RE: [projectvrm] NY Times article: Personal Data and Privacy - and VRM topics - A European point of view

["Mitch Ratcliffe" < >]

Johannes,

In order for the context of the personal data to remain intact, per the
earlier discussions on the list today, and to provide for enforcement
without bad behavior by the enforcement authority -- EFF in your example --
we need a legal framework that is easily articulated and rearticulated by
the users. 

An institution like EFF can change, become corrupted or be subverted. Code
can also change, but the change requires continuity in structure that is
similar to case law, in that it cannot be restructured without substantial
negotiation if the system is to continue functioning. We need an explicit
markup language for shared data, not a hodgepodge of national and regional
law combined with proprietary codebases seeking differentiation over one
another.

Openly stated binding permissions on data, which can be adjusted based on
contextual relationships that carry their own validation rules, must be
objectively compared with the intention expressed by the owner(s) of
personal and collective data. A machine could enforce that kind of open
source law, with recourse to accountable human judges (without defining what
the office looks like, let's just say "humans can adjudicate differences
just as they do today") who interpret new combinations or conflicts of data
when they arise. 

We respect the EFF, but that's not justification to put them in charge of
the innovations in data relationships that people must find for themselves.
No organization can invent and monitor all the futures we anticipate when we
talk about freedom.

Open Source approaches to coding, with a global validation process for
shared data rules, would provide the rich foundation needed for new business
processes and personal decision-making required by the VRM discussion. Any
proprietary approach is immediately opaque and subject to revision by those
who have access to the code, potentially to the detriment of everyone else. 

The problem is that there is a massive economic infrastructure in place now
predicated on ownership of data being roughly the equivalent to that of
ownership in the Stone Age: If I find some data and pick it up it becomes
mine. 

We need code mappable to human users' decisions that can provide effective
shared control, even as more parties join the agreements. That is both a
business and political problem, as the wide variance in privacy laws in
Europe demonstrated in the Times article. When we talk about this purely in
a business or technical context (because technology is still treated as
intellectual property in the Stone Age sense), we also erase the semantic
and aesthetic dimensions of the problem that are essential to the stories
and experience we deliver based on business rules alone.

We're talking about discovering something as basic as DNA for socioeconomic
interactions, but already leaping ahead to what we'll do with it -- just as
the Stone Age folks would reach for the thing they found and thinking "I can
hit Blarg with this and take his antelope." Why? Because we have not changed
our thinking enough. 

I think the recombinant features of open object-oriented programming are
ready to address this need for a shared data markup language, but we
continue to seek proprietary hooks that could be leveraged to increase our
profits. It's at this point, where we're looking for moral cover for our own
greed, that suggestions arise that the best or brightest, the most devout or
liberal should take up positions of authority that reinforce these initial
proprietary advantages. That's how we got religion and the monarchy as the
Stone Age ended. 

An open malleable legal framework that can be reduced to human- and
machine-readable readable markup will be difficult to achieve because we are
humans seeking advantages, but open code is the best and most governable
common asset that can be made available to all on equal terms. 

Along with that technical change we need an articulate conversation about
this new approach, a philosophical interest in the possibility of treating
something we find on the ground as commonly owned, a shared asset that can
be used to improve human interaction rather than a stone to knock out the
competition. Starting with that, we can negotiate real social and economic
relationships that are truly new.

Mitch Ratcliffe - ratcliffeblog.com - 

 
253-229-1948



-----Original Message-----
From: Johannes Ernst 
[mailto:
 ]
 
Sent: Friday, October 10, 2014 1:22 PM
To: Brian Behlendorf
Cc: ProjectVRM list
Subject: Re: [projectvrm] NY Times article: Personal Data and Privacy - and
VRM topics - A European point of view


>> If, on the other hand, they hired, say, the EFF, to go through their
security / privacy architecture and implementation with a fine comb twice a
year,
> 
> This is not something the EFF does today nor would it if approached, but
do folks think this is something the EFF should do?  Seems like being an
auditor is a much different business than being an advocacy organization
with a tech capacity.

I only meant to say that many people -- myself included -- would trust a
statement by the EFF about some organization's (particularly government's)
security and/or privacy practices, while this would not be true about many
other org's that typically audit. I would say that there are very few
organizations who would have similar credibility on this.

On the other hand, <cynic hat on> I think it would be an extraordinary event
if some government actually did hire some org with that kind of reputation
to do this kind of work on their systems </cynic hat off> so all of this is
remains very theoretical ...

Cheers,



Johannes.