Law in the Internet Society

No Exit

"l'enfer, c'est les autres"...and now they have your data.

-- By CrystalMao - 06 Dec 2011

Why Exit Matters

The liberal values underlying free society and individual autonomy traditionally include a right for individuals to exit voluntary associations. As free society increasingly finds itself spending time online (with well-trodden missteps like hanging out on Youtube before it discovers Vimeo), this right should travel with it.

Even putting liberty interests aside, the steady crops of new web-based communities and services rely on fluid user adoption to select and mold the offerings that will become the internet of tomorrow. Reducing the transaction costs associated with this process means encouraging users’ freedom of migration, which relies on an underlying ability to exit accounts with existing internet communities/services. Allowing users to freely exit and adopt grants greater self-ownership over online data and activities, which ultimately better enables users to (1) make efficient choices about which communities/products to support, and (2) protect privacy interests online.

The freedom to exit internet communities can seem like a deceptive non-issue. After all, we’re all free to let facebook accounts lie dormant, stop updating blogs, silence our twitter thumbs (Studies show that >80% of twitter accounts are inactive). Many sites also provide mechanisms that users can use to inactivate or delete their accounts. From this perspective, freedom to exit seems perfectly intact.

However, as we have seen throughout this course, it is difficult to truly exit our digital pasts. Data, once online, is rarely forgotten, and ties that appear severed may quickly resurface at the beckoning of a court order or a 12-year old hacker’s fingertips. Exiting old accounts via neglect or inactivation is not truly exiting; it is moving on without closure, and tends to leave users with a trail of digital baggage that may be burdensome enough to discourage the moving-on in the first place.

This post formulates true freedom to exit online accounts as comprising of two main components: (1) the ability to freely import and export one’s data, and (2) the right to leave no trace (the NYT calls this “the right to be forgotten”). Both are important in ensuring autonomy and meritocracy in our online experience, and should become customary norms in how online services operate.

Right to Free Your Data

The right to free your data is the ability to easily export and import self-generated data (photos, movies, blog entries, calendar items, etc.) between accounts (and your harddrive), using a universal and non-proprietary file format.

I didn’t appreciate this ability until recently, when I tried to migrate photos from flickr to a self-hosted portfolio. As it turns out, flickr’s free accounts only display your 200 most recent uploads, and do not allow anyone – not even the account owner – to download the originally uploaded files. While third party tools kind of exist for getting around the download restriction, photos past #200 are held forever hostage in flickr’s servers, unless accounts are upgraded by paying the annual fee. Had I paid the fee, I would have just stayed on the site another year, giving up plans for my own site.

In light of my flickr woes, The Data Liberation Front, an engineering team at Google whose “singular goal is to make it easier for users to move their data in and out of Google products”, should be fully commended on their efforts in this space. Thanks their work, it is possible to enter and exit the majority of Google’s services with data intact. Nonetheless, there is room for improvement: the team admits that its role is still “somewhat subversive,” and as a result their tools are mostly housed on a hacker-ish feeling site separate from the domain (meaning that laypeople may never realize such things are available, let alone official and Googly). Their export tools, while simple to follow, may also require unorthodox steps (like asking users to load up “the command-line tool GSUtil”) that don’t have the UX or design polish of other Google services.

In the short run, market entrants have the most incentive to develop tools to ensure that the users they are trying to attract are able to easily migrate data from existing services to their own. The tidal wave of PC → Mac users was largely enabled by the debut of Migration Assistant , which allowed users to convert and transfer files between operating systems in an idiotproof way. Similarly, new installs of Firefox helpfully import bookmarks and settings from the existing default browser to minimize transition shock. However, this doesn't help users who would simply like to download data to harddrives/programs, retrieve data from services that use proprietary data formats, or face services that hide your data (ahem flickr). In the long run, it should be the norm for services to offer built in, UX friendly export tools for user-generated content.

Right to Leave no Trace

Last fall, a new Google+ user was surprised to find that the service used photos from his long deleted blog to magically populate albums on his account. As the NYT points out, US law does not require online services to expunge deleted user accounts. Facebook, which distinguishes between permanently “deleted” and temporarily “deactivated” accounts, equivocates about whether deleted user content is ever expunged from their servers. Their privacy policy only reveals that deleted accounts are “deleted in a manner similar to emptying the recycle bin on a computer.” Meaning the data is not deleted at all, and can be easily recovered with any decent file recovery program. Indeed, several families have complained that direct URLS to deceased accountholders’ photos and videos remain viewable even after the account has been deleted.

Twitter’s policies are even more troublesome. In 2010, it proudly announced that every public tweet will be preserved in the Library of Congress and made available for researchers to search through and use as data sets. This includes tweets that are deleted or privatized after their date of archival. The archival project has sparked considerable controversy, and the NoLOC movement has organized to resist it.

Sites often justify their refusal to expunge deleted accounts by citing horror cases of users desperate to recover accounts after an accidental or impromptu account deletion. This concern can be addressed by setting out a clear grace period, something like “All deleted accounts will remain on our servers for 30 days, after which the data will be completely and irreversibly expunged.”

Of course, users can never be sure that data is fully deleted from all third party servers, backups, or random web-crawling caches. Still, users can demand that the original site’s privacy policies / TOS include clear official procedures for the complete expungement of deleted accounts, either immediately or after a pre-disclosed period.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r5 - 04 Sep 2012 - 22:02:23 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM