Law in the Internet Society

View   r3  >  r2  ...
ZainHaqFirstEssay 3 - 22 Dec 2017 - Main.ZainHaq
Line: 1 to 1
 
META TOPICPARENT name="FirstEssay"
Changed:
<
<

Reframing Privacy's PR

>
>

Imagining a Regulatory Regime For Data

 -- By ZainHaq - 12 Nov 2017
Changed:
<
<

The Challenge & The Opportunity

>
>

Introduction

 
Changed:
<
<
The idea of regulating data collection has faced a heretofore intractable PR issue. Advocates for privacy have argued that peoples’ data as “theirs” in an effort to get people to care more about holding it close. However, these advocates have lost the argument in a way they may not have seen coming: en masse, people decided that they’d sell this data for the opportunity to access goods and services that they could not otherwise access, and certainly at prices they could not otherwise access. So now privacy efforts, from a public concern standpoint, lay dead in the water. That the Snowden revelations did not scare Americans into reclaiming their data suggests that this tack is lost.
>
>
Today, the internet runs on data. That this is a dangerous development for human freedom, and that it is possible to imagine a world in which this is not the case, is the focus of this course. In the spirit of not letting the perfect be the enemy of the good, however, I want to think about regulating a data-driven world. To this end, I will suggest cornerstone principles for governmental regulation that disarms the most dangerous chambers of this ticking time bomb.
 
Changed:
<
<
However, two sentences that we’ve used repeatedly in class suggest a new approach. When we say “data is the new petroleum” or that “the net is a new organism we created”, we (in a roundabout way) ascribe biological characteristics to this otherwise binary ecosystem. What if we took this further? What if we used the approaches explaining other forms of public-good regulation to talk about regulating the net? In my view, this approach would powerfully reshape the public conception of the data privacy issue and respark the political viability of data regulation. There are two rationales that seem most pertinent, each of which give an approach that could constitute the backbone of just such a public relations push: the environment and the financial system.
>
>
In particular, I believe there is already a highly regulated domain – environmental protection – that can guide regulatory agencies looking to regulate data collection, storage, and usage. After briefly discussing three aspects of this regulatory regime that could guide data regulators, I will consider three arguments against and respond.
 
Added:
>
>

Environmental Protection Analogies

 
Changed:
<
<

Changing The Environment

>
>
I believe that the increasingly public effects of data usage mirror the public effects of private pollution the US began to see more of in the 20th century, and that similar principles could underlie regulation of those effects.
 
Changed:
<
<
Living in a world and a region with “clean” data privacy laws and norms is no more or less attainable than living in a world with “clean” air, water, and soil. We’ve successfully reduced the carcinogens in our air, the pollutants in our water, and cut out the most harmful pesticides to our land. We engaged in this effort for two reasons. First, because we understood that these are resources we share and therefore resources to which we have a public responsibility, enforced through law. So even though we may not farm, we all care about getting food from clean land – and the public consumer should and practically cannot bear the burden of identifying the plot their lunch came from. The second reason we impose environmental regulations is because we understand that, while the public bears the costs, a small group of private actors sow the rewards. This dynamic itself creates two issues: first, these private actors get stuck in a prisoner’s dilemma and look to maximize their reward at any cost to the land, and second, while I said that “the public” would bear the cost, often for reasons of political expediency the bulk of the costs get hitched to the backs of those least equipped to bear the load – the poor, the young, and the elderly.
>
>
In the same way that people share the harms of contaminants in the soil, water, and air, greater data collection and usage means, increasingly, we are all going to feel data’s pull – whether we want to or not. As collection grows more robust and analysis gets more sophisticated, the predictive capabilities of these systems will reach users who aren’t even in the system. Instead, all new users need to show are patterns similar to those already in the system for these new users’ privacy to come under threat. In order to protect the public from the effects of chemical releases, the EPA looks primarily to regulate actions that impact public health – giving the agency a limited mandate, a limitation that data regulators could roughly mirror. While all data collection can present risks, the most powerful and dangerous uses combine the knowledge companies collect about their users and create predictions on that basis. This limitation preempts (to a degree) complaints about regulatory overreach and provides structural clarity for the regulators’ mission.
 
Changed:
<
<
To sum up, then: we regulate the environment because we understand that it imposes moderate costs on a few parties, primarily well-off, to deliver substantial benefits to the middle class and especially the poor. I think a similar argument exists for regulating data collection and monitoring. Early adopters, ironically, are the least likely to be profiled and targeted by technologies, because they get in before the data sorting and analysis machines run at scale. They are also the most adept at making conscious decisions about their data storage and deletion. On the other hand, late comers to the internet, or people who may never even have had a choice about the internet, are deeply and quickly profiled. That the internet could target ads built for maximum salience to a teenager new to the internet is a phenomenon that should trouble us because the teen never made a conscious decision to use the net and its services. (And the same with the deceased, with those in the developing world, and so on.)
>
>
Lastly, as companies attempted to disclaim responsibility for shoddy disposal and spills – between creators, transporters, and disposers – the EPA stepped in and declared, in many circumstances, every participant liable. Such a scattershot approach could also make sense in the world of data regulation because of the ease with which data moves and transforms. Because many companies that control data (especially established, old-line firms) don’t have deep expertise in how to handle data, they often outsource both collection and analysis to second- or third-parties. These parties may then combine that knowledge with knowledge from others – including, sometimes, direct competitors. I believe all parties involved– the collectors, the analyzers, and the beneficiaries – could and should be liable. Some may argue that such a rule would scare away new prospective data collectors – as I well think it should. If the requirement to be responsible with (or else be liable for) data scares a player out of the game, they probably shouldn’t have considered playing.
 
Added:
>
>

Objections & Conclusions

 
Changed:
<
<

Risk Pricing

>
>
So let’s say that data’s externality effects make data regulation analogous to environmental regulation. Let’s say that, by limiting the public effects of data, we can limit the complaints of regulatory overreach. And let’s say we impose responsibility widely, to seal system leaks. Who might oppose such a system? Three groups, each with their own basis of opposition, come to mind. The first group, established tech giants, could argue that this regulatory body will imperil the future of their businesses. They could (will) say that regulators have no idea what the risks are, that these regulations make data collection worthless, and that user experiences (and prices) will suffer as a result. Instead of responding to each of these individually, I would just point to both short- and long-term history. In the short term, I’d point to these own companies’ stories. Analysts doubted that internet giants would find a way to monetize, and then the giants found advertising - and did it (debatably) better than any of the players in the market were doing it. In the long run, we’ve seen countless industries adapt to and even benefit from standards that improve collective industry responsibilities. I would also suggest that such a regime will protect them in the long run from both startups and the advocates who would push for a data-free internet.
 
Changed:
<
<
As much as this data collection economy presents threats, I strongly believe that the ad-optimization revenue model for the internet is powerful because it empowers people who would otherwise have been walled off from using premium services. The idea that any internet-attached person could use the exact same Twitter platform, with the exact same features, as the most powerful man in the world is unfathomable to any era but ours. I think it’s something we should be proud of; I think it’s something worth protecting. I consider these data aggregators –Twitter, Equifax, or anywhere in between – as in possession of a valuable resource that they can and should use for good, but must also show the utmost care for. That is, they are drilling for petroleum; they’re not just manufacturing anthrax. To me, this sounds a lot like the way we think about banks. We want banks to make risky decisions, because taking calculated bets on people and businesses is how we make the impossible possible. But we also understand that banks, if improperly regulated, become key breakage joints precisely because of how much risk they bear. So we support their risk, on the condition that in non-risky times they follow our rules on how to operate with regards to data security. This is a fair ask, and one that will give tech companies a natural counterparty in pushing the limits and getting into trouble.
>
>
So what of these startups – will they actually be harmed? Well, the truth is, maybe. If upstart apps and such can’t quickly bootstrap data on their users to target ads, they’ll be in a tough spot when it comes to monetizing. But this is a hard capability to fully develop for most startups anyway – and the full picture is that most startups fail, in part for this reason. The data they collect, then, may well be for naught regardless. And if they do go under, there is no entity left to bear responsibility for potential harms done. So, by imposing this standard and likely outsourcing this task to competent players, startups can both focus on what they do best and not worry about the liability they might face for their data down the road.
 
Added:
>
>
And what of the advocates for a data-free rework of the internet, concerned that this regime precludes getting to a data-free world? I would say two things. First, these sorts of institutional regimes often operate like one-way ratchets; crises end up leading to more disclosure, more liability, and a more data-less internet. Second, getting the US to adopt standards instigates the country’s global concern about the issue. This will put targets on the backs of the worst offenders.
 
Changed:
<
<

The Threat Profile

>
>
Ultimately, the fight on this question is global. Recruiting the US’ support in the fight for data privacy will embolden the forces of freedom moving forward. But, in order to embolden the country in this effort, it must first feel as though it’s doing right at home – and this regime moves a giant leap closer to that goal.
 
Deleted:
<
<
I think sometimes about all the startups that failed. The now-useless data lists, the activity logs, the profiles. Who is protecting those? Where do they go? Even in a world where the unsuccessful founder doesn’t actively look to sell this info to the highest bidder, there is still a real risk that they could easily lose track of their data and have it exposed to nefarious actors. Promoting this economy, such as it is, may be a wise policy decision – but, in this world of 0 marginal cost, we as a society owe it to ourselves and our children to make sure the costs are not merely shifted to a party that never had the opportunity to choose. Winning the PR battles by appealing to the successful efforts of the past is an important first step.

The draft is chaotic, full of ideas, but not disciplined to an outline. There is no real effort to test each idea against objections, as though they were steps in an argument: they tumble out like presents stored jumbled in the closet.

The most important step to improvement is winnowing. What is the central idea, and how can the essay be organized around it?

One notion about which I want to put you on your guard, and which appears to be fundamental if not central, is the idea that service equality depends somehow on "ad-optimization." This is technical and economic nonsense. Suppose each person who has an Internet connection has a server made from a single-board computer, costing about the same as the charger of a cellphone. This server uses the Net as designed, to provide its owner web-based connections ranging from "telephone calls" to "social networking" and email, pretty much as the platforms provide it today, but performing the work of storing, processing and communicating for that user itself. The cost of all the services is the same network connection cost the user already pays, and the cost of the hardware, once, which is tiny. No ads are needed to fund the immense centralized storage and data-mining operations we don't need to optimize the ads. When new services develop that people like, we implement them in free software that can run in their personal servers. Servers are so cheap they are disposable, and secure backup services make it easy for us to maintain and control our net presence and our data.

That world already exists, not just for me but for tens of millions of other people. Why are you depending on an argument about economic realities that the world disproves?

 



Revision 3r3 - 22 Dec 2017 - 01:12:25 - ZainHaq
Revision 2r2 - 04 Dec 2017 - 20:53:14 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM