• But that's an outcome of the definition, not the subject. Data that is publicly available and data that is legally available if you pay for it is not secret, and the activity of acquiring information that it's legal to acquire and using it to infer something valuable or interesting is called "learning."

Secrecy is affected because many people mistakenly believe that when they, for example, place an order online for a sexual oriented product, that communication is secret to those other than the vender and the purchaser.

• If they are promised it is, it is. If not, not. That's just like the rule in the rest of the world, right?

For the same reason anonymity is affected because people believe that the vender will not personally know them (and will not disclose the information to people who may personally know them). In fact, people apparently purchase sensitive items via the internet because they believe that such method of purchase protects their anonymity better than does physically walking into a store and making the purchase. In the context of internet searches and browsing of websites many people mistakenly believe they have complete anonymity. Finally, because data can be used unknowingly to the searcher/purchaser’s disadvantage autonomy is affected.

• So far the case rests entirely on people's mistaken impressions, which is not the strongest possible basis on which to contend that something other than education needs to be done.

All three components of privacy and in particular autonomy are intertwined with personal freedom. http://www.philosophyetc.net/2005/03/freedom-and-autonomy.html. I begin with what seems axionomic that freedom and autonomy is desirable. From that I follow with a proposal that true freedom requires meaningful choice: “Freedom means having control of your own life.” See Richard Stallman, Wikisource:Speeches, http://en.wikisource.org/wiki/Free_Software_and_Beyond:_Human_Rights_in_the_Use_of_Software.

• But you're taking Richard out of context unless you explain that his thinking on this issue is not at all the same as yours, and leads to different conclusions.

The challenge and desire then is to determine which legal system actually provides people with the best meaningful choice and freedom with respect to their privacy and autonomy.

• I don't think Justin's points are to be dealt with as space allows. Collecting information and making judgments about it is constitutionally-protected learning. You can no more make it required that I get people's permission to learn about them than that I get their permission to learn mathematics. What I know about the senior Senator from New York or the President of Columbia University or the guy who rents my house in the country is not something I can be commanded by anyone to forget, or refrain from using to make inferences that are either useful or beautiful. Any other result vitiates the very idea of free expression. If that proposition is true, your argument fails completely. If that proposition is false, where and how is it false?

Brett, You may end up addressing my comment based on some of the previous comments, but my suggestion is slightly different than previous comments so I'll leave it for you as well. I agree with your position that an opt-in system would be better than many other options, but I think that you dismiss the possibilities afforded by an opt-out system a bit too quickly. If legislation required that users first be provided a clear explanation of what data could and could not be sold, saved, etc. and were then provided with the option to opt out, wouldn’t the opt-out system be functionally equivalent (or at least very similar) to your proposed opt-in system? I think the difference between the two systems may come down, in part, to whether the default rule is to favor privacy or “business interests” (at least as that term refers to the businesses gathering data). While I agree that opt-in is a better option, I think that your argument against opt-out would be strengthened by acknowledging that it is inferior at least in part because of a decision that maintaining privacy and control over one's personal information should be the default (in other words, that control of one's personal information is a value in itself).

-- HeatherStevenson - 23 Nov 2009

Justin,

Thank you for your helpful comments. I will put some thought into them and try to address them in a revised version of the essay.

-- BrettJohnson - 22 Nov 2009

I have a two suggestions, one on style and two on substance.

First, rolling links into words instead of having them stand alone in the text would make the paper flow more smoothly in some instances. To place a link you can use this syntax:

[[LINK][LINK TEXT]]

LINK = http://www.google.com 
LINK TEXT = Google

You could change it to this: All three components of privacy and in particular autonomy are intertwined with personal freedom.

Second, although I agree that opt-in is better than the current system, I find this draft confusing as to why you think so. In section II you introduce five different privacy options: "absolutely prohibiting data mining, unlimited and unregulated data mining, opt-in, nakedness, and opt out systems." You then proceed to reject four out of the five and thus accept the fifth one as "the best chance" for privacy. But you've said nothing about the merits of opt-in at all. Its like if I had 4 rocks and threw them at 5 targets and concluded that the one target I did not hit was unable to be hit by rocks. I think your proposal for legislation might be bolstered by spending the space on what is good about opt-in instead of what is bad about the other options.

Finally, I think that if you have the space you may want to try to address some of the counter arguments to your proposed legislation. If Google cannot store any data about searches, are we prohibiting Google from knowing something that happened to it? Does this have First Amendment implications? Will your proposed legislation prevent me from keeping a log of the visitors who come to my personal website? Another objection is that it prevents Google from protecting itself. Servers can be attacked through many different methods. A DDoS attack is an attack where many computers send millions of requests for information (for example, sending a search request to Google) to the same server with the goal of overloading the server and taking it offline. These attacks often target sites like Google and Twitter. One way of surviving the attack is to identify the computers sending the requests and stop accepting requests from those computers. Your legislation would prohibit Google from identifying who is attacking their computers and to take measures to prevent the attack from succeeding.

-- JustinColannino - 22 Nov 2009