from the property-rights-and-privacy dept
Online privacy can’t be solved by
giving people new property rights in personal data. That idea is
based on a raft of conceptual errors. But consumers are already
exercising property rights, using them to negotiate the trade-offs
involved in using online commercial products.
People mean
a lot of different things when they say “privacy.”
Let’s stipulate that the subject here is control of personal
information. There are equal or more salient interests and concerns
sometimes lumped in with privacy. These include the fairness and
accuracy of big institutions’ algorithmic decision-making,
concerns with commodification or commercialization of online life,
and personal and financial security.
Consumers’ use of online services
will always have privacy costs and risks. That tension is a
competitive dimension of consumer Internet services that should never
be “solved.” Why should it be? Some consumers are
entirely rational to recognize the commercial and social benefits
they get from sharing information. Many others don’t want their
information out there. The costs and risks are too great in their
personal calculi. Services will change over time, of course, and
consumers’ interests will, too. Long live the privacy tension.
Online privacy is not an all-or-nothing
proposition. People adjust their use of social media and online
services based on perceived risks. They select among options, use
services pseudonymously, and curtail and shade what they share. So,
to the extent online media and services appear unsafe or
irresponsible, they lose business and thus revenue. There is no
market failure, in the sense used
in economics.
Of course, there are failures of the
common sort all around. People say they care about privacy, but don’t
do much to protect it. Network effects and other economies of scale
make for fewer options in online services and social media, so there
are fewer privacy options, much less bespoke privacy policies. And
companies sometimes fail to understand or abide by their privacy
policies.
Those privacy policies are contracts.
They divide up property rights in personal information very subtly—so
subtly, indeed, that it might be worth reviewing what
property is: a bundle of rights to possess, use,
subdivide, trade or sell, abandon, destroy, profit, and exclude
others from the things in the world.
The typical privacy policy vests the
right to possess data with the service provider—a bailment, in
legal terminology. The service provider gets certain rights to use
the data, the right to generate and use non-personal information from
the data, and so on. But the consumer maintains most rights to
exclude others from data about them, which is all-important privacy
protection. That’s subject to certain exceptions, such as
responding to emergencies, protecting the network or service, and
complying with valid legal processes.
When companies violate their privacy
promises, they’re at risk from public enforcement actions—from
Attorneys General and the Federal Trade Commission in the United
States, for example—and lawsuits, including class actions.
Payouts to consumers aren’t typically great because
individualized damages aren’t great. But there are economies of
scale here, too. Paying a little bit to a lot of people is expensive.
A solution? Hardly. It’s more
like an ongoing conversation, administered collectively and
episodically through consumption trends, news reporting, public
awareness, consumer advocacy, lawsuits, legislative pressure, and
more. It’s not a satisfactory conversation, but it probably
beats politics and elections for discovering what consumers really
want in the multi-dimensional tug-of-war among privacy, convenience,
low prices, social interaction, security, and more.
There is appeal in declaring privacy a
human right and determining to give people more of it, but privacy
itself fits poorly into a fundamental-rights framework. People
protect privacy in the shelter of other rights—common law and
constitutional rights in the United States. They routinely dispense
with privacy in favor of other interests. Privacy is better thought
of as an economic good. Some people want a lot of it. Some people
want less. There are endless varieties and flavors.
In contrast to what’s already
happening, most of the discussion about property rights in personal
data assumes that such rights must come from legislative action—a
property-rights system designed by legal and sociological experts.
But experts, advocates, and energetic lawmakers lack the capacity to
discern how things are supposed to come out, especially given ongoing
changes in both technology and consumers’ information wants and
needs.
An interesting objection to creating
new property rights in personal data is that people might continue to
trade personal data, as they do now, for other goods such as low- or
no-cost services. That complaint—that consumers might get what
they want—reveals that most proposals to bestow new property
rights from above are really information regulations in disguise.
Were any such proposal implemented, it would contend strongly in the
metaphysical contest to be the most intrusive yet impotent regulatory
regime yet devised. Just look at the planned property-rights system
in intellectual property legislation. Highly arguable net benefits
come with a congeries of dangers to many values the Internet holds
dear.
The better property rights system is
the one we’ve got. Through it, real consumers are roughly and
unsatisfactorily pursuing privacy as they will. They often—but
not always—cede privacy in favor of other things they want
more, learning the ideal mix of privacy and other goods through trial
and error. In the end, the “privacy problem” will no more
be solved than the “price problem,” the “quality
problem,” or the “features problem.” Consumers will
always want more and better stuff at a lower cost, whether costs are
denominated in dollars, effort, time, or privacy.
Jim Harper is a visiting fellow at the American Enterprise Institute and a senior research fellow at the University of Arizona James E. Rogers College of Law.
12 Comments
from the i-have-opinions dept
Howdy!
For those of you who don't know me, I'm director of information policy studies at the Cato Institute in Washington, D.C. I work mostly on privacy (including such things as anonymity and the Fourth Amendment), and also on telecom, intellectual property, government transparency (lots of that lately), and protecting the country from counter terrorism.
I'm a native of California and a lawyer. I always take it as a compliment when people who talk to me figure out the first one and have no idea about the second. On my Twitter feed, I sometimes share glimpses of the pageant that unfolds weekend nights, late, on D.C.'s buses.
I have opinions. I want less coercion in our society.
We're all agreed on opposing private violence such as rape and murder, but a lot of people indulge public violence too easily. Some people are OK with state violence visited on innocent foreign people because it might make us safer here. It won't, but no matter because the violence is remote in distance (I guess that's their thinking).
Some people are OK with economic regulation, taxation, and redistribution of wealth for a similar reason: The state violence behind it is conceptually remote. I want less of that, too—a truly peaceful society built on cooperation.
I was listening to "Screaming at a Wall" by Minor Threat when I wrote those last bits. Perhaps that's a metaphor for what I do much of the time. It's very hard to reach people with a possible insight at a moment when they're receptive to it.
What You're Dealing With When You Go to Congress
Hands down, my favorite post of the week goes after Rep. Louie Gohmert (R-TX) for his technical ignorance. I like Louie Gohmert. I think he's funny. He's a real character. And, I mean, his name sounds like "Gomer."
But I sure wouldn't want him governing me.
The colloquy featured in the post is very similar to one I had with a senator after I testified in the Senate Commerce Committee a few years ago. 'How are my searches giving my email over to the spammers?' That kinda stuff. Oh lord.
It was a Republican doing the asking that time, too. But congressional ignorance is a bipartisan problem—sometimes on matters even more basic.
I think a lot of people believe so strongly in democracy that they apply their ideal vision of Congress when they think about what Congress and the government might do. The reality is very different.
It's not that all members of Congress are gomers. They and their staffs are very smart, very dedicated people. But they haven't got the knowledge to organize a society as large, diverse, and open as ours.
Mike says at the end that we need better politicians. There are better, but the system that runs society better than we could ourselves? It does not exist.
Don't Trust the Cloud
I hang my head in shame for all the people who have jumped on the "cloud" bandwagon, and the post expressing skepticism about Google's new "Keep" service in light of Google Reader's demise expresses an important dimension of #cloudfail.
It's absolutely true that "cloud" makes sense given the current state of technology. You don't want to run your apps and your storage on your home server, because most of you don't have one. (I don't.) And you don't want to keep up its upkeep.
But what price do you pay for throwing everything up onto that "cloud" thingy? Greater risk of third-party access and your privacy's undoing, for one thing. Cloud services also can fail. "Cloud" is a marketing term that confuses people about the fact that there are network operators and software and database managers who have duties and responsibilities to their customers.</rant>
There will come a time—give me a long enough time horizon and you know I'm right—when software will be so stable, hardware so cheap, and connectivity so replete that throwing sensitive data and documents onto someone else's servers will seem like an embarrassing mistake.
That's not the point of the post, but it allows me to stretch for that point. I'm old enough to have played games on a mainframe through a teletype machine. I made copies of letters with carbon paper! We looked up information in books! And liked it!
The technology will change the economics, and I think "cloud" will go.
A solid institution like Google yanking Reader is just one, non-devastating dimension of #cloudfail, but other undesirable things can happen with cloud services.
The Business Model Problem
Nobody beats Masnick for illustrating that there are business models that can compete with "free." He apparently has a rival in Glyn Moody, though, who wrote this week about the wave of newspapers in London reducing their prices to zero.
That is classic Techdirt. And it makes Techdirt...how shall we put it...non-beloved by the copyright-reliant folks out there.
You'll be interested to know (or maybe not) that libertarians are divided on intellectual property laws. Some regard them as a gross imposition on the natural right to say and read and write and use whatever knowledge you want to. Others regard ideas and expressions as the rightful property of their creators, rightfully defended from expropriation by government in its proper role as a preventer of rights-violations. I did my best not to tip my hand at a Cato book forum on the topic this week. Haha!
Libertarians are even divided on whether you should call it "intellectual property" or not. I think it's fine to call it that.
I make a curious distinction—too rare in discussions of these topics—between intellectual property, the myriad things produced by cognition and volition, and intellectual property law, which is the assortment of statutes that extend greater control over intellectual property to certain of its beneficiaries. We should have a name for these things: inventions, expressions, and other ideal objects. "Intellectual" modifies "property" much the way "real" does when the object you're talking about is a chunk of earth.
Intellectual property laws have a very different reason for being than property laws pertaining to physical goods. That's what matters most.
Another "That's So Techdirt!"
Mike came up with the "Streisand effect" and don't you forget it.
So I had to love the triple-Streisand featured this week. What a bunch of maroons there are out there who think they can bully legitimate commentary and other good stuff off the Web.
Don't like that I said that?! Just let me know, and I'll take it down... :-/
Honorable Mention
Thanks, Techdirt, to the shout you gave to our Wikipedia and legislative data workshop late last week.
We've been working on modeling, advocating for, and now producing better government data, starting with legislation.
In short order, we're going to start systematically reporting on notable bills in Congress on Wikipedia, building the public's capacity and demand for information about what goes on in Washington, D.C.
Our data is perfectly amenable to many uses. Let me know if you want to build something with it.
36 Comments
from the politicians-lagging-public-opinion dept
If you needed proof of politicians’ sensitivity to, and encouragement of, persistent terrorism fears, look no further than today’s hearing in the House Homeland Security Subcommittee on Transportation Security. It’s called “Eleven Years After 9/11 Can TSA Evolve To Meet the Next Terrorist Threat?” and it’s being used to feature—get this—a report arguing for a “smarter, leaner” Transportation Security Administration.
Could the signaling be more incoherent? The hearing suggests both that unknown horrors loom and that we should shrink the most visible federal security agency.
Lace up your shoes, America—we’re goin’ swimmin’!
Our federal politicians still can’t bring themselves to acknowledge that terrorism is a far smaller threat than we believed in the aftermath of the September 11, 2001, attacks, and that the threat has waned since then. (The risk of attack will never be zero, but terrorism is far down on the list of dangers Americans face.)
The good news is that the public’s loathing for the TSA is just as persistent as stated terrorism fears. This at least constrains congressional leaders to make gestures toward controlling the TSA. Perhaps we’ll get a “smarter, leaner” overreaction to fear.
Public opprobrium is a constraint on the growth and intrusiveness of the TSA, so I was delighted to see a new project from the folks at We Won’t Fly. Their new project highlights the fact that the TSA has still failed to begin the process for taking public comments on the policy of using Advanced Imaging Technology (strip-search machines) at U.S. airports, even though the D.C. Circuit Court of Appeals ordered it more than a year ago.
The project is called TSAComment.com, and they’re collecting comments because the TSA won’t.
The purpose of TSAComment.com is to give a voice to everyone the TSA would like to silence. There are many legitimate health, privacy and security-related concerns with the TSA’s adoption of body scanning technology in US airports. The TSA deployed these expensive machines without holding a mandatory public review period. Even now they resist court orders to take public comments.
TSAComment.com has gotten nearly 100 comments since the site went up late yesterday, and they’re going to deliver those comments to TSA administrator John Pistole, Homeland Security Secretary Janet Napolitano, and the media.
The D.C. Circuit Court did require TSA to explain why it has not carried out a notice-and-comment rulemaking on the strip-search machine policy, and assumedly it will rule before too long.
Getting the TSA to act within the law is important not only because it is essential to have the rule of law, but because the legal procedures TSA is required to follow will require it to balance the costs and benefits of its security measures articulately and carefully. Which is to say that security policy will be removed somewhat from the political realm and our incoherent politicians and moved more toward the more rational, deliberative worlds of law and risk management.
Hope springs eternal, anyway…
There could be no better tribute to the victims of 9/11 than by continuing to live free in our great country. I won’t shrink from that goal. The people at TSAComment do not shrink from that goal. And hopefully you won’t either.
Cross-posted from Cato-at-Liberty.
32 Comments
Re: The problem with "privacy"
On Transparency Forcing
Thanks, Mike, for the kind words. (Though I notice that you have yet to pan a Greenhouse post!) I should emphasize that I'm arguing against manufactured property rights and in favor of organic property rights.
It seems to me like your query would be well-placed with any product or marketplace. Consumers could always know more about the goods or services they buy. Alas, they're awfully insistent on knowing just enough. On aggregate, I think the average transaction makes people at least a little better off, so unhampered markets move clunkily forward on making people wealthier and happier.
In a new and changing marketplace, which the "information economy" certainly still is, the risks are less clear, and they may rapidly change. So it's harder to be certain that things are going the right direction. But I think the "right direction" should always be consumer-defined.
Experts like you or me are not in a position to know better than consumers what they want. And there isn't a method better than trial-and-error for learning what the full costs and benefits of products and services are. So privacy advocates should shout from the rooftops "beware," and reporters should continue to tout wrongs and harms. Two major conduits of transparency.
But I don't see "forcing" transparency here. Consumers are highly resistant to it, and I think it's unlikely to make them better off than informing them in organic ways.
Harm/Damages --> Enforcement Nexus
The adjective "real" in your title reminded me of a post I wrote in the Bernie Madoff days riffing on a journalist's comment calling for a "real" regulator at the SEC. Well, the real SEC lets Bernie Madoffs go until things are in flames, then scurry in and assert their role in protecting the public.
That has nothing to do with your post, except for the use of the word "real." Because my question is about harm and damages.
A real enforcement mechanism, in my sense of "real," would penalize bad behavior in proportion to the harm it does. To know when the whips should be whipped out, you need to have a sense of what damage has been done. Tort law has well-developed doctrines about what is harmful: when damage has been done that justifies compensation or penalization.
Where do you stand on this?
"Forget it"? "Isn't it obvious"? "Harm is a real conundrum"? "Absent harm we need to innovate. We'll call it 'privacy harm'"? Something else?
Re: Decreasing Yelp Value both perceived & monetary
Less spot-on is MikeM's take: "I'm just not convinced that means it violates the law." A contract is private law, and, while a court will decide officially if it does, it seems pretty apparent that the fake posts violate that law. (MikeM's take is appropriately equivocal to the extent it deals with statutes regulating advertising.)
Re: Re: Re: Re: Re: Re: Not Sure That This Ranks as an Outrage
It's in the passive voice, but I can't think of any interpretation of it other than as Judge Kaplan's recitation of Chevron's allegation. An allegation is saying something that has yet to be proven.
Discovery can reveal the existence and actions of parties who are properly then added to the case. That could be what's going on here. As I said earlier, if you assume the non-involvement of these parties, the discovery is indeed wrong, but the allegation exists, and what courts do with allegations is allow discovery so allegations can be examined.
Re: Re: Re: Re: Re: Not Sure That This Ranks as an Outrage
You probably agree with me (and I hope so) that there is not First Amendment protection for speech that facilitates criminal and civil wrongdoing.
If you start with the premise that these parties were not involved in wrongdoing, their communications would be protected by the First Amendment, but if you don't start with that premise, their communications are subject to discovery.
I'm picking up that you take as a premise that non-parties were not involved in wrongdoing, that you disagree with Judge Kaplan about the facts, and that discovery will not show they were involved. When you say "no showing" and "no evidence," are you sure you're not discounting and dismissing evidence that actually does exist? (Weak evidence is evidence.)
I just don't come to this case with the same premises. If you disagree with Judge Kaplan about the facts, I can't argue with you because I don't have an opinion of the facts. Taking the facts and allegations as he states them, I don't find his application of the law outrageous.
Re: Re: Re: Re: Not Sure That This Ranks as an Outrage
The non-parties alleged to have been involved in the fraud brought a constitutional challenge...
Re: Re: Re: Not Sure That This Ranks as an Outrage
Re: Re: Not Sure That This Ranks as an Outrage
To illustrate: Let's say Ann is videotaping Bob at a protest. Bob is wearing a mask to hide his identity, but as he yells "Fuck Exxon!" and throws a brick through Exxon's window, his mask falls off. He picks it up and quickly puts it back on.
Ann and Bob were both doing things that are protected by the First Amendment: videotaping a newsworthy event and protesting/speaking. Bob was trying to maintain his anonymity, which he is generally entitled to do. But Exxon has full rights to subpoena Ann's videotape in a lawsuit against Bob to get access to information about what happened and who did what.
For some reason, the ruling turns on the fact that the people trying to keep the information out of court are not proven to be Americans, but I don't think that really matters.
Re: Not Sure That This Ranks as an Outrage
I'm not endorsing the case or even the RICO law, but I think this subpoena is well within bounds for a case like this.
It is indeed standard practice to get as much information relevant to a case as you can. I was a document clerk on a civil case brought by a farmer once, and because he alleged anquish, pain, and suffering, I got to (had to) see documents about his urology visits.
I don't see anywhere in the ruling, Josh, that the people seeking to quash access to data are doing so on the basis of attorney-client privilege. Maybe they're not entitled to it, or maybe their lawyers didn't argue it. When you don't argue something, you're guaranteed to lose...
I know little about this case, and I don't endorse Chevron's side (or anyone's), but my spidey-sense is picking up bad lawyering on the side of the people trying to quash the subpoena. Where's the argument that this is a SLAPP (strategic litigation against public participation)? There is an anti-SLAPP law in New York state (which may or may not apply), but then I don't know if NY's anti-SLAPP law protects non-NY individuals, which gets us back to whether the people seeking to quash are even U.S. persons entitled to the protection of U.S. law. That's what the ruling turned on, whether non-U.S. persons get First Amendment protection.
It's worth reading the ruling -- not that I did that before I first commented!... ;-)
Here it is: http://dg5vd3ocj3r4t.cloudfront.net/sites/default/files/documents/Kaplan-Order-Hotmail-IP-subpoena_0 .pdf
Not Sure That This Ranks as an Outrage
Re: Re: "State Violence"???
Re:
Re: Re: Re: Re: Meh on the UN Stuff
2) Whether the holders of the domain are or are not taking advantage of consumer confusion is a factual issue that Paul obviously would dispute. And that's the point: There is a dispute, and it is consistent with libertarian principle to dispute what one views as a violation of one's rights, including trademark rights as they exist in the UDRP.
Re: Re: Meh on the UN Stuff
It is not hypocritical to live under the current regime while advocating for another. That goes for roads, taxes, schooling, and every other thing, including domain-name-allocation rules.
The best legal explanation for domain names is that they are licenses-to-use, not the outright property of the domain name holder. The terms of the license bar fraudulent use and trademark violation. Paul believes that his trademark is being violated by the owners of the RonPaul.com domain and he is using the channels available to him to bring his case.
It might be preferable for domain names (more accurately, the right to associate a string in a given top-level domain with a given IP address) to be a piece of property, in which case Paul would bring a trademark action, or a common law fraud or trade disparagement action, against the holders of the domain. It's very much an open question whether the holders of the domain can be brought into a court that offers Paul the remedies he believes he's due. The current law allows him to move against the domain, and this is what he's doing.
Paul is not obligated to forgo the benefits of the law in this area just because he might structure the law differently.
Re: Re: Meh on the UN Stuff
Re: Re: Meh on the UN Stuff
Here, Paul believes he has a case against the holders of the domain based on trademark (in that the holders of the RonPaul.com domain are taking advantage of confusion about the source of goods). He does not have to buy the domain, but can use the procedures in place to resolve the dispute without being hypocritical.
Meh on the UN Stuff
That's the meatspace equivalent to chastising Ron Paul for using the UDRP to seek control of the domain. Is there some other adjudication body he could use? No.
Whatever the merits on the rest of the dispute, about which I truly have no opinion, the UN-hypocrisy point is unfair, I think.
Thanks, though, for all you do, Mike!
Re: I'm the blogger in question
Re: Re: Re: Re: Re: Not So Obviously Stupid
More comments from Jim Harper >>
Techdirt has not posted any stories submitted by Jim Harper.
Submit a story now.
Tools & Services
TwitterFacebook
RSS
Podcast
Research & Reports
Company
About UsAdvertising Policies
Privacy
Contact
Help & FeedbackMedia Kit
Sponsor/Advertise
Submit a Story
More
Copia InstituteInsider Shop
Support Techdirt