On 15 January 2011 09:17, Mark Pack <[email protected]> wrote: > Thanks for that detailed response Francis. Perhaps a better way of putting > the point I'm trying to make is to ask the question, "How many people have > to know something before it stops being private and becomes public?". > In my example of anonymous electoral registration I was implicitly saying > that because some council officials know your real address, it isn't > completely private any more. From your reply it looks to me as if you have a > different dividing line as to when something stops being private and starts > being public.
Most private data is known by someone. My distinction is conceptually fairly clear but it (like every other real world distinction) is open to a sorites paradox. The distinction is really one of whether you make something open without distinction, or whether you restrict its circulation. > You used the phrase, "it is lawfully accessible only to certain people > in certain ways", but I don't think that works as a dividing line in all > cases. To take an extreme example to make the point, suppose your address in > such cases was available to anyone whose surname started in the first half > of the alphabet and they were legally banned from telling anyone else. That > would be accessibly only to certain people in certain way, but having > millions of people able to know the information means it would not be > "private" in the way in which people usually use the word. Its not merely an extreme example but one that couldn't exist within the fabric of law that exists or is at all likely to exist in the UK in the foreseeable future. In other words it can be discounted (it would break all sorts of public law and rule of law principles). Lawyers have no difficulty (and courts and juries too) in understanding the concepts of availability to the public or section of the public. In practice its not hard to see which side of the line something falls (see my earlier remark). Lets not lose track of what we are talking about which is whether a group of large datasets are made freely available to the public or not when those datasets are available to private individuals on payment of a fee. What I am trying to explain is that kind of "privacy by infeasibility" is not merely a poor kind of privacy, but that there is something inherently wrong in granting that those with enough resources can invade someone's privacy, while the generality of the population may not. That amounts to saying that what we care about is the number not quality of abuses, and I think that is wrong. There may be other (irrelevant) questions about the extent to which data may be released and to whom, but we live in a world where these large datasets are available in any quantity to someone who will pay the fee and the funds that control them are not constrained from selling the whole of the data to private companies to do whatever they like with. My point is that doing so already fails the privacy test. If that's OK, then so should opening up to the general public. > What's the definition you're using Francis that provides a hard and clear > dividing line between "private" and "public"? Well, if you can solve the problem of the heap, I'm happy to engage 8-). > On a related point, how easy or hard something is I think is relevant and > not simply "unprincipled nonsense from a privacy point of view". Look at the > arguments over the database behind the former ID cards system. That it would > bring together different data into one place, which was therefore more open > to abuse, was one of the arguments often made against it, and one that has > much merit. > Indeed, consolidating data into one system often raises these issues, > including in the commercial world. Having all the staff in a bank being able > to look up bank accounts from across the whole organisation rather than the > much more restrictive access when there were paper records kept in different > branches has raised new problems about people wrongly accessing accounts > they should not. Yes, in the past someone could have contacted lots of > different branches one by one, but the ease of abuse by being able to look > at all the records in one go raises new problems. > As in fact banks have shown, it is possible to put in systems to effectively > deal with such issues, but the point is that there can be a useful > difference between something being easy and hard. It's no different to > shutting my windows and locking my door when I leave home - makes burglary > harder, but not impossible. A really skilled burglar or the security > services could still get into my home - but that doesn't make the whole > process pointless. No, it doesn't. Although there are some basic differences (such as that you only have to ensure that your house is less attractive than others around it, or that burglary is also more risky - because a higher chance of being caught the longer you linger - as well as more expensive in time and burglars mostly have a notion of unacceptable risk). What you are saying is that allowing groups of people access to private data that they would otherwise not be able to access may be a problem. No-one disagrees with that. But most of your examples - the ID card, consolidation across banks - are ones where someone would not have had access at all to data, rather than it would have been more costly to find it out. My point is that we are talking about data that is already consolidated and that those who really want to can already do bad things with, but that we can't because we don't have the money to do so. There _are_ lots of very serious questions to ask about state-held (and other) large databases of personal information, which are routinely abused, but which are not available to the public. In a sense that makes my point. Abuse is already rife. But no-one is proposing that (say) the NHS database is made available to everyone, just that the land registry is. -- Francis Davey _______________________________________________ developers-public mailing list [email protected] https://secure.mysociety.org/admin/lists/mailman/listinfo/developers-public Unsubscribe: https://secure.mysociety.org/admin/lists/mailman/options/developers-public/archive%40mail-archive.com
