It seems to me that much of contemporary-government governance is built on the premise that statistical/computational methods are unbiased evidentiary approaches to informing many aspects of standards development, governance, policy and enforcement. In a democracy where differences exist this is particularly important because the best practice is to resolve differences through discussion and unbiased evidentiary information where people are encouraged to voluntarily come together even compromise. Big Data erodes if not undermines the fairness of the “unbiased evidentiary” basis of statistical/computational approaches. The lack of privacy in the Big Data setting is one of the expressions of this. This lack of privacy is a problem for both individuals and entities. It is really a collective problem of our time. Introducing noise into the computation has more or less as many drawbacks as benefits taken overall.
This is the conundrum I have been wrestling with and which I hope to shed some light on in the Implications for Life in a Time of Big Data Whitepaper I am working on in the NIST Big Data Public Working Group.
My thoughts are along the line of:
To IDESG Legal Counsel:
The Identity Ecosystem Framework the IDESG is working to create is in important respects a new kind of community and organization based on a set of principles agreed to across a broad and diverse set of stakeholders. We would like our agreements/contracts to reflect its unique character. In the IDESG and the IDEF it is well known that documents like Terms of Use are frequently too long and complex and are frequently clicked through without understanding or some would argue informed consent. The IDESG would like to innovate in creating TOU that more effectively communicate our character. To that end we would like to be able to have the essential liability protection, perhaps in the form of a disclaimer, but not one that is a buyer beware notice. Rather because we need and hope for broad adoption of IDESG NSTIC* guided services and products we want to indicate that as a community all of us including the IDESG are in this together not trying to simply gain some special advantage over our service/product participants and users.
We would like your guidance in how to balance these needs in our first product/service “the SALS” TOU in order to set the desired tone, and to provide a model of how IDESG policies will unfold in the future.
“Hi Ann – could you please help me understand better by giving a few specific examples of human capabilities, and the human attributes that arise from those capabilities? The description you’ve provided is a bit too abstract for me to get my head around it.”
Thank you for your question Andrew.
Human capabilities are sometimes described as functions. More generally human capabilities refers to things a person can do, how a person can act.
For example, speaking (speech) is a human capability. When, by what means, how long, the pitch of the person’s voice, how loud a person speaks, where a person spoke from, whether a person used sign language… are human attributes that arise from the human capability to speak. Because human capabilities are dynamic and expanding so too human attributes are dynamic and expanding. In cyberspace and online environments human capabilities and the human attributes they create is a dynamic and expanding kind of information.
To protect this human capability, for example, American democracy created a right to free speech (with some provisos) which covers more or less all the human attributes that arise from speaking. For this reason we don’t have a right to speak limited to a device. So for example we don’t have a human right to speak limited to speaking on a telephone. This would limit and discourage the dynamic and expanding human function of speech. If a third party takes the human attributes created by a human capability and uses it to make money we would consider that an appropriation and a violation of copyright.
In cyberspace, online environments and information systems we draw on privacy provisions to protect the human capability and human attributes of speech.
In America there is general agreement (consensus if you will) that limiting the right to speak or appropriating speech erodes social cooperation in a society.
Personal information is a dynamic and expanding kind of information emergent from human capabilities
Social Cooperation and Privacy
Social Cooperation, Human Capabilities and Privacy
An excerpt
Ann Racuya-Robbins
November 2, 2014
What is personal information and why does it matter for privacy and social cooperation?
Personal information is a dynamic and expanding kind of information emergent from human capabilities and life experience. Personal information belongs to each person in the same way that human rights and dignities do and each person creates his or her own personal information. When human capabilities are protected and encouraged human capabilities can continue to emerge and grow. This continues to expand the personal information available. Without protection human capabilities’ personal information will be exploited by the strong against the weak and the inequities in our current societies will be replicated. Generally speaking the protection of human capabilities is the raison d’etre of privacy. Human life and capabilities is the essential source of wealth in the world. Privacy of human capabilities’ personal information is distinct in many ways from the security of personal information. But I won’t go further into that here.
Because personal information of human capabilities is valuable in so many ways including commercially, attempts will continue to be made to separate people from his or her personal information. One of the recent strategies has been to fracture the human life personal information into bits, attributes, such as a person’s gender, hair color, weight, eye color, height, with the rationale that this fracturing separates the attribute from person, making that piece of human personal information available to be exploited without the person of origin benefiting. Similarly there is an attempt to make the “things” of the Internet of Things separate from the person in order in part to exploit and name the device information as something other than personal.
Personal information from human capabilities is, as I said, an emergent and expanding domain. Human attributes and personal information belong to the same domain of human capabilities. Through analysis many inferences from human attributes and or personal information can be discovered, revealed and acted upon. There is no perceptible end today to human capabilities for good. There has emerged over the last 75 years a very clear and palpable end to the human capabilities for destruction. It is fair to say that it is within all of our best interest to reduce the capabilities for destruction and protect capabilities for good.
Social Cooperation and Privacy
I also agree with much of Bob Pinheiro’s definition below as a beginning point for personal information.
“So instead I’ll use the term “personal information” to refer to two kinds of information that I believe we’re concerned about: (a) the information that people specifically provide about themselves, as well as information that people directly generate about themselves, and (b) information or “intelligence” about people that others infer based on our observable online activities and behaviors. Included under (a) would be every piece of information that people specifically provide about themselves to service providers, social media, etc., including PII such as name, address, etc. Also included would be our calling and messaging histories, and browsing histories, as recorded on our personal devices. Examples of (b) would be the credit scores that credit bureaus develop about us based on our financially-related activities, intelligence about our preferences, likes, dislikes, etc that third parties develop and sell based on our online activities, and of course the metadata that the NSA develops based on our telephone records.” Bob Pinheiro
Personal Information in Commercial Transactions
Transactions in cyberspace or the internet are unique in many ways. Commonly, for example the entity that owns or holds the data of a website in a server has a built-in advantage over the visitor to a site. In commercial transactions the visitor typically exchanges at least one item of monetary value just by visiting a location—his or her personals ip address and/or a referring site’s ip address. These are personal attributes and information of commercial value “the new money” as Anhil John describes it.
Personal information from human capabilities is, as I said, an emergent and expanding domain. Human attributes and personal information belong to the same domain of human capabilities. Today there is no perceptible end to human capabilities for good. There has emerged over the last 75 years a very clear and palpable end to the human capabilities for destruction. It is fair to say that it is within all of our best interest to reduce the capabilities for destruction and protect capabilities for good.
However, I see no reason why addressing these fundamental challenges are out of scope or need to wait. After all that is one of the advantages of the private sector is the ability to create and operate under contract law.
I recommend that the completion of a Memorandum of Social Cooperation the spells out the fairness of the relationship in clear and understandable language and that protects all parties in a commercial relationship including the equitable resolution of the distribution of the monetary value of personal information. It should be the first step in all online transactions.
