understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border
navigation menu bottom border
left side navigation top border

left side navigation bottom border

left side navigation top border
left side navigation top border

main display area top border
PDF Print
April 1-3, 2006
Paris, France

At the beginning of April 2006, researchers and students spent a fruitful 3 days in workshops.  The first two days comprised an internal team workshop and the third day comprised a workshop with members of Atelier Internet, Équipe Réseaux, Savoirs & Territoires, École normale supérieure and invited guests.

On the Identity Trail Team Workshop
April 1-2, 2006

On April 1 and 2, 9 On the Identity Trail researchers and 7 students met for two full days at the Institut Jean Nicod (where team member Steven Davis is an associate member) in Paris, France to workshop their draft papers.  

Researchers participating in the workshop were: Jane Bailey, Jacquelyn Burkell, Rob Carey, Steven Davis, Ian Kerr, David Matheson, Mary O’Donoghue, Valerie Steeves, Latanya Sweeney.  Students participating in the workshop were: Alex Cameron, Veronica Pinero, Jennifer Barrigar, Andrew Huzar, Jena McGill, William Gronim and Carole Lucock.

 Steven Davis and Valerie Steeves discuss David Matheson's paper.
In order to participate in the workshop, researchers were required to submit their paper abstracts in September 2005, and their draft papers a month prior to the workshop.  Student papers were selected through a competitive process in which students submitted abstracts that were reviewed and assessed by a four-person panel. Of the many impressive abstracts that were received, 7 students were selected to workshop their papers in Paris.  In addition to writing a draft paper, each workshop participant had to commit to reading and commenting on 4 papers.  Groups were carefully assigned to ensure that no one group was the same, and that each group would consist of researchers and students from a variety of disciplines.

The goal of the workshop was to help researchers and students develop their works-in-progress by receiving input from a number of readers from different disciplines who have taken time and care to review and consider their ideas.  The workshop was set up to ensure that each participant had a full two hours to discuss their work and to get the kind of feedback they were seeking.  Each work in progress was at a different stage in development, therefore each workshop session was different.  Some participants provided penultimate drafts with full and proper citation and were merely seeking to fine-tune their texts for publication, while others were workshopping their ideas or concepts and were more interested in dialogue on identified questions.

Rob Carey
 Rob Carey
The workshop was a great success.  Researchers and students appreciated the opportunity to have two full days in an inspired venue for an in-depth intellectual discussion about a variety of topics and themes related to the project.  The feedback that each workshop participant received was invaluable, as each participant was able to dictate what type of feedback they were seeking, from people who had carefully read and reviewed their papers and had prepared comments.  Each work in progress is sure to benefit from this feedback, and we look forward to the final products.

Researchers and students left the workshop enthused about their own works in progress, inspired with new ideas and directions for future research, and with a new appreciation and understanding of the research of other project members.

Notoriety and anonymity:  exploring connections between privacy and equality in online hate speech & pornography
Jane Bailey

Is You Is or Is You Ain’t?: Exploring the Appropriateness of Rights Language in PIPEDA
Jennifer Barrigar

Section 3, the purpose clause of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), speaks of balancing the privacy right of individuals with regard to their personal information against the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

Preliminary administrative and judicial consideration of this clause has tended to interpret this as mandating a principled flexibility approach.  I am interested, however, in deeper questions about the impact of this clause.  We expect “rights” to be immutable – does the expectation that a “right” be balanced against commercial interests lessen the importance or protection of that right?  Can privacy be a “right” at all where it is not absolute or is PIPEDA merely cloaking itself in the language of rights for its own purposes?  Is privacy protected or has it merely been commodified?  How does a commodified privacy protection impact on persons in a variety of socio-economic situations?  Do these (potentially) varying levels of protection impose differing obligations on an organization with respect to information it collects, uses or discloses?
This paper is available for download here.
Privacy Mechanisms and Instant Messaging
Jacquelyn Burkell
We conducted a focus group with eight experienced users of MSN Messenger to learn more about the behavioral mechanisms that users of Instant Messaging (IM) employ to obtain desired levels of privacy (Altman, 1977).  We found that people used a wide variety of verbal, paraverbal, spatial and territorial mechanisms to protect their privacy while using MSN, depending on contingencies such as physical location of computer, proximate others, intended recipient(s) of the message, and desired level of information exchange with others in their IM network. Privacy mechanisms in the context of instant messaging are motivated by two general considerations that arise with respect to known and unknown others: 1) limiting the access of others to personal information; 2) limiting intrusions from others.
Latanya Sweeney and Jane Bailey 
Of Countrymen and Copyright: Exploring the nexus of copyright and privacy in Canada using copyright policy, data protection and the Charter
Alex Cameron

Canada is in currently the process of debating changes to its copyright law. The proposed changes address a wide variety of issues, from anti-circumvention of technological protection measures to ISP liability to the treatment of photographic works. Personal privacy is directly and indirectly implicated in a number of ways across these divergent areas of reform, including through related reforms targeted at ISPs under Canada's "lawful access" initiative. Though traditionally underexamined as part of copyright policy, privacy has taken on increased profile in the manner in which copyright issues are being resolved in the digital age. In some cases, but not in others, privacy considerations have influenced the shape of copyright change. This paper outlines these areas of intersection between privacy and copyright in Canadian copyright, offers an analysis of why and how privacy is so often being implicated in this area and suggests some ways that privacy can be reflected in copyright reform.

Dummies, Ghosts and False Trails:  Neutralizing Everyday Surveillance
Rob Carey
The Epistemology and Normativity of Identifying and Identification

Steven Davis

We are asked to identify ourselves and are identified in banks, schools, businesses, stores, government offices, hospitals, and on the internet. It would be difficult for modern post industrial societies to function without these actions. My main goal is to get clear about the nature of identifying and identification. To this end, I shall begin by distinguishing between non-reflexive and reflexive identifying. Within these categories I shall describe acts of identifying that are speech acts and those that are not. I shall then turn to an example of identifying and discuss it in some detail concentrating on its epistemic elements. I shall argue that context plays a role in warranting identifying. Finally, I shall discuss whether machines can identify and conclude that although they can be an aid in identifying, they do not have the capacities that would enable them to perform such actions.

This draft paper is available for download here.
A Reasonable Expectation: Demanding a Critical Understanding of the Role of Technological Analyses in Constitutional Cases Involving Electronic Surveillance
Andrew Huzar

  Ian & Jena
 Ian Kerr and Jena McGill

RFID for People? Health Privacy, Patient Autonomy and the Coming Merger of Humans and Machines
Ian Kerr

It has been fifteen months since the US Food and Drug Administration approved the VeriChip as a Class II medical device. In so doing, the FDA provided reasonable assurance to U.S. citizens regarding the safety and effectiveness of the implantable device as a means embedding a radio frequency identification (RFID) chip under human skin for the purpose of linking medical data to an unconscious or otherwise incapacitated patient in emergency circumstances. During these past fifteen months, Applied Digital Solutions, the company that owns Verichip and a number of associated RFID and database technologies, has catapulted from the fringes to become a mainstream medical device provider in the United States. 

While Verichip and the Verimed system it supports provide a convenient means of linking patients to their associated electronic health records in emergency situations, the act of implanting radio emitting computer chips into our bodies raises issues of broad social significance that cannot be adequately addressed by administrative bodies responsible for assessing the basic safety and effectiveness of medical devices. This article seeks to examine a number of those broader issues with a view to commencing a much needed public policy dialogue about the aims, implementations, benefits and risks of implantable chip technologies. 

After an introductory discussion of RFID technology and some of its general applications, the author studies its proposed use in hospital emergency rooms. With special emphasis on health privacy and patient autonomy, the author considers whether there are significant moral or legal differences between implanted chips and other similar wearable identification devices already in use. The author then investigates a number of possible unintended consequences of a mass adoption of the Verimed system, focusing on the regulatory challenges posed by the “dual use” of implantable chips technologies: the same technology that can be used to save a patient’s life can also be used to spy, unduly influence, or assert control. The author illustrates how the “dual use” problem will be further exacerbated as other ICT implantable applications become available and as RFID technology becomes better integrated with wireless network devices. The author concludes by offering some suggestions for policy makers confronting these issues.

Anonymisation: A Strange Case of Identity Theft
Carole Lucock

The use of information in anonymised form is increasingly represented and understood as a win-win privacy/access solution. On this account, those seeking access get what they need – namely, the information. At the same time, the ‘data subject’s’ privacy is not diminished. In fact, his or her privacy right or interest, is not engaged, much less infringed.

There are many questions raised by this touted solution: How shall we interpret the meaning of the term ‘anonymous’, or ‘anonymised’? What operational definitions shall we assume? To what standard shall we assess whether information has been rendered anonymous? Anonymous with respect to whom – to everyone and anyone – or only to some? 

This paper examines the assumption that if information is anonymous, then the person has no privacy right or confidentiality interest with respect to this information. Implicit in this assumption is the idea that, once information has been anonymised – its link to the subject of the information (supposedly) severed – the subject no longer has a privacy or other right in the information. It is premised on the notion that anonymised information is no longer private, confidential or under a duty of confidentiality.

The “no longer” is important. It indicates that the subject did at some point have a privacy right or confidentiality interest with respect to the information, which becomes erased with the erasure of identity.  To say that one no longer holds a privacy right or interest may be to say too much. However, something peculiar is going on here, and the assumption that nothing is here lost for privacy is no less dubious, and perhaps even more so. It is this assumption in particular that I call into question in this paper.

For the purpose of this paper, I shed light on the anonymisation of information. This process or act, for the most part, is hidden in the shadow land and barely noticed at all.  It occurs between two points in time and in virtue of this act or process, between one time and another – a before and after – information goes from being identifiable to being not so.    Another thing also seems to happen between these two points in time: at one point the subject has rights in the information and at the following point s/he does not.

Thus, the act of anonymisation not only transforms the information. It also transforms the nature of the subject’s relationship to it!  Along with the removal of identity, the information loses or is stripped of the character of being under the jurisdiction of the person to whom the information originally attached. Given this significant consequence, does or should the scope of the rights that a person has in information prior to anonymisation include the right to control whether the act of anonymisation is undertaken at all?   This is a central question of this paper.  A second, related, question is whether a person does or should have continuing rights with respect to his or her anonymised information?

Dave & Veroncia
 David Matheson and Vernica Pinero
The overarching thesis of this paper is that the surveillance society risks undermining the ability of its citizens to develop moral virtues for the same sort of reason that overprotective parenting can impair the moral development of children. In Section 1, I review the psychological evidence linking overprotective parenting of a certain sort to impaired moral development in children. In Sections 2 and 3 I go on to offer an explanation of this link: the overprotection carries with it an overt, disaffective excess of surveillance that vitiates a plausible condition on the development of virtues derived from Aristotle. I conclude in Section 4 by pointing out that the networked monitoring systems that pervade the surveillance society carry with them a similar kind of surveillance, which makes that society’s citizens as unlikely to meet the development condition as the overprotected children.

“Hello My Name Is: WOMAN…but you can call me MAN”: Private Identity, Gender and the Law
Jena McGill
Semantics of Repression: the Regulation of Young Offenders’ Privacy Rights in Canada
Veronica Pinero
Having examined 150 years of enacted legislation in the Canadian youth criminal justice system (1857-2006), the author attempts to explore and analyze how the Parliament of Canada has regulated young offenders’ privacy rights from the first enactment of young offenders’ legislation to nowadays, specifically, how the publication of information that may identify young offenders has been regulated in Canada.  Piñero identifies four different time periods in the legislation: 1857-1892; 1892-1908; 1908-1984; and 1984-2006. The regulation enacted during 1857-1892 was not concerned with regulating the publication of information that may identify young offenders.  This position started to change during the period 1892-1908, reaching its highest point during the period 1908-1984.  The later time period was highly concerned with the protection of young offenders’ private information, since such a measure was perceived as an important factor for granting young offenders rehabilitation.  However, since 1984 this direction has started to change: the enacted regulation during the period 1984-2006 drew a distinction between two groups of young offenders according to the seriousness of the committed offences, thereby protecting the private information of one of the groups but not the private information of the other.  Piñero argues that the theoretical implications surrounding the regulation of young offenders’ privacy rights in the period 1908-1984 constituted an evolution (innovation) with regard to periods 1857-1892 and 1892-1908; however, the theoretical implications underlying the period 1984-2006 constituted (and constitute) a regression with regard to the third period pertaining to the regulation of young offenders’ privacy rights.

Popular Culture and Resistance: Understanding Representations of Surveillance on Film
Valerie Steeves
Provable Privacy Protection for Clients of Domestic Violence Shelters: the P3Tracker System
Latanya Sweeney

This paper presents a method for tracking people over time while maintaining privacy. Tracking individuals who receive social services–where they go and what they receive– may help government agencies reduce costs. Yet, the privacy issues for some social service clients are paramount. For example, domestic violence shelters have historically had to protect clients from intimate and aggressive abusers. Husbands, boyfriends, and exes are the murderers of over 31% of all women murdered in the United States. The majority occur after an attempt to leave an abusive relationship. Including location information about domestic violence shelter clients in a computer system that tracks clients poses grave privacy concerns. This paper introduces a provable privacy-preserving system (P3Tracker) for gathering service utilization patterns of domestic violence shelter clients while guaranteeing the privacy of shelter clients. Learned information from patterns specific to each person include sleeping locations, meals received, health and other services obtained over time. While the government learns personal utilization patterns, the government does not learn the identity of the clients, and the likelihood of a successful attack from an intimate stalker is not increased. Using P3Tracker, shelters inconsistently assign unique identifiers to clients using a cryptographically strong hash function. The same client appearing at different shelters has a different identifier at each shelter. The same client appearing at the same shelter has the same identifier. P3Tracker includes a method by which an untrusted third party associates identifiers belonging to the same clients across shelters without learning the 21 identities of the clients. P3Tracker operates in real-time and adheres to the re-identification requirements of the Violence Against Women Act passed in 2006.
Alex, Veronica & Jena
 Alex Cameron, Veronica Pinero and Jena McGill listen attentively to Val Steeves at Le Calmont.
 David Matheson
 David Matheson enjoys the escargots at La Terrasse.
Workshop with Atelier Internet, Équipe Réseaux, Savoirs & Territoires, École normale supérieure (ENS).
April 3, 2006

On April 3, 2006, researchers and students exchanged work, thoughts and ideas with members of Atelier Internet, Équipe Réseaux, Savoirs & Territoires, École normale supérieure in a number of panel discussions around topics of mutual interest and a number of invited guests.  Each panel discussion was followed by broader discussion among group members.

The workshop began with an overview of the work of both projects given by Eric Guichard (ENS) and Ian Kerr (ID Trail).  This was followed by the first panel on Theoretical Perspectives on Identity and Privacy, which was moderated by Klaus Schönberger (Forschungskolleg Kulturwissenschaftliche Technikforschung, University of Hamburg, Germany).  Three philosophers presented their perspectives:
•    Paul Mathias (Collège international de Philosophie, Paris; Équipe « Réseaux, Savoirs & Territoires », École normale supérieure),  “What is it the problem with Net subjectivity?”
•    Steven Davis (ID Trail), “The Epistemology and Normativity of Identifying and
•   David Matheson (ID Trail), “Overprotection, Surveillance, and the Development of Virtue.”
The second panel was on technical solutions and was moderated by Paul Mathias.  This panel saw two presentations:
•   Jacques Beigbeder (Service de Prestations Informatiques, École normale supérieure), "The abuses of antispam filters and blacklists: The example of Spamcop"
•    Latanya Sweeny (ID Trail), “Protecting Online Privacy: the Identity Angel.”
 Latanya Sweeney
Latanya Sweeney
The third panel was on security, territory, every day practices and representations in popular culture and was moderated by Ian Kerr.  Four presenters provided various perspectives on the topic:
Valerie Steeves (ID Trail), “Popular Culture and Resistance: Understanding Representations of Surveillance on Film”
•  Veronica Johansson (Swedish School of Library and Information Science, Göteborg University and University College of Borås, Sweden), “Digital Data Curation and the Construction of Research Subjects”
•  Jacquelyn Burkell (ID Trail), “Seeing Me, SeVeing You: Surveillance Among Instant Messenger Users”
•    Henri Desbois (ENS), “Territories of the Internet and Geography of Security.”
The fourth and final panel was on authorship, intellectual property and privacy and was moderated by Jane Bailey (ID Trail).  This panel comprised two presentations:
•   Eva Hemmungs-Wirten (Department of Archival Science, Library and Information Science, and Museology, Uppsala University), “Authorship and Intellectual Property”
•   Alex Cameron (ID Trail), “OF COUNTRYMEN AND COPYRIGHT: Exploring the nexus of copyright and privacy in Canada using copyright policy, data protection and the Charter.
Mary & Veronica


Mary O'Donoghue and Veronica Pinero    
Workshop attendees in the ENS courtyard. 
Jacquelyn Burkell 
main display area bottom border

.:privacy:. | .:contact:. | .:1rxdrugs.net:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada

© 2014 On the Identity Trail
Joomla! is Free Software released under the GNU/GPL License.