Results 1 to 6 of 6

Thread: Any Interest in Implementing RAPPD-style Privacy Management?

  1. #1
    Join Date
    Feb 2009
    Posts
    6
    Rep Power
    6

    Default Any Interest in Implementing RAPPD-style Privacy Management?

    We just presenting a paper at 5th International Workshop on Data Usage Management, in the IEEE SP (Security & Privacy) entitled "RAPPD: A language and prototype for
    Recipient-Accountable Private Personal Data" (see: http://jeffshrager.org/vita/pubs/2014DUMARAPPD.pdf) I'm wondering if this sort of thing might be interesting to Zimbra users as a part of the product? We have a demo implementation, but it would obviously take some work to realize in Zimbra.

    'Jeff

  2. #2
    Join Date
    Feb 2012
    Posts
    81
    Rep Power
    3

    Default

    I hope, you're aware, that such DRM stuff only works within a strictly enclosed and controlled
    environment. In other words: such an RAPPD-enforcing infrastructure must not allow such
    mails to leave the infrastructure - otherwise it's pretty useless.

    Basicly the problems as w/ all other DRM systems.

  3. #3
    Join Date
    Feb 2009
    Posts
    6
    Rep Power
    6

    Default

    > I hope, you're aware, that such DRM stuff only works within a strictly enclosed and controlled
    > environment. In other words: such an RAPPD-enforcing infrastructure must not allow such
    > mails to leave the infrastructure - otherwise it's pretty useless.

    I must respectfully disagree. It is true the some protection is offered by technical enforcement, such as DRM, but most enforcement in both our technical and daily lives is created by either legal or social systems. We call social enforcement "norms" or "peer pressure", but it is the most powerful type of enforcement there is. Even technical measures, such as DRM, must be backed up by legal and social enforcement mechanisms because of the analog loophole. So the DRM community brings suits against (a very small number of) people who illegally download DRM-controlled media. But DRM is also largely backed up by social "enforcement", pleadings before movies not to copy them, and threats that it's a crime, and so forth. Take two other examples: traffic regulations and copyright. Whereas both of these are theoretically enforced by legal mean, and to a small extent technical means, most of the way these systems work is through social norms. Hypothesis: If you come to a stop sign in the middle of the night where there are clearly no cops, you are very likely to stop anyway. Moreover, you are much more likely to stop if there is someone (even if not a cop) following you. An in the academic publishing community (which is spend most of my time), although there are legal and some technical means of enforcing copyright (i.e., protecting against plagiarism), in actual practice there are almost not lawsuits, even when plagiarism is detected. The cases are almost entirely handled by social means. Finally, if something is to rise to the level of being legally and/or technical enforced, it must begin as a social norm. So, hypothetically, if the Zimbra community were to being adding RAPPD-style signaling into email interactions, regardless of where they were going, people would notice — or not, but suppose they did. If Gmail were to decide that there’s enough people using it to pay attention to it, then they might adopt it, and so on, at which point (or soon after) we would reach the point where technical enforcement mechanisms would be possible.

  4. #4
    Join Date
    Feb 2012
    Posts
    81
    Rep Power
    3

    Default

    > Even technical measures, such as DRM, must be backed up by legal and social enforcement
    > mechanisms because of the analog loophole. So the DRM community brings suits against
    > (a very small number of) people who illegally download DRM-controlled media.

    Downloading anything isn't illegal at all (at least over here in Germany).
    In fact, most of the DRM techniques (eg. DVD CSS) are simply an alibi and just
    serve the purpose of making it easier filing a lawsuit against certain people.
    This only works by the massive lack of technical knowledge in our courts - we also
    see that other areas, where judges accept lists of IP addresses (created by the
    copyright holders or their agents) as evidence.

    > But DRM is also largely backed up by social "enforcement", pleadings before movies
    > not to copy them, and threats that it's a crime, and so forth.

    I doubt that such stuff enforces anything. It just shows how desperate certain content
    companies have become now. Others are more intelligent and create their revenue via
    crowd-funding, sellings extras (eg. nice CD/DVD boxes with some extra material), etc, etc.

    But I'd guess we're not talking about leeching, but data security (IOW: preventing people
    moving out confidential material out of the organisation). Yes, we also have certain customers
    with such requirements, which we specially customized Zimbra for.

    But this only works in an strictly controlled environment (IOW: the outside communication
    is blocked here, and special filters ensure closed communication relationships).

    > Take two other examples: traffic regulations and copyright. Whereas both of these are theoretically
    > enforced by legal mean, and to a small extent technical means, most of the way these systems
    > work is through social norms. Hypothesis: If you come to a stop sign in the middle of the night
    > where there are clearly no cops, you are very likely to stop anyway.

    Yeah, in certain countries, like the US, they work only socially, as there aren't even
    authorative policement (just private security personal) ;-)

    Seriously: the vast majority of the people aggrees that traffic signs are pretty important
    to save lives. (well, in many cases, they're pretty useless ... but that's a different story).
    Not following the traffic rules may cause great damage, even people dying.

    Copying music or movies does not do such kind of harm. The only possible harm is that the
    copyright holders maybe get less revenue, if people now do not pay, which otherwise would
    have paid. Repeat: only for those who really WOULD HAVE paid.

    I, personally, haven't bought a single CD/DVD for over a decade, as there are simply
    no offerings for an appropriate price, which would make it interesting for me. And this
    has nothing to do with the fact that I could easily get that stuff via internet.
    (in fact, most of the stuff I like, isn't even available for purchase over here).

    > Moreover, you are much more likely to stop if there is someone (even if not a cop)
    > following you.

    No, I'm stopping, because I'm assuming that the guys who decided on these signs
    have pretty good reasons for that, and they have analyzed the situation there way
    better than myself (especially when I dont know the area in question very much).

    So, it's not the fear of punishment, but pure logic and trusting the knowledge of
    the people who maintain these signs.

    I usually dont care about the cops, and they usually dont care about me.

    > Finally, if something is to rise to the level of being legally and/or technical enforced,
    > it must begin as a social norm.

    In most cases, it doesn't begin with a social norm (often even directly against them),
    but the will of certain people who just happen to be politically powerful enough.

    Just a question: would you pay income tax, even if you're obligated to do so ?

    > So, hypothetically, if the Zimbra community were to being adding RAPPD-style
    > signaling into email interactions, regardless of where they were going, people
    > would notice — or not, but suppose they did.

    Well, they might notice it as a wish of the sender. Such wishes already can be
    expressed in the mail text/subject.

    > If Gmail were to decide that there’s enough people using it to pay attention
    > to it, then they might adopt it, and so on, at which point (or soon after) we would
    > reach the point where technical enforcement mechanisms would be possible.

    Well, I would not activate it on our systems. So, for all mails reaching our systems,
    that would have no effect at all. And I'm just one of millions of operators world wide.
    I bet, the percentage of those who'll activate it, will be pretty low.

    Finally, the whole thing only works in an strictly enclosed environment, not in
    the open internet.

  5. #5
    Join Date
    Feb 2009
    Posts
    6
    Rep Power
    6

    Default

    > Such wishes already can be expressed in the mail text/subject.

    Not in any commonly agreed upon manner. There aren't even emoticons for it. Maybe we should adopt:

    X-> Do not forward
    ?-> Ask before forwarding
    Ok-> Ok to fwd
    <-> Tell me if you fws
    ...etc. :-)

    >> If Gmail were to decide that there’s enough people using it to pay attention
    >> to it, then they might adopt it, and so on, at which point (or soon after) we would
    >> reach the point where technical enforcement mechanisms would be possible.

    > Well, I would not activate it on our systems.

    Really? Even if you started getting email from gmail, yahoo, and hotmail users that contained the tags, and it was in the RFC (although optionally)? I'm guessing that here, just like in the case of stop signs, you would activate it. (The power of social "enforcement"! :-)

    Incidentally, to your probably joking point about laws following money rather than the social norms, the w3c and rfc processes are excellent counter examples to your claim.
    Last edited by jshrager; 06-18-2014 at 11:12 AM.

  6. #6
    Join Date
    Feb 2012
    Posts
    81
    Rep Power
    3

    Default

    > Not in any commonly agreed upon manner. There aren't even emoticons for it.

    Emoticons ?
    What about words ?

    Remember, we're talking about a purely social problem here.
    It's all about social agreements in certain environments, therefore human
    language probably fits best.

    Oh, and the whole discussion is on open infrastructures, not strictly
    closed and controlled ones.

    > Really? Even if you started getting email from gmail, yahoo, and hotmail users that
    > contained the tags, and it was in the RFC (although optionally)?

    Actually, I don't care much about gmail, yahoo or hotmail are doing.
    Of course, they're free to add some strange headers (unless these aren't conflicting
    anything), but I dont see any reasons for caring about that at all.

    And if some mail/groupware solution implements such stuff, as soon as it starts the
    slightest annoyment, I'll patch it away.

    > Incidentally, to your probably joking point about laws following money rather than the social norms,

    Not at all. This is _really_ serious.

    The organisation, we're usually calling states, in most cases aren't states at all.

    For example, over here in Germany, with the 1913 coup (so called "Weimar Republic),
    the original states had been overlayed by an private corporation. The National-
    Socialists continued that track and completely privatized everything (up to even dissolving
    the townships). One of their major steps was depriving the people the citizenship of
    their home states. Since then (until today), the passports dont even show the state,
    just the adjective "german".

    After the war, the "Federal Republic of Germany" was founded as an trust for the economic
    management of the western occoupied areas - this is completely different from the original
    German Reich and its member states. It directly continues the legislature (or more
    precisely: the terms of business) of the Third Reich (including many laws directly
    issued by Hitler himself, for example the general income tax).

    The US have a similar situation, since the war between the states (aka. civil war).
    Virtually any state structures have been overlayed by private corporations,
    beginning with the Washington DC corporation.

    Just have a closer look on international trade registers (eg. DUNS) ...

    > the w3c and rfc processes are excellent counter examples to your claim.

    These are completely volountary, work on logic reasoning and coorporation of
    free and independent parties. Has _nothing_ to do with laws and other kind
    of official regulations.

Similar Threads

  1. push sync – HOW does it work? (pure interest)
    By binabik in forum Zimbra Mobile
    Replies: 3
    Last Post: 10-22-2008, 05:09 AM
  2. Privacy
    By emmaylots in forum Administrators
    Replies: 0
    Last Post: 10-15-2008, 04:57 AM
  3. Privacy
    By spin3238 in forum Administrators
    Replies: 3
    Last Post: 04-05-2007, 11:47 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •