Computers, Privacy & the Constitution
Comments would be greatly appreciated.

I will openly admit that I am anything but a technological expert. I am, however, a science fiction buff and undyingly optimistic about the ability of technology to shape human life for the better. Perhaps the combination of these factors leads me to believe that simply accepting cloud computing as a more efficient way to go about one’s daily tasks is not only overly simplistic, but frightening because of the potential loss in freedom-respecting innovation.

The arguments for and against centralized data services such as gmail, Facebook and cloud computing in general, seem perfectly logical on their face. Luis Villa argues that such services are growing in popularity and will probably remain with us indefinitely because they eliminate the daily hassle of maintaining one’s own server, troubleshooting it when it goes down, adding storage space, updating spam blocking and security software, and installing interfaces for mobile devices. It is true that most people are not technologically adept enough to run their own servers and even the ones that are, find it much easier not to. Villa and myriad other cloud computing supporters admit that there is a tradeoff between privacy and security and the headache such services can make go away.

The replies to this argument have been explored in class to some extent. The first of which is that the problems caused by central data aggregation are really not “once in a lifetime” events. The sale and exchange of data on a scale that is difficult to imagine to most people happens every day with the attendant conglomeration of different types of data from different sources linked to a particular individual. How that information is used is unclear and one can no longer really be sure why he or she was turned down for a job or a loan or a particular insurance. Those are problems more and more people will face many times over the course of their lives. So, the tradeoff suffers from an inherent undervaluation of the level of privacy being foregone. Second, that tradeoff may be far less appealing when other services emerge and a user finds herself unable to migrate data from the old service to the new or if a particular service changes its terms. Facebook’s claims of ownership to pictures uploaded to its site are one such prominent example. A service may also change its business model entirely – say relying on subscriptions instead of advertising revenue after user “lock-in” has occurred.

Some of these problems can be allayed by conscientious developers who create services that allow users to easily transfer data from one service to another or to move it into a standardized format. The Franklin Street Statement is one step in this direction. With the right movement, principles, and licenses perhaps one day this may be achieved. But, this won’t address problems related to changes in terms of service and in particular, without a new jurisprudence, nothing can be done with regard to the level of legal protection afforded to the data the service provider maintains. While encryption of data can be a practical solution, for some purposes that protection may impede the functionality of the service. Although it is tempting to say that the solution lies in law and not in code, this is a narrow-minded view of the issue. The code that is created today will be the building block for the code created tomorrow and it will be used in many countries other than the United States, many of whom respect freedom and privacy even less than the US does. If it is possible for freedom to be an integral part of the code with respect to its functionality, then that is what we should strive to create, not something less.

My greatest worry is that in accepting this tradeoff, even if it is conceded that it’s an appropriate one to make right now (which I am not necessarily conceding), we as a society accept the technological status quo, and stop innovating in a direction that will respect an individual’s freedom and autonomy. For example, we spoke briefly of wall-warts in class. This is an intriguing technology with a great potential to eliminate many of the problems with self-hosting and to move centralized computing tasks into decentralized peer-to-peer networks. But, without truly easy software to run it and some functionality that would provide the user with more than he or she would otherwise be able to have from centrally hosted web software, very few people will use it. Unfortunately, enhanced privacy alone is not enough to motivate most people to spend money or time on anything. Recognizing the technology’s supremacy in respecting user freedom is not sufficient to draw developers to the project either if one believes that cloud computing, particularly the version seen today, is good enough. Treating the tradeoff as an inevitable decision is a self-fulfilling prophecy.

Imagine the walled off garden that was once AOL (and its many predecessors). In some ways the fact that we did not end up with many different proprietary networks each with its own subscriptions and limited interconnectivity is just a fluke. Without the timely advent of the World Wide Web and powerful browsers whose distribution was free and simple, the internet as we currently know it may not have existed. The very tools which put AOL into the height of its popularity, are also the ones that signaled the end for its business model (AOL started out as a proprietary network - an online gaming company - long before the WWW). Imagine if Tim Berners-Lee had simply said "this is good enough."

-- KateVershov - 28 May 2009

  • In fact, the telecoms are trying to create another set of walled gardens in their proprietary networks, providing "access to the Internet" rather than the Internet, and controlling all the software that runs in all the devices connected to their nets. The contingencies that determine freedom don't all lie in the past. You know?

In discussing the issues related to cloud computing, you seem to raise and then dismiss several possible solutions, noting them to be insufficient. Is this to say that there is no easy solution to reverse the trend of moving in the direction of cloud computing, and we should just accept its coming (whether or not it is appropriate now)? Or would even a partial push with one of the incomplete solutions be preferrable to simply giving in to cloud computing?

-- JonathanBonilla - 03 Jun 2009

From what I understand, there isn't going to be just a single alternative that we turn to in lieu of centralized data services. What may work for some applications, won't work for others. Perhaps there will be some tasks for which workarounds are not feasible or are just plain too slow to be viable. However, my point is that that doesn't mean we shouldn't seek those alternatives and mitigate our reliance on those services to the extent that we can. But, I think there's a window for those technologies and we're either in it right now or it has already passed us. The more reliant we become on centralized web services, the less we look into alternatives, and the more infrastructure we invest in that caters to these types of services, the harder it will be to turn around.

-- KateVershov - 04 Jun 2009

  • Your inquiry needs to participate in what Philippe Aigrain calls the taxonomy of services: as you say, there's no answer that covers all cases, because services aren't uniform in their structures, scalabilities, etc. Without a language for discussing all the relevant differences among and classifications of services, the conversation cannot advance systematically in any direction. Not being a technologist means you collaborate with technologists, not that you can't succeed in making sophisticated and accurate policy analyses based on a real grasp of technical detail.

  • You could, however, make some immediate progress, even without a technical collaborator, if you reduce the "cloudiness" of the subject for yourself by treating the entire Net as one computer, composed of pipes and switches, processors and memory, and asking how, without having physical ownership or legal control of almost all the hardware, you could still feel safe using the computer. Where do you insist on processes and memory that you completely physically control? Do you also need (as my colleagues and I think) legal control over all the software? If so, what about other parts of the machine, etc. Thought about in this fashion, I believe, the cloud is not so cloudy, though the answers are still immeasurably more complex than a soundbite contains.



Webs Webs

r8 - 05 Jan 2010 - 22:32:03 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM