Identifying Difficult Problems in Cyberlaw - User contributions [en]

CrowdConf Brainstorm page

2010-10-04T01:12:30Z

Andrewsegna:

Use this page to discuss the best practices reading we did not have time for in class, and brainstorm questions and topics that we might present as a class at the CrowdConf Future of Work Conference next week.

Crowdsourcing (Human Computing) is one of the most promising technologies, which has already been successfully in many different areas (Examples: X-Prize, 99designs, Amazon Mechanical Turk) and we believe has a huge potential for the future. It has the potential to significantly shape and change the way the labor market works. That said, it also creates challenges which need to be addressed. We would love to hear your thoughts on how technology could be leveraged to solve some of these challenges:

*''(1) Preserving Confidentiality in Complex Tasks''. As the best practices document notes, some tasks require worker exposure to proprietary information. The Best Practices mention contracts as a way of dealing with this issues. Do we think that contractual relationships can assuage companies' fears of workers disclosing propriety information? Does the sheer volume (and potential geographical spread) of workers on a given task make enforcing such an agreement impossible?
**Is there a way the technology can account for this problem?
**Could the problem be solved potentially by drafting specific tasks to specific information, the disclosure of which would make the individual who divulged the info identifiable?
**What are the costs of drafting such complex contracts?

*''(2) Feedback Mechanisms and Dispute Resolution''. When there is little or no direct contact between employers and employees and when tasks are completed on a one-off basis, it can be tough to encourage fair feedback or to verify a potential worker's competence in advance. Workers themselves face portability problems; a good rating on Mechanical Turk doesn't necessarily carry over to other crowdsourcing sites or offline careers.
**Could the technology facilitate a cyber dispute-resolution forum? (What if the dispute-resolution process was, in turn, crowd-sourced?!).
**Could the platform have a rating system that suggested a fair rate based on the type of tasks requested? There could be a "survey" that each employer fills out before submitting the task, which would calculate a suggested rate. Perhaps it could be based off of past rates, as tracked by the platform operator? (Does Amazon's "recommended" technology do this in a different form already?)
**Is there any way to use technology to prevent abuse of feedback systems, or at least encourage people to use the feedback system in good faith?
**Have platforms set up features to facilitate the creation of online worker unions? (See SECTION BELOW for more questions on Online Worker Unions)

*''(3) Disclosure''. The anonymity of cyber-space and the possibility to divide a large project into a a large number of small tasks so that the ultimate product is unidentifiable raises a number of ethical concerns. Have companies, clients and platforms alike, explored setting up or mandating an ethical commission investigating these concerns? What about a voluntary code of conduct created and agreed on by the industry as a quality management system to prevent black sheep from ruining the reputation of the entire industry in case of misconduct and as a preemptive action towards governmental regulation? --> How do you prevent a private-run "Manhattan Project" implemented through crowdsourcing and sold to the highest bidder?
** (Zara) If project identification is important to the worker, would it help if cloudwork websites rated projects by their degree of macro-transparency and distinguished accordingly in their user interface? The ethical disclosure problem has at least three dimensions: 1) a worker's subjective discomfort with not knowing the purpose of their HIT; 2) the decision a worker might have made had they been able to make an informed choice; and 3) objective, ethical standards that should prevail in the industry. Although users can already select a HIT based on their assessment of the project, including the degree of information disclosed, organizing HITs by level of transparency could facilitate user choice that selects specifically for this criterion. By creating two portals, or databases of HITS, classified according to levels of transparency, disclosure would be highlighted as a desirable HIT characteristic as to which workers can and should exercise choice. If the database of high-disclosure HITs consistently generated higher quality workers and a reputation for legitimacy, normative pressures could encourage companies to offer more information about a task’s role in a larger project and the corresponding ability to compete in the high-disclosure market.

----

Follow-Up Questions / Further discussion points

*''Online Worker Unions''. Crowdsourcing's success is dependent on finding ways to engage its labor pool, whether it be through offering money or gamesque points. However, as mentioned in class and in the best practices document, there are many ways for these laborers to become dissatisfied with their work, whether it be through a lack of transparency, stress, low wages, etc. Is there a potential for a crowdsourcing labor movement in response to these dissatisfactions? As an inherently digital workforce, these individuals' attempts to share discontents and act upon them are facilitated by their familiarity with and access to online communities. However, how far will this unity go? Do you feel that workers will only offer critiques of certain employers to others or could there be the formation of unions and similar entities in the crowdsourcing world?

*''Overlap of legal frameworks''. Some countries have a state pension fund that is financed by a tax deducted from a worker's salary. How are these legal requirements adhered to in the realm of crowd-sourcing? How is the location/jurisdiction of the worker determined? If the company's location is chosen, how measures are taken for the worker to have access to that respective legal system?

*''Compensation''. Crowdsourcing appears to rely on monetary compensation, a gamelike points system, or personal gratification to motivate people to participate in these tasks. Which of these compensation forms is the most effective in ensuring a large labor pool and the best results for employers? Which (if any) of these forms will be the most prominent system of compensation in the future and which do you think would be the most ideal compensation structure for crowdsourcing in the future?

*''Employment relationship". Are all cloudworkers to be considered independent contractors? Does this qualification pass the test of current labour laws and tax laws?
** (Zara) The IRS definition of an employee versus an independent contractor, which tries to codify the common law, seems inapplicable to the cloudworker-employer relationship. ''See'' [http://www.irs.gov/businesses/small/article/0,,id=99921,00.html Independent Contractor (Self-Employed) or Employee?] The page on independent contractors states: "The general rule is that an individual is an independent contractor if you, the person for whom the services are performed, have the right to control or direct only the result of the work and not the means and methods of accomplishing the result." [http://www.irs.gov/businesses/small/article/0,,id=179115,00.html] As Davis observes in his discussion of scientific research, cloudsourcing problems tend to be idea-based. Applying the common law definition to idea-oriented micro-tasks, which don't require specialized instrumentalities or complex services, is difficult. It could be argued that requestors control the means and methods of accomplishing the results by virtue of the nature of the task; the task can only be accomplished in readily identifiable ways. But if the "means and method" of accomplishing a result is the process of thinking, then an employer will have a hard time establishing this level of control!
**In searching the internet I found this interesting blog post (http://behind-the-enemy-lines.blogspot.com/2009/07/is-amazon-mechanical-turk-black-market.html). I do not know if the information provided is accurate, but it raises some interesting questions: how do crowdsourcing platforms respond to the accusation of fostering a black market?
**Is it appropriate for crowdsourcing platforms to construe a relationship between the worker and the requester? Or should any responsibility be allocated to such platforms?
** Should the role of the platforms be more active in ensuring fairness of the working conditions and salary?
** Crowdsourcing platforms have sometimes been depicted as virtual sweatshops. Do platforms feel any pressure from this criticism? Will increasing awareness of this perception in the general public prompt crowdsourcing platforms to adopt more stringent policies for the monitoring of working conditions?
** Should minimum wages be granted to full-time cloudworkers? Should the maximum working hours be monitored and controlled by the platform? It has been argued that the Fair Labor Standards Act should apply to crowdsourcing platforms (Working For (Virtually) Minimum Wage: Applying the Fair Labor Standards Act In Cyberspace; 60 Ala. L. Rev. 1077). What is the platforms' response to this?
** How crowdsourcing platforms address the issue of labour conditions in developing countries? Is the age of the cloudworker actually checked in order to avoid children labour exploitation? Should it be? And how?

*''Mobile Online Devices''. Mobile and closed platforms with constant connection to the Internet have been supplanting sedentary workplaces in popularity.. How has crowdsourcing taken advantage of this change or has it struggled to do so? What advantages/challenges do these mobile devices offer workers, employees, and crowdsourcing agencies?

*''Recommendation System / Performance Tracking''. It seems like sharing information about workers as suggested in the Best Practices document is a bit invasive for my taste, and perhaps something would have to be written into workers' contracts to explicitly allow this type of information sharing? (I'm not exactly what sure this law would implicate, but I seem to remember that when a potential employer calls a jobseeker's former employers, the employers can only share information that the person worked there, but can't reveal performance evaluations, etc.) Perhaps it's just me, but I'd feel more comfortable if companies enabled performance-tracking software, but didn't go so far as to share it with all other similar companies. (Question from Jenny)

*''Encryption?'' In some cases, the employer might want to protect the large picture of the project from workers while still makes each piece of task workable. For example, a writer might want his article to be shortened or proofread, but not necessarily want the workers to get the idea of the article before it gets published. How to make sure that they would not be able to do so (by e.g. divide the project into extremely small pieces, or, cut off possible communications among co-workers)?
** Secrecy in projects, however, also implicates the downsides with making discrete jobs that cover up the underlining project purpose. The Best Practices discussed some of these with micro-tasks (e.g. moral qualms with the project and lower quality of performance). Also, the employees will be isolated by such secret tasks since they will both lack a physical place to work with other employees and be cut off from discussing it in crowdsourcing chat rooms. One thing then to think about then is how do you balance those two objectives to get the best overall outcome for a specific project (thinking about desired secrecy and worker performance/satisfaction almost as two axes on a graph)? Again, as mentioned above, would developing contractual relationships to deal with this suffice?

*''Quality control.'' As the demonstration showed last week, the author still needs to use his own judgment to eliminate many inappropriate revisions suggested by the crowd. Is it possible to develop certain methods to have different pools of people to whom different projects can be assigned? Without collecting too much private information, we can use demographic standards to differentiate the crowd (age, sex, education, etc). Then the quality of collaborative product can be raised and author’s final intervention can also be reduced.
** In thinking about pulling from different pools of crowdsourcing employees, I’d be curious to ask about employee information verification. Basically, when recruiting crowdsourcing employees, especially when seeking out a certain educational background, how difficult is it to verify that they in fact have that background? Is misrepresentation of that kind of information more prevalent in the crowdsourcing context since it is largely faceless without personal interaction to help catch people in a lie? If so, would it be (or has it been shown to be) helped by the improved work environment ideas discussed in the Best Practices, such as chat rooms for employees that simulate a virtual water cooler?

(Sorry, forgot to log in, this is Erin) OK so to keep in mind what our goal is — we're supposed to put together some sort of agenda to talk about with the people who think about this day-in and day-out, and we have about half an hour? So it seems like we should try to focus in on a particularly compelling angle. The list above is good but can we prioritize? I really liked the point made in class last week that pointed out that if we can identify some sort of way for interesting technology to "fix" the "problems" that we see arising out of crowdsourcing, we'll have a much more receptive audience. Nothing jumps out at me from any particular section of the Best Practices document, but if we combine some of it maybe we can come up with something interesting?
* Maybe combining some of the aspects of portability and reviews with the identity movement more generally would be interesting?
* Frankly a lot of the best practices aren't super interesting in terms of the required technology — is there some other way to get them excited about a particular angle on something?
* Is there a way to frame a problem that we're particularly concerned about that will speak to them? Don't mean to make this an "us-against-them" thing — but the way that technologists think about technology is a little different from the way that lawyers do, so we want to be able to frame the issue in a way that will resonate with the audience...
**What about praising the technology (maybe have a few specific examples), but then asking them if they've met any resistance from, or thought about, any of the potential actors who may block or alter the technology's use? Have you (the technologist) talked with local/state/federal government? Have you discussed potential roadblocks with companies that will implement the technology?

----

'''Crowdsourcing Science'''

Jenny here: I've been reading some blog posts on crowdsourcing, and one comment from a scientist (found in the comments section here: http://money.usnews.com/money/blogs/outside-voices-small-business/2009/01/27/using-social-media-and-crowd-sourcing-for-quick-and-simple-market-research ) got me thinking that scientific research and development could suffer if companies move from hiring a dedicated team of scientists to farming all of their scientific problems out to a crowdsourcing lottery payment system (ie, first one to do this gets all of this money; the others get nothing). Honestly, worst case scenario, we'd have even fewer people going into sophisticated scientific fields than we do now, because there wouldn't be any guarantee of a stable living, and I wonder if this could really hinder the development of solutions to scientific problems or if it would limit the scientific fields to scientists who are business-savvy enough to be connected to venture capitalists, etc. Either way, the outcome could be scary.

I'd be interested to hear from crowdsourcing experts about how they think crowdsourcing scientific problems affects the quality of scientific research, and if there could be any safeguards implemented to prevent the aforementioned problems from occurring (ie -- could the crowdsourcing community fund a dedicated pool of scientists, with extra prizes going to those who successfully complete R&D tasks, or would this go against the very core of the crowdsourcing movement?)

*(Heather): I'm not sure this is a novel problem in the crowdsourcing context. I've never worked in a lab or been involved in research, but this concern about stable living and a consistent funding source seems to be pretty common (at least in the academic context, where it seems like a lot of time and energy is spent chasing down grants and competing for funding). Obviously the decentralization of oDesk and similar websites exacerbates the problem by breaking down competition into individual tasks and individual workers instead of across entire projects or teams, but it doesn't seem to me to create an entirely new economic incentive structure. Then again, I'm not an expert on this and we'll be talking to people who are.

*(Davis): I question whether crowdsourcing has the potential to displace much scientific research. Most commercially viable research projects (such as pharmaceuticals) require significant capital investments in sophisticated experimental equipment, or access to tightly regulated materials (such as dangerous chemicals or radioactive sources). There is simply no way to crowdsource around the need for a spectrometer or a chromatograph. '''The types of scientific problems that are readily solved through crowdsourcing will tend to be idea-based''' (rather than experiment-based), and correct solutions must be easily verifiable. These criteria alone suffice to tightly restrict the class of problems that are amenable to solution through, say, Innocentive. Moreover, companies will need to employ scientific experts simply to know what questions to ask (and how to divide larger problems into smaller ones), and so a significant amount of centralization will still be necessary even with distributable projects.

**And of course much scientific research is basic research, and therefore not (immediately) commercially viable. Thus we're unlikely to see a large category of research go the way of Innocentive. Something like the Large Hadron Collider is the very antithesis of crowdsourcing; such large collaborative projects seem to be the direction physics research will be headed for some time to come. The same will probably become true for other scientific fields as they mature.

**(As a side note, I also feel the need to add that the concern we often hear about having an insufficient number of people pursuing the hard sciences is overblown. In most fields, there simply aren't enough jobs out there to absorb the quantity of science PhDs we produce.)

*(Rachel): As an offshoot of what Davis said, I'm curious as to whether we can discern general principles of when crowdsourcing is or is not viable -- not so much in terms of Rene's question about public acceptance of crowdsourcing, but rather in terms of when it can actually be done or not, as in Davis' Large Hadron Collider example. Or what about litigation? Doc review is being outsourced more and more to contract lawyers working as independent contractors, both within the U.S. and abroad, so that seems like fair game for crowdsourcing (assuming we can get 'specialized' crowds), but it does not seem like the same could be said for actual trial or appellate practice in court. Is it merely a question of skill and experience? Given projects like Innocentive, where scientific issues requiring a lot of skill and experience are crowdsourced, that does not seem to be the case, and yet what is it about things like Large Hadron Colliders and trials that appear to be resistant to crowdsourcing?

----

'''Case Study: oDesk''' (Rene)

* I have used oDesk a lot of times over the summer to outsource smaller programming projects for my startup to developers, mainly in India and Southeast Asia. For those who haven't used oDesk, you post a job with a budget, oDesk workers apply for the job, you can interview them and then hire one; a small portion of the overall payment might be upfront, the rest is paid at completion of the project at discretion of the employer. oDesk has standard terms (NDA, etc.) to facilitate the transactions, but I have asked the developers I hired to sign additional documentation. The biggest issue is quality control; despite the fact that there is a rating system, it is quite difficult to evaluate whether someone is able to get a certain job done or not. I really like Jenny's question around recommendation systems / quality control as and extension of point (2) above and would like to hear what technologist have in mind to address this important challenge.

I would like to hear a '''discussion about the general public's acceptance of crowdsourcing'''. As mentioned in class, our knowledge and opinions of crowdsourcing is very much a minority viewpoint. Although to us it presents a really novel and theoretically interesting development, I imagine different entities (investors, crowdsourcing employees, workers outside of the field) would view this new practice through the lens of their own interests. I would like to hear these crowdsourcing leaders discuss their interactions with these groups, either through an open question or a directed one.
* Can a parallel be made to outsourcing? When jobs are outsourced, domestic workers feel outrage and a sense that they are being cheated or dealt with unfairly. One can imagine a similar response on a micro-level to crowdsourcing, where formerly dedicated employees are let go in favor of crowdsourcing, but employers are happy because it is more economically efficient.
*If people have made parallels to outsourcing, is that even a fair parallel to make? One can certainly make an argument that the small tasks being accomplished by 100s of people are not necessarily displacing jobs on a 1 to 1 level. Also, these jobs are not disappearing from the United States entirely. If your job has been replaced by crowdsourcing, you could just become one of the crowd at that point and do tasks for a wider array of companies. Are claims of outsourcing just knee jerk reactions to something that actually has the potential to offer the same amount or more opportunities for workers?

----

'''Lessig Framework'''

What if we approach the best practices document with a view to Lessig's four modes of regulation, and frame our discussion of crowdsourcing in terms of which combination of modes could best achieve the desired outcomes? For example, assume a crowdsourcing application that has an architecture in place forcing disclosure pursuant to the best practices model. With such a system in place, norms may then provide the best solution to the fairness problem: workers would share information about employers who are known to violate users' sense of fairness in worker forums, and discourage others from doing the work. Or workers could "strike" by making a concerted effort to accept all that employer's tasks and intentionally perform poorly, thereby obstructing completion of the disfavored company's assignments (sort of like 4Chan meets Mechanical Turk).

On a related question, could a crowdsourcing approach solve any of the crowdsourcing best practices problems? For example, is there a way to implement a feedback and monitoring system whereby the quality of a submission is judged by crowd workers?

----

'''Mobile Online Devices'''

This probably won't appeal to the tech crowd as much, but I'm interested in how we will deal with the mobile devices problem mentioned above. If you're working from your phone, which jurisdiction's labor laws apply? Is it the state where your phone was issued, the state where you live, or the state where you're using the device?
*How can companies protect themselves when they want crowdsourcing work done, but want to avoid certain states?
**i.e. if I want to avoid CA labor laws, I can block CA IP addresses, but that wouldn't necessarily prevent me from taking my TX iPhone and working for a crowdsourcing company when I'm in CA.
*What about international workers?
*Should we use architecture by forcing workers to log in through a mobile application that requires assent to certain terms (i.e. I'm not working in CA)?

CrowdConf Brainstorm page

2010-10-03T00:33:00Z

Andrewsegna:

CrowdConf Brainstorm page

2010-10-03T00:32:41Z

Andrewsegna:

CrowdConf Brainstorm page

2010-10-01T03:27:52Z

Andrewsegna:

Use this page to discuss the best practices reading we did not have time for in class, and brainstorm questions and topics that we might present as a class at the CrowdConf Future of Work Conference next week.

*''Preserving Confidentiality in Complex Tasks''. As the best practices document notes, some tasks require worker exposure to proprietary information. The Best Practices mention contracts as a way of dealing with this issues. Do we think that contractual relationships can assuage companies' fears of workers disclosing propriety information? Does the sheer volume of workers on a given task make enforcing such an agreement impossible?
**Could the problem be solved potentially by drafting specific tasks to specific information, the disclosure of which would make the individual who divulged the info identifiable?
**What are the costs of drafting such complex contracts?
**Is there a way the technology can account for this problem?

*''Worker Fairness''. The Best Practices document suggests that the crowd-sourcing platform should facilitate easy payment and provide a forum for dispute resolution.
**Could the platform have a rating system that suggested a fair rate based on the type of tasks requested? There could be a "survey" that each employer fills out before submitting the task, which would calculate a suggested rate. Perhaps it could be based off of past rates, as tracked by the platform operator? (Does Amazon's "recommended" technology do this in a different form already?)
**Could the technology facilitate a cyber dispute-resolution forum? (What if the dispute-resolution process was, in turn, crowd-sourced?!)
**Have platforms set up features to facilitate the creation of online worker unions?

*''Feedback Loops''. The Best Practices suggests that workers and companies use a feedback mechanism in good faith.
**Is there any way to use technology to prevent abuse of feedback systems, or at least encourage people to use the feedback system in good faith?

*''Labor Movement'' Crowdsourcing's success is dependent on finding ways to engage its labor pool, whether it be through offering money or gamesque points. However, as mentioned in class and in the best practices document, there are many ways for these laborers to become dissatisfied with their work, whether it be through a lack of transparency, stress, low wages, etc. Is there a potential for a crowdsourcing labor movement in response to these dissatisfactions? As an inherently digital workforce, these individuals' attempts to share discontents and act upon them are facilitated by their familiarity with and access to online communities. However, how far will this unity go? Do you feel that workers will only offer critiques of certain employers to others or could there be the formation of unions and similar entities in the crowdsourcing world?

*''Disclosure''. The anonymity of cyber-space and the possibility to divide a large project into a a large number of small tasks so that the ultimate product is unidentifiable raises a number of ethical concerns. Have companies, clients and platforms alike, explored setting up or mandating an ethical commission investigating these concerns? What about a voluntary code of conduct created and agreed on by the indudtry as a quality management system to prevent black sheep from ruining the reputation of the entire industry in case of misconduct and as a preemptive action towards governmental regulation? --> How do you prevent a private run "Manhattan Project" implemented through crowdsourcing and sold to the highest bidder?

*''Overlap of legal frameworks''. Some countries have a state pension fund that is financed by a tax deducted from a worker's salary. How are these legal requirements adhered to in the realm of crowd-sourcing? How is the location/jurisdiction of the worker determined? If the company's location is chosen, how measures are taken for the worker to have access to that respective legal system?

*''Compensation''. Crowdsourcing appears to rely on monetary compensation, a gamelike points system, or personal gratification to motivate people to participate in these tasks. Which of these compensation forms is the most effective in ensuring a large labor pool and the best results for employers? Which (if any) of these forms will be the most prominent system of compensation in the future and which do you think would be the most ideal compensation structure for crowdsourcing in the future?

*''Mobile Online Devices''. Mobile and closed platforms with constant connection to the Internet have been supplanting sedentary workplaces in popularity.. How has crowdsourcing taken advantage of this change or has it struggled to do so? What advantages/challenges do these mobile devices offer workers, employees, and crowdsourcing agencies?

CrowdConf Brainstorm page

2010-10-01T03:23:22Z

Andrewsegna:

Use this page to discuss the best practices reading we did not have time for in class, and brainstorm questions and topics that we might present as a class at the CrowdConf Future of Work Conference next week.

*''Preserving Confidentiality in Complex Tasks''. As the best practices document notes, some tasks require worker exposure to proprietary information. The Best Practices mention contracts as a way of dealing with this issues. Do we think that contractual relationships can assuage companies' fears of workers disclosing propriety information? Does the sheer volume of workers on a given task make enforcing such an agreement impossible?
**Could the problem be solved potentially by drafting specific tasks to specific information, the disclosure of which would make the individual who divulged the info identifiable?
**What are the costs of drafting such complex contracts?
**Is there a way the technology can account for this problem?

*''Worker Fairness''. The Best Practices document suggests that the crowd-sourcing platform should facilitate easy payment and provide a forum for dispute resolution.
**Could the platform have a rating system that suggested a fair rate based on the type of tasks requested? There could be a "survey" that each employer fills out before submitting the task, which would calculate a suggested rate. Perhaps it could be based off of past rates, as tracked by the platform operator? (Does Amazon's "recommended" technology do this in a different form already?)
**Could the technology facilitate a cyber dispute-resolution forum? (What if the dispute-resolution process was, in turn, crowd-sourced?!)
**Have platforms set up features to facilitate the creation of online worker unions?

*''Feedback Loops''. The Best Practices suggests that workers and companies use a feedback mechanism in good faith.
**Is there any way to use technology to prevent abuse of feedback systems, or at least encourage people to use the feedback system in good faith?

*''Labor Movement'' Crowdsourcing's success is dependent on finding ways to engage its labor pool, whether it be through offering money or gamesque points. However, as mentioned in class and in the best practices document, there are many ways for these laborers to become dissatisfied with their work, whether it be through a lack of transparency, stress, low wages, etc. Is there a potential for a crowdsourcing labor movement in response to these dissatisfactions? As an inherently digital workforce, these individuals' attempts to share discontents and act upon them are facilitated by their familiarity with and access to online communities. However, how far will this unity go? Do you feel that workers will only offer critiques of certain employers to others or could there be the formation of unions and similar entities in the crowdsourcing world?

*''Disclosure''. The anonymity of cyber-space and the possibility to divide a large project into a a large number of small tasks so that the ultimate product is unidentifiable raises a number of ethical concerns. Have companies, clients and platforms alike, explored setting up or mandating an ethical commission investigating these concerns? What about a voluntary code of conduct created and agreed on by the indudtry as a quality management system to prevent black sheep from ruining the reputation of the entire industry in case of misconduct and as a preemptive action towards governmental regulation? --> How do you prevent a private run "Manhattan Project" implemented through crowdsourcing and sold to the highest bidder?

*''Overlap of legal frameworks''. Some countries have a state pension fund that is financed by a tax deducted from a worker's salary. How are these legal requirements adhered to in the realm of crowd-sourcing? How is the location/jurisdiction of the worker determined? If the company's location is chosen, how measures are taken for the worker to have access to that respective legal system?

*''Compensation''. Crowdsourcing appears to rely on monetary compensation, a gamelike points system, or personal gratification to motivate people to participate in these tasks. Which of these compensation forms is the most effective in ensuring a large labor pool and the best results for employers? Which (if any) of these forms will be the most prominent system of compensation in the future and which do you think would be the most ideal compensation structure for crowdsourcing in the future?

CrowdConf Brainstorm page

2010-10-01T03:07:35Z

Andrewsegna:

Use this page to discuss the best practices reading we did not have time for in class, and brainstorm questions and topics that we might present as a class at the CrowdConf Future of Work Conference next week.

*''Preserving Confidentiality in Complex Tasks''. As the best practices document notes, some tasks require worker exposure to proprietary information. The Best Practices mention contracts as a way of dealing with this issues. Do we think that contractual relationships can assuage companies' fears of workers disclosing propriety information? Does the sheer volume of workers on a given task make enforcing such an agreement impossible?
**Could the problem be solved potentially by drafting specific tasks to specific information, the disclosure of which would make the individual who divulged the info identifiable?
**What are the costs of drafting such complex contracts?
**Is there a way the technology can account for this problem?

*''Worker Fairness''. The Best Practices document suggests that the crowd-sourcing platform should facilitate easy payment and provide a forum for dispute resolution.
**Could the platform have a rating system that suggested a fair rate based on the type of tasks requested? There could be a "survey" that each employer fills out before submitting the task, which would calculate a suggested rate. Perhaps it could be based off of past rates, as tracked by the platform operator? (Does Amazon's "recommended" technology do this in a different form already?)
**Could the technology facilitate a cyber dispute-resolution forum? (What if the dispute-resolution process was, in turn, crowd-sourced?!)
**Have platforms set up features to facilitate the creation of online worker unions?

*''Feedback Loops''. The Best Practices suggests that workers and companies use a feedback mechanism in good faith.
**Is there any way to use technology to prevent abuse of feedback systems, or at least encourage people to use the feedback system in good faith?

*''Labor Movement'' Crowdsourcing's success is dependent on finding ways to engage its labor pool, whether it be through offering money or gamesque points. However, as mentioned in class and in the best practices document, there are many ways for these laborers to become dissatisfied with their work, whether it be through a lack of transparency, stress, low wages, etc. Is there a potential for a crowdsourcing labor movement in response to these dissatisfactions? As an inherently digital workforce, these individuals' attempts to share discontents and act upon them are facilitated by their familiarity with and access to online communities. However, how far will this unity go? Do you feel that workers will only offer critiques of certain employers to others or could there be the formation of unions and similar entities in the crowdsourcing world?

Class 2

2010-09-26T21:20:42Z

Andrewsegna: /* Group One: */

== '''Group One:''' ==

-Identity revealed beyond your comfort zone (ex. WOW message boards: forced real identity).
-Can online identity be protected as a possession? Who owns profile pages?
-Data portability as a privacy policy (who owns shared data?)(single sign-in)(facebook
Connect)(OpenID)(persistent identity online).
-Cyberbullies, multiple identities online.
-How/can IRL ethics/morality be imposed in online spaces? Should they be?

'''1. The Right to Speak Anonymously'''
* It would seem that the easiest way to impose IRL ethics/morality in online spaces is to make our online identities tied more closely to our 'real' identities. But at the extreme, with everyone having a single, unique online identity tied to something like Social Security numbers, we would be sacrificing our right to speak and act anonymously online. Is there a happy medium?
* Then again, it's likely that with cyberbullying, for example, that the kids being bullied know exactly who their antagonists are, meaning that anonymity is not at the heart of the problem. So what is? Is it a lack of consequences? Or consequences that, because they are in 'real' life, are insufficiently tied to their online behavior?
** Although in some cases, such as the highly publicized [http://en.wikipedia.org/wiki/Megan_Meier Megan Meier case], it was not known who the cyberbully was. In fact, in that case, the "real world" bully was unknown in large part because the profile was of a fictitious person to mask the real identity of the bullies.
** Perhaps we should split it into two categories -- "real name" bullying and "masked" bullying. "Real name" bullying usually takes place on sites like Facebook and MySpace (the Meier case notwithstanding) and over IM, and may be a group of middle school or high schoolers who have taken to picking on one kid online. The total lack of adult or authoritative supervision (ie, no threat of a teacher walking around the hallway corner to see the taunting) could be what fuels this. Thus, some mode of authoritative supervision could calm this type of bullying. On the other hand, "masked" bullying takes place in larger arenas, such as JuicyCampus, CollegeACB (see http://www.collegeacb.com/ and a corresponding article: http://ksusentinel.com/arts-living/students-become-source-of-anonymous-bullying/ ), or perhaps even message boards like World of Warcraft, where the the bullies are anonymous posters or use pseudonyms not connected to their legal names. Here, it may be harder to have any notion of supervision, because the sites themselves facilitate and promote anonymity and likely will invoke free speech claims to avoid working with regulators. -- JPaul (Jenny)
*World of Warcraft Real Names Controversy
**[http://blogs.cisco.com/security/comments/blizzard_real_id_privacy_concerns/ Cisco article] describing Blizzard's proposed changes to its message board identification system.
**[http://forums.worldofwarcraft.com/thread.html?topicId=25968987278&sid=1 Blizzard's response] to the controversy the proposal created. In this message board post, Blizzard gives up its plan.
**Blizzard's proposal was tied to its [http://us.battle.net/en/realid/faq Real ID] plan, which is an interesting way to bring real world identity to the online realm in an unobtrusive manner.
* Is the Right to Speak Anonymously (or even the Right to Freedom of Expression?) harmed by forcing online users to sign in with "real identities" (achieved by requiring either verified credit-card billing names, or in less strict cases Facebook Connect) to leave comments on newspaper websites rather than leaving them anonymously as common practice in the early days of the internet
** The analogy to traditional 'letters to the editor' in print editions does not hold as it was much more difficult - if not impossible - to conduct a search of all the comments a given person had submitted to newspapers - in today's world, such as search would allow anyone to quickly pull together a portfolio of comments left by a given person across multiple publications.
*** Humorous example of this: [http://www.mcsweeneys.net/links/commenter/ "Get to Know an Internet Commentator" by Kevin Collier.]
** Another case to consider with anonymity and the internet is the situation where people seek to keep their real-world actions (part of their real-world identity) off the internet. We have discussed that online identities have been increasingly merging with real-world identities through the use of real names, photographs, etc. on Facebook and similar sites. We have also mentioned, in the context of WoW/XBOX among others, some people seeking to maintain fictitious or anonymous online identities. A recent Supreme Court decision in [http://www.supremecourt.gov/opinions/09pdf/09-559.pdf ''Doe v. Reed''], however, considered when real-world acts are publicized, and importantly for our purposes publicized on the internet. In that case, petition signers hoping to repeal a Washington state law which granted same-sex couples rights akin to marriage sought to prohibit others from gaining access to the petitions under the First Amendment. Opponents of the petitions intended to put the names and addresses on the petitions online in a searchable format. The Supreme Court held that public disclosures of referendum petition signers and their addresses, on its face, did not present a First Amendment violation.
* If there is a right to speak anonymously, what are its limits? Are third parties required to reveal real identities when necessary to name a party to a lawsuit? What showing of harm to another person might be required? Under what circumstances are subpoenas of internet service providers legal? It seems to me that the First Amendment justifications for anonymity are lacking in cases that cause harm to others, like cyberbullying, such that any right is extinguished. How absolute is this right?
*What is the effectiveness though of a single, unique online identity?
*'''''Possible case study: Microsoft's XBOX Live online service'''''
**Microsoft's XBOX Live services assign users a unique online username that identifies the user across all the games and services offered by XBOX Live. This unified identity allows a user to easily maintain relationships with other users, compare past accomplishments and activities, and effectively establish an online community.
**From a Lessig framework, Microsoft has used 3 of the 4 regulators to motivate people to become attached to one identity and work hard to preserve its reputation.
***''Norms'': Microsoft allows users to rate other users and assign positive and negative feedback. Other users can easily access this information and determine if this is someone they want to associate with. A user's accomplishments and stats from playing games are tied to his unique identity, making it a valuable indicator of skill and status in the online community.
***''Market'': In order to acquire an XBOX Live account, a user must pay $60 for a year-long subscription. A subscription only gives a user access to one username and, therefore, one identity. If someone wanted to create another identity or if Microsoft banned a user from XBOX Live, that user would have to pay for another account.
***''Architecture'': Microsoft has built in the rating system listed above. As a closed platform, Microsoft also has the ability to ban a user from online activities. This would force the user to purchase another account and would prevent that user from associating himself or herself with past accomplishments and reputation. Given this ominous power, one should be extra careful not to do anything to warrant banning.
***''Laws'': nothing outside of normal tort laws
**Result: this requires more research and testing. However, common wisdom (note: this is from my own personal experience has someone who has played online and has read many opinions about the service) is that communication on XBOX Live is a morass of racist, sexist, and violent comments. Many individuals refuse to communicate online anymore. Despite all of Microsoft's safeguards, there is not an effective deterrant to this type of behavior.
*Are entities like Microsoft hampered by the fact that these online identities, in a sense, don't matter? If I have a unique XBOX Live identity, how am I harmed outside of the XBOX Live community if I act poorly online and am banned? This won't harm my relationships outside of this online realm or ability to get jobs.
*Do we need to make more "real world" ramifications? For example, if law firms required me to list my XBOX Live account name, my Facebook account URL, and my Twitter name (and required me to make all of them public), that would greatly change how I act online. Is the notion of an online identity affected by OCS telling all students seeking law firm positions to make their Facebook profiles as secret as possible?
*How does requiring a persistent identity mesh with policies behind law? Minors may have opportunity to expunge or seal criminal records under the concept of learning and youthful mistakes. However, this is a system completely controlled by the government. Given the nature of the Internet, it may be impossible to offer a similar service, as website could continue to cite the damages caused by an online user, who is easily traceable to a real world individual. If we could expunge a minor's record, do we want to? For security reasons, we may not want minors to be identified as such online. Therefore, people will treat an online identity that belongs to a minor as if it belonged to an adult. Similar to minor being held to adult standards when participating in adult activities under tort law, should we hold minors to adult standards if they are perceived as adults in the online realm (which would include not allowing their record to be erased)?
**Google CEO Eric Schmidt predicts, according to an August 4, 2010 interview in the WSJ, that "every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends' social media sites."
**However, allowing someone upon turning 18 to disown "youthful hijinks" promotes a culture that separates consequences from actions. Instead of eliminating the past, why don't we provide it with more context? As a proposal, why don't we use the architecture/law prongs of the Lessig test to create a structure in which the online activities of an individual, from his first entry into the online world to the last, are stored on a server (this is extremely big brother-ish but let's just play this out). The user can establish as many identities online to represent themselves to other uses, but all of these identities are connected to the user's real world identity. All of the actions a user takes as a minor are branded as the actions of a minor. The way we would then use this information would be similar to a background or credit check. Employers looking to hire the user can request a report on his Internet activity. They would then receive a report that details his actions. This could either be exhaustive, a general overview, or just if others have complained about his actions. This report will indicate what the user did and when in his lifetime he did it. Therefore, if the user did something embarassing or bad, this report will provide more context than a mere Google search.
*** Should the notion of an online identity include search results? If so, how should this information be controlled? Wikis indicate when an entry is in dispute. Could search engines provide a similar service for websites attacking individuals? Is it technically possible to screen for negative publicity and separate out these websites in a search?
*In an [http://futureoftheinternet.org/reputation-bankruptcy article] on his blog, Professor Zittrain discusses the concept of reputation bankruptcy.
**I find the tie between the solution to identity issues and bankruptcy to be troubling. First off, one of the major problems with online reputation is not a completely toxic reputation, but a singular occasion of poor discretion or the malicious agendas of a few individuals. In the [http://www.washingtonpost.com/wp-dyn/content/article/2007/03/06/AR2007030602705.html AutoAdmit] case, users of a law school message board maliciously attacked a Yale Law student. These negative posts were among the first page of hits in a Google search of the student's name. The student received no offers from law firms and although no causal connection was proved, these negative posts could have been a reason why she did not receive offers. In cases like these, individuals need selective erasing of third party attacks or a past mistake that are unfair restrictions on a promising future. However, Professor Zittrain suggests that reputation bankruptcy could involve wiping everything cleaing, "throwing out the good along with the bad." The new start of bankruptcy is a dramatic change and should be used for dire situations. For many cases, it may be a case of using a sledgehammer to kill a fly.
**Another concern is similar to the one I proposed to the idea of "disown[ing] youthful hijinks." If someone can declare reputation bankruptcy, that individual is saved but the communities he or she was a part of are still scarred by that individual's actions. If, in the aforementioned XBOX Live case study, a user could declare reputational bankruptcy, that would do nothing to help XBOX Live's negative reputation and people's unwillingness to engage in that community. Under bankruptcy, creditors are able to receive some amount of compensation for the debts owed to them. What kind of compensation can online communities receive in reputation bankruptcy?
*How do we teach youths just entering the online world how to interact with it and maintain a praiseworthy identity? [WSJ
'''2(a). Facebook Profile Portability'''
Let's do more research into data portability as a privacy policy, which relates to above. Facebook could be a good case study. What options and protections are there to port an online identity / profile i.e. Facebook messages, friend listings, and wall-postings? What can and can not be permanently deleted?
* It has been argued that Facebook has created a "semipublic" shared space for exchange of information. [http://www.nytimes.com/2009/02/19/technology/internet/19facebook.html?_r=1 NYT] If I send a private message or make a post on my wall, such information would be owned by me. But what about posts made by other people on my wall, or pictures and video I have been tagged in?
** What happens to these shared data if I close my account?
** Should information uploaded by other people become part of my online identity? If I look at my facebook wall I can see that only a minor part of it is made of my own contribution. Would my online identity be the same without other people's contributions?
** And what about my posts on other people's wall? Are those part of my online identity? If we own our personal information, should we own also our posts on other people's walls?
** Let's assume we have complete online portability of our online identity, including material submitted by third parties: what are the privacy implication of this from a third party's perspective? Are we ok with the third party's posts and tagged pictures being transferred? Should the third party be notified? Should the third party give express consent?
'''2(b). General Online Identity Portability'''
While 2(a) focuses on Facebook, how about tackling the more general question about our online identities:
* How should online identity be regulated?
** Lessig's framework, incl. benefit analysis of potential laws, norms, market mechanisms?
*** re laws: 3 privacy laws passed at state level, federal privacy law potentially coming in next Congress - what will (should?) it include regarding online identity?
*** re norms: self-regulation: could talk about OAuth, OpenID here and what role they could play
*** re market place: thinking about Google's leaked internal communication from 2008 about creating a market place for privacy/personal data)? See: [[http://bit.ly/crHT3J]]
* What frameworks / initiatives do currently exist? Who has, should have control - Government vs private sector (Could Facebook be ''the'' personal online ID provider)?
** NSTIC (National Strategy for Trusted Identities in Cyberspace) [[http://www.nstic.ideascale.com/]], first draft strategy document published in June 2010, available for download on homepage
*** Goal of initiative: Identify solutions ensuring (1) Privacy, (2) Security, (3) Interoperability, (4) Ease-of-Use
*** Key roles and perspectives to analyze: Individuals, Identity Providers, Attribute Providers, Relying Party
***(Source: NSTIC Presentation, Trusted Identities Panel, OTA Online Security and Cybersecurity Forum, Washington D.C., September 24, 2010) --[[User:Reinsberg|Reinsberg]] 19:33, 26 September 2010 (UTC)
'''3. Applying Privacy Policies Worldwide'''
What are the challenges social networks face at the international level and in countries other than the US?
* Are privacy policies adopted by social networks enforceable everywhere?
** Consider Facebook approach: Facebook adheres to the Safe Harbor framework developed between US and EU as regards the processing of users' personal information. [http://www.export.gov/safeharbor/eu/eg_main_018476.asp Safe Harbor] Is this enough to shield Facebook from privacy claims coming from outside the US? What about countries outside the UE?
** Should Facebook be concerned at all about its international responsibility? Consider the case of the Google executives convicted in Italy for a breach of privacy legislation. Assuming the conviction is upheld in appeal, can it ever be enforced? Where are the offices of the company? Where are the servers? Where are the data actually stored and processed?
* More generally, what types of information created by users is 'personal data' about which they have/should have a reasonable expectation of privacy and should be subject to regulation?
**The line between personal information about which people have a reasonable expectation of privacy and information that is not personal and that need not have restrictions relating to privacy can be a difficult one to define. For example, is information about how a driver drives a car that gets recorded on an in-car computer and potentially transmitted to a car rental or the car manufacturer 'personal' information that is/should be covered by data protection laws? What about information that is picked up by google when taking images for google street view (e.g. IP addresses of neighbouring properties)? (See discussion in Information Commissioner’s Office (UK), Statement on Google Street View, August 2010). The problem is that in many cases this information on its own does not identify a particular individual but that it could be used in combination with other information to identify people. Yet when we use the internet so much information is created and it may not all be information that should be subject to privacy regulation. See discussion about this problem in a New Zealand context in Review of the Privacy Act 1993, NZLC 17, Wellington, 2010 (Australia and the UK are considering similar issues).
*Who/what are the main sources of privacy invasion that people anticipate? Is it the same privacy invasion if it comes from a company (Google), a government looking for potential terrorist activity, or just an acquaintance who likes to facebook-stalk others?
**Do we hold private companies to a higher standard if we know that they have the means to protect our privacy more? Should such companies be held to the same standard in every country? If not, aren't there problems with information that is accessible in some countries but not in others?
'''4. Cyber-security'''
* Cyber-space was first used by script-kiddies as a playground for web defacement, etc, then discovered by criminals as a new means to expand their activity followed by transnational crime syndicates, followed by hackers with a political - "hacktivists" - until eventually also government discovered cyber-space. Since the DDoS attacks on Estonian websites in 2007 pushed the issue in NATO circles, cyber-security has been increasingly in the headlines. A number of questions emerge from this:
* Real threat vs. threat inflation. How much of the what is written in newspaper articles and books is much ado about nothing and what can be considered a real risk? If there is a risk, is there also a threat? What determines what constitutes a threat? Richard Clarke's book "Cyber-war" paints a gloomy picture. Self-interest by an author working as a cyber-security consultant or is there more to it?
* Cyber-crime <-> cyber-espionage <-> cyber-hacktivism <-> cyber-terrorism <-> cyber-war (cyber-intrastate war/cyber-interstate war). Costs today? Costs tomorrow? Technical solutions? Policy/legal solutions? National/international level? State vs non-state actors? Public/private?
* Cyber-war vs. cyber-peace. Why is much of the literature using language such as "cyber-war", "cyber-attack", etc and not language such as "cyber-peace", "cyber-cooperation"
* Terminology. What is the difference between a cyber-hacktivist and a cyber-terrorist? What constitutes a "cyber-attack"? Given cyber-space's virtual borderlessness is it appropriate to speak of defense/offense or active/passive (e.g. the Outer Space convention)? Is cyber-space a territorium like the High Seas, Antarctica or Outer Space? Or a new field after land (army), sea (navy), air (air force), cyber? Is cyberspace a "cultural heritage of mankind"? Relationship between virtual and kinetic.
* Civilian vs military. How is cyber-security changing the relationship between civilian and military? DoD is responsible to defend .mil, DHS responsible to defend .gov. What about the other domains? The German DoD is responsible to defend the German military network, the Ministry of Interior responsible for the government websites. How do civilian Ministries of Interior with police forces relate to a cyber-attack outside the country usually an international attack being the responsibility of the military branch of a democratic government? What are the lines of authority, e.g. for the planting of logic bombs or trapdoors?
**What would the authority of the military be in addressing attacks on civilian networks, if any? Does the government have a role or responsibility to address non-government networks? Structurally and legally, how would implementing this role be done? Would there be any problems of privacy protection and government over-interference?
*If the government is going to take a role in strengthening private network security, which networks should it protect first? Who should be involved in the oversight of this protection--military, civilian gov. actors, private actors?
**Would these actions fall under the Cyber Command?
** The New York Times reports that "the new commander of the military’s cyberwarfare operations is advocating the creation of a separate, secure computer network to protect civilian government agencies and critical industries like the nation’s power grid against attacks mounted over the Internet." [http://http://www.nytimes.com/2010/09/24/us/24cyber.html?scp=4&sq=department%20of%20defense&st=cse]
*** Are "secure zones" a viable solution to protecting critical infrastructure? Is this an oversimplified vision of secure systems that assumes cybersecurity is analogous to real space? What are the drawbacks to this approach? The article notes that the cyberwarfare commander did not demarcate the line between public and restricted government access.
* Role of private actors. How are ISPs, hardware and software companies integrated into the discussions/policy-/law-making process? How much power do they have? Allegiance to profit? Allegiance to country? Allegiance to open cyber-space? Are there public private partnerships? Do they work? What are their strengths/weaknesses?
* Role of hackers. In the early days, the battle was government vs. hacker or state vs. hacker guided by a hacker ethics. This was before the internet expanded around the globe and in the Western tradition of state vs individual. After the expansion, how has this relationship changed? Is there a transnational hacker-culture or are hackers of country X more closely aligned with government of country X vs hackers of country Y more closely aligned with government of country Y rather than hackers of X and Y aligned vs governments of X and Y?
* With the attribution problem and the transition problem (virtual-physical world) how much security is necessary and how much generativity possible? What can be done to reduce the risk? What can be done to reduce the threat? International convention? Code of conduct among major companies? International confidence-building measures?
* Enforcement. How could an international regime/agency look like solving the security dilemma? A cyber-IAEA? Or could a regime that exists now (such as NATO) be more effective?
**What responsibility would countries have for hackers / attacks originating from their own countries? How could one separate attacks from a private individual (that a country could disaffirm responsibility from) and from a government-sponsored initiative?
**What are the main sources of the threats that the US and other countries are anticipating? Are they state-based? How, if at all, would this affect our relationships and foreign relations with those states?
**What kind of retaliation would be appropriate, once an attack has been discovered? If necessary, would a country engage in counter-cyber attacks, or more traditional retaliation such as economic sanctions or even military action?
**Does the US have special responsibilities for a global safe and free internet? Should it take the lead in preventing attacks in other countries that are less equipped to protect themselves?

== '''Group Two:''' ==

-property
-online things acquiring IRL value
-what happens to digital possessions after death?
-who has access to your accounts (fb, twit, gmail, etc) after death
-(TOS after death)
-first sale doctrine in software
-first amendment rights with online comms (going through someone’s infrastructure)

'''1. Death and digital accounts'''
*[http://arstechnica.com/tech-policy/news/2010/03/death-and-social-media-what-happens-to-your-life-online.ars Ars Technica] article on how Facebook, MySpace, Twitter, and Google subsidiaries treat death.
* Whole set of websites attempting to address this issue, and allow some users autonomy to make decisions about what happens to their accounts after they are unable to manage them anymore:
** [http://legacylocker.com/ Legacy Locker] "is a safe, secure repository for your vital digital property that lets you grant access to online assets for friends and loved ones in the event of loss, death, or disability."
** [http://www.mywebwill.com My Webwill] "allows you to make decisions about your online life after death. You can choose to deactivate, change or transfer your accounts, like Twitter, Facebook or your blog. At the time of your death we perform your wishes."
** But given the transience and uncertain future of so many of these companies, can someone really interested in this trust that the sites will still be around? Do you need to keep updating it for every new service that you sign up for which, over the course of several years, will presumably include several different sites? Should it either be a more centralized solution (say, a service provided by the government that has a feeling of more permanence) or more decentralized (say, a last will and testament that you can basically draft on your own).

'''2. Speech and Censorship'''
* ''Speech, Censorship, Statistics.'' Should we be concerned with an ISPs' and website owners' ability to aggregate and control information and speech. It seems that at least Google thinks that Internet users may be concerned with this topic. Google recently announced the "Transparency Report," which (incompletely) tracks usage statistics by country, as well as Google's removal of online material at the Government's request.[http://www.google.com/transparencyreport/ Google] How should corporations manage such governmental requests. What rules should it apply? How should it decide on a set of rules and whether they are catholic or case specific? What benefits are realized by providing publicly this information--particularly the tracking information? How can users or other entities use this information?

== '''Group Three:''' ==

-liability for security breaches (negligent design/management)
-wikileaks! (jurisdictional problems, prosecution) (how does filtering affect wikileaks?)
-transparency on internet services (google: how does it work?)

'''1. Liability for Security Breaches and Flaws'''
*Software insecurity:
** Security guru Bruce Schneier has argued that imposing tort liability is desirable as a method of forcing vendors to internalize the costs of insecure software. See [http://www.schneier.com/essay-025.html Liability Changes Everything] and [http://www.schneier.com/blog/archives/2004/11/computer_securi.html Computer Security and Liability].
***How convincing is his suggestion? What sorts of costs would this impose on software companies? Would such a rule drive small players out of the security market? Would individual contributors to open source projects potentially face liability?
** Law professor Michael D. Scott makes a similar argument, and notes that Sarbanes-Oxley requires publicly traded companies to certify that their systems are secure, while imposing no obligations on the vendors who actually provide the software. See [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1010069 Tort Liability for Vendors of Insecure Software: Has the Time Finally Come?]

*Database insecurity:
** Summaries of a few recent cases that address database breaches: [http://www.sidley.com/files/News/97324419-8e7b-4c3b-93fa-166d4b2bafb3/Presentation/NewsAttachment/17f372d1-e3f6-4170-b914-37bb3d2d695b/PrivacyUpdate062609%25282%2529.pdf&sa=D&sntz=1&usg=AFQjCNGVbZLeoS0joQgDT7_gE5jF8w6ivg Developments in Data Breach Liability].
**Law professor Vincent R. Johnson argues that tort liability is an appropriate mechanism for creating incentives and managing risks associated with cybersecurity: [http://www.stmarytx.edu/law/pdf/Johnsoncyber.pdf Cybersecurity, Identity Theft, and the Limits of Tort Liability]. Some issues he raises:
***''Duty to protect information'': California's Security Breach Information Act imposes such a duty. The obligations that Graham-Leach-Blilely imposes on financial institutions arguably support liability on a theory of negligence per se.
****Can market forces adequately address insufficient database security?
***"Duty to inform of security breaches": This could be analogous to a failure to warn theory of negligence liability.
***The economic harms rule seems to impose a significant bar to recovery. What about requiring the database-owner to pay for security monitoring? A risk-creation theory might support this approach.

--[[Special:Contributions/98.210.154.54|98.210.154.54]] 23:13, 21 September 2010 (UTC)Davis

'''2. WikiLeaks'''

Note: It seems to me, after reading the cybersecurity entry, that the "WikiLeaks" problem could be moved under that category and used as an example of how the Internet can magnify the consequences of a data breach in the physical world. Does anyone else agree? (I'd say no. There are other issues I've added that make it distinct. See below. -- Austin)

*Real-world data breach: Soldier suspected of leaking classified military reporters to whistleblower website WikiLeaks [http://abcnews.go.com/WN/wikileaks-case-pvt-bradley-manningss-alleged-role-leaking/story?id=11254454]
**This kind of leak is made much more likely by the growth of digital information. Spending two minutes to copy thousands of records to a CD labeled "Lady Gaga" v. making copies of the Pentagon Papers and smuggling them out under your shirt. Do we live in a more "leaky" age? If Wikileaks proves capable of protecting the anonymity of its contributors, should we come to expect that any information that is sufficiently important to public discourse will eventually find its way into the wild?
***If these sorts of leaks become increasingly common, will there be a significant effect on the public's expectations as to government(s) transparency? Will Wikileaks-like organizations become an accepted "unofficial" path to the release of information? Or will an increased public expectation of transparency force less government secrecy (fewer documents classified, documents declassified sooner)?
***What effect will Wikileaks have on transparency in private entities with significant public impact? Will the public or traditional press treat a leak from Monsanto the same way as a leak from the Department of Defense?
*WikiLeaks posts documents without redacting the names of Afghans who provided intelligence to the United States. [http://www.cbsnews.com/stories/2010/07/29/eveningnews/main6725935.shtml?tag=contentMain;contentBody] The Taliban said it was using the WikiLeaks site to comb for names of Afghan informants, while the traditional press/gatekeepers said they had redacted the documents they posted to avoid "jeopardizing the lives of informants." [http://thelede.blogs.nytimes.com/2010/07/30/taliban-study-wikileaks-to-hunt-informants/] It seems as if the Internet has allowed people to bypass the traditional gatekeepers -- be they the government or the press -- and that this magnified the effects of the real-world data breach.
**Wikileaks _did_ provide the Pentagon the opportunity to redact sensitive information from documents. [http://www.newsweek.com/blogs/declassified/2010/08/20/wikileaks-lawyer-says-pentagon-has-been-given-codes-granting-access-to-unpublished-secret-documents.html] The Pentagon refused. To what degree should the Pentagon and other groups targeted by Wikileaks and similar organizations be willing to work with those organizations? From the perspective of the targeted group, cooperation with such a group legitimizes it and increases its public statute. From the perspective of the media organization, a working relationship with a targeted group may cause supporters to question the organization's independence. Is there a balance to be struck here? Do the formation of these relationships make "new media" organizations like Wikileaks look too similar to the "old media" organizations that depend greatly on relationships with government officials for content?
*Jurisdictional problems and prosecution: The U.S. government is able to prosecute the real-world leaker, but likely won't be able to prosecute WikiLeaks -- the organization that used the Internet to magnify the effects of the leak, etc. -- because of jurisdictional problems and because of a lack of on-point law. [http://blogs.wsj.com/law/2010/07/26/pentagon-papers-ii-on-wikileaks-and-the-first-amendment/]
--JPaul (Jenny)
*What is the role of the primary source in our media landscape? The Wikileaks hasn't quite figured this out yet. In the Collateral Murder video release, for example, Wikileaks was criticized for releasing an edited video alongside the raw footage from a helicopter attack on journalists and civilians in Afghanistan. In the War Diaries release, however, Wikileaks received sharp criticism as described above. What is the role of the "gatekeeper" in today's media? Can primary source documents contribute effectively to discourse or do they provide so much information that a reader cannot process it all? Would the War Diaries release had greater focus if the vast number of reports had been reviewed by crowdsourcing?
*How will Wikileaks shift public opinion with regard to the use of anonymous sources? As some media critics have pointed out, traditional media sources, even while criticizing anonymous or pseudonymous bloggers, rely heavily on the statements of anonymous officials in their reporting. [http://www.salon.com/news/opinion/glenn_greenwald/2010/07/24/anonymity] Will there be a backlash against anonymity or will it become more widely accepted? Is there a distinction to be made between anonymous sources and anonymous reporters? How do trust and reputation fit into all this? (this issue fits pretty well into Group 1's anonymity issue above)
*Can the Wikileaks model of funding (releasing a big story and then relying upon donations) be a more widely applied to other forms of independent journalism?

== '''Group Four:''' ==
- '''The legal or regulatory meaning of Net Neutrality Principle'''
* According to Lessig, there is no fixed architecture for the Internet - they are all "code" written by human. The Net Neutrality principle and Prof Zittrain's concept of a "generative Internet" are attempts to lay down some fundamental values of what Internet architecture, given all possibilities, is the most desirable model that we should pursue.
* Suppose the concept of Net Neutrality is clear (which is actually not), what are the practical regulatory implications of this principle should bring? There are seemingly contradictory practices in the name of Net Neutrality. For example, ISPs prohibit P2P file-sharing, alleging it takes up too much band width and other users are able to use the networks equally. These practical issues remind us of rethinking some fundamental problems on what neutrality means to the Internet.
* Layers in regulations that protects Net Neutrality: Are there certain applications that should be given high priorities to run on the Internet, or should all applications be given the same weight? (For instance, should our policy equates the band width used for emails and web browsing to high-resolution video or gaming?)

-“to what extent is our judgment about tech related to the “coolness” of the tech itself?”
* '''User Satisfaction versus Company Profitability.''' Closed platforms like the iPhone present significant benefits at a cost. It may be helpful to frame benefits and costs in terms of user satisfaction and company profitability, rather than any particular feature of the device using the platform. We can, of course, ask about particular features that create or diminish user satisfaction or company profitability, but we won't talk about the features as if they confer some independent benefit. This is just a way of conceptualizing when society will tolerate certain technological constraints.
** ''The iPhone.'' Steve Jobs has a vision for the iPhone, and that includes regulating a large portion of what goes on and can go on the phone. Let's take a look at how the user satisfaction/company profitability model applies.
*** ''Profitability.'' The iPhone's closed platform provides at least two valuable and related benefits. First, it allows Apple to keep its operating environment "safe." Without unauthorized third-party applications--i.e., with all apps being Apple-approved--there is less risk for the introduction and dissemination of malware. This reduces costs for Apple, which doesn't have to respond to consumers whose phones have been destroyed by viruses. A second related benefit is branding. Because Apple can keep its system closed, it can design the environment in which it operates and market that environment as a product. This design means Apple can extract profits form third-party apps by conditioning access upon, among other things, payment. It also makes the company more profitable because Apple can advertise and promote itself as a "safe" place that operates seamlessly. Nevertheless, this raises issues about how far Apple will regulate its platform. Will it simply condition access by third-party applications, or will it go further and monitor its users. If Jobs is concerned that users will upload pornographic pictures on his phone, will the future iPhone be programmed to identify automatically and remove or block such photos? Does Jobs' vision relate to profitability, or simply personal preference? (This last question will be relevant to considering user satisfaction).
*** ''User Satisfaction.'' For most users, the iPhone's closed platform doesn't seem to cause any immediate problems. There are plenty of cool apps that individuals can download and use. The iPhone certainly scores high on aesthetics, even if some of its features are low on performance. Users tend to love aesthetics, and have overlooked the fact that, for instance, the iPhone can run only one program at a time. The closed platform's safety also provides a benefit to users, who don't have to worry about protecting their phones from malware. So far, user satisfaction is high. The balance between user satisfaction and profitability seems to be in equipoise--for now. The question for the future is whether Apple will close off more territory, and whether its current sectioning will stifle the actions of users in the future. As to the former, Apple might meet substantial resistance from the public if it begins regulating their private behavior more explicitly. As to the latter, the future is hard to predict. If users become more adept with their phones or demand new features that the closed system stifles, Apple may have to modify just 'how' closed its system should be. Of course, it may respond by making even "cooler" design, thereby satisfying users sufficiently to distract attention from the new (or old) restrictions that remain in place. If consumers detect that Jobs' personal preferences are dictating the ways they can use their phones, their dissatisfaction may win the day.
**"Pandora Hour Limits." Pandora's 40-hour (not sure if that is the exact number, but the important part is that there is a limit) limit for free users has had an impact for avid-users, taking away from their satisfaction.
*** "Profitability." The only way to take advantage of a freemium model of revenue is to provide users with more incentive to go premium rather than the non display of ads. Users seem to be satisfied with this because of the loophole of just creating new accounts, however, this is also a process not liked by consumers.
*** "User Satisfaction." Often times unnoticed, not causing immediate problems. There are plenty ways users have gotten around this restriction, especially by just creating a new account that requires only an email address.

'''Lack of Humans in Online Transactions'''

The process of purchasing something online has almost become too easy for users and is a process that is generally irreversible especially for a website like Ebay. Amazon introduced one-click purchasing where, with the input of a single word, your credit card is charge and the item is shipped. There is no human contact on the receiving end of a transaction, leading to a significant amount of error and non-intended expenditure. More human contact is needed and the process needs to be slowed down to ensure privacy and accuracy.

-online transaction speed: feature or bug?
-lack of humans in online transactions: feature or bug?
- Computers and people gone wild! (please don’t google this)

- Should everything be open-source?
* A closed platform means that things can be innovative only within a predetermined limit; that is, we can only work within the realm of the expected (e.g., apps for the iPhone). But some of the greatest innovations have changed the paradigm for innovation completely, the obvious example being the Internet. The cost of closed platforms is that we do not even know what we're missing -- are security and cool apps worth it?
** Alternatively, if everything ''were'' open-source, would we face some variant of the tragedy of the commons? (''Tragedy of the commons'' -- In ye olde England, there was a public commons where everyone could let their cattle graze. But because it was a public space, no one took responsibility for it, so all the grass ran out and the place was a mess. Then the commons was privatized, and lo and behold, private ownership meant that the owner now had an investment and interest in the land, so the land became nice and green again. Even if the owner now charged people to let their cattle graze there. [http://en.wikipedia.org/wiki/Tragedy_of_the_commons]) Or is there something different about the ethos of the Internet, or about cyberspace as a ''space'', that makes the tragedy of the commons a non-issue?

Class 2

2010-09-24T21:41:07Z

Andrewsegna:

Class 2

2010-09-24T21:37:21Z

Andrewsegna:

Class 2

2010-09-24T21:36:48Z

Andrewsegna:

Class 2

2010-09-24T14:40:17Z

Andrewsegna:

Class 2

2010-09-24T14:39:51Z

Andrewsegna:

Class 2

2010-09-21T22:02:36Z

Andrewsegna: