned are assumed to be forbidden / not practiced but
I do not see a problem there.

I could annotate my web pages - or even specific parts of them - using this 
vocabulary and RDFa right now to express my preferences for crawlers much
more fine grained than with robots.txt.

If I'd actually care. And this is where the really interesting questions start.
For example, why is P3P "lacking the necessary support from implementers
to carry on through the Recommendation Process"? Or why did even such a 
simple thing like Do Not Track fail?

Regards,

Michael Brunnbauer

On Fri, Jan 17, 2014 at 02:09:38PM -0800, John McClure wrote:

Hi - Here are some working notes for a Privacy Ontology. Please pardon 
the formatting but I've got to put this aside for now; the wolf is at my 
door demanding payments I don't have! Maybe a conference call can happen 
sometime. regards/jmc
*
Audiences.
*[1] Ontologists

 * Help better balance the disproportionate power/information positions
   of entities.
 * Better articulate and making accessible elements of privacy policies.
 * Is there some classification of privacy terms that can be
   generalized across privacy contracts?
 * Is there some way of making the effects of these accessible to
   end-users?
 * Is there a way to help end users evaluate the effects of changes in
   privacy policies?

[2] Psychometricians

*Use Cases*.

1. If there is a legal basis for privacy information requests and you 
are asked to develop an ontology that implements only a portion of that 
basis, what should your response be?
2. Is there an imperative for ontologists to develop a code of ethics to 
communicate their role?
3. Should ontologists identify situations that may have legal 
consequences and prefer to act in an advisory role to SME's rather than 
actually drafting the ontology?
4. How does the ownership of communications interact with someone's 
privacy right to copy items one possesses?
5. Facebook Term of Service: "You own all of the content and information 
you post on Facebook, and you can control how it is shared through your 
privacy <https://www.facebook.com/settings/?tab=privacy> and application 
settings <https://www.facebook.com/settings/?tab=applications>. In 
addition: For content that is covered by intellectual property rights, 
like photos and videos (IP content), you specifically give us the 
following permission, subject to your privacy 
<https://www.facebook.com/privacy/> and application settings 
<https://www.facebook.com/settings/?tab=applications>: you grant us a 
non-exclusive, transferable, sub-licensable, royalty-free, worldwide 
license to use any IP content that you post on or in connection with 
Facebook (IP License).

*Definitions.
*/Privacy/: (a) The expectation for an individual that the signals the 
individual generates (whether talking in a room or 
by explicitly recording signals on some medium) will only be accessible 
to intended entities. [asaegyn@xxxxxxxxx] (b) self-calibration of one's 
vulnerability [kidehen@xxxxxxxxxxxxxx] (c) expectations about 
information flow that are met**[5]*.
*/Expectation:
Signal:

/*Requirements.
*specification, transparency, auditability, accountability

*References*
[1] http://www.w3.org/wiki/WebAccessControl -- Web ACLs
[2] http://www.w3.org/ns/auth/acl -- Ontology
[3] http://en.wikipedia.org/wiki/Personally_identifiable_information
[4] http://www.w3.org/2010/09/raggett-fresh-take-on-p3p/
[5] http://www.danah.org/papers/talks/2010/WWW2010.html
[6] http://www.un.org/ga/search/view_doc.asp?symbol=A/C.3/68/L.45/Rev.1
[7] http://www.youtube.com/watch?v=b0w36GAyZIA - Appelbaum presentation

*Design Axioms and Assumptions.
*

1. "Right_of_Privacy" is an instance of class /Legal_Right; /this class
   enables rights to be enumerated as seen in the US Constitution.
2. /Privacy/ is a subclass of class /Topic/; its instances specify
   parameters pertinent to specific instances or to specific classes
   (its 'subjects').
3. Three types of classes exist, first for concrete resources
   (/Topic/), the second for attribute resources (/Attribute/).
     * Example instances: /Substance /and /Weight./
4. A third metaclass, /Tag/, exists whose instances are plain and
   normative adjectives; past participles; and adverbs.
   Examples:
     * Plain adjectives: /Plain, Normative, Participial, Adverbial,
       Lexical, Concrete, Abstract, //Past, Present, Future.
       /
     * Privacy-related plain adjectives: /Valid, Invalid, Legal,
       Illegal, Private, Semi-private, Public./
     * Privacy-related normative adjectives: /Privatizable,
       Semi-privatizable/.
     * Privacy-related past participles: /Privatized, Semi-privatized/.
     * Adverbs: /I//mplicitly//, Explicitly./
5. Three types of properties exist, one for datatyped string values,
   the second for typed object values.
     * Example instances: /weight /and /has:this/.
6. A third (abstract) metaclass for properties exist, /Facet/, whose
   domain is constrained to class /Attribute./
7. Two types of attribute values exist, one being string values, the
   second being URIs.
     * Example instances: "185" and "/My_Weight".
8. A /value/ facet property exists whose range is the set of all strings.
9. An /encoding/// facet property exists whose range is the set of all
   instances of class /Character_Set///.
10. A/language/ facet property exists whose range is the set of all
   instances of class/Language/.
11. A//unit/ /facet property exists whose range is the set of all
   instances of class///Measure/.
12. /Privacy /statements associated with /Topic /and /Attribute
   /resources pertain to knowledge of the existence of the (its)
   subject resource.
     * /is:to /relation(s) can identify to whom the resource's
       existence is known -- implicitly it is the 'owner' of the resource.
     * /is:as_of /and /is:until /relations can identify the
       beginning/end timestamp applicable to this knowledge
     * /is:for /relation(s) can identify the (event) context applicable
       to releasing this knowledge
13. Tag /Private /is associable with /Topic /resources to (at least,
   implicitly) assert a /Privacy /statement pertains to knowledge of
   the existence of the (its) subject resource.
14. like previous, but expectation concerns attributes associated with a
   given resource (the attribute is the subject)

------------------------------------------------------------------------

 
_________________________________________________________________
Message Archives: http://ontolog.cim3.net/forum/ontolog-forum/  
Config Subscr: http://ontolog.cim3.net/mailman/listinfo/ontolog-forum/  
Unsubscribe: mailto:ontolog-forum-leave@xxxxxxxxxxxxxxxx
Shared Files: http://ontolog.cim3.net/file/
Community Wiki: http://ontolog.cim3.net/wiki/ 
To join: http://ontolog.cim3.net/cgi-bin/wiki.pl?WikiHomePage#nid1J
 

 
_________________________________________________________________
Message Archives: http://ontolog.cim3.net/forum/ontolog-forum/  
Config Subscr: http://ontolog.cim3.net/mailman/listinfo/ontolog-forum/  
Unsubscribe: mailto:ontolog-forum-leave@xxxxxxxxxxxxxxxx
Shared Files: http://ontolog.cim3.net/file/
Community Wiki: http://ontolog.cim3.net/wiki/ 
To join: http://ontolog.cim3.net/cgi-bin/wiki.pl?WikiHomePage#nid1J
 

_________________________________________________________________
Message Archives: http://ontolog.cim3.net/forum/ontolog-forum/  
Config Subscr: http://ontolog.cim3.net/mailman/listinfo/ontolog-forum/  
Unsubscribe: mailto:ontolog-forum-leave@xxxxxxxxxxxxxxxx
Shared Files: http://ontolog.cim3.net/file/
Community Wiki: http://ontolog.cim3.net/wiki/ 
To join: http://ontolog.cim3.net/cgi-bin/wiki.pl?WikiHomePage#nid1J    (01)