Schneier on Security
A blog covering security and security technology.
« Spying on Computer Monitors Off Reflective Objects |
| Risk and Culture »
May 20, 2008
Our Data, Ourselves
In the information age, we all have a data shadow.
We leave data everywhere we go. It's not just our bank accounts and stock portfolios, or our itemized bills, listing every credit card purchase and telephone call we make. It's automatic road-toll collection systems, supermarket affinity cards, ATMs and so on.
It's also our lives. Our love letters and friendly chat. Our personal e-mails and SMS messages. Our business plans, strategies and offhand conversations. Our political leanings and positions. And this is just the data we interact with. We all have shadow selves living in the data banks of hundreds of corporations' information brokers -- information about us that is both surprisingly personal and uncannily complete -- except for the errors that you can neither see nor correct.
What happens to our data happens to ourselves.
This shadow self doesn't just sit there: It's constantly touched. It's examined and judged. When we apply for a bank loan, it's our data that determines whether or not we get it. When we try to board an airplane, it's our data that determines how thoroughly we get searched -- or whether we get to board at all. If the government wants to investigate us, they're more likely to go through our data than they are to search our homes; for a lot of that data, they don't even need a warrant.
Who controls our data controls our lives.
It's true. Whoever controls our data can decide whether we can get a bank loan, on an airplane or into a country. Or what sort of discount we get from a merchant, or even how we're treated by customer support. A potential employer can, illegally in the U.S., examine our medical data and decide whether or not to offer us a job. The police can mine our data and decide whether or not we're a terrorist risk. If a criminal can get hold of enough of our data, he can open credit cards in our names, siphon money out of our investment accounts, even sell our property. Identity theft is the ultimate proof that control of our data means control of our life.
We need to take back our data.
Our data is a part of us. It's intimate and personal, and we have basic rights to it. It should be protected from unwanted touch.
We need a comprehensive data privacy law. This law should protect all information about us, and not be limited merely to financial or health information. It should limit others' ability to buy and sell our information without our knowledge and consent. It should allow us to see information about us held by others, and correct any inaccuracies we find. It should prevent the government from going after our information without judicial oversight. It should enforce data deletion, and limit data collection, where necessary. And we need more than token penalties for deliberate violations.
This is a tall order, and it will take years for us to get there. It's easy to do nothing and let the market take over. But as we see with things like grocery store club cards and click-through privacy policies on websites, most people either don't realize the extent their privacy is being violated or don't have any real choice. And businesses, of course, are more than happy to collect, buy, and sell our most intimate information. But the long-term effects of this on society are toxic; we give up control of ourselves.
This essay originally appeared on Wired.com.
EDITED TO ADD (5/21): A rebuttal.
Posted on May 20, 2008 at 1:10 PM
• 74 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
How right you are. Control of our data is, to a large extent, control of our lives.
But isn't shadow data equivalent to something much older - what other people say about us behind our backs?
How can we stop third parties from selling what they claim to know about us, much less keep them from saying it?
It is also every contest you enter (sweepstakes), whether you respond to marketing (snail mail, email, telephone), and with tire pressure monitors, where and how you drive, etc. This is the database society. Database Nation, indeed.
"We need to take back our data."
I too, would like to take back my virginity, trouble is that once I've given it up, I cannot take it back.
"Our data is a part of us. It's intimate and personal, and we have basic rights to it. It should be protected from unwanted touch."
You have just undermined networking and data sharing as foundations of our society in the most naive way possible.
Lesson #1 from the Internet: Once some data is out of your hands, you can't revoke it. But not anything is lost, there are other lessons from the Internet, e.g. 90 percent of anything is crud. Let us pollute the data collections with inaccurate and wrong informations to fulfill this law, until the collections are turned into steaming piles of worthless binary sh*t.
> You have just undermined networking
> and data sharing as foundations of
> our society
Were it only that easy.
And I'm not sure which society you claim as your own, but my society was founded on the ideals of individual freedom, government for the benefit of the people, and the rule of law.
Reminds me that "celebrities" around the world have been on the forefront of the battle for control of identity for years and to what degree of success?
The two solutions I've seen are to push out identity information vigilantly to create a dominant/indisputable version (e.g. through a PR firm) or to constantly scrub and clean (e.g. hide, protect and litigate) to reduce information bleed.
It seems those should be affordable enough for the common person. The government, if nothing else, should therefore enable a more fair market.
"It's like toothpaste.... Once you squeeze it out of the tube, you can't get it back in".
May be we should all become more diligent in how we actively participate in giving out our own information. I guess this will only happen when people realise the true value of seemingly innocent scraps of their information though.
I thought the Main Core database was a natural extension of the $385 million "temporary detention and processing capabilities" camps that Bush ordered Halliburton to build in 2006.
Put the two together and I guess people will be sent to a detention and processing center if their profile is matched to an event unfavorable to the executive branch -- coordinated domestic military action through CINC-NORTHCOM.
Even if a privacy law were enacted as Bruce describes, however, I don't think it would have any effect on these martial-law preparations.
It's also in print. For example - it's on our business cards, which get handed out to every Tom, Dick, and Harry.
Tom signs up for Plaxo and who knows what will happen to your info.
Harry accidentally drops your business card (instead of his own) into the fishbowl at the local diner. You will now get spam about the spam specials at the diner.
OTOH, Dick may Google up your resume, decide to hire you, and give you a substantial raise...until he also finds your drunken myspace photos.
Pass A BroadLaw™! Government should do more! Where's our Big Brother to protect us?! We're helpless without him! And as vulnerable as newborn lambs to the Evil Corporations out to get us.
We're too dumb and lazy to help ourselves. Only Government can save us! Help us, Superiors!
@Bless Ralph Nader:
I presume that you would propose data confidentiality to be controlled by market governance, right?
I do not buy it. And I do not buy it because privacy is teeming with externalities, and thus, the transaction costs associated with it are extremely high (or, alternatively, the market is so inefficient as to be meaningless). This is not just theory - think about it. Who cares about your privacy? How costly would it be for you to constantly audit all the companies that hold your data? If there were auditing enterprises, "Quis custodiet ipsos custodes"? It is not in their best interest to report breaches and errors. In short, aligning the incentives for a fully private control of privacy is a terribly difficult (if not intractable) problem.
I do not like BroadLaws either - but for this specific case, I do not see any other way of solving the problem. If you do, please share your brilliant idea with us.
Do not forget that data "ages". What was useful 10 years ago is not so useful today.
So, the easy way to solve this problem is to make it illegal to traffic in personal information without valid authorization from the person who the data reflects.
A few court cases with some substantial losses to the people collecting that data and the balance shifts overnight.
It would still be legitimate to collect information about THINGS. Such as Amazon.com does with "people who purchased X also purchased Y".
Perhaps we need to apply some personal responsibility to our data. I appreciate this is some what retrospective, but hear me out. Lets not give our data away so easily. pay cash. dont use loyalty cards. give your self a random initial when you do part with your details, so you can in some way track who has sold / given away your infos (a unique key for a each might be a bit much....but its a thought). My buddie gives firstname.lastname@example.org each time he has to sign up, so he know whos leaks means spams. Essentailly: reverse it! track them!
In the EU there is a privacy law that matches almost perfectly the requirements set out in the post, however we still have the same problem as the US.
The only sensible way to address privacy is not releasing your data.
> Do not forget that data "ages". What was useful 10 years ago
> is not so useful today.
Careful, this can also work out to be exactly the opposite.
That is to say, the meaningful nature of the data ages, but the usefulness of the data depends entirely upon whether or not you're trying to extract meaning, or cause someone to infer it erroneously.
What I thought (or posted, or blogged about) 10 years ago is likely to be different from what I thought (or posted, or blogged about) today. But that doesn't mean that someone won't dredge that up in an attempt to counter what I'm talking about today :)
The problems you cite are the result of a governing class that refuses to follow the laws it binds us to.
And your solution is to call for more law.
Are you smoking something?
"May be we should all become more diligent in how we actively participate in giving out our own information. I guess this will only happen when people realise the true value of seemingly innocent scraps of their information though."
Amen for personal responsibility. Some interesting further reading:
Say Everything - "the end of privacy: the greatest generation gap since rock & roll" http://nymag.com/news/features/27341/
FYI: The New Politics of Personal Information - "We no longer control what others know about us, but we don't yet understand the consequences..." http://www.demos.co.uk/publications/fyi
Building yes...but consider who runs this blog.
BT-Counterpane just announced they decided to license some simple log management software to try and meet data-retention compliance mandates.
This suggests they do not comply now and are seeking better tools.
Bruce, how's that coming along? Will your customers be able to see all the data retained on them and manage its integrity?
"I presume that you would propose data confidentiality to be controlled by market governance"
Market governance? Well, no. Excepting the prevention of fraud or the initiation of force, market governance is a contradiction in terms.
"How costly would it be for you to constantly audit all the companies that hold your data?"
How costly would it be for you to withhold your data from all those companies in the first place? Your answer: very. My response: not when a "proxydata" company, which manages your data for you using proxy identities, offers their high-quality service at a reasonable price (high-quality and reasonbly priced as a result of competition from other companies with similar offerings.)
But that company, nay, that entire industry, never comes into being, nor refines, solidifies, streamlines it products and services offerings, because the incentive to create them was removed before it could gain a foothold in the first place.
"It is not in their best interest to report breaches and errors."
Name an instance when it was in the best interest of a government agency to report its breaches and errors. When a private company errs, and a whistleblower reports it to the press, you can take your dollars elsewhere. Try taking your dollars elsewhere when the "service" you're getting is from a government agency that errs (if you can ever find out about it. Last I checked, only government agencies have the power to make it illegal, under penalty of prison time, to blow the whistle.)
"..aligning the incentives for a fully private control of privacy is a terribly difficult (if not intractable) problem."
How silly. Such a statement smacks of the fatal conceit that brought down the Eastern block economies, and makes sense only if you believe, as every good pro-regulation statist does, that you know a priori all of the possible solutions to a problem, and knowing them, can conclude ' I do not see any other way of solving the problem', so there must not be any other way.
Here's a phrase that you might like better: "none of us is as smart as all of us." The market, defined as the contributions of as many individuals and voluntarily associated groups as would like to participate, toward the solution of expressed wants and needs by means of the best-performing service or product at the best price, will always beat out a BroadLaw, without exception.
Start with such efforts at the root of the matter: our employers.
You check your constitutional rights at the door when you go to work. They can tap your phone, read your email, paw through your computer, open your locker, etc. The list of what they can't do legally is shorter than what they can do.
I submit this makes us somewhat more accustomed to having fewer rights, which makes it easier for the government to take away what remains.
Employers are sacred in this country.
"none of us is as smart as all of us"
i can't tell if that is an introduction meant for marx or rove.
> "none of us is as smart as all of us"
This is quite possibly the dumbest flagship quote in existence.
"None of us are as informed individually as all of us are as a group" is generally accurate. Unfortunately, turning information into knowledge is not something that works well under a "group think" model.
And none of that has anything to do with plain ol' smarts.
"We need a comprehensive data privacy law"
We've had a pretty good one in the UK for a long time now - the Data Protection Act.
Our government seem to have a current focus on removing all practical implementations of this act, leaving behind an awkward beaurocracy, but no actual rights.
See http://www.channel4.com/news/articles/... as one example; Under the DPA, he has rights; FaceBook simply seem to ignore the law and get away with it.
> You check your constitutional rights at the door when you go to work.
No, you don't.
> They can tap your phone
No, they can't. They can tap *their* phone, which you use.
> Read your email
No, they can't. They can read *their* email, which you use in the course of your job (although generally speaking they need to be VERY CAREFUL about this, because although your corporate mail store is indeed company property they have obligations to protect the individual information that is in that mail store if it is your personal info).
> paw through your computer
No, they can't. They can paw through *their* computer. Again, see the email line above.
> open your locker
Ditto. If a corporation (for example) audited worker's lockers, and a security guard found a giant robotic sex toy in your locker and posted it on a message board, odds are pretty good you'd wind up winning quite a bit in court. Particularly if your company has a written worker's rights policy in the form of an employee manual, which most companies do.
@ Pat Cahalan
"turning information into knowledge is not something that works well under a 'group think' model"
i think you illustrated that nicely in your response to ManOnBlog
here is another excellent example of group think about data privacy, with actual data:
"Professor Alan Westin has pioneered a popular 'segmentation' to describe Americans as fitting into one of three subgroups concerning privacy: privacy 'fundamentalists' (high concern for privacy), 'pragmatists' (mid-level concern), and the 'unconcerned' (low or no privacy concern). When compared with these segments, Californians are more likely to be privacy pragmatists or fundamentalists, and less likely to be unconcerned about privacy."
Lying full time and turning personal info databases into worthless piles of crap sounds like a good idea.
But you know, sometimes people just feel need to trust others... and to be trusted by others. At least I do ;) It makes lying on purpose - everytime, everywhere - a bit more difficult. Mostly I speak about registering to internet discussion boards etc., which require some personal info.
PLEASE post something about the Fermilab message !
"Do not forget that data 'ages.' What was useful 10 years ago is not so useful today."
That's a really good point.
"The problems you cite are the result of a governing class that refuses to follow the laws it binds us to. And your solution is to call for more law. Are you smoking something?"
Actually, that's not what is resulting in the problems I cite. The problems I cite are the result of no laws. But there are other problems that are the result of a governing class that refuses to follow the law, and I'm interested in hearing your solutions to that.
@Bless Ralph Nader:
You seem to have classified me as a "big-government type", whatever that means. That was not my point. What I was talking about was about transaction costs brought on by externalities, and unfortunately you did not address this issue at all. Privacy is, by its very definition, difficult to observe. Thus, the "proxydata" industry that you talk about would require at least as much blind trust as a government. The reason is that, just as governments, they can lie and detecting these lies is very costly. And if these companies steal your identity, you still need a legal framework to regulate them - or would you posit that insurance alone would do the trick?
The point is that for consumers:
1) Keeping their identities secret is costly
2) Auditing companies and governments for compliance to privacy policies is costly
3) Detecting breaches and correcting them is costly
And all of these are compounded by externalities: If the company loses the customer's data, it is the customer that pays (either directly or through insurance). Moreover, since observing this is costly to the customer, and observation might be imperfect, the company can wiggle out some plausible deniability and then we have a moral hazard situation: "It was not proxydata who screwed up and sent your new car to Dubai, it was eBay. Don't think so? See you in court." And again, it is consumers who end up absorbing this cost.
I agree with some of your points, but I am skeptical on whether this whole new "industry" you talk of is really better than government oversight, just on the pragmatics of the solution. Think of government as a big fat server and companies as a p2p network - which one is easier to audit?
privacy laws in the "EU" do not help a lot. Germany has de jure very strong privacy laws, but there's not much in the laws about enforcing it.
Given, you can ask any company to inform you if you suspect they have your data, but what if they lie and pretend they don't?
There's a paragraph that requires them to inform you as soon as they handle your personal data, but what if they don't?
There's a law about your right to get informed after a finished phone tapping, but current reports show that in more than 90% of all cases this wasn't done, and noone can be found to be responsible for this ;(.
The federal and county and company "privacy officers" (Datenschutzbeauftragter) don't have much privileges to enforce things, and they cannot investigate; they can only recommend and go public -- a toothless tiger.
Companies and governments collect more and more data, and who does what with all that data is totally unclear.
Before, my company would buy the software I need to do my work.
Now, they tell me to install some free (as in beer and/or as in speech) software on my work windows PC.
The main problem is that the software is free, but the installer for windows is not - I do not really know where is its own license.
Now, to do my work, I pay the tools with my personnal data transmitted at installation time.
I cannot really lie - my company forces me to put my real name as my mailbox identifier on my work PC, my work title is stored somewhere, the list of cookies has not been erased recently...
I've accepted that under the majority of circumstances a degree of anonymity will just cost more financially than handing over your data, the problem occurs when you aren't given a choice. The fact your data can be sold on is also an issue.
From a UK perspective things could be about to get a whole lot worse:
We're already the most surveilled country in the world.
It seems to me that the only thing we need government for is to issue a mandate giving us read/write access to our own data. After that, we can write open source, peer reviewed software to maintain our data in "all" of those databases. "All" can be maintained the same way that anti-virus software maintains its lists of threats. We can use public key crypto to access the data and electronically sign our transactions. The software would have routines that verified that our data maintained consistency throughout all of these databases so our costs of maintenance would be minimized. This is clearly not an exhaustive list of functional requirements, but why wouldn't this work?
> Do not forget that data "ages". What was useful 10 years ago
> is not so useful today.
No, no, no.
Google "opposition research" to see that that is NOT true.
It's all good to collect information on everyone and store it indefinately. And use that information to exert control, and drive programs.
But don't save e-mails from the White House...that would be bad.
"The problems I cite are the result of no laws."
You haven't cited any problems yet. You've tried to portray laziness in negotiation and due diligence on your part as violations of non-existent rights foisted upon a helpless you by omnipotent corporations.
"Our data is a part of us. It's intimate and personal, and we have basic rights to it."
Simply asserting falsehoods doesn't make them true. Data is owned by the person who created it, not by the entity whom the data is about.
Let's say I walk to work every day, at a slightly different time every day, using a slightly different route every day, using public roads. I do that for a year, and I don't keep track of when I leave for work, nor which routes I take.
No data has been created.
Now, beginning on January 1st of the second year, and continuing for 365 days, you observe me from afar every morning as I traverse public roads. You keep track of when I turn a particular corner, and whether I take a left or a right at a particular stop sign.
At the end of the year, you have accumulated a bunch of data about my walking-to-work habits.
You own the data. I don't own the data. You have all property rights in that data. I have none. If you want to sell the data, any law prohibiting you from doing so is as bad of an idea as any other law infringing property rights.
When you sign up for a supermarket affinity card, (your example), the common law would be correct to impute to you the same knowledge any 12-year-old has: that you don't get something for nothing, and any discounts or rebates you receive from usage of that card are "paid for" by the use of "your data" in the form of your buying habits. If you don't want that data collected or used, don't get the affinity card. Any whining that you want one without paying the cost should be treated as you'd treate any child who holds his breath and stomps his feet trying to get something for nothing.
What's needed is not a law exempting you from making intelligent decisions about which data you wish to trade for what with whom, nor creating a false right in the work-product of others. What's needed is the self-discipline and maturity to realize your data is valuable, and to negotiate its use to your best benefit with your bank (or your bank's competitor, when you take your business elsewhere), your grocery store, the company owns the toll roads you drive, the company owns the chat service you use, which airline you fly, etc.
Any less is just laziness on your part masquerading as victimhood.
"What's needed is the self-discipline and maturity to realize your data is valuable, and to negotiate its use to your best benefit with your bank (or your bank's competitor, when you take your business elsewhere), your grocery store,..." etc etc
So what is the informed and diligent consumer to do when effectively all suppliers of the example goods and services behave the same way? If there are no feasible alternatives, your "vote with your feet" solution is meaningless.
" If there are no feasible alternatives"
Name one desire whose satisfaction can be achieved in only such a specific way that there can't possibly (or, more realistically, practically) be any other way to satisfy that desire except in the way that an existing market or industry is currently satisfying it.
(Hint: by posing the question the way you have, you've already fallen in the trap of assuming a priori all knowledge of all potential solutions to a problem.)
(The classic example of the problem you bring up is the buggywhip indsutry in the U.S. in the late 1800's. All the buggywhip companies were charging exorbitant prices, and treating their customers horribly. What possible solution (to the problem of transportation) could there be, except to pass a BroadLaw tightly regulating the price and supply of the products of these buggywhip companies?
Of course we know how that problem was solved. The desire for transporation was met in a way just slightly different than the regulators foresaw. The market provided a much better product and service.)
A demand for a feasible alternative(s) where none currently exists, when there's a profit to be made from meeting that demand, are the incentives that cause entrepreneurs to create companies that produce solutions.
Does the market respond to a problem in 5 seconds? No. (And you have byzantine regulations to thank for that.) But the response that rises to the surface, when the incentive to create and offer better solutions is untainted by BroadLaws™, and which becomes the most popular with consumers, is, by definition, sufficiently worthwhile to consumers to trade some of their wealth for (otherwise they would have purchased the product of a competitor.)
Broadlaws™ are not free, but their costs are hidden. And the solutions which come from a few bureaucrats aren't as good as the solutions that survive the brutal feedback mechanisms of the market: if your product sucks, and the few first-adopters say as much, nobody will buy it, and you'll go out of business.
If a BroadLaw's solution sucks, we're stuck with it, because its implementation (forced subsidization through taxation) destroys the profit incentive for entrepreneurs, so we have no alternatives, because the alternatives never came into existence.
This is all basic economics, explained clearly here: http://www.econlib.org/library/Bastiat/...
""None of us are as informed individually as all of us are as a group" is generally accurate. Unfortunately, turning information into knowledge is not something that works well under a "group think" model."
Well, you missed the point. 'None of us is as smart as all of us', in the context of the market versus a small cadre of bureaucrats, means that in creating intelligent solutions to complex problems, 10,000, or even 100,000 smart, motivated engineers, entrepreneurs, investors and technicians will always beat out one person, in accruing better solutions to solve the same problem. (Remember, many entrepreneurs now come from top engineering departments of good universities. These guys usually aren't dummies.)
The chances of you, alone, coming up with a better solution (which can't be improved upon, is always cheaper, made from better materials, is more extensible, etc., etc.) than the best combined and evolving solutions created by such a group, is so small as to approach zero.
Now replace "you" with "any sized group of bureaucrats". The statement remains true.
Where can you find bureaucrats? In the regulatory agencies that Bruce appeals to for answers. It's where you find GroupThink at its most fetid.
Where can you find 100,000 sharp, motivated, and properly incentivized people, whose solutions can benefit from constant evolution from competitive feedback?
It's called The Market. It's the biggest group around (in case you love the safety of groups and loathe the independent individual), and it's precisely where GroupThink can't survive.
The market, because of its nature and because of who comprises it, offers the best solutions at the best price. And it's precisely what Bruce misunderstands as the inferior alternative ("It's easy to do nothing and let the market take over.")
Should we laugh at the irony, or cry?
So you're implying that the current situation is optimized and that consumers are getting what they deserve.
May you make millions solving these privacy issues. Meanwhile, I'll have to rely on external coersion via regulation.
"So you're implying that the current situation is optimized"
Of course not. Out of curiosity, which part of what I wrote makes you think that?
If there is an imbalance between what consumers demand, and what they're offered, this imbalance, combined with a profit incentive and a sufficient dearth of disincentives (like excessive regulations), spurs entreprenuers to create enterprises to create products and services to meet such demands (with the intention, of couse, to meet them better than they're currently being met.)
"consumers are getting what they deserve."
Quite the opposite. The choices available to consumers are horribly restricted. Governmental interference in the market puts a chilling effect on the creation thousands of better products and services, which never come into existence, because the incentives have been removed.
"I'll have to rely on external coersion via regulation."
Only if you support such regulation. It's refreshing to see someone admit the nature of regulation, though.
@Bless Ralph Nader
"Data is owned by the person who created it, not by the entity whom the data is about."
"... you have accumulated a bunch of data ..."
"You own the data. I don't own the data. You have all *property rights* in that data. I have none. "
(emphasis added by me)
Welcome to the great debate of the data age. You assert (and are supported by current law as I understand it, IANAL) that data today is treated like property. Bruce's assertion is that data isn't property like a box or chair, but rather a property of the person it is about. If it isn't legally so, I believe he is asserting it should be (he can certainly speak for himself on that topic). :)
The current legal status of data about me, and who owns it is THE issue at hand. If someone legally owns data about me, then you are correct.
If however they legally are custodians for express purposes, then I still own it and should / could assert control or compensation (via the courts).
As it stands now I believe US law treats data via proprty law, and that IMO is the core of the problem. That is the great debate that we face in the coming years over security, privacy, marketing, etc.
It looks like you and I agree far more than not. You may be more optimistic than me but we seem to end up with the same conclusions.
Today, privacy is not a paying proposition for business. The privacy situation is intolerable, so absent a profit motive, regulation is that last arrow in the quiver.
Regulation should be the remedy of last resort. Too often it is the first resort, and that hasn't worked out very well... But we appear to be at a point when regulation is better than what we have today.
"As it stands now I believe US law treats data via proprty law, and that IMO is the core of the problem."
It's actually the core of the solution. Treating data in any other way, as Bruce advocates, is the heart of the problem.
Data created in the manner of my example (created while the subject's activity took place on unambiguously public property), is the intellectual property of its creator. You, as the subject of that data, have no more right in it that you have in a painting I created depicting you walking down a public street.
Only if you stand on principle against the concept of intellectual property, could you view treating data as the thing it is (property) as a problem.
When ones creates something, it is property.
@Blass Ralph Nader
Fair enough response for your example, but what about data like address or phone number? Sure you could argue the phone company created the phone number, but not the address. And who owns my name? Did my parents create that, or is a name public domain if is it is traditional? Then who owns it?
The main point is that data about someone isn't typically created in the way you describe, but for the sake of continuing:
If the data collection you describe was done, and assigned a random number in a database for your purposes (whatever they may be) I'd agree that no personal violation of my "privacy" was made.
If however you try to associate that data with my name, phone number, or other data that you didn't create and allows you to identify me, then you have crossed the "privacy" line. Unless I have allowed you use of _my data*_ for the purposes you and I have agreed to.
(* my data = personal properties about me that are unique and identifiable as me or about me as a person.)
Any other use violates my "privacy" because it takes information that describes me (not my actions in a public place) and uses them for purposes I have not agreed to.
NOTE: These definitions are mine and mine alone. I made them up as I wrote this. :)
@ Bless Ralph Nader
"(Remember, many entrepreneurs now come from top engineering departments of good universities. These guys usually aren't dummies.)
The chances of you, alone, coming up with a better solution (which can't be improved upon, is always cheaper, made from better materials, is more extensible, etc., etc.) than the best combined and evolving solutions created by such a group, is so small as to approach zero.
Now replace 'you' with 'any sized group of bureaucrats'. The statement remains true."
That is complete logical nonsense.
What if "you" could be an entrepreneur and/or could be from a top engineering department at a good university...likewise for bureaucrats?
That would mean, by your own reasoning, a regulation easily could be better than one from a market solution.
"what about data like address or phone number?"
"And who owns my name?"
The fact that someone "thinks up" a sequence of numbers or letters, such as "800-555-1234", or "26 Maple Ave.", or "John Smith", does not convey an ownership right in it. Only when those numbers take physical form, as bits on a disk in a database, for instance, does ownership accrue.
So who owns your phone number, address and name? The answer is, Which instance? It depends on which database it's entered into. Your phone service provider(s) owns the instance of your number in its database(s); I own the instance of your number I have entered in my PIM software on my computer. Your aunt owns the instance of your name and address she has written down in her paper address book.
You have no right to control the usage of any of these instances. The respective owners of the instances, have all the rights.
"If however you try to associate that data with my name, phone number, or other data that you didn't create and allows you to identify me, then you have crossed the "privacy" line."
I can associate and mix/match any data about you I want to, as long as that data was derived from information either from your voluntary presence on public property, or your voluntary accession of use of that data. You have no privacy rights to any information you've publicly disclosed. (Applies only to people over the age of 18 of sound mind, of course.)
"(* my data = personal properties about me that are unique and identifiable as me or about me as a person.)"
You may want to own data as you've defined it, but your definition runs afoul of the concept of property.
Again, if I create a painting of you, having seen you when you were walking on a public street, and that depiction of you in the painting is clearly identifiable as you (because I'm an excellent painter), and it depicts a mole on your face that is unique to you, as a person, you still have no rights whatsoever to my painting. I created it, and I own it wholly.
The fact that something is unique and identifiable as you, doesn't mean you get to own it. Conjuring up a so-called right to the contrary gives you a legitimate demand to things which exist only in my mind (like an image of your face), and in the minds of others. Such a concept is ludicrous.
If Bless is so sure of his property in data he or she creates, how about trying to create a painting of (for example) Tom Cruise and sell it to an advertising agency for stock use?
A lot of the laws Bruce is calling for already exist for the rich and famous (no, seriously, just take a look at rights of publicity), but do not apply to the undistinguished.
"A lot of the laws Bruce is calling for already exist for the rich and famous ... but do not apply to the undistinguished."
True. And they're abominations (I thought equality before the law was something we valued.) They should be repealed and apply to no one. Bruce wants them to apply to everyone.
I think none of us is undistinguished, so I'm with Bruce...
There have been several comments so far that European laws don't work. It's true that they are not perfect, however, nobody who has seriously experienced and thought about privacy in Europe and the US can say the privacy laws don't have a major effect. Just simply the amount of junkmail and the targetting methods (the pre-activated credit card almost doesn't exist in Europe) show that overall things work better.
In the US consumers are encouraged to sell each other's data (free XXX if you give the name address, SSN, bank account number and a good PIN code guess for a "friend"). In Europe such a possibility just doesn't exist.
We have privacy problems here too but the scale is different and the enemy (often the government) is also different.
All of your assertions are based on the assumption that data SHOULD be handled as property. I don't make that assumption.
You are in fact correct in interpreting how it is today in the U.S., as I understand it. I'm trying to make a case for how it should be tomorrow.
There isn't enough room to really hit this topic in fairness in blog comments, so I'll leave it at this.
If creating a string of numbers or letters isn't enough to establish ownership, you might want to talk to anyone who writes books, music, or computer software for a living. They all create those "string of letters and numbers" and depend heavily on it being "thiers". That is in fact intellectual property that you refer to in your statements, right?
So if I write software, and it is "mine" then how do I sell it? Oh, we skirt that issue by using licensing and "right to use" instead of selling it. So if that works for books and software, why not other data that pertains to people and their privacy?
"The fact that someone "thinks up" a sequence of numbers or letters, such as "800-555-1234", or "26 Maple Ave.", or "John Smith", does not convey an ownership right in it. Only when those numbers take physical form, as bits on a disk in a database, for instance, does ownership accrue."
I think authors, musicians, and software programmers all might disagree with you, and the supporting laws that let them "own" their works might too. How else could I sell software, music or books, and still assert I "owned" the work, vs the book you hold in your hand?
The abstract "original creation" (in the form of strings of numbers and letters and notes) is owned, and reproductions are made, but the creation of the physical objects does not transfer ownership.
But in the end, this discussion isn't entirely relevant, because a work I create and essential descriptive data about ME as a person are still two different things. What I look like is public for pretty much everyone. How to create credit in my name shouldn't be.
If you find a bank that will take you "how I got to work for month" or painting of me in public as identity information and give you credit, please let me know. :)
"If creating a string of numbers or letters isn't enough to establish ownership, you might want to talk to anyone who writes books, music, or computer software for a living. They all create those "string of letters and numbers" and depend heavily on it being "thiers".
No they don't. Insofar as intellectual property is concnerned, book authors create books, musicians create songs, and software writers create software.
No author has ever written a sentence such as "It was a dark and stormy night", and then claimed exclusive ownership of the letters "i,t,w,a,s,d,r,k,n,o,m, and y." (and if such a claim was made, it was certainly not honored by anyone who understands the concept of property.)
No musician has ever written a song and then claimed exclusive ownership of the key of E flat.
No software coder has ever written "int main() ", and then claimed exclusive ownership over all of those symbols.
Each of these intellectual property creators owns the instance of their creations. They possess no exclusive rights to the creations' constituent parts.
"How else could I sell software, music or books, and still assert I "owned" the work, vs the book you hold in your hand?"
By virtue of the fact that you created the work.
"All of your assertions are based on the assumption that data SHOULD be handled as property. I don't make that assumption."
It's not an assumption; it's a conclusion. You shouldn't believe the idea that data is property as an assumption, either. You should study the issue until you can confidently understand it as the best conclusion. You'll find that tomorrow, as today, is best served by the thorough vetting, over several hundred years of thought, of the concept of property. (You could start here: http://mises.org/Books/HumanActionScholars.pdf ). (It's free.)
Yes, it's much harder to do the reading, slowly and painfully abandoning, one by one, each dearly-held yet false economic nostrum, than it is to joyfully clamour for passage of a BroadLaw™, but at the end of your study you'll have something that the rest don't: understanding.
@Bless: "Let's say I walk to work every day, at a slightly different time every day, using a slightly different route every day, using public roads. .. No data has been created."
Incorrect. Data was created. You created it. That the data was not recorded does not mean it never existed.
"Now, beginning on January 1st of the second year, and continuing for 365 days, you observe me from afar every morning as I traverse public roads. You keep track of when I turn a particular corner, and whether I take a left or a right at a particular stop sign.
At the end of the year, you have accumulated a bunch of data about my walking-to-work habits."
Yes, I've accumulated the data. But that doesn't change the fact that you created it. I merely observed & recorded it.
"You own the data. I don't own the data."
That's one of the fundamental issues that needs to be decided. Is your data (your path to work using your example) owned by me merely because I took the effort to record it? What if more than one observer recorded the data? Is there joint ownership? Who administers joint ownership and who divides the royalties from selling/reselling the data?
Your example is an interesting one. On the one hand, everything you did was in the public eye so one could assume no one has explicit rights to own the data. It can be considered public domain.
That's not to say there's no value, though. If a burglar did the monitoring, they could determine that, inclusive of variations, you're never home between 9:15 and 3:45, granting them a 6.5 hour window of opportunity to rob your house. For a less nefarious example, the owner of a local coffee shop could observe your habits to determine what hours of operation they should use to maximize the odds of you stopping in for a latte.
The real issue, though, is transactional data that involves multiple players. Especially when the transactional data may have privacy implications. If I buy groceries using an affinity/club card and pay with a debit card, at least six and probably more players have information about the transaction (me, the store, the affinity card service, the credit card processor, the credit card network, and my bank). You could also count the observations of the store's staff and other customers but that's largely transient so I'll ignore it to keep things simpler. So, who owns the data? Who has the right to sell and resell the fact that we bought fresh fruit? Who gets to profit by telling my insurance company whether or not I buy tobacco, alcoholic beverages, or high-fat foods? You can't say all of them own the entire transaction. One might be able to make a credible argument that that each owns the part of the transaction that they are responsible for, but determining those boundaries may prove difficult (Does my bank know _what_ I bought or just _that_ I bought?).
So the "creation" of short strings of data / numbers / etc is different than large strings? I never once said anyone owned the notes of keys, nor the letters and number, but the string itself. So are comic books less protected than novels because they have existed for less historical time, or contain less words?
And this still misses the main point of the distinction being made. Why is a social security number "personal"? Because within our society and culture it is part of my identity. It is never created property (possible exception US Government who created it and assigned it) but rather reproduced data about me. In every instance of it being entered into a database or written on paper it is not an original work, anymore than me writing here "quoth the Raven, Nevermore" gives me creation rights over the Raven. So the argument fails because the data is not being created in the act of entering it into a database, writing it down, or commiting it to paper. It was created once, all other activities amount to reproduction. The metaphor being used fails because in an age when creation of an object was all we had to deal with it works great. Once we get into data, meta-data, and ephemeral and it can be transmitted and recreated essentially arbitrarily then the property model begins to fail.
Thanks for the resource and I will read up on it, however I'm somewhat familiar with the "how it got here" arrangement and it hasn't convinced me that it is correct as we have it now.
I'm also not advocating a Broad Law per se, but rather a rethinking of ownership and privacy. Only if the existing law can't support the ideas of privacy adequately would we require changes or new laws. I actually suspect we COULD support privacy better with existing law without asserting a blanket "all data is property" viewpoint.
I, of course, could be wrong too :)
Doh, last sentence in second paragraph should read..
... meta-data, and ephemeral states ..."
"So the "creation" of short strings of data / numbers / etc is different than large strings?"
I'm not sure that you want to think of a novel as a string. But if do, then yes. That's why you'll unlikely be successful in copyrighting a single, short sentence, even if it is original (such as, "Lugubriously, Monty pined for the halycon days of fee simple.") That sentence is likely original, created here first, today. But it's not copyrightable, which means I've no defensible ownership rights in it.
"So are comic books less protected than novels because they have existed for less historical time, or contain less words?"
No. They're still works.
"[A social security number] is never created property (possible exception US Government who created it and assigned it)"
It is created property, but no one has an exclusive right to its use. Now, for me to claim that your SSN is my SSN (on a form at a bank, for instance) is fraudulent, but such a claim, while fraudulent, is not a violation of copyright; not a violation of property law. The deceitful claim is what is fraudulent. Like I mentioned in a apost above concerning your name, you have property rights in your name, address, SSN, phone number, height, weight, gender, race, hobbies, etc., only insofar as you have created an instance of that data (on paper, on a disk, film, etc.)
Now it might be different, if you wrote a song about your SSN. Then you might be able to copyright it! HA! :)
"In every instance of it being entered into a database or written on paper it is not an original work"
Neither was the first, an original "work." It was original, but not a "work."
"It was created once, all other activities amount to reproduction."
Yes, in the sense that that sequence of characters is not being written down at that moment for the very first time by any human being. But it's not a reproduction which infringes on any property right. Why not? Because the original creation was not a "work."
"Once we get into data, meta-data, and ephemeral and it can be transmitted and recreated essentially arbitrarily then the property model begins to fail."
Actually, in such a time is when the property model shines its brightest. There are always new technologies, new ways or creating things. The classical property model is amenable to all of these creations precisely because it's not limited in its application to one method of creation. In the digital age, a full understanding of the concept of property is needed like never before. This is what Bruce, unknowingly I believe, is laboring against.
"Only if the existing law can't support the ideas of privacy adequately would we require changes or new laws."
Actually, if one's idea of privacy runs counter to, and can't support, well-established concepts of property, we would require some thinking about changes in our conception of privacy.
"Incorrect. Data was created. You created it. That the data was not recorded does not mean it never existed."
No. Data comes into existence only when it's recorded. That's part of the definition of data.
You're confusing "data" with "information." Information exists without being recorded. Data is recorded information.
"Yes, I've accumulated the data. But that doesn't change the fact that you created it. I merely observed & recorded it."
You observed information. Once you made a recording of it, you created data.
"Is your data (your path to work using your example) owned by me merely because I took the effort to record it?"
"What if more than one observer recorded the data?"
You own your instance, and the other observer(s) owns his instance(s).
"Is there joint ownership?"
No. You own your instance, and the other observer(s) owns his instance(s).
"If a burglar did the monitoring, they could determine that, inclusive of variations, you're never home between 9:15 and 3:45, granting them a 6.5 hour window of opportunity to rob your house."
That doesn't mean the burglar doesn't own the data he created.
If I buy groceries using an affinity/club card and pay with a debit card, at least six and probably more players have information about the transaction ...So, who owns the data?"
Which instance? Player 1 owns Player 1's instance. Player 2 owns Player 2's instance, etc.
If you don't like that situation, shop at a grocery store who makes the following offer (like my local grocery store does): "We respect your privacy, and we offer 'affinity card prices' without the affinity card. Shop with us, instead." (BTW, I've comparison-shopped, and they're right, their prices are as good as the stores with affinity cards.)
Affinity programs aren't free. You trade information about your buying habits in exchange for the benefits of an affinity card. If you view that information as private, then don't trade it.
Wanting to get the benefits of an affinity card without paying the price is to be greeted with the same hard truth as any instance of someone wanting something for nothing (or worse: someone wishing to force externalities onto others, forcing them to pick up the tab for benefits you receive) : in economics, there's no such thing as something for nothing.
"You can't say all of them own the entire transaction."
No ones owns the entire transaction to the exclusion of everyone else. Player 1 owns Player 1's instance. Player 2 owns Player 2's instance, etc.
You don't own Player 1's instance of the data (nor Player 2's, 3's, etc.) that is created by your affinity card purchase, as well you shouldn't. It's information that you agreed could be recorded (made into data) when you signed up for your affinity card. At the point the information is made into data by the store, the store owns the data, and shoud be able to sell their data as they see fit.
You have no more right to exclusive use of that data than you would have to the information that, after you whispered in my ear that you secretly love peaches, and I wrote that fact down on a piece of paper (making it data, my data), and I then yelled to a room full of people "JohnJ loves peaches!" , and each of them wrote that information down on each of their pieces of paper (making it data, their data.)
If I glance into your basket at the grocery store and see it filled with peaches, you think I've violated your privacy? That you somehow "own" the information that you love peaches? I doubt you think that. It's information you've exposed in public.
Why should your store, or your bank, or your credit card processor be treated as if your peachlove were private information, owned exclusively by you?
Who controls our data controls our lives.
This is because we are not the stout yeomen of yore.
Restoring personal self-sufficiency would do more to establish freedoms than privacy laws which, as Schneier admits, are being broken anyway.
@Bless Ralph Nader
Your definitions of information and data are unusually restrictive, and your definition of ownership is unusually broad. Did you compose them?
Merely by having peaches in a grocery cart a shopper would be providing you no information. You might observe the peaches, receiving sensory information via reflected light; if so, you would neurally store some of the received information for a time (would you then call it data?). And how would you know that the shopper would not be buying peaches to make peach daiquiris for guests, while having no fondness for the fruit?
"Actually, if one's idea of privacy runs counter to, and can't support, well-established concepts of property, we would require some thinking about changes in our conception of privacy."
I think this hits the main point of our disagreement. I believe that we change laws to support privacy, not privacy definitions to support laws. :)
@BRN: Where are you getting your definitions for data & information? The American Heritage Dictionary treats them as near synonyms; each has a definition that refers to the other.
According to AskOxford.com, the Oxford English Dictionary defines Data as "facts and statistics used for reference or analysis" and information as "facts or knowledge provided or learned". From that it would appear that "information" may be either "data" or be derived ("learned") from data. Your definitions are reversed.
"And how would you know that the shopper would not be buying peaches to make peach daiquiris for guests, while having no fondness for the fruit?"
I wouldn't. Neither would his bank.
"I believe that we change laws to support privacy not privacy definitions to support laws."
Well, in this case, the classical concept of property is well established, being the result of hundreds of combined years of quality thinking. Insofar as the laws of property reflect that, they should not be lightly altered to serve today's fashionable issues.
"Your definitions are reversed."
So reverse them back. Just as long as you understand that the concepts are separate. You can use whatever labels fits your fancy. :)
Actual phone conversation with the Chief of IT Security of a large US retailer with a recent major data loss:
"Do you know what mod_status is?"
"Type this into your browser: http://www.(deleted).com/(23 characters deleted)."
(Very long pause.)
I don't know what's scarier---the fact that people like this are even *in* IT (let alone in charge of it), or the fact that probably hundreds of idiots reading this will actually try typing in the above URL *verbatim*.
We once had quite good data privacy laws in germany. De jure they are still there, but Bruce...
...guess which country undermined them with stalinistic paranoia and an ultimative call to hand over everything what is known about an airlinbe passenger etc. etc.
You country broke it, you have to fix it.
@ Pat Cahalan
What Man@Blog is talking about is when corporations tap telephone records, OF NON-EMPLOYEES, investigate them and violate their constitutional rights. Corporations violating the rights of individuals happens quite a lot, and isn't very well reported in the news. Examples of this type of behavior are not too hard to find, if you look, the following three books would get you started: Steal this Idea by Michael Perelman; Armed Madhouse by Greg Palast; Confessions of an Economic Hit Man by John Perkins. Read just one of those, and get back to me if you still feel the same way.
One recent example that was widely reported though was when H-P started an investigation that included 'pretexting' (means committing fraud) to get reporters telephone records and email account passwords, and then used that information.
To say an employer can look through an employee's locker or email isn't at all an example of a corporation mis-using it's power, but it is a kind of a straw-man argument. When people talk about corporations tapping into telephones they mean exactly that. Just look at what AT&T has done recently, --oh wait you can't it is a state secret!
Incidently, when the California legislature introduced a law that would add very stiff penalties for pretexting a la H-P who lobbied to have that proposed law stopped?
You guessed it, it was the MPAA, a group of corporations:
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.