Recent News
Harvard Law Review: Four principles for surveillance law
Professor Neil M. Richards from Washington University in Saint Louis – School of Law has a paper on The Dangers of Surveillance in the next Harvard Law Review. The abstract’s call-to-action:
I propose a set of four principles that should guide the future development of surveillance law, allowing for a more appropriate balance between the costs and benefits of government surveillance.
First, we must recognize that surveillance transcends the public-private divide. Even if we are ultimately more concerned with government surveillance, any solution must grapple with the complex relationships between government and corporate watchers.
Second, we must recognize that secret surveillance is illegitimate, and prohibit the creation of any domestic surveillance programs whose existence is secret.
Third, we should recognize that total surveillance is illegitimate and reject the idea that it is acceptable for the government to record all Internet activity without authorization.
Fourth, we must recognize that surveillance is harmful. Surveillance menaces intellectual privacy and increases the risk of blackmail, coercion, and discrimination; accordingly, we must recognize surveillance as a harm in constitutional standing doctrine.
There’s a new pain
There’s a new pain.
The public is redefining “privacy” to include new powers. Rights to access personal data. Scope widened to include data co-created with other people and observed data. 
Rights to delete, destroy, redact. Granular control over sharing. Protection from casual inspection by employers, family, and governments. Rights to safe and highly private default policies and behavior. Rights to due process and humane treatment. And we demand these whether the data lives in our homes, on our mobiles or on some company’s servers.
These heightened expectations are ahead of corporate practices, government policy, established law, and software design conventions by years. In some cases by decades.
The gap between raised expectations of what’s right and how businesses and civic institutions deal with them makes people unhappy. Sometimes frustrated. Often angry.
This gap is useful. Pain calls for relief, so policy wonks, business suits, and tech geeks have incentives to innovate.
We’re seeing progress. Startups like those in PDEC’s Startup Circle, projects like those demoing at Thursday night’s Personal Cloud Meetup in San Francisco, and teams doing enterprise pilots are coming at these problems from eery angle. They’re all motivated to close the gap.
We must embrace pain and burn it as fuel for our journey.”
– Kenji Miyazawa
Microsoft’s Marc Davis, PDEC’s own Kaliya “Identity Woman” Hamlin and others contributed to World Economic Forum‘s latest report, Unlocking the Value of Personal Data: From Collection to Usage. It’s worth the solid 20 minute reading time dive into how people psychologically value their data, how their behavior is affected by institutional privacy communications and offers, and economic drivers for treating personal data in a socially responsible way.
For a quicker take, see the New York Times’s Big Data and a Renewed Debate Over Privacy from last week.
photo: frustration cc-by-sa Cubmundo.
Sequester hits NIST, spares active NSTIC pilots
A few weeks ago, John Fontana at Identity Matters reported NIST’s sequestration budget cuts will affect the NSTIC program management office but spare awarded NSTIC pilots.
The Commerce Department official said, “The reductions required by sequestration will adversely affect all NIST cybersecurity related efforts through cutbacks on travel, contracts, grants, and other operational expenses. NIST currently does not anticipate eliminating or reducing NSTIC pilots or programs.”
Are new (not yet awarded) pilot funds still vulnerable? Will cut travel funds mean the IESG meetings must move to the Beltway to be near the NSTIC PMO staff? Will the PMO be able to staff up as the project grows?
- Could the Fiscal Cliff Kill NSTIC? (pde.cc)
- White Paper: What Could Kill NSTIC? A friendly threat assessment (pde.cc)
- NSTIC-led ID plan earmarks $4 million to secure state government services (zdnet.com)
- DMV driving Virginia’s next-gen identity system (zdnet.com)
VRM Day the Monday before IIW
Doc Searls (Photo credit: Wikipedia)
Doc Searls announced VRM Day to the ProjectVRM list:
IIW… <http://www.InternetIdentityWorkshop.com> … is happening at the usual place, and the usual way, in Mountain View, CA, in the middle of the first full week of May. Specifically, 7-9 May, Tuesday to Thursday.
VRM Day will happen the day before: Monday, 6 May, somewhere in San Francisco or the Peninsula.
VRM Day is for planning what we’ll work on at IIW, which began by focusing on identity, but includes whatever we want. VRM has been one of the main things for the last few years.
We need a location. Ideas and connections are invited. Last time we met at the Computer History Museum. But it can be anywhere.
Come if you’re going to be at IIW or want to contribute to planning what we’ll be working on.
This year much new stuff is going on and moving forward.
- Personal Clouds didn’t exist as a topic a year ago, although its rhetorical ancestor, Personal Event Networks, did. The difference is that it’s hot now, and possibly at the core of everything else we do with VRM and/or the Internet of Things (or The Internet of Me and My Things).
- Intentcasting was still Personal RFP last year. Now it’s a newer thing, and all the .orgs and .coms working on it are working differently than they did only a few weeks or months ago.
- Persona, formerly BrowserID, from Mozilla, may finally give us social login that’s not in some giant company’s silo.
- Microsoft is clearly drifting toward serving individuals first and corporates second, if all we have to go by is its defaulting Do Not Track in the ON position.
- Customer Commons both exists and is working with Berkman’s Cyberlaw Clinic at Harvard on terms and policies that individuals can assert.
- Tracking and ad blocking are the hottest browser add-ons, and there is a huge need felt by both developers and site-builders for finding ways to harmonize intentions and means toward agreeable ends on both sides. In addition there is a need to harmonize the experiences of detecting and understanding tracking, and viewing the whole complex whatever-it-is that tracking and advertising has become. There is a good chance that advertising folk will be there as well. We need to meet them with open code, standards and intentions, as well as arms (of the human sort).
- Health Care VRM (by whatever name) is heating up. Much to talk and work toward there, including everything happening in QS (Quantified Self). Other verticals, such as real estate and banking, are also heating up and on the table.
- Sovereign vs./+ Administrative identities. This is very much a VRM topic, and at some distance from the administrative identity focus IIW was created to transcend, and continues to bog down identity solutions still. Will Persona make a difference here, since it’s less administrative than anything else that looks like it?
- Personal data in general is, as always a hot topic. This is more in Kaliya and PDE.Cc’s camp, but it’s bound to be discussed at IIW, and we need to be talking to each other about it.
Q. What will be the most important issues in data ownership over the next ten years?
Quora asked What will be the most important issues in data ownership over the next ten years? My answer…
You’re asking for predictions, so:
By 2022 news services will have reported…
- A million people joined a class action lawsuit against Facebook demanding more transparency over personal data re-sharing after a very public crisis.
- Courts ruled whether US constitutional privacy rights over personal data can be waived by signing a company’s Terms Of Service or whether those rights are inalienable (e.g. you cannot sell yourself into slavery)
- Treaty negotiations failed to harmonize US, EU, Chinese, and other regional personal data laws, leaving very different policies in place.
- A large personal data vault was raided by law enforcement on behalf of Big Copyright, destroying and/or releasing millions of private data objects.
- A law journal on personal data became required reading.
- Twenty companies specializing in the personal data economy reached billion dollar valuations.
- Antitrust regulators attempted to force disclosure of how companies use personal data; enforcement failed
- Three churches started not-for-profit personal data vaults, protecting members against government inspection.
- A consortium of 1000 businesses advocated personal control over personal data.
- A last will and testament leaving user accounts and personal data to a family member was contested all the way to SCOTUS.
- The extreme disclosure fad flashed wide quickly but left behind a small hardcore subculture.
- Courts ordered lawful interception of augmented reality eyeware data streams.
- The first movie customized for each viewer based on personal data outsold the sixth 3DD sequel.
- A bank loaned money to a business using personal data as collateral.
- A bank loaned money to a homebuyer using personal data as collateral.
- 100 million people left Facebook and Google for a Chinese professional network, bringing their profiles, relationships, and histories with them.
- Car companies became large custodians of personal data as worldwide auto fleets generated flood of Vehicle-to-Vehicle data, produced vehicle sensor data, and carried rider/passenger internet communications. They denied car owners access to the data.
These should be verifiable in ten years.
What should I add?
- Roundup, 21 March 2013 – Personal Data at SXSW, JAMA, and Pandora
- Anonymous announces #OpBigBrother for 1 June Day of Privacy
- Hey, Pandora! Let My Data Go!
- Introduction to Mydex CIC Personal Data Stores
- Sense, Sensibility and Security @ SXSW
- JAMA: A case for community health record banks
- Field notes: What’s In A Name? Anonymity, Then and Now. SXSW
- Privacy: Real, Imagined, or Passé?
- Data-mine-ing
- SXSW – Big Data, Better Democracy
