Any Interest in Implementing RAPPD-style Privacy Management?

Post feedback about our hosted demo or your local install. Tell us what you love and/or what you’d like to see added in the future.
jshrager
Posts: 6
Joined: Sat Sep 13, 2014 12:03 am

Any Interest in Implementing RAPPD-style Privacy Management?

Postby jshrager » Mon May 19, 2014 7:25 pm

We just presenting a paper at 5th International Workshop on Data Usage Management, in the IEEE SP (Security & Privacy) entitled "RAPPD: A language and prototype for

Recipient-Accountable Private Personal Data" (see: http://jeffshrager.org/vita/pubs/2014DUMARAPPD.pdf) I'm wondering if this sort of thing might be interesting to Zimbra users as a part of the product? We have a demo implementation, but it would obviously take some work to realize in Zimbra.
'Jeff


10119metux
Advanced member
Advanced member
Posts: 75
Joined: Sat Sep 13, 2014 2:29 am

Any Interest in Implementing RAPPD-style Privacy Management?

Postby 10119metux » Mon Jun 16, 2014 2:41 am

I hope, you're aware, that such DRM stuff only works within a strictly enclosed and controlled

environment. In other words: such an RAPPD-enforcing infrastructure must not allow such

mails to leave the infrastructure - otherwise it's pretty useless.
Basicly the problems as w/ all other DRM systems.
jshrager
Posts: 6
Joined: Sat Sep 13, 2014 12:03 am

Any Interest in Implementing RAPPD-style Privacy Management?

Postby jshrager » Mon Jun 16, 2014 10:11 am

> I hope, you're aware, that such DRM stuff only works within a strictly enclosed and controlled

> environment. In other words: such an RAPPD-enforcing infrastructure must not allow such

> mails to leave the infrastructure - otherwise it's pretty useless.
I must respectfully disagree. It is true the some protection is offered by technical enforcement, such as DRM, but most enforcement in both our technical and daily lives is created by either legal or social systems. We call social enforcement "norms" or "peer pressure", but it is the most powerful type of enforcement there is. Even technical measures, such as DRM, must be backed up by legal and social enforcement mechanisms because of the analog loophole. So the DRM community brings suits against (a very small number of) people who illegally download DRM-controlled media. But DRM is also largely backed up by social "enforcement", pleadings before movies not to copy them, and threats that it's a crime, and so forth. Take two other examples: traffic regulations and copyright. Whereas both of these are theoretically enforced by legal mean, and to a small extent technical means, most of the way these systems work is through social norms. Hypothesis: If you come to a stop sign in the middle of the night where there are clearly no cops, you are very likely to stop anyway. Moreover, you are much more likely to stop if there is someone (even if not a cop) following you. An in the academic publishing community (which is spend most of my time), although there are legal and some technical means of enforcing copyright (i.e., protecting against plagiarism), in actual practice there are almost not lawsuits, even when plagiarism is detected. The cases are almost entirely handled by social means. Finally, if something is to rise to the level of being legally and/or technical enforced, it must begin as a social norm. So, hypothetically, if the Zimbra community were to being adding RAPPD-style signaling into email interactions, regardless of where they were going, people would notice — or not, but suppose they did. If Gmail were to decide that there’s enough people using it to pay attention to it, then they might adopt it, and so on, at which point (or soon after) we would reach the point where technical enforcement mechanisms would be possible.
10119metux
Advanced member
Advanced member
Posts: 75
Joined: Sat Sep 13, 2014 2:29 am

Any Interest in Implementing RAPPD-style Privacy Management?

Postby 10119metux » Tue Jun 17, 2014 7:07 pm

> Even technical measures, such as DRM, must be backed up by legal and social enforcement

> mechanisms because of the analog loophole. So the DRM community brings suits against

> (a very small number of) people who illegally download DRM-controlled media.
Downloading anything isn't illegal at all (at least over here in Germany).

In fact, most of the DRM techniques (eg. DVD CSS) are simply an alibi and just

serve the purpose of making it easier filing a lawsuit against certain people.

This only works by the massive lack of technical knowledge in our courts - we also

see that other areas, where judges accept lists of IP addresses (created by the

copyright holders or their agents) as evidence.
> But DRM is also largely backed up by social "enforcement", pleadings before movies

> not to copy them, and threats that it's a crime, and so forth.
I doubt that such stuff enforces anything. It just shows how desperate certain content

companies have become now. Others are more intelligent and create their revenue via

crowd-funding, sellings extras (eg. nice CD/DVD boxes with some extra material), etc, etc.
But I'd guess we're not talking about leeching, but data security (IOW: preventing people

moving out confidential material out of the organisation). Yes, we also have certain customers

with such requirements, which we specially customized Zimbra for.
But this only works in an strictly controlled environment (IOW: the outside communication

is blocked here, and special filters ensure closed communication relationships).
> Take two other examples: traffic regulations and copyright. Whereas both of these are theoretically

> enforced by legal mean, and to a small extent technical means, most of the way these systems

> work is through social norms. Hypothesis: If you come to a stop sign in the middle of the night

> where there are clearly no cops, you are very likely to stop anyway.
Yeah, in certain countries, like the US, they work only socially, as there aren't even

authorative policement (just private security personal) ;-)
Seriously: the vast majority of the people aggrees that traffic signs are pretty important

to save lives. (well, in many cases, they're pretty useless ... but that's a different story).

Not following the traffic rules may cause great damage, even people dying.
Copying music or movies does not do such kind of harm. The only possible harm is that the

copyright holders maybe get less revenue, if people now do not pay, which otherwise would

have paid. Repeat: only for those who really WOULD HAVE paid.
I, personally, haven't bought a single CD/DVD for over a decade, as there are simply

no offerings for an appropriate price, which would make it interesting for me. And this

has nothing to do with the fact that I could easily get that stuff via internet.

(in fact, most of the stuff I like, isn't even available for purchase over here).
> Moreover, you are much more likely to stop if there is someone (even if not a cop)

> following you.
No, I'm stopping, because I'm assuming that the guys who decided on these signs

have pretty good reasons for that, and they have analyzed the situation there way

better than myself (especially when I dont know the area in question very much).
So, it's not the fear of punishment, but pure logic and trusting the knowledge of

the people who maintain these signs.
I usually dont care about the cops, and they usually dont care about me.
> Finally, if something is to rise to the level of being legally and/or technical enforced,

> it must begin as a social norm.
In most cases, it doesn't begin with a social norm (often even directly against them),

but the will of certain people who just happen to be politically powerful enough.
Just a question: would you pay income tax, even if you're obligated to do so ?
> So, hypothetically, if the Zimbra community were to being adding RAPPD-style

> signaling into email interactions, regardless of where they were going, people

> would notice — or not, but suppose they did.
Well, they might notice it as a wish of the sender. Such wishes already can be

expressed in the mail text/subject.
> If Gmail were to decide that there’s enough people using it to pay attention

> to it, then they might adopt it, and so on, at which point (or soon after) we would

> reach the point where technical enforcement mechanisms would be possible.
Well, I would not activate it on our systems. So, for all mails reaching our systems,

that would have no effect at all. And I'm just one of millions of operators world wide.

I bet, the percentage of those who'll activate it, will be pretty low.
Finally, the whole thing only works in an strictly enclosed environment, not in

the open internet.
jshrager
Posts: 6
Joined: Sat Sep 13, 2014 12:03 am

Any Interest in Implementing RAPPD-style Privacy Management?

Postby jshrager » Wed Jun 18, 2014 10:16 am

> Such wishes already can be expressed in the mail text/subject.
Not in any commonly agreed upon manner. There aren't even emoticons for it. Maybe we should adopt:
X-> Do not forward

?-> Ask before forwarding

Ok-> Ok to fwd

Tell me if you fws

...etc. :-)
>> If Gmail were to decide that there’s enough people using it to pay attention

>> to it, then they might adopt it, and so on, at which point (or soon after) we would

>> reach the point where technical enforcement mechanisms would be possible.
> Well, I would not activate it on our systems.
Really? Even if you started getting email from gmail, yahoo, and hotmail users that contained the tags, and it was in the RFC (although optionally)? I'm guessing that here, just like in the case of stop signs, you would activate it. (The power of social "enforcement"! :-)
Incidentally, to your probably joking point about laws following money rather than the social norms, the w3c and rfc processes are excellent counter examples to your claim.
10119metux
Advanced member
Advanced member
Posts: 75
Joined: Sat Sep 13, 2014 2:29 am

Any Interest in Implementing RAPPD-style Privacy Management?

Postby 10119metux » Wed Jun 18, 2014 2:14 pm

> Not in any commonly agreed upon manner. There aren't even emoticons for it.
Emoticons ?

What about words ?
Remember, we're talking about a purely social problem here.

It's all about social agreements in certain environments, therefore human

language probably fits best.
Oh, and the whole discussion is on open infrastructures, not strictly

closed and controlled ones.
> Really? Even if you started getting email from gmail, yahoo, and hotmail users that

> contained the tags, and it was in the RFC (although optionally)?
Actually, I don't care much about gmail, yahoo or hotmail are doing.

Of course, they're free to add some strange headers (unless these aren't conflicting

anything), but I dont see any reasons for caring about that at all.
And if some mail/groupware solution implements such stuff, as soon as it starts the

slightest annoyment, I'll patch it away.
> Incidentally, to your probably joking point about laws following money rather than the social norms,
Not at all. This is _really_ serious.
The organisation, we're usually calling states, in most cases aren't states at all.
For example, over here in Germany, with the 1913 coup (so called "Weimar Republic),

the original states had been overlayed by an private corporation. The National-

Socialists continued that track and completely privatized everything (up to even dissolving

the townships). One of their major steps was depriving the people the citizenship of

their home states. Since then (until today), the passports dont even show the state,

just the adjective "german".
After the war, the "Federal Republic of Germany" was founded as an trust for the economic

management of the western occoupied areas - this is completely different from the original

German Reich and its member states. It directly continues the legislature (or more

precisely: the terms of business) of the Third Reich (including many laws directly

issued by Hitler himself, for example the general income tax).
The US have a similar situation, since the war between the states (aka. civil war).

Virtually any state structures have been overlayed by private corporations,

beginning with the Washington DC corporation.
Just have a closer look on international trade registers (eg. DUNS) ...
> the w3c and rfc processes are excellent counter examples to your claim.
These are completely volountary, work on logic reasoning and coorporation of

free and independent parties. Has _nothing_ to do with laws and other kind

of official regulations.

Return to “Users”

Who is online

Users browsing this forum: No registered users and 2 guests