Jerry Brito

Your right to be forgotten and my right to speak

Earlier this week I interviewed Andrew Keen about his new book, Digital Vertigo, and pressed him on his support for a ‘right to be forgotten.’ I noted that such a right would conflict with free speech rights, and he begged to differ.

“My own data, which I have published on the web, I should have a right, if I choose, for that data to go away,” he said. “That doesn’t impact in any way on your right to speak.”

This is a view of the EU’s proposal that I’ve heard from several folks, and I wanted to take a moment to explain why it’s mistaken. If the proposed EU right only covered information held by you that you wanted to unpublish—from Facebook, Tumblr, a self-hosted blog, etc.—then we wouldn’t need a right. Those services give you that ability right now, and if they didn’t, I don’t think folks would patronize them.

No, the right that Vivianne Redding has outlined is not a right to erase information held by oneself, but a right to erase data held about oneself. For example, in researching this post, I searched for an essay by Joris van Hoboken, an info law PhD candidate in Amsterdam, that made a great case against the right to be forgotten. As it turns out, the blog post I was looking for had been removed. His whole site is down, perhaps for technical reasons, but perhaps because he has changed his mind and is now embarrassed by his previous views and wants them erased from the internet. Luckily, I had saved the essay in Evernote and you can see it here.

Now, van Hoboken might have the power under copyright law to make me take down the essay, but he has no right to keep me from writing about the fact that he wrote such a (potentially embarrassing) essay and even summarizing or excerpting it. That is the right that the EU would like to confer on citizens, and my right to speak is the one it wants to curtail.

The proposal does state that a “controller shall carry out the erasure without delay, except to the extent that the retention of the personal data is necessary for exercising the right of freedom of expression[.]” The problem with this exemption is that it creates an opportunity for the government to decide what kind of speech qualifies as legitimate expression, and which one does not. I would like to see those opportunities limited.

In his book, Keen is critical of the twittering masses who disobeyed the British High Court’s superinjunction on speaking about Ryan Gigg’s extramarital affair. Keen might think that such superinjunctions are legitimate and appropriate, and that the state should sometimes determine what content is and is not appropriate for free expression. But that’s different from pretending that a right to privacy does not conflict with a right to free speech.

Paul Bernal puts his finger on it when he writes,

[T]he cultural differences in attitudes to privacy and free speech in the EU and the US. In the EU, and particularly in Germany, privacy is taken very seriously, and the rights that people have over data are considered crucial. In the US, privacy very much takes second place to free speech – anything that can even slightly infringe on free speech is likely to face short shrift. The right to be forgotten has been very actively opposed in the US on those grounds—Jeffrey Rosen in the Stanford Law Review calling it the ‘biggest threat to free speech on the internet in the coming decade’.

Who is right? Neither, really. The right is not what its more active opponents in the US think it is—but neither has it been written tightly enough and carefully enough to provide the kind of practical, realisable right to delete personal data that the EU would like to see.

Yes, our cultural lenses do make us see free speech in different ways. And yes, maybe we in the U.S. are a bit sensitive about our speech rights. But the way the proposal is written now, we have good reason to be. It would not be too difficult to use such a ‘right’ for censorship.

David Brin predicted our sousveillance future

Three headlines from the New York Times yesterday:

• Drones in Afghanistan, Drones in … Akron?
• Body Cameras Will Put Law Officers Under Scrutiny
• Google to Sell Heads-Up Display Glasses by Year’s End

Spot the trend? Ubiquitous sousveillance is here, and David Brin predicted this development and these exact technologies in The Transparent Society published in 1999. Here he is in Wired in 1996:

In fact, it is already far too late to prevent the invasion of cameras and databases. The djinn cannot be crammed back into the bottle. No matter how many laws are passed, it will prove quite impossible to legislate away the new tools and techniques. They are here to stay. Light is going to shine into every aspect of our lives.

The real issue facing citizens of a new century will be how mature adults choose to live - how they might compete, cooperate, and thrive - in such a world. A transparent society.

Peltzman effect possible in privacy

Nick Bilton in the NYT today, arguing that on privacy, “the current system of self-regulation is clearly not working”:

But the argument that if consumers care about their privacy they shouldn’t use these technologies is a cop-out. This technology is now completely woven into every part of society and business. We didn’t tell people who wanted safer cars simply not to drive. We made safer cars.

Well, safety advocates, consumers and the government dragged the automobile industry toward including seat belts, air bags, more visible taillights and other safety features.

Actually, the auto industry was making cars safer and safer before government regulation in the 1970s. Rearview mirrors and self-canceling turn signals are two innovations that were never mandated, but slowly became standard as consumers demanded more safety. Seatbelts and airbags were mandated, but as Sam Peltzman will tell you, there was no decline in the number of auto fatalities and injuries. That’s because drivers, feeling safer, took more risks, thus canceling any increase in safety.

It’s impossible to predict what the unintended consequences from privacy regulation might be, but I can imagine folks taking more risks with what they put online.

What Europe’s ‘Right to Be Forgotten’ Has in Common with SOPA

Over at TIME.com I write that if you didn’t like SOPA because it threatened free speech, then you probably won’t like the new “Right to be Forgotten” proposed in the EU. Prof. Jane Yakowitz contributes some great insights to the piece. What I dislike most about the rule is that it subordinates expression to privacy:

[T]he new law would flip the traditional understanding of privacy as an exception to free speech. What this means is that if we treat free expression as the more important value, then one has to prove a harmful violation of privacy before the speaker can be silenced. Under the proposed law, however, it’s the speaker who must show that his speech is a “legitimate” exception to a claim of privacy. That is, the burden of proof is switched so that speakers are the ones who would have to justify their speech.

Read the whole thing at TIME.com.

Face Recognition Technology Comes to Malls and Nightclubs

Over at TIME.com, I write about face detection technology and how privacy concerns around the tracking of consumers and targeted advertising online may be coming to the physical world.

As Congress and the FTC balance the public interest in privacy with the advantages of new tools, let’s hope they take Sen. Rockefeller’s insight to heart: Public policy does indeed have a tough time keeping up with technology. That should be a signal to policy-makers that they shouldn’t be too hasty, lest they strangle a nascent technology while it’s in the cradle.

Smart sign and face detection technology is very new—so new that we don’t really know how consumers will react to it. It’s tempting to want to get out in front privacy concerns, but it would be better to allow the technology to develop and mature a bit before we make any judgments.

Read the whole thing here.

Super-injunctions: enforceable until they’re not

There is a major controversy rocking the UK over the far-reaching press gag orders known as “super-injunctions,” especially because they’ve been brought to the fore by a sex scandal between famous footballer Ryan Giggs and reality TV star Imogen Thomas. (This blog post is now officially illegal in the UK.) In my latest TIME.com Techland post, I explain the controversy and say that while the injunction is legally enforceable—Facebook has a London office with over 50 employees, and today comes word that Twitter is starting up its UK operation—they are not practically enforceable because once out, the information cannot be controlled. I wrote:

Controlling information is possible, but only at the margin and at great cost. As information technology advances, that margin at which information can be controlled gets thinner and thinner, and the costs of doing so become greater and greater. So given the apparent futility of keeping facts secret, you’d think officials would look to find better ways of confronting the new reality. That’s unfortunately not the case.

“Why are we assuming that the world of communication, developing as rapidly as it is, can never be brought under control by other technological developments?” asked the head of the U.K.’s judiciary yesterday. “I am not giving up on the possibility that people who in effect peddle lies about others through modern technology may one day be brought under control.”

And we should not forget to look in the mirror. While the U.S. has some of the world’s most extensive free speech and press liberties, it seems every week there is a new proposal to control what information can be published online.

Yet another non-consensual use of cell geo-data

In a post at Techland yesterday I noted that the FCC and FEMA’s new “PLAN” text-based emergency alert system might do little good since new media seems to always beat government to get out critical information:

If history is any guide, however, you may not get any messages from 1600 Pennsylvania. Since the Emergency Alert System was created in 1963, it’s never been activated, despite hurricanes, earthquakes, tornadoes, the Cuban Missile Crisis, the Oklahoma City bombing, and 9/11. Why?

The chairman of the FCC during the 9/11 attacks, Michael Powell, says that “The explosion of 24-hour-a-day, 7-day-a-week media networks in some ways has proven to supplant those original conceptions of a senior leader’s need to talk to the people.”

Given that it was Twitter, and not the President’s address, that recently broke the killing of Osama Bin Laden, you have to wonder whether the new service will be just as swiftly supplanted.

Another thing occurred to me talking to a colleague today. The PLAN system relies on cell carriers’ ability to track your geographic location so that targeted warning messages can be sent to your phone depending on where it is you are at the moment. Also, as far as I can tell from the FCC’s fact sheet, you’re automatically signed up for the system when you buy a phone and you cannot opt-out of presidential messages. I wonder if we’ll see a congressional hearing on the use of geo data without consumer consent?

Brin, Transaction costs and Do Not Track

I’m reading David Brin’s 1998 classic The Transparent Society and I’d like to share a passage that I found especially interesting in light of the recent Do-Not-Track bill introduced by Sen. Rockefeller.

On this blog, Adam Thierer has often written about the implicit quid pro quo between tracking and free online services. It seems to me that many folks find this an abstract concept. Here is Brinn writing in the late 90s about the possibility of an explicit quid pro quo:

An Economy of Micropayments? I cannot predict whether such an experiment would succeed, though using a “carrot”—or what chaos theorists call an “attractor state”—offers better prospects than the [IP owner’s] coalition’s present strategy of saber rattling and making hollow legal threats. In fact, the same approach might be used to deal with other aspects of “information ownership,” even down to the change of address you file with the post office. Perhaps someday advertisers and mail-order corporations will pay fair market value for each small use, either directly to each person listed or through royalty pools that assess users each time they access data on a given person. Or we might apply the concept of “trading-out”: getting free time at some favorite per-use site in exchange for letting the owners act as agents for our database records. It could be beneficial to have database companies competing with each other, bidding for the right to handle our credit dossiers, perhaps by offering us a little cash, or else by letting us trade our data for a little fun. Proponents of such a “micropayment economy” contend that the process will eventually become so automatic and computerized that it effectively fades into the background. People would hardly notice the dribble of royalties slipping into their accounts when others use “their” facts—any more than they would note the outflowing stream of cents they pay while skimming on the Web.

That is essentially what happened, except without all the transactions costs. It seems to me that all Do Not Track will do is introduce the transactions costs that we have so far avoided to the benefit of innovation. Who will this change benefit? The few people who are not willing to make the trade and who today have options to opt out. This leaves the majority of us who are willing to make the bargain in a very un-Coasean world.