Law in the Internet Society

View   r3  >  r2  >  r1
AndrewTaubFirstEssay 3 - 16 Jan 2018 - Main.AndrewTaub
Line: 1 to 1
 
META TOPICPARENT name="FirstEssay"

Tracing Data Privacy and How to Realize It

Changed:
<
<
-- By AndrewTaub - 09 Nov 2017
>
>
-- By AndrewTaub - 16 Jan 2018
 
Changed:
<
<

Defining Data and Privacy

>
>

Introduction

 
Changed:
<
<

Data is defined as “facts, information, and statistics collected together for reference or analysis.” The origin of the word data is from the Latin verb “dare” which means “to give” and the neuter past participle “darum” which means “something given.” This connotes a sense of belonging and that the information transferred is given to someone by someone else, suggesting that there is a degree of ownership of that information and a choice that is exercised as to whether to give or share that information. Privacy is defined as “the state of being alone and not watched or disturbed by other people or the state of being free or away from public attention.” It is also defined as “freedom from unauthorized intrusion and the state of being able to keep certain especially personal matters to oneself.” Both underlying definitions of data and privacy independently have similarities. Based on data’s origin, the word implies that there is possession involved in terms of who owns the facts or information that are being collected. Similarly, with privacy, the person who holds those private matters or experiences a state of freedom is entitled to defend against intruders and has authority to protect that state. By combining these two words, the center of the term “data privacy” would appear to be, at a singular level, an individual.
>
>

Data privacy continues to be misunderstood as protecting the individual rather than the data. Defining and understanding this distinction is key to positioning how to counteract private power’s rise and to control one’s data privacy. Public law has been increasingly pushed out by private power from the process of regulating how and what happens when behavior data is collected. Specifically, companies generating data and operating closed platforms have amassed such private power by controlling the data and consent arrangement with its users. Ultimately, should users want to restore the privacy of their data and not be at the mercy of companies’ growing private power, they must operate and control their activity on the internet by owning their data infrastructure, both hardware and software.
 
Changed:
<
<

Terming Data Privacy

>
>

Recognizing What Data Privacy Serves to Protect

 
Changed:
<
<

Data privacy as a term began to appear in written texts in the United States in the late 1950s. Specifically, in 1959, the National Bureau of Standards (NSB) published a monograph in which the term was defined: “Data privacy is the protection of data (typically in a computer-based system) for the sole use of one individual or organization, or by such others as the owner of the data may authorize (e.g., other individuals, organizations, agencies, or groups).” What marries “data” and “privacy” is due to, as the NSB’s definition raises, the birth and growth of computer systems at the time. By pairing these words, the term data privacy closely, if not entirely today, implies that a computerized information system is present and involved in the process for where that data is stored and how it is protected.
>
>

Where could a misinterpretation stem from for thinking that data privacy protects the individual? The origin of the word data (Latin verb “dare” which means “to give” and the neuter past participle “darum” which means “something given”) implies there is possession involved in terms of who owns the facts or information being collected. Similarly, with privacy, the person who holds those private matters or experiences a state of freedom is entitled to defend against intruders and has authority to protect that. Given these two words, the center of the term “data privacy” would appear to be, at a singular level, an individual, as one who decides to give information and to protect that personal state. But as a term, data privacy “is the protection of data (typically in a computer-based system) for the sole use of one individual or organization, or by such others as the owner of the data may authorize.” What marries “data” and “privacy” is due to, as the NSB’s definition raises, the birth and growth of computer systems at the time in 1958. The term closely, if not entirely today, implies that a computerized information system is present and involved in the process for where that data is stored and how it is protected.
 
Changed:
<
<

The Problem Created

>
>

Amassing Private Power through Control of Data

 
In theory, it seems that data privacy should be about the individual, but in reality, it is about the protection of data on computer systems. This distinction is necessary because data protection is operated by who ultimately has power. That would be who owns the computer system, where it and the data stored are located, and most importantly, who collects, controls, and owns the data. As Yochai Benkler states, over the past ten years, there has been a shift to higher level systems (e.g., Facebook, Google, Apple, Amazon) in which there exists no core organizing structure for how to build new or integrate existing systems. The shift has been away from building frameworks and software of openness, and there are no public standards for data portability nor legal requirements for interoperability.
Changed:
<
<

Why Does That Matter?

>
>

Public Law Ousted

 
Changed:
<
<

This new model of a few dominant players creates a concentration of power in which their influence increases not through open programs, but through closed platforms. Since data has become the core infrastructure around which control develops and since the anatomy of these closed platforms is owned and operated by the system providers, then the individual lacks any real authority, or possibility, to even control the privacy of his or her data. Instead, privacy is built upon a form of consent between the system operator and the consumer, in which the user unseeingly accepts because there is no real choice, “stemming from a conception of the absence of any choice to begin with” (Benkler). And with that, we see public law unable to effectively reach or enact legislation in that closed realm and instead see more concentrated power thus allowing for companies to create policies privately to serve their best interest.
>
>

This new model of a few dominant players creates a concentration of power in which their influence increases not through open programs, but through closed platforms. Since data has become the core infrastructure around which control develops and since the anatomy of these closed platforms is owned and operated by the system providers, then the individual lacks any real authority, or possibility, to even control the privacy of his or her data. Instead, privacy is built upon a form of consent between the system operator and the consumer, in which the user unseeingly accepts because there is no real choice, “stemming from a conception of the absence of any choice to begin with” (Benkler). And with that, we see public law unable to effectively reach or enact legislation in that closed realm and instead see more concentrated power thus allowing for companies to create policies privately to serve their best interest. Other forms of growing and isolated private power exist, beyond just in terms of data privacy and behavior data collection. One example is in real estate. Short-term rental platforms such as Airbnb and HomeAway? have been skirting local housing laws. By working directly with the homeowners, these companies were avoiding hotel or tourist taxes in many cities. In this case, regulatory authorities have intervened to enforce tax payments, issue fines, or enact new legislation. Another example is in biotechnology. From 23andMe, which sells personal genome tests directly to consumers, to Theranos, which is developing blood testing machines, both companies leveraged their fast rise, substantial financing, and, importantly, by owning their infrastructure, development process, and close relationship to customers, to outmaneuver components of regulatory approval. In both cases, authorities intervened to enforce the required revisions for compliance, including an investigation for Theranos.
 

What Next?

Changed:
<
<

If a user consents to engage with a behavior collection system, then that user should expect no privacy on that platform. What is the alternative? To see past the convenience and attractiveness of closed platforms and their services and to “demand that the physiology of the machine work for the human” (Moglen). The individual must exercise the right to privacy not by negotiating with the no-exit platforms for protection that will never exist, but rather returning to an open architecture in which the individual’s freedom lies in the infrastructure itself and which allows users to reestablish ownership and the discretion of where, when, and whom to share their data. Indeed, only then, through the user’s choice and act to take ownership of activity in the digital/cyber realm will a true sense of freedom be achieved and data privacy realized for the individual.
>
>

How can public law reassert regulatory oversight over system providers that collect behavior data? One example is the EU’s GDPR in which one of the three main elements is to strengthen the conditions of consent between the company and the data subject by requiring that companies be unable to have lengthy, illegible terms and conditions that consist of legalese and that the request for consent must be delivered in an easily understandable form with plain language and the consent must be as easy to withdraw consent as it is to give it. This is an attempt to restore the individual’s ability to exercise rights when engaging with a closed platform functioning as a behavior collection system. Ultimately though, to achieve real data privacy, the individual must take control over any activity on the internet to restore greater freedom. One example is to own a piece of the network to possess the infrastructure itself. While perhaps not as convenient or attractive to operate this as a self-service, applying this resistance restates the right and discretion of where, when, and whom users intend to share their data, an act that can reposition power, and the true sense of data privacy, back to the individual.

 


AndrewTaubFirstEssay 2 - 04 Dec 2017 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="FirstEssay"
Deleted:
<
<
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.
 

Tracing Data Privacy and How to Realize It

Line: 28 to 27
 
If a user consents to engage with a behavior collection system, then that user should expect no privacy on that platform. What is the alternative? To see past the convenience and attractiveness of closed platforms and their services and to “demand that the physiology of the machine work for the human” (Moglen). The individual must exercise the right to privacy not by negotiating with the no-exit platforms for protection that will never exist, but rather returning to an open architecture in which the individual’s freedom lies in the infrastructure itself and which allows users to reestablish ownership and the discretion of where, when, and whom to share their data. Indeed, only then, through the user’s choice and act to take ownership of activity in the digital/cyber realm will a true sense of freedom be achieved and data privacy realized for the individual.
Added:
>
>

Learned Hand in a famous epithet from a 1940s tax case warned against "making a fortress of the dictionary." That's happened here. The dictionary definitions and mere verbal analysis take up too much space, and in particular prevent the opening of the essay from launching it. You need to show the reader your idea up front, not a set of Googled-up definitions, in order to secure attention and begin the reader's thinking process to run alongside your own.

Once you have stated your own idea (about which I must admit that the current draft leaves me not entirely certain, even by the time I have finished reading it for a second time), you can then use the central body of the essay to show how you came by it, to answer objections, and to present the most important consequences. So---if we posit for example that your primary point is that private power has ousted public, legal authority from the process of determining what happens to behavior data collected by telecomms and platforms---you can show briskly what Yochai and I have contributed to your thinking out of which you came to that conclusion. You can relate this to other forms of private power (over the physical environment, over the molecules of life and health, over the degree of "restraint of trade" exercised by the dominant competitors in goods and services markets, etc.), and discuss the forms of regulatory intervention that have been used to redress the balance between public and private power in those situations. A well-earned conclusion, then, can restate the primary force of the idea, and leave some implications for the reader to consider under her own steam.

Perhaps I don't have the central idea right; as I say, the existing draft is not particularly focused there. But, mutatis mutandis, the approach I'm suggesting should yield a richer next draft wherever the intellectual emphasis should fall.

 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.

AndrewTaubFirstEssay 1 - 10 Nov 2017 - Main.AndrewTaub
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FirstEssay"
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.

Tracing Data Privacy and How to Realize It

-- By AndrewTaub - 09 Nov 2017

Defining Data and Privacy


Data is defined as “facts, information, and statistics collected together for reference or analysis.” The origin of the word data is from the Latin verb “dare” which means “to give” and the neuter past participle “darum” which means “something given.” This connotes a sense of belonging and that the information transferred is given to someone by someone else, suggesting that there is a degree of ownership of that information and a choice that is exercised as to whether to give or share that information. Privacy is defined as “the state of being alone and not watched or disturbed by other people or the state of being free or away from public attention.” It is also defined as “freedom from unauthorized intrusion and the state of being able to keep certain especially personal matters to oneself.” Both underlying definitions of data and privacy independently have similarities. Based on data’s origin, the word implies that there is possession involved in terms of who owns the facts or information that are being collected. Similarly, with privacy, the person who holds those private matters or experiences a state of freedom is entitled to defend against intruders and has authority to protect that state. By combining these two words, the center of the term “data privacy” would appear to be, at a singular level, an individual.

Terming Data Privacy


Data privacy as a term began to appear in written texts in the United States in the late 1950s. Specifically, in 1959, the National Bureau of Standards (NSB) published a monograph in which the term was defined: “Data privacy is the protection of data (typically in a computer-based system) for the sole use of one individual or organization, or by such others as the owner of the data may authorize (e.g., other individuals, organizations, agencies, or groups).” What marries “data” and “privacy” is due to, as the NSB’s definition raises, the birth and growth of computer systems at the time. By pairing these words, the term data privacy closely, if not entirely today, implies that a computerized information system is present and involved in the process for where that data is stored and how it is protected.

The Problem Created


In theory, it seems that data privacy should be about the individual, but in reality, it is about the protection of data on computer systems. This distinction is necessary because data protection is operated by who ultimately has power. That would be who owns the computer system, where it and the data stored are located, and most importantly, who collects, controls, and owns the data. As Yochai Benkler states, over the past ten years, there has been a shift to higher level systems (e.g., Facebook, Google, Apple, Amazon) in which there exists no core organizing structure for how to build new or integrate existing systems. The shift has been away from building frameworks and software of openness, and there are no public standards for data portability nor legal requirements for interoperability.

Why Does That Matter?


This new model of a few dominant players creates a concentration of power in which their influence increases not through open programs, but through closed platforms. Since data has become the core infrastructure around which control develops and since the anatomy of these closed platforms is owned and operated by the system providers, then the individual lacks any real authority, or possibility, to even control the privacy of his or her data. Instead, privacy is built upon a form of consent between the system operator and the consumer, in which the user unseeingly accepts because there is no real choice, “stemming from a conception of the absence of any choice to begin with” (Benkler). And with that, we see public law unable to effectively reach or enact legislation in that closed realm and instead see more concentrated power thus allowing for companies to create policies privately to serve their best interest.

What Next?


If a user consents to engage with a behavior collection system, then that user should expect no privacy on that platform. What is the alternative? To see past the convenience and attractiveness of closed platforms and their services and to “demand that the physiology of the machine work for the human” (Moglen). The individual must exercise the right to privacy not by negotiating with the no-exit platforms for protection that will never exist, but rather returning to an open architecture in which the individual’s freedom lies in the infrastructure itself and which allows users to reestablish ownership and the discretion of where, when, and whom to share their data. Indeed, only then, through the user’s choice and act to take ownership of activity in the digital/cyber realm will a true sense of freedom be achieved and data privacy realized for the individual.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Revision 3r3 - 16 Jan 2018 - 16:05:57 - AndrewTaub
Revision 2r2 - 04 Dec 2017 - 17:24:40 - EbenMoglen
Revision 1r1 - 10 Nov 2017 - 12:47:08 - AndrewTaub
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM