Thoughts On Data Privacy

I do not believe that a correct and appropriately flexible privacy regime starts with redaction and filtering. It's my opinion that those are details of the presentation layer, if you will. The part of the system that *acts* on the lease. The correct foundation is the definition of a system that conveys the intent of the data owner to all recipients and users of the data.

Our job has several parts, providing a language for the expression of that intent, reorganizing the data model and infrastructure to facilitate that (and, probably, encode defaults sufficient to prevent grievous violations locale policy), mechanisms for administrators to encode local policy and, crucially, to allow the owner (or originator, it that's the correct entity) to specify specific intention about a specific datum. That is, for example, a parent should be able to say, different from every other parent, that the child's middle name is too embarrassing to be revealed and he or she, as the owner of that data, requires that it never be shown to anyone or only to psychiatric personnel.

Further, assuming that the lease is the central construct, I think that the it should probably not identify specific targets (absolutely zero refIds) but a categorical identification. For comparison, most rental leases have text that specify that "the renter shall...", with the actual name of the individual specified in a header at the time of instantiation (ie, when the contract is signed). RefIds should be specified in an instance specific mechanism that connects to the abstracted spec ("the renter") to instruct the output mechanism what to do/filter/redact. (Perhaps we should define a mechanism for this interpretation but am skeptical.)

I also think that the specification of the lease should be built into the structure of the data model (though I also think it must include a mechanism that allows administrators to override, eg, with xPath metadata). One way to do this would be by adding an element to the complex types that tell us about the privacy components of its subordinates which, in turn, have such an element, too. Perhaps a sort of inline CSS for privacy.

Filtering/redaction should, I think, be considered a ubiquitous part of the rendering system, with the definition of rendering expanded to include processing the data for transmission to another system. That is, the lease should be considered the essence of the privacy regime and the fact of filtering/redacting *one* of the ways that systems respond.

A use case that exemplifies my thinking says... A system receives an object that includes sensitive data that it is allowed to have. Some bonehead thinks, "I have this and am allowed to do what I need to do." Then he or she grabs the object and transmits it to someone else. The software tool that unpacks that received object for viewing by the recipient should be able to look at the privacy data implicit in the object and say to itself, "Holy Cow!!, my user is not X. I will only show him or her the stuff that is allowed." The privacy regime should be built to be as robust as possible against errors including helping systems to prevent violations even if someone else did a bad thing.

The current perspective being applied in much of this conversation focuses inwardly. The lease proposed by Jon (and I apologize if this is too blunt and hope you are sincere about this being a strawman) talks only about how to protect himself as the operator of a system from violating the rules. A good privacy regime should be above those concerns and provide the information that lets him –and everyone else– protect themselves.

Which is to say that the lease and the information it conveys should allow Jon to say, "I have to filter," but it should also allow the system that receives the data (and the ones after that) also to decide what it should do.

Ukraine v Russia

There are few things more annoying that the permanent effort to litigate Hillary Clinton's campaign. Worse, as the only sense in which it arises is, "Hillary did it, too!" and "Why aren't you mad at her, you hypocrite?" Lots of things are characterized as the last refuge of scoundrels but this has to be the worst. It suggests the comparison of a person who is probably the best human ever to run for president to an uneducated tyrant who disgusts every decent human being in the country. It is truly grotesque.

It also demands a comparison between the two campaigns. One that was carefully and successfully executed in a way that should make any American proud. If you read the extensively prepared positions, look at the immense and carefully organized operational structure or listened to her speeches, you will see a sound candidate running an amazing and effective campaign. Look at Trump's campaign and you find a disorganized nightmare of ad hoc racism, hatred and appeal to the worst instincts of our fellow citizens. Also, grotesque.

But the suggestion that we compare the horrific collusion with Russia shown by Junior's emails with the gathering of evidence about Manafort's connections to Ukraine is the worst yet, only understandable as the last refuge or Clinton haters and Trump apologists. It is unfair and silly.

The biggest reason is that the Clinton campaign is no longer relevant. Turn it around. When the Republicans started their jihad about email servers, nobody cared, not one tiny whit, that they were completely uninterested in the exact same behavior by people on their side. There was the real, legitimate fact of the precedent but everyone, news organization and Congressional committees alike, treated Hillary's servers as de novo, asserting that it was important because she was an important person who was expected to wield national power some day. Trump's collusion with Russia is important because he is president. He wields national power this day.

Had Hillary sent Chelsea to meet with the government of Ukraine to encourage them to bring the power of their government to bear on defeating her opponent as quid pro quo on relieving sanctions, it would still be completely irrelevant. She lost. There is no possibility that she will put Ukranian interests above America's. There is no possibility that the Ukrainians will have leverage over the government to force foreign policy decisions that help them achieve their goals over ours because she is not president.

Of course, the Clinton campaign did nothing like that at . What actually happened is that someone heard that Manafort had improper ties to the Ukrainian government and, before accusing him publicly, went to ask the Ukrainians if it was true. The people with whom she met did not subsequently release a ton of stolen emails in a careful pattern to damage the opposition  or hack into the computers of dozens of strategically chosen voting authorities around the country. The Ukrainians at the meetings, as far as anyone can tell, were not lawyers with a brief to work on sanctions or anything else that would represent a potential corrupt 'ask'. 

Even more, nobody from the campaign management was involved in any way. The person involved was not in any way a representative of Hillary Clinton. Don Trump Jr can't say the same about his dad. Nor Manafort, Sessions or the rest.

The demand for equal consideration of these things is the epitome of false equivalence, fabricated, fictitious and dangerous to the republic. That Trump is a bad person and dangerous is obvious to anyone that is not a dumb partisan. That he very well may be a Mancurian Candidate, secretly working in favor of foreign powers from within the White House is a real possibility. Even setting aside that  he explicitly called for them, it is now all but certain that he and his campaign encouraged illegal acts by the Russians to interfere with the election in his favor and probably in return for his repeated interest in lessening sanctions. That the Trump people uniformly "forgot" to mention the meetings until they were found out by the media confirms the stench of corruption.

The Clinton family has been harassed for twenty five years, charged with fake crimes and abused with the misuse of government resources from Whitewater to Vince Foster to Benghazi to Email Servers and a thousand steps in between. Hillary, far from being corrupt, is probably the cleanest, least corrupt politician in history as demonstrated by the horrific abuse and endless investigation that has failed for decades to turn up any important dirt. Comparing her to the thug in the White House with his practice of ripping off vendors, blatant lies, and obvious, proven corruptions of character too numerous and disgusting to list, is egregious. 

Demanding equal time for a minor conversation by a peripheral Hillary staffer as we do for the proven truth that the Trump management team met with Russians and concealed the meetings is a ridiculous obfuscation. It is one thing to spend all these years abusing Hillary for sheer political gain. It is quite another to keep talking about her in a way that obscures discussion of the real corruption and real national danger represented by this corrupt president.