| ProfessorMiller: | hello everyone |
| This is Arthur Miller for our weekly chat | |
| I hope you have been thinking about how best to protect individual privacy against the risks posed by snoopy people, profiteers, and all those other folks out there who want to know about us. | |
| Being a lawyer, I've always thought that legal regulation is the way to go in dealing with a social phenomenon | |
| but some of my friends have been saying lately that the Internet, and various industries and professions, should be relied on for self-regulation. | |
| I even hear people saying that the ultimate safeguard lies with each of us establishing our own privacy rules for communicating with us or communicating with our information nodes | |
| That's our topic tonight. | |
| So let me hear from somebody who has a firm view about how we should go about protecting privacy in this information age of ours | |
| Sherry asks: | I think the true hope for the internet will have to be moral restraint, of individuals, because both companies and individuals have the cloak of anonymity |
| ProfessorMiller: | Well Sherry, being a cynic, I guess my first reaction is, whose morality? Yours? Mine? Or the marketplace's? |
| Does anyone else have a comment they'd like to share? | |
| melanie 1 asks: | P3P touts itself as a way of facilitating protection of privacy. Is a contract + technology-based regime really the way to go? |
| aldon asks: | As to your response to Sherry's, I will trust myself, with controlling my private information. I don |
| aldon asks: | (cont) I don't trust the government, or big business to do it for me. |
| ProfessorMiller: | The only way that contract plus technology gives us any real assurance of protection, in my judgment, is if it is backed up by the deterrent force of the law |
| What good is a contract if it is not enforceable by a court, which is empowered to impose sanctions if there is a breach? | |
| without that, you are back relying on people's good faith | |
| and history teaches us that is not a perfect system | |
| as to aldon, who do you trust? | |
| aldon asks: | can you tell me what deterrent force of the law is involved in the UL label, the Good Housekeeping seal, or the assorted Kosher symbols? |
| ProfessorMiller: | aldon, that's a good point, but remember that those labels are labels as to standards. |
| they tell us that something is kosher or isn't, and if someone uses the symbol improperly--labelling something as kosher that isn't--we as purchasers are entitled to sue for misrepresentation. So there is some legal force behind us to guard against the misuse of the label. | |
| Similarly, I would think that if some information company says it honors a particular privacy standard, and then doesn't, we could seek damages--if we are damaged and can prove it--for the misprepresentation. | |
| By the way, to ask a question or make a comment, type /ask and then your question | |
| aldon asks: | And p3p seems to be potentially a useful tool for companies to present the standards of privacy that they adhere to you and negotiate whether of not their standards and your match. |
| melanie 1 asks: | Isn't the force of law exactly what the contract system provides when it is coupled with technology? |
| aldon asks: | So then, would not the current laws about misrepresentation be sufficient for this new medium? |
| ProfessorMiller: | Alright... |
| so we are sort of groping toward the recognition that there are some legal theories out there--like breach of contract and misrepresentation--that can reinforce private systems if there in fact is a contract that is breached, and if in fact there is a material misrepresentation that causes damage | |
| in other words, private systems that can not be enforced don't provide much protection. | |
| Now, there is a practical problem | |
| how do you know you are injured? | |
| how do you prove damage? | |
| and who among us has a sufficient stake to bring a legal proceeding, even if we know we have been damaged? | |
| aldon asks: | If I don't know that I have been 'injured', then do I need to prove damage or seek recourse? For example, how do I know if the matzoh's really are koshe.. |
| aldon asks: | If the stake is not sufficient to bring legal proceedings, should we even worry about it? |
| ProfessorMiller: | there is an old adage in the law that the best fraud to commit is a massive fraud against large numbers of people for a small amount of money |
| on the theory that it either won't be discovered, or no one will have the economic incentive to vindicate | |
| The result is a rather immoral marketplace where you are actually promoting that kind of behavior | |
| from time to time, we have seen that in the securities industry and in the consumer goods industry | |
| I would hope that we can work out a system of privacy protection that would not render the Internet vulnerable to that type of behavior | |
| but implied in your response is a very important point: | |
| you don't necessarily want to create a system that has very high transaction costs for achieving corrective behavior | |
| that is why we have --at least in theory-- the class action | |
| aldon asks: | and isn't that why we have class action suits? |
| ProfessorMiller: | bingo! |
| an alternative is a policing agency that can be private or public | |
| that "walks the beat" and makes sure that people are behaving | |
| but, is that big brother in a different form? | |
| aldon asks: | so then wouldn't a better approach be to facilitate bringing down the high transaction costs for achieving corrective behavior? |
| ProfessorMiller: | it's easier said than done |
| Lawyers and court costs are very expensive, and I suspect that a "policing" or "monitoring" group also would be expensive | |
| But it's certainly something that should be explored | |
| Sherry asks: | why are we assuming that the legal system is the proper forum to "achieve corrective behavior" |
| ProfessorMiller: | Okay, Sherry, give us a solution |
| aldon asks: | What about the use of the technology itself to bring about collective action? Chat rooms, web pages, mailing lists, newsgroups? |
| ProfessorMiller: | How would that work? |
| (aldon) | |
| Sherry asks: | ask / what about a system like the voluntary rating system that Ebay has adopted |
| ProfessorMiller: | Sherry, isn't that more of an authentication system than a privacy protection system? |
| aldon asks: | if everyone hears that Blockbluster is distributing private information about movie rentals, either from a web page, a mailing list or a newsgroup, perhaps they will be less inclined to rent adult movies there, significantly cutting into blockbuster sales. |
| ProfessorMiller: | Aldon appears to believe in the marketplace |
| that is a legitimate thing to do, but it really depends on whether you think marketplace forces are coincident with the privacy policies you want to achieve | |
| That is a big assumption | |
| I am not saying it's wrong, I am just saying it is a big assumption. | |
| Trevor asks: | Professor, it seems that we are limiting our discussion to US based solutions. The problems with enforcing online privacy are compounded by the multiple jurisdictions that could create solutions. |
| ProfessorMiller: | Beautiful, Trevor |
| I don't mean that Trevor is necessarily beautiful--he may be--but his point is beautiful | |
| it suggests, and I think he is right, that if you really believe the Internet is global and offers us a global marketplace, the privacy solution, whether private or legal or both, must also be structured on an international basis | |
| as you might guess, the history of global international law is not a bright one | |
| Sherry asks: | \ask but the point is the same -- a verification of whether a person/group keeps his word, and a social penalty or cost if you dont |
| ProfessorMiller: | So Sherry |
| are you suggesting that we simply out the privacy violator? | |
| anything stronger than that? | |
| how about getting his or her address and going there and stoning him/her to death? | |
| one of my colleagues here at Harvard suggests an eye for an eye philosophy | |
| namely, that once a privacy violator is identified, everything personal about him/her is published | |
| is this a civilized approach? | |
| aldon asks: | Can you give me an example of how marketplace forces could be divergent with privacy policies one would want to achieve? |
| ProfessorMiller: | That's a very deep philosophical question/point |
| sometimes marketplace forces such as the economic value of personal information, will trump a person's desire for individual privacy because the "offer" is too good--or seems too good--to pass up | |
| sometimes the marketplace is not perfect in terms of people understanding the consequences of giving up their privacy | |
| I realize that is not consistent with a true marketeer's view of the world, but being an ancient liberal, sometimes I think people have to be protected against themselves | |
| Sherry asks: | ask I think establishing credibility and trust is what any vendor tries to do -- with customer service, with a reputation for products, and for privacy policy |
| ProfessorMiller: | as a general matter, Sherry, you are right |
| the problem is that there are lots of people, like Ivan Boesky and myriad of other scam artists out there, for whom the short term profit is more attractive than the long term reputation. | |
| We have to watch out for what in the old days, before the SEC, were the "bucket shop" or fly by night security sellers, who would open up here, run, and then open up there | |
| Sad as it may be, it characterizes a number of micro marketplaces | |
| One of the most useless things you can do is hire a home inspection company | |
| aldon asks: | If the marketplace is not doing in line with peoples understanding of the consequences of giving up their privacy, then isn't education a better option than legislation? |
| ProfessorMiller: | As an educator, I say, sadly, life's too short to wait for education |
| But, I have grown cynical as I age | |
| Sherry asks: | I concede that we need to protect against transients -- perhaps establish permanent "identities" who may be researched |
| ProfessorMiller: | That's a good point |
| Keep in mind that in certain businesses, and in all of the professions, we grant access to people only after a certain level of education and/or licensing takes place | |
| It ain't perfect--otherwise there would never be a crooked attorney--but it probably helps. | |
| But, could we possibly translate that approach to the use of public communications media like the Internet? | |
| A variant might be requiring business entitites on the Internet to provide bonds | |
| from which established liabilities could be collected | |
| so that they could not become either bankrupt or fly by night | |
| rewell asks: | One of the alternatives might be that a big company, such as AOL, decides to control what is available. As more mergers take place, this could be a more powerful force in the marketplace. |
| rewell asks: | Big companies could impose self regulation for peoople who view the web through their browsers, or we could legislate requirements for browser vendors based on size. |
| ProfessorMiller: | Big, powerful companies can be a force for good or bad. |
| They are the kind of economic entities that probably are in for the long haul and therefore are concerned about the quality of their service and the quality of their reputation. | |
| If we could regulate their privacy conduct effectively the way we try to regulate the trade practices of businesses through antitrust laws and tort law, maybe we could make some progress. | |
| Sherry asks: | I am cynical, too, but young. The pace of change within my lifetime astounds me. I have not seen government keeping up. Perhaps I am as cynical as you, but in the opposite direction -- I believe only the marketplace has the ability to be responsive enough to the new technology. |
| ProfessorMiller: | Don't read too much into my cynicism . |
| In truth, I too am astounded at the pace of change in "our" lifetimes | |
| all I am really "pushing" --only in the "let's think about it" sense--is that we figure out some way to allow the marketplace to flourish but avoid the excesses that periodically creep into it when there is too much greed and/or money on the table | |
| Sherry asks: | Do you believe government can actually "control" any of it? |
| ProfessorMiller: | a really big question |
| Government can achieve a good deal. It has in regulating things like the securities market, air safety, labor management, etc. | |
| is it perfect? of course not | |
| A big philosophical question just posed by one of my very philosophical colleagues is : if we are to err, should we err on the side of underregulation, or overregulation? | |
| let's face it. None of us is Nostrodamus, and none of us is infallible. | |
| When we calibrate or balance, we know there will be a margin of error. | |
| aldon asks: | Sounds like the market opportunity is to publish the privacy Ezine with the privacy-Ezine seal of approval. How close is this to what TRUSTe is doing? |
| ProfessorMiller: | A good privacy seal of approval is not a bad idea. |
| especially if we developed a level of faith in the certificating agency | |
| by the way, if we really develop that kind of faith, the certificating agency--public or private--could also become the policing agency | |
| aldon asks: | and who would one trust with these permanent "identities" Big business? Big Government? Which Big Brother is friendlier? |
| Sherry asks: | better yet, there should be several certificating agencies. |
| ProfessorMiller: | I think both of these comments are wise. |
| but in the end, we are dealing with one of the oldest questions of time: who watches the watchers? | |
| we simply have to find a group, an organization, or a group of organizations in which to repose some faith. That might get us out of the government regulation business, but we have to watch out that the private watchdogs don't become captives of the interested industries | |
| That has been a problem in terms of administrative agencies--admittedly governmental--for a century. | |
| There is no difference if the watchdog agency is private. | |
| I'm going home for dinner. It was fun chatting | |
| You young people are just too smart for me, and I'll try to build up some energy for next week. | |
| Good night |