Category Archives: Information Rights

Cities: adopt these privacy laws

To follow up on a my previous post about enacting local initiatives for the people’s right to privacy:

  • A publicly-accessible warrant must be provided to monitor or capture any private voice communication or digital data, at rest or in motion.
  • Only the entities that privately sign digital certificates for the purpose of encrypting voice communication or digital data, at rest or in motion, can decrypt said voice communication or digital data.
  • Only the original creator of a private certificate may own and use, in such a way, that allows said entity to view or record decrypted voice communication or digital data.
  • It is illegal for any entity to attempt to break or subvert any voice or data encryption mechanism.

I foresee some business impacts to these, so some of them probably need to change. Discuss!

A local initiative for the people’s right to privacy

“Gentlemen do not read each other’s mail.”

This was said by Henry L. Stimson in 1929 in support of the US State Department’s defunding of the Black Chamber program that was used to decipher foreign ambassador communications. At that time, Stinson was the Secretary of State under President William Howard Taft. Stinson’s opinion, however, is said to have changed while he served as the Secretary of War under President Herbert Hoover and President Franklin D. Roosevelt, in which the United States government relied heavily on the enemy’s decrypted communications during wartime.

Mass surveillance is a crime against people, not just the American people. The people did not ask for it, not even the special interests behind the development of the Patriot Act. Secret mass surveillance and secret laws are instituted and accepted by people in power, to gain and maintain power, which are acts that are illegitimate of a developing democracy. They are illegitimate acts of a country that developed the Internet.

Civilly speaking, cryptographically encrypting information before transmission is the same as licking and sealing a letter before mailing it. It is the same as closing a clear glass door on a telephone booth before having a private conversation. It is the same as putting on clothes to protect things expected to remain private.

I expect that only entities that privately sign digital certificates that create the foundation for private chats, private socializing, and secure transactions on the internet can decrypt my information. It should be illegal for entities beyond the original signer of public key infrastructure certificates to have a copy of the private key in such a way that allows said entity to view or record the decrypted content that is expected to remain private between two specific parties. It should also be illegal for any entity to attempt to break or subvert encryption mechanisms on common-carrier infrastructure as long as that data is being transmitted or being stored on American soil, no matter the nationality of the person transmitting their encrypted internet content. It is time for the United States to learn from its mistakes and emerge as a civil liberties leader.

What I would like to do is identify other leaders throughout the United States that want to pass a shared city law that makes illegal the above acts. We should all vote for and approve these laws in tandem to reduce the risk of federal or state legal threats. Cities need to come together to protect local internet infrastructure.

Governance representatives are failing to protect the nature of our constitutional protections in law and debate.  They are failing to understand the importance of the Internet. Federal representatives are literally working backwards at times, with the Patriot Act, CISPA, PIPA, and the TPP as perfect examples. It is time to work from the ground up and enact local laws that affect local internet infrastructure.

We cannot let special interest groups, that bribe our representatives, write our laws for us. The interest of the people needs to be voiced through local law. Let us tell state and federal government that it is not okay to subvert public law with secret law, and that mass surveillance cannot be tolerated, period. Law enforcement has worked, successfully, for hundreds of years without mass surveillance. The city laws that I am proposing do not inhibit the normal procedure of law enforcement to acquire a warrant, through justified evidence, to obtain private information about specific individuals to prevent or punish crime.

In addition to hosting DNS root servers and the Seattle Internet Exchange, the Westin datacenter connects us to billions of un-Americans on the other side of the Pacific Ocean. Many other cities throughout the United States host similar infrastructure. These communication points are ideal for the placement of unethical surveillance equipment, and we must make this act illegal in our cities. Let us put pressure on our state by protecting local resources, the technology that ensures the security of our online communications, and the integrity of our local businesses.

From https://www.aclu.org/sites/default/files/assets/lavabit_brief_of_us.pdf, it is clear that sometimes our founding legal frameworks are not explicit.

THE FOURTH AMENDMENT DOES NOT PROHIBIT OBTAINING ENCRYPTION KEYS FOR THE PURPOSE OF DECRYPTING COMMUNICATIONS THAT THE GOVERNMENT IS LAWFULLY AUTHORIZED TO COLLECT

Let us build our own laws for our expectations of privacy. For example, as described in the book, Toward an Information Bill of Rights & Responsibilities (http://yawnbox.com/?p=283):

Preamble

Information privacy is the claim of individuals to determine what information about them is disclosed to others and encompasses the collection, maintenance, and use of identifiable information. Privacy is an important value in a democratic society. For individuals, it enhances their sense of autonomy and dignity by permitting them to influence what others know about them. For associations, privacy enhances the ability of individuals to function collectively by permitting the association to keep deliberations and membership and other activities confidential. For society, privacy fosters individual and associational contributions to society, promotes diversity, and limits undesirable conduct and abuse of authority by government and other institutions.

Privacy is not an absolute right. It must be balanced with competing values and interests, including First Amendment rights, law enforcement interests, and business or economic interests in information. The following Code of Information Rights and Responsibilities attempts to strike an appropriate balance between privacy and competing interests, in an environment shaped be technological breakthroughs in the ability of organizations to collect and disseminate personal information.

A number of characteristics of the new information environment make it imperative to adopt a Code of Information Rights and Responsibilities. These include:

  • Technological enhancements in the ability to capture, store, aggregate, exchange, and synthesize large quantities of information about individuals, their transactions, and their behavior;
  • Proliferation of powerful computing capacity to the desktop;
  • Creation of worldwide networks through which information about individuals can easily, cheaply, and quickly flow;
  • Increasing use of target marketing, modeling, and profiling;
  • New technological abilities that permit individuals to access personal data maintained by others;
  • Decreasing cost of computing technology used to manipulate data;
  • New social and cultural values and developments regarding personal information.

Two general principles apply to all of the provisions of the Code of Information Rights and Responsibilities. First, an individual is entitled to greater protection and due process when information is used to make determinations about his or her rights, benefits or opportunities. Second, the protection of privacy must be interpreted consistently with First Amendment principles. Resolving the inherent tensions between the values of privacy and the First Amendment must take place on a case-by-case basis.

The scope of the Code of Information Rights and Responsibilities is limited to individual and associational privacy as defined above, and does not cover government and corporate interests in secrecy. It addresses how activities of information keepers and processors involving the collection, maintenance, and use of personal information should be evaluated when privacy interests overlap or conflict with other interests, values, or significant community needs.

First Principles

A. Collection
There should be limits on the ability of information keepers and processors to collect personal information. Information should only be collected when relevant, necessary, and socially acceptable.

A-1.
Information should be collected directly from the individual whenever possible.

A-2.
When not collecting information directly from the individual, notice, access, correction, and other rights should be provided if the information is used to determine rights, benefits, and opportunities.

B. Notice/Transparency
Individuals providing information to an information keeper and processor have the right to receive, at the time that information is provided, a notice of information practices describing how the information will be used, maintained, and disclosed. Information keepers and processors must provide a copy of notice of information practices upon request. There should be no secret systems containing personal information. Individuals have a responsibility to make informed choices about how information about them is to be used.

C. Access and Correction
Individuals have the right to see and have a copy of any information about themselves maintained by others, consistent with the First Amendment and with other important public and private policy interests. Individuals have the right to seek correction of information that is in error. When a correction is made, the individual may require that copies of the corrected information be provided to all previous recipients. Where this is a disagreement about the accuracy of information, the individual may include along with the disputed information a statement of disagreement.

D. Use
Information may only be used for a purpose that is identified and described at the time that the information is collected. Other uses may be permitted only if they are not inconsistent with the original understanding.

E. Disclosure
Disclosures other than those described at the time of collection may be made to third parties only with the consent of the individual or where required by law. Explicit consent by the data subject shall be required for personal information of the highest sensitivity and may be implied for less sensitive personal information. (Whether consent must be express [opt-in] or may be implied [opt-out] is an open question.)

F. Accuracy
Information keepers and processors must take appropriate steps to assure the accuracy, completeness, timeliness, and security of the information. Information keepers and processors must devote adequate resources to these functions.

G. Enforcement
Rules about the collection, maintenance, use, and disclosure of information should be enforced through suitable mechanisms, such as administrative processes, professional standards, civil actions, criminal penalties, government or private ombudsmen, and other means.

H. Oversight
There is a need for an independent federal entity to conduct privacy oversight and policy-making activities.

  • Information keepers and processors and others should be encouraged to explore technical means to protect privacy.
  • There should be an exploration of other means to promote self-determination in the use of personal information, including proprietary rights and dual control mechanisms.
  • The creation of information trustees who maintain personal data on behalf of diverse information keepers and processors should be considered.
  • There is a need to explore the rights and responsibilities of individuals and information keepers and processors when changes in the use and disclosure of information are developed after the time of collection.

Together we must begin drafting a law that can be shared by the people, city governance, and our local businesses. Together we must approve these measures and begin putting a stop to mass surveillance on any and all people, not just Americans, while also demonstrating our right to privacy.

A Critical Look at a Facebook “Like” as Free Speech

From a Al Jazeera America news article:

“Liking a political candidate’s campaign page communicates the user’s approval of the candidate and supports the campaign by associating the user with it,” Chief Judge William Traxler wrote for a three-judge panel of the Richmond, Va.,-based appeals court. “It is the Internet equivalent of displaying a political sign in one’s front yard, which the Supreme Court has held is substantive speech.”

From a Bloomberg news article:

The appeals court reversed a lower-court judge who said that simply clicking the “Like” button on a Facebook page didn’t amount to “a substantive statement” that warrants constitutional protection.

I wholeheartedly agree with the U.S. Circuit Court’s ruling. But their interpretation is lacking foundation from ideas shared in the philosophy of information.

The act of clicking a “like” hyperlink on Facebook or Facebook application, such as a “like” button on a news article web page or political figure campaign website, demonstrates knowledge of the primary information contained in the subject matter that can be “liked” in a web browser.

The sub-classification that is important here, the act of “liking” said primary information, is that from a neutral, third-party position, “liking” the main idea or an aspect of said primary information is primary-derivative-operational information.

Primary-derivative-operational information

Operationally, Bobby Bland demonstrated his knowledge and approval of the primary information by clicking the “like” hyperlink on Facebook. This operational information is, of course, derivative in nature, being that it is subsidiary information when juxtaposed to the actual content of the primary information.

Another common act that is considered free speech from a third-party observer that is also primary-derivative-operational information is carrying a sign at a strike or demonstration of some manner. A demonstrator is showing his or her approval or disapproval of some aspect of some primary-information. Again, the act of agreeing with primary information is derivative in this context. Facebook doesn’t support a “dislike” hyperlink, but if it did, someone who shows (shares) that they have knowledge of that primary information (content contained in a Facebook post) and, operationally, demonstrates their agreement by clicking a supporting hyperlink, should be supported by the First Amendment of the U.S. Constitution.

Liking, re-tweeting, etc, demonstrates:

  1. having some knowledge of the primary information
  2. showing support of some aspect of said primary, primary-secondary, primary-meta, primary-operational, or primary-derivative information

Performing both of the above two items is a requirement to verbalizing support for a political candidate, which is also protected under the First Amendment.

 

Toward an Information Bill of Rights & Responsibilities

While the below work touches on many issues, it’s the individual privacy issues that I think it nails on the head. The work is an excerpt out of the book: Toward an Information Bill of Rights & Responsibilities. The book was published in 1995 and appears to be highly relevant today. Much of this needs to be reflected in modern law.

You might be able to buy the book from Amazon.

Page 133 – 143, typed by hand. please let me know if there are any typos.

An Information Bill of Rights and Responsibilities

I. Communication Rights and Responsibilities

Preamble

A fundamental shift is occurring in American and other cultures toward their own information societies, and a global society as well. These changes have many different characterizations, among which are increasing:

  • – immediacy of information transmission;
  • – interconnectedness among differing communications technologies;
  • – convergence of media due to digitization in video, voice and data transmissions;
  • – interactivity as compared to the traditional broadcasting media;
  • – concentration and consolidation of control of some communication and information services, while at the same time there is increasing proliferation of new networks and services;
  • – individualism in basic social unites leading to heavy reliance on media communication channels; individuals increasingly depend on channels of electronic communication to conduct the essential activities of their lives;
  • – social isolation encouraging individuals to seek integration through channels of electronic communication;
  • – information overload;
  • – social and economic disparity;
  • – diversity of cultures within the larger society;
  • – globalization of trade and information flow;
  • – dependence of individuals on communities that are not geographical but are tied together by channels of communication; and
  • – pursuit of new activities and functions by institutions across society by use of telecommunications and information technologies.

In this new era, it is important to recognize and state basic principles of rights and responsibilities. In the United States, this means, at the least, the applicability of the American Constitution and the Bill of Rights to the issues posed by the advent of new uses of communications and information technologies.

First Principles

A. Access
The emerging information society should be characterized by the open flow of information among all individuals and institutions. This requires equitable access to an intelligent information and communication infrastructure.

A-1. Connectivity
The development of a national information infrastructure requires enhanced connectivity of all willing individuals and institutions to a network of ultimate connectivity.

A-2. Affordability
In order to allow all individuals and institutions to participate fully in the information society, there should be equitable and affordable access to public information resources. The opportunity for practical universal access requires affordability to achieve equity. Supplementary sources of funding will be needed.

A-3. Literacy
A democratic society needs to assure the existence of an informed and literate citizenry, as well as the protection of free expression and robust civic discourse. Libraries, schools, and public institutions are central to this effort.

B. Nondiscrimination
Neither skill nor status should bar an individual from full participation in the social dialogue and information transactions of the information society.

C. Security
In this new communications environment, protection of communication security, privacy, and reliability is necessary.

D. Participation
Democratic decision making is essential for the effective development of the new information infrastructure. Citizens should be encouraged to participate in the design and development of infrastructure technology and policy. This should include the promotion of connectivity between citizens and government, the strengthening of public institutions, and public support for communications efforts intended to promote inclusion and education.

E. Diversity
In order to promote the goal of a rich and open information and communications environment, government has the responsibility to ensure:

  • 1. a wide range of choices of communication media that provide access to information and communications services;
  • 2. a wide range of choices of means for individuals and institutions to have voice in participating in the public dialogue;
  • 3. a wide range of relevant political, economic, and social information;
  • 4. that citizens may obtain the education and skills necessary for participation in the information society;
  • 5. an environment conducive to the encouragement of free expression.

F. Information Resources
In order to compensate for the limitations of the market economy, and to support education, advance the arts and sciences, encourage public debate and discourse, and support civic endeavors, government has the responsibility:

  • 1. to ensure the existence of a civic arena within the network, that is, to support electronic forums that encourage public dialogue and enrich democratic debate;
  • 2. to support, without editorial interference, the ongoing viability of public libraries, the repositories of information democracy;
  • 3. to make universally available in accessible form the political, economic, and social information necessary to the maintenance of an informed citizen and consumer.

G. Citizenship
Ethical participation in the information society requires that institutions and individuals have responsibility:

  • 1. to make use of information and communication systems and services in ways that are consistent with the common good;
  • 2. to establish, access, and use the information system in ways that do not result in damage to that system or its users;
  • 3. to be informed participants in society;
  • 4. for truthfulness and honest disclosure (within the protections of personal and institutional privacy);
  • 5. to attribute authorship where appropriate in accordance with custom and contractual obligations;
  • 6. to respect the rights of others to dissent from majoritarian opinion.

II. Information Privacy

Preamble

Information privacy is the claim of individuals to determine what information about them is disclosed to others and encompasses the collection, maintenance, and use of identifiable information. Privacy is an important value in a democratic society. For individuals, it enhances their sense of autonomy and dignity by permitting them to influence what others know about them. For associations, privacy enhances the ability of individuals to function collectively by permitting the association to keep deliberations and membership and other activities confidential. For society, privacy fosters individual and associational contributions to society, promotes diversity, and limits undesirable conduct and abuse of authority by government and other institutions.

Privacy is not an absolute right. It must be balanced with competing values and interests, including First Amendment rights, law enforcement interests, and business or economic interests in information. The following Code of Information Rights and Responsibilities attempts to strike an appropriate balance between privacy and competing interests, in an environment shaped be technological breakthroughs in the ability of organizations to collect and disseminate personal information.

A number of characteristics of the new information environment make it imperative to adopt a Code of Information Rights and Responsibilities. These include:

  • – technological enhancements in the ability to capture, store, aggregate, exchange, and synthesize large quantities of information about individuals, their transactions, and their behavior;
  • – proliferation of powerful computing capacity to the desktop;
  • – creation of worldwide networks through which information about individuals can easily, cheaply, and quickly flow;
  • – increasing use of target marketing, modeling, and profiling;
  • – new technological abilities that permit individuals to access personal data maintained by others;
  • – decreasing cost of computing technology used to manipulate data;
  • – new social and cultural values and developments regarding personal information.

Two general principles apply to all of the provisions of the Code of Information Rights and Responsibilities. First, an individual is entitled to greater protection and due process when information is used to make determinations about his or her rights, benefits or opportunities. Second, the protection of privacy must be interpreted consistently with First Amendment principles. Resolving the inherent tensions between the values of privacy and the First Amendment must take place on a case-by-case basis.

The scope of the Code of Information Rights and Responsibilities is limited to individual and associational privacy as defined above, and does not cover government and corporate interests in secrecy. It addresses how activities of information keepers and processors involving the collection, maintenance, and use of personal information should be evaluated when privacy interests overlap or conflict with other interests, values, or significant community needs.

First Principles

A. Collection
There should be limits on the ability of information keepers and processors to collect personal information. Information should only be collected when relevant, necessary, and socially acceptable.

A-1.
Information should be collected directly from the individual whenever possible.

A-2.
When not collecting information directly from the individual, notice, access, correction, and other rights should be provided if the information is used to determine rights, benefits, and opportunities.

B. Notice/Transparency
Individuals providing information to an information keeper and processor have the right to receive, at the time that information is provided, a notice of information practices describing how the information will be used, maintained, and disclosed. Information keepers and processors must provide a copy of notice of information practices upon request. There should be no secret systems containing personal information. Individuals have a responsibility to make informed choices about how information about them is to be used.

C. Access and Correction
Individuals have the right to see and have a copy of any information about themselves maintained by others, consistent with the First Amendment and with other important public and private policy interests. Individuals have the right to seek correction of information that is in error. When a correction is made, the individual may require that copies of the corrected information be provided to all previous recipients. Where this is a disagreement about the accuracy of information, the individual may include along with the disputed information a statement of disagreement.

D. Use
Information may only be used for a purpose that is identified and described at the time that the information is collected. Other uses may be permitted only if they are not inconsistent with the original understanding.

E. Disclosure
Disclosures other than those described at the time of collection may be made to third parties only with the consent of the individual or where required by law. Explicit consent by the data subject shall be required for personal information of the highest sensitivity and may be implied for less sensitive personal information. (Whether consent must be express [opt-in] or may be implied [opt-out] is an open question.)

F. Accuracy
Information keepers and processors must take appropriate steps to assure the accuracy, completeness, timeliness, and security of the information. Information keepers and processors must devote adequate resources to these functions.

G. Enforcement
Rules about the collection, maintenance, use, and disclosure of information should be enforced through suitable mechanisms, such as administrative processes, professional standards, civil actions, criminal penalties, government or private ombudsmen, and other means.

H. Oversight
There is a need for an independent federal entity to conduct privacy oversight and policy-making activities.

  • – Information keepers and processors and others should be encouraged to explore technical means to protect privacy.
  • – There should be an exploration of other means to promote self-determination in the use of personal information, including proprietary rights and dual control mechanisms.
  • – The creation of information trustees who maintain personal data on behalf of diverse information keepers and processors should be considered.
  • – There is a need to explore the rights and responsibilities of individuals and information keepers and processors when changes in the use and disclosure of information are developed after the time of collection.

III. Information as Property

Preamble

The Constitution empower Congress “…To promote the Progress of Science and useful Arts, by securing limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.” Recent developments in technology and society have placed new stresses on the existing system of property rights and information and have raised concerns about achieving this constitutional goal. Relevant developments include:

  • – the technological ability to make and distribute perfect copies of creative works and other information;
  • – the blurring and evolution of traditional roles in disseminating information and creative works, including the roles of author, creator, performer, editor, publisher, distributor, and audience/user;
  • – the increasing disenfranchisement of significant segments of our democratic society because they cannot afford information resources and alternative forms of access are not a available to them;
  • – the increasing government exercise of controls over a rapidly expanding pool of information through the assertion of property rights, the assignment of exclusive rights, licensing, fees, security classification, access clearances, and other mechanism which prevent or hinder public access;
  • – the capability of manipulating, synthesizing, or distorting information and of creating new digital environments without regard to the intention of the original author;
  • – the use of new technology to create a wide range of new works, and/or to adapt existing works;
  • – the emergence of intellectual property concerns as a factor influencing or impeding the introduction of new information technologies, and the full development and use of some of their capabilities;
  • – the growing importance and frequency of new forms of collaboration in creating new works;
  • – the potential for new technologies to facilitate and reduce the transaction costs of individual and collective agreements concerning rights in information and services.

First Principles

A. Facilitate Transactions
The development of standard practices, policies, rules, and laws concerning information should facilitate commercial, intellectual, artistic, and social transactions within the broadest community of creators, producers, disseminators, and users of information which:

  • – advance democratic values,
  • – promote free expression,
  • – further creativity and knowledge,
  • – allow broad access,
  • – maximize participation,
  • – facilitate trade and commerce, and
  • – respect privacy rights.

B. Legal Framework and Limitations
In an evolutionary period, emerging information property rules should be sensitive to the need both for predictability and for adaptability to change. Law should serve as an overarching framework awarding property rights to information and recognizing limitations on those rights. An example of a particularly important limitation is the principle of “fair use,” which furthers certain socially worthwhile activities while simultaneously protecting the interests of authors and encouraging innovation. Within this framework, private arrangements–decentralized and open to experimentation–should be promoted when such arrangements lower transaction costs and increase and broaden accessibility. In the efficient adjudication of completing interests, alternatives to costly litigation should be fostered.

C. Information Commons
Emerging laws, regulations, ans judicial decisions should assure an expanding common pool of facts and ideas that nourish creativity and the advancement of knowledge. Maintaining and enriching the public domain of information are important for the advancement of the goals set forth in Principle I. Customs and practices which result in private decisions to forgo copyright and dedicate information to the public domain should be encouraged.

D. Role of Government
Democratic society thrives when information created, gathered, controlled, or maintained by its governments is recognized as belonging to the people. Government information should not be subject to property rights. Governments’ control over vast quantities of information requires that the governments’ rights and responsibilities be made explicit. Federal, state, and local governments must disseminate information about their operations and their rules, regulations, and laws. Furthermore, government has an affirmative obligation to use modern information technology to broaden citizen access to all government information. Governments must demonstrate compelling justification for the withholding of information or restrictions on the use of information.

E. Encourage Creativity and Investment
Evolving law and practices should encourage private and public investments to add value and enhance utility to data and further production of a wider range of new creative works.

F. Industry Structure
There must be constant attention to the evolution of industry structure so that property rights in information (or in the enhancement of information) do not yield bottlenecks or other anti-competitive consequences that frustrate the achievement of the general principles stated above.