My desert island side project is to develop a blockchain-based decentralized identity syndication system where you publish everything to your own personal API and then grant access to external parties, with telemetry, revocation, the whole 9 yards.
Basically the inverse of the Internet. The tech is straightforward, the user experience and the culture would need to get there.
I imagine that a successful implementation of this will eventually become a feature of the web, agnostic to any one company, and interoperable across the current cloud services as well as the emergent Web3.0 protocols and federated social networks. Solid, Keybase, Blockstack, Civic, uPort, Sovrn and many others are doing their part to get us there. I've found a great deal of insight via https://www.weboftrust.info
Has anyone else been wondering if this latest discussion will move beyond tech companies, credit cards, and traffic cameras to focus on the moral right to privacy and individual liberty?
I'm not sure if a plurality of people in the U.S. believe that they should have an expectation of privacy... or at least they seem willing to trade it for loose credit, free services, and a general feeling of security.
Consider that gossip is pretty universal and celebrity gossip is big business. We are certainly not consistent about protecting other people's privacy. At best, the anonymity of the city happens because most people are not interesting enough to gossip about.
Social networks often enable people's worst tendencies but they were always there.
In a way, fiction might be considered pro-privacy because it attracts attention that might otherwise be directed at real people.
In this regard, I'm always reminded of the "Global Village" metaphor that was popular some decades ago; which seems to be getting more and more literal.
Imagine living in an actual small village - there's no anonymity or pseudonimity, any information is either private or public with almost nothing in the middle. If you go to a store, the shopkeeper knows not only your purchase history, but your interests, your family, your habits, your relationships, your personal events and thus what you're likely to buy. If you're going to get married, they know that as you come in through the door. If you buy condoms, they'll likely know with whom you're going to use them; if you buy baby socks, that'll inform them who's pregnant. If you ask someone for Jane's phone number, people will know that you're interested in Jane and make any conclusions that are obvious. If you call Jane, the (early 20th century style) phone switchboard operator knows that she connected you to Jane, and possibly even might be listening in; she shouldn't, but she might. If you go somewhere where people see your face, everybody knows (through gossip) when and where you went. The old lady sitting on her porch performs much more invasive surveillance than any security camera could do. For every fact, either it's kept as a secret that (almost) nobody knows, or it's likely to be known by everybody who cares. If you keep something in your bedroom, that's private, but everything that you do or say in the public is, well, totally public.
IMHO (I'd be happy to hear counterexamples) everything creepy that modern "data factories" can do with your data was being done in such a village. Many (most?) of us have gotten used to a big-city anonymous lifestyle, but it relies on the fact that most people around us (e.g. people passing you by on the street) simply ignore what they see because they don't care about us. That wasn't the reality for a long time in history and possibly won't be in the future.
I'm doubtful it will, because that conversation is rarely productive. In the US, opting out of consumer credit is a privilege of the wealthy or an inadvertent misfortune of the unbanked poor. A determined person can attempt to follow through, but they will encounter issues renting a professionally managed apartment, receiving pay, buying a car, or buying a house. And because of the prevalence of rewards credit cards, people paying with cash will miss out on kickbacks that effectively reduce the price they would have paid for goods and services.
While it's tempting to consider consumer credit a convenience, the shift in ability and expectations makes consumer credit a baseline and its lack a detriment. This is not unlike how an automobile was a luxury item a hundred years ago, eventually enabling settlement patterns to shift away from needing to be dense and close to public transport, but now most of the US needs automobiles to travel between home, work, and services. Because of the prevalence of cars, there's a large pool of customers (or renters, or workers) available to any particular establishment, so losing access to one's car will rapidly deprive them out of opportunities, housing, and jobs. This is also similar to the way requirements for educational attainment rise over time, or how the rise of two-income households has meant that one-income households are finding themselves at more and more of a comparative disadvantage.
Surveillance of public streets is an unfortunate matter, because there's no realistic choice to opt out. One can be staunchly opposed to them, but avoidance is difficult and often draws even more attention.
The 'data factory' issue is distinguished from these quandaries precisely because opting out is attainable and within reach, subject only to (the still-high bar of) convenience and social fashions, as opposed to some inconvenient economic reality.
> the lever is demanding transparency on exactly what these companies are doing.
I think a even more powerful lever would be having laws that allow consumers easily export their data from one platform to another or make internet companies adopt a common standard for increasing interoperability of users data.
Or even not a law, but a standard / RFC and a working implementation of it by a few large companies, for others to follow suit.
If only there'd be an incentive for a few large companies to pull this off, the way they do with other standards (see HTML5 or AV1 for recent examples).
I've held the same position since the CA scandal first broke and I still stand by it: that regulation is not that likely.
The reason I believe that is pretty simple- the government typically doesn't get things done and its been that way for a long time. That's due to a number of reasons. In Facebook and Google's cases its the powerful lobbying ability and best attorneys combined with elected officials' extreme risk-aversion to actually doing things combined with a pretty poor understanding of the situation by law makers. It's far safer to make grandiose statements and finger-wag than to gain support for, and ultimately pass legislation.
People hoping for regulation should be careful what they wish for, as I'd bet that if something does pass, it is precisely these companies that will help author it which likely won't be great for competition.
GDPR seemed like a pretty good law to me, and I am not exactly a huge fan of the EU.
Same deal for the California Consumer Privacy Act.
These are laws which people hoped for, and got done.
Ultimately, it increasingly seems like advertising-surveillance as a business model may not be one we want to live with. The costs are externalized very effectively, and it’s kind of hard to know what to do with them.
I'm also not a fan of the EU, and I'm very much not a fan of the GDPR. It's a poorly thought-out law, written along the lines of Continental civil law jurisprudence, which I personally believe is inherently inferior to common law lawmaking and is implicitly anti-innovation and anti-market.
The right not to be subject to automated decision-making is a typically short-sighted example.
IIRC GDPR is considered regressive, in the same sense that a flat corporate tax is regressive: it imposes a higher burden on small bootstrapped companies than it does on larger companies (in this case, because of the legal fees required to get audited for compliance, and the extra engineering work that's not going toward product.) Very small companies can get priced out of the market entirely, and so never live to become large companies. Insofar as those companies were potential innovators, GDPR can be said to be stifling that innovation.
> As long as the rules are the same for all competition in a market will still happen.
Sure, but in continental law the rules aren't the same for everyone. The laws are defined such that technical breaches are almost impossible to avoid. They empower a regulator with capricious and arbitrary power to sanction organisations - or not - with no requirement for consistency or recourse.
The answer to any technical question along the lines of "Is X illegal under the GDPR?" is "Nobody knows - we'll find out once the regulator fines someone."
I find the author's claim here both believable (as in it might actually solve the problem) and highly unlikely (giving away what you are selling could be argued to be a business-ending affair):
Quote
The most important thing that regulators could do is force Facebook and Google — and all data collectors — to disclose their factory output. Give users the ability to see not simply what they put in — which again, Google and Facebook do (and which GDPR requires), but also what comes out after all of the inputs are mixed and matched.
End Quote
What would this even look like? How could a user even recognize/test that it was about them beyond the things that seem obvious to them?
If they were required to disclose their output schemas, researchers and journalists could help laymen figure out the implications. It doesn’t have to be perfect, just public.
Basically the inverse of the Internet. The tech is straightforward, the user experience and the culture would need to get there.