We just presenting a paper at 5th International Workshop on Data Usage Management, in the IEEE SP (Security & Privacy) entitled "RAPPD: A language and prototype for
Recipient-Accountable Private Personal Data" (see: http://jeffshrager.org/vita/pubs/2014DUMARAPPD.pdf) I'm wondering if this sort of thing might be interesting to Zimbra users as a part of the product? We have a demo implementation, but it would obviously take some work to realize in Zimbra.
'Jeff
Any Interest in Implementing RAPPD-style Privacy Management?
-
10119metux
- Advanced member
- Posts: 75
- Joined: Sat Sep 13, 2014 2:29 am
Any Interest in Implementing RAPPD-style Privacy Management?
I hope, you're aware, that such DRM stuff only works within a strictly enclosed and controlled
environment. In other words: such an RAPPD-enforcing infrastructure must not allow such
mails to leave the infrastructure - otherwise it's pretty useless.
Basicly the problems as w/ all other DRM systems.
environment. In other words: such an RAPPD-enforcing infrastructure must not allow such
mails to leave the infrastructure - otherwise it's pretty useless.
Basicly the problems as w/ all other DRM systems.
Any Interest in Implementing RAPPD-style Privacy Management?
> I hope, you're aware, that such DRM stuff only works within a strictly enclosed and controlled
> environment. In other words: such an RAPPD-enforcing infrastructure must not allow such
> mails to leave the infrastructure - otherwise it's pretty useless.
I must respectfully disagree. It is true the some protection is offered by technical enforcement, such as DRM, but most enforcement in both our technical and daily lives is created by either legal or social systems. We call social enforcement "norms" or "peer pressure", but it is the most powerful type of enforcement there is. Even technical measures, such as DRM, must be backed up by legal and social enforcement mechanisms because of the analog loophole. So the DRM community brings suits against (a very small number of) people who illegally download DRM-controlled media. But DRM is also largely backed up by social "enforcement", pleadings before movies not to copy them, and threats that it's a crime, and so forth. Take two other examples: traffic regulations and copyright. Whereas both of these are theoretically enforced by legal mean, and to a small extent technical means, most of the way these systems work is through social norms. Hypothesis: If you come to a stop sign in the middle of the night where there are clearly no cops, you are very likely to stop anyway. Moreover, you are much more likely to stop if there is someone (even if not a cop) following you. An in the academic publishing community (which is spend most of my time), although there are legal and some technical means of enforcing copyright (i.e., protecting against plagiarism), in actual practice there are almost not lawsuits, even when plagiarism is detected. The cases are almost entirely handled by social means. Finally, if something is to rise to the level of being legally and/or technical enforced, it must begin as a social norm. So, hypothetically, if the Zimbra community were to being adding RAPPD-style signaling into email interactions, regardless of where they were going, people would notice — or not, but suppose they did. If Gmail were to decide that there’s enough people using it to pay attention to it, then they might adopt it, and so on, at which point (or soon after) we would reach the point where technical enforcement mechanisms would be possible.
> environment. In other words: such an RAPPD-enforcing infrastructure must not allow such
> mails to leave the infrastructure - otherwise it's pretty useless.
I must respectfully disagree. It is true the some protection is offered by technical enforcement, such as DRM, but most enforcement in both our technical and daily lives is created by either legal or social systems. We call social enforcement "norms" or "peer pressure", but it is the most powerful type of enforcement there is. Even technical measures, such as DRM, must be backed up by legal and social enforcement mechanisms because of the analog loophole. So the DRM community brings suits against (a very small number of) people who illegally download DRM-controlled media. But DRM is also largely backed up by social "enforcement", pleadings before movies not to copy them, and threats that it's a crime, and so forth. Take two other examples: traffic regulations and copyright. Whereas both of these are theoretically enforced by legal mean, and to a small extent technical means, most of the way these systems work is through social norms. Hypothesis: If you come to a stop sign in the middle of the night where there are clearly no cops, you are very likely to stop anyway. Moreover, you are much more likely to stop if there is someone (even if not a cop) following you. An in the academic publishing community (which is spend most of my time), although there are legal and some technical means of enforcing copyright (i.e., protecting against plagiarism), in actual practice there are almost not lawsuits, even when plagiarism is detected. The cases are almost entirely handled by social means. Finally, if something is to rise to the level of being legally and/or technical enforced, it must begin as a social norm. So, hypothetically, if the Zimbra community were to being adding RAPPD-style signaling into email interactions, regardless of where they were going, people would notice — or not, but suppose they did. If Gmail were to decide that there’s enough people using it to pay attention to it, then they might adopt it, and so on, at which point (or soon after) we would reach the point where technical enforcement mechanisms would be possible.
-
10119metux
- Advanced member
- Posts: 75
- Joined: Sat Sep 13, 2014 2:29 am
Any Interest in Implementing RAPPD-style Privacy Management?
> Even technical measures, such as DRM, must be backed up by legal and social enforcement
> mechanisms because of the analog loophole. So the DRM community brings suits against
> (a very small number of) people who illegally download DRM-controlled media.
Downloading anything isn't illegal at all (at least over here in Germany).
In fact, most of the DRM techniques (eg. DVD CSS) are simply an alibi and just
serve the purpose of making it easier filing a lawsuit against certain people.
This only works by the massive lack of technical knowledge in our courts - we also
see that other areas, where judges accept lists of IP addresses (created by the
copyright holders or their agents) as evidence.
> But DRM is also largely backed up by social "enforcement", pleadings before movies
> not to copy them, and threats that it's a crime, and so forth.
I doubt that such stuff enforces anything. It just shows how desperate certain content
companies have become now. Others are more intelligent and create their revenue via
crowd-funding, sellings extras (eg. nice CD/DVD boxes with some extra material), etc, etc.
But I'd guess we're not talking about leeching, but data security (IOW: preventing people
moving out confidential material out of the organisation). Yes, we also have certain customers
with such requirements, which we specially customized Zimbra for.
But this only works in an strictly controlled environment (IOW: the outside communication
is blocked here, and special filters ensure closed communication relationships).
> Take two other examples: traffic regulations and copyright. Whereas both of these are theoretically
> enforced by legal mean, and to a small extent technical means, most of the way these systems
> work is through social norms. Hypothesis: If you come to a stop sign in the middle of the night
> where there are clearly no cops, you are very likely to stop anyway.
Yeah, in certain countries, like the US, they work only socially, as there aren't even
authorative policement (just private security personal)
Seriously: the vast majority of the people aggrees that traffic signs are pretty important
to save lives. (well, in many cases, they're pretty useless ... but that's a different story).
Not following the traffic rules may cause great damage, even people dying.
Copying music or movies does not do such kind of harm. The only possible harm is that the
copyright holders maybe get less revenue, if people now do not pay, which otherwise would
have paid. Repeat: only for those who really WOULD HAVE paid.
I, personally, haven't bought a single CD/DVD for over a decade, as there are simply
no offerings for an appropriate price, which would make it interesting for me. And this
has nothing to do with the fact that I could easily get that stuff via internet.
(in fact, most of the stuff I like, isn't even available for purchase over here).
> Moreover, you are much more likely to stop if there is someone (even if not a cop)
> following you.
No, I'm stopping, because I'm assuming that the guys who decided on these signs
have pretty good reasons for that, and they have analyzed the situation there way
better than myself (especially when I dont know the area in question very much).
So, it's not the fear of punishment, but pure logic and trusting the knowledge of
the people who maintain these signs.
I usually dont care about the cops, and they usually dont care about me.
> Finally, if something is to rise to the level of being legally and/or technical enforced,
> it must begin as a social norm.
In most cases, it doesn't begin with a social norm (often even directly against them),
but the will of certain people who just happen to be politically powerful enough.
Just a question: would you pay income tax, even if you're obligated to do so ?
> So, hypothetically, if the Zimbra community were to being adding RAPPD-style
> signaling into email interactions, regardless of where they were going, people
> would notice — or not, but suppose they did.
Well, they might notice it as a wish of the sender. Such wishes already can be
expressed in the mail text/subject.
> If Gmail were to decide that there’s enough people using it to pay attention
> to it, then they might adopt it, and so on, at which point (or soon after) we would
> reach the point where technical enforcement mechanisms would be possible.
Well, I would not activate it on our systems. So, for all mails reaching our systems,
that would have no effect at all. And I'm just one of millions of operators world wide.
I bet, the percentage of those who'll activate it, will be pretty low.
Finally, the whole thing only works in an strictly enclosed environment, not in
the open internet.
> mechanisms because of the analog loophole. So the DRM community brings suits against
> (a very small number of) people who illegally download DRM-controlled media.
Downloading anything isn't illegal at all (at least over here in Germany).
In fact, most of the DRM techniques (eg. DVD CSS) are simply an alibi and just
serve the purpose of making it easier filing a lawsuit against certain people.
This only works by the massive lack of technical knowledge in our courts - we also
see that other areas, where judges accept lists of IP addresses (created by the
copyright holders or their agents) as evidence.
> But DRM is also largely backed up by social "enforcement", pleadings before movies
> not to copy them, and threats that it's a crime, and so forth.
I doubt that such stuff enforces anything. It just shows how desperate certain content
companies have become now. Others are more intelligent and create their revenue via
crowd-funding, sellings extras (eg. nice CD/DVD boxes with some extra material), etc, etc.
But I'd guess we're not talking about leeching, but data security (IOW: preventing people
moving out confidential material out of the organisation). Yes, we also have certain customers
with such requirements, which we specially customized Zimbra for.
But this only works in an strictly controlled environment (IOW: the outside communication
is blocked here, and special filters ensure closed communication relationships).
> Take two other examples: traffic regulations and copyright. Whereas both of these are theoretically
> enforced by legal mean, and to a small extent technical means, most of the way these systems
> work is through social norms. Hypothesis: If you come to a stop sign in the middle of the night
> where there are clearly no cops, you are very likely to stop anyway.
Yeah, in certain countries, like the US, they work only socially, as there aren't even
authorative policement (just private security personal)
Seriously: the vast majority of the people aggrees that traffic signs are pretty important
to save lives. (well, in many cases, they're pretty useless ... but that's a different story).
Not following the traffic rules may cause great damage, even people dying.
Copying music or movies does not do such kind of harm. The only possible harm is that the
copyright holders maybe get less revenue, if people now do not pay, which otherwise would
have paid. Repeat: only for those who really WOULD HAVE paid.
I, personally, haven't bought a single CD/DVD for over a decade, as there are simply
no offerings for an appropriate price, which would make it interesting for me. And this
has nothing to do with the fact that I could easily get that stuff via internet.
(in fact, most of the stuff I like, isn't even available for purchase over here).
> Moreover, you are much more likely to stop if there is someone (even if not a cop)
> following you.
No, I'm stopping, because I'm assuming that the guys who decided on these signs
have pretty good reasons for that, and they have analyzed the situation there way
better than myself (especially when I dont know the area in question very much).
So, it's not the fear of punishment, but pure logic and trusting the knowledge of
the people who maintain these signs.
I usually dont care about the cops, and they usually dont care about me.
> Finally, if something is to rise to the level of being legally and/or technical enforced,
> it must begin as a social norm.
In most cases, it doesn't begin with a social norm (often even directly against them),
but the will of certain people who just happen to be politically powerful enough.
Just a question: would you pay income tax, even if you're obligated to do so ?
> So, hypothetically, if the Zimbra community were to being adding RAPPD-style
> signaling into email interactions, regardless of where they were going, people
> would notice — or not, but suppose they did.
Well, they might notice it as a wish of the sender. Such wishes already can be
expressed in the mail text/subject.
> If Gmail were to decide that there’s enough people using it to pay attention
> to it, then they might adopt it, and so on, at which point (or soon after) we would
> reach the point where technical enforcement mechanisms would be possible.
Well, I would not activate it on our systems. So, for all mails reaching our systems,
that would have no effect at all. And I'm just one of millions of operators world wide.
I bet, the percentage of those who'll activate it, will be pretty low.
Finally, the whole thing only works in an strictly enclosed environment, not in
the open internet.
Any Interest in Implementing RAPPD-style Privacy Management?
> Such wishes already can be expressed in the mail text/subject.
Not in any commonly agreed upon manner. There aren't even emoticons for it. Maybe we should adopt:
X-> Do not forward
?-> Ask before forwarding
Ok-> Ok to fwd
Tell me if you fws
...etc.
>> If Gmail were to decide that there’s enough people using it to pay attention
>> to it, then they might adopt it, and so on, at which point (or soon after) we would
>> reach the point where technical enforcement mechanisms would be possible.
> Well, I would not activate it on our systems.
Really? Even if you started getting email from gmail, yahoo, and hotmail users that contained the tags, and it was in the RFC (although optionally)? I'm guessing that here, just like in the case of stop signs, you would activate it. (The power of social "enforcement"!
Incidentally, to your probably joking point about laws following money rather than the social norms, the w3c and rfc processes are excellent counter examples to your claim.
Not in any commonly agreed upon manner. There aren't even emoticons for it. Maybe we should adopt:
X-> Do not forward
?-> Ask before forwarding
Ok-> Ok to fwd
Tell me if you fws
...etc.
>> If Gmail were to decide that there’s enough people using it to pay attention
>> to it, then they might adopt it, and so on, at which point (or soon after) we would
>> reach the point where technical enforcement mechanisms would be possible.
> Well, I would not activate it on our systems.
Really? Even if you started getting email from gmail, yahoo, and hotmail users that contained the tags, and it was in the RFC (although optionally)? I'm guessing that here, just like in the case of stop signs, you would activate it. (The power of social "enforcement"!
Incidentally, to your probably joking point about laws following money rather than the social norms, the w3c and rfc processes are excellent counter examples to your claim.
-
10119metux
- Advanced member
- Posts: 75
- Joined: Sat Sep 13, 2014 2:29 am
Any Interest in Implementing RAPPD-style Privacy Management?
> Not in any commonly agreed upon manner. There aren't even emoticons for it.
Emoticons ?
What about words ?
Remember, we're talking about a purely social problem here.
It's all about social agreements in certain environments, therefore human
language probably fits best.
Oh, and the whole discussion is on open infrastructures, not strictly
closed and controlled ones.
> Really? Even if you started getting email from gmail, yahoo, and hotmail users that
> contained the tags, and it was in the RFC (although optionally)?
Actually, I don't care much about gmail, yahoo or hotmail are doing.
Of course, they're free to add some strange headers (unless these aren't conflicting
anything), but I dont see any reasons for caring about that at all.
And if some mail/groupware solution implements such stuff, as soon as it starts the
slightest annoyment, I'll patch it away.
> Incidentally, to your probably joking point about laws following money rather than the social norms,
Not at all. This is _really_ serious.
The organisation, we're usually calling states, in most cases aren't states at all.
For example, over here in Germany, with the 1913 coup (so called "Weimar Republic),
the original states had been overlayed by an private corporation. The National-
Socialists continued that track and completely privatized everything (up to even dissolving
the townships). One of their major steps was depriving the people the citizenship of
their home states. Since then (until today), the passports dont even show the state,
just the adjective "german".
After the war, the "Federal Republic of Germany" was founded as an trust for the economic
management of the western occoupied areas - this is completely different from the original
German Reich and its member states. It directly continues the legislature (or more
precisely: the terms of business) of the Third Reich (including many laws directly
issued by Hitler himself, for example the general income tax).
The US have a similar situation, since the war between the states (aka. civil war).
Virtually any state structures have been overlayed by private corporations,
beginning with the Washington DC corporation.
Just have a closer look on international trade registers (eg. DUNS) ...
> the w3c and rfc processes are excellent counter examples to your claim.
These are completely volountary, work on logic reasoning and coorporation of
free and independent parties. Has _nothing_ to do with laws and other kind
of official regulations.
Emoticons ?
What about words ?
Remember, we're talking about a purely social problem here.
It's all about social agreements in certain environments, therefore human
language probably fits best.
Oh, and the whole discussion is on open infrastructures, not strictly
closed and controlled ones.
> Really? Even if you started getting email from gmail, yahoo, and hotmail users that
> contained the tags, and it was in the RFC (although optionally)?
Actually, I don't care much about gmail, yahoo or hotmail are doing.
Of course, they're free to add some strange headers (unless these aren't conflicting
anything), but I dont see any reasons for caring about that at all.
And if some mail/groupware solution implements such stuff, as soon as it starts the
slightest annoyment, I'll patch it away.
> Incidentally, to your probably joking point about laws following money rather than the social norms,
Not at all. This is _really_ serious.
The organisation, we're usually calling states, in most cases aren't states at all.
For example, over here in Germany, with the 1913 coup (so called "Weimar Republic),
the original states had been overlayed by an private corporation. The National-
Socialists continued that track and completely privatized everything (up to even dissolving
the townships). One of their major steps was depriving the people the citizenship of
their home states. Since then (until today), the passports dont even show the state,
just the adjective "german".
After the war, the "Federal Republic of Germany" was founded as an trust for the economic
management of the western occoupied areas - this is completely different from the original
German Reich and its member states. It directly continues the legislature (or more
precisely: the terms of business) of the Third Reich (including many laws directly
issued by Hitler himself, for example the general income tax).
The US have a similar situation, since the war between the states (aka. civil war).
Virtually any state structures have been overlayed by private corporations,
beginning with the Washington DC corporation.
Just have a closer look on international trade registers (eg. DUNS) ...
> the w3c and rfc processes are excellent counter examples to your claim.
These are completely volountary, work on logic reasoning and coorporation of
free and independent parties. Has _nothing_ to do with laws and other kind
of official regulations.