tag:blogger.com,1999:blog-6106782.post286228169812243855..comments2024-03-27T10:47:33.255+00:00Comments on Architecture, Data and Intelligence: Towards an Architecture of PrivacyRichard Veryardhttp://www.blogger.com/profile/04499123397533975655noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-6106782.post-38496327126295708422009-11-05T08:24:21.014+00:002009-11-05T08:24:21.014+00:00I reckon I can (and even should) ask the barman to...I reckon I can (and even should) ask the barman to be proportionate... I can, because as long as I have a choice I might well decide to drink in a pub other than the Orwell Arms.... ;^) I should, because that's exactly what we should be doing to over-intrusive service-providers: sending a message that over-collection is offensive and inappropriate. I think there is consumer power there, if we choose to exercise it. <br /><br />And I don't think society is against that notion in principle - I just think most people's risk assessment is under-informed (and not least because some of the information in question would have to come from the service providers, who have little interest in changing the status quo.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6106782.post-80604079961743689772009-11-04T22:56:48.702+00:002009-11-04T22:56:48.702+00:00When I say "demand", I don't imply t...When I say "demand", I don't imply that we always have to accede to such demands, merely that we need to have some way of answering them.<br /><br />Let's suppose that the barman's perceived risk is that he might end up in court, accused of serving an under-age drinker. <br /><br />You might say that this perceived risk is exaggerated. You might want the barman to justify keeping records against a proper risk assessment, together with legal advice. Is this a serious risk, and what kind of audit trail would provide a legitimate defence? <br /><br />However, most people and organizations are not prepared to carry out detailed risk assessments and hire expensive legal experts to anticipate every possible legal action. It may seem much easier and quicker to keep records indiscriminately than to decide which circumstances justify keeping records.<br /><br />You can't ask the barman to be "proportionate". The barman is surely entitled to minimize his risk of adverse court action. The problem is in a wider system where a barman (or his employer) may feel vulnerable, and where keeping records appears to provide some safeguard.<br /><br />We live in a mistrustful culture in which people are called upon to provide audit trails in a wide variety of situations.<br /><br />So there are strong institutional and cultural expectations that run counter to the demands of privacy.Richard Veryardhttps://www.blogger.com/profile/04499123397533975655noreply@blogger.comtag:blogger.com,1999:blog-6106782.post-44163884481039853302009-10-27T19:31:49.446+00:002009-10-27T19:31:49.446+00:00Thanks Richard -
You're definitely right that...Thanks Richard -<br /><br />You're definitely right that my two examples are different (and as ever, I could and should have spent more time picking them)... <br /><br />Your point about traceability of blood transfusions is a fair one (though as a matter of routine I also have to issue my standard plea against taking the classic "unconscious patient in A&E" scenario as the optimum design point or the most sensible use-case to start from.<br /><br />But when it comes to barman checking age, I have to push back. What risk are you trying to mitigate by having the barman keep an identifiable audit trail of who has been carded - and is your proposed mitigation really proportionate?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6106782.post-2222979319691580392009-10-25T14:43:43.323+00:002009-10-25T14:43:43.323+00:00Joined up systems require the T of VPEC-T to becom...Joined up systems require the T of VPEC-T to become a whole lot more explicit. Essentially it seems as if, since anonymity is becoming less possible, so we have to manage the trust boundaries properly. In the bar example, the barman has to prove to untrusting regulatory authority that s/he has checked the age of all drinkers, has monitored the state of impairment of all drinkers, etc. equally. So perhaps when doing Trust work in VPEC-T (not that things are really separated) we should ask ourselves, "What set of untrusted people can, post hoc, demand to see that the proper regulations were obeyed. That can fundamentally change the way systems work.Chris Birdhttps://www.blogger.com/profile/13436436994311245922noreply@blogger.com