Jim Harper’s Techdirt Profile


About Jim Harper

Posted on Techdirt Greenhouse - 1 June 2020 @ 12:30pm

Giving People Property Rights In Data Will Not Solve Privacy, But...

from the property-rights-and-privacy dept

Online privacy can’t be solved by giving people new property rights in personal data. That idea is based on a raft of conceptual errors. But consumers are already exercising property rights, using them to negotiate the trade-offs involved in using online commercial products.

People mean a lot of different things when they say “privacy.” Let’s stipulate that the subject here is control of personal information. There are equal or more salient interests and concerns sometimes lumped in with privacy. These include the fairness and accuracy of big institutions’ algorithmic decision-making, concerns with commodification or commercialization of online life, and personal and financial security.

Consumers’ use of online services will always have privacy costs and risks. That tension is a competitive dimension of consumer Internet services that should never be “solved.” Why should it be? Some consumers are entirely rational to recognize the commercial and social benefits they get from sharing information. Many others don’t want their information out there. The costs and risks are too great in their personal calculi. Services will change over time, of course, and consumers’ interests will, too. Long live the privacy tension.

Online privacy is not an all-or-nothing proposition. People adjust their use of social media and online services based on perceived risks. They select among options, use services pseudonymously, and curtail and shade what they share. So, to the extent online media and services appear unsafe or irresponsible, they lose business and thus revenue. There is no market failure, in the sense used in economics.

Of course, there are failures of the common sort all around. People say they care about privacy, but don’t do much to protect it. Network effects and other economies of scale make for fewer options in online services and social media, so there are fewer privacy options, much less bespoke privacy policies. And companies sometimes fail to understand or abide by their privacy policies.

Those privacy policies are contracts. They divide up property rights in personal information very subtly—so subtly, indeed, that it might be worth reviewing what property is: a bundle of rights to possess, use, subdivide, trade or sell, abandon, destroy, profit, and exclude others from the things in the world.

The typical privacy policy vests the right to possess data with the service provider—a bailment, in legal terminology. The service provider gets certain rights to use the data, the right to generate and use non-personal information from the data, and so on. But the consumer maintains most rights to exclude others from data about them, which is all-important privacy protection. That’s subject to certain exceptions, such as responding to emergencies, protecting the network or service, and complying with valid legal processes.

When companies violate their privacy promises, they’re at risk from public enforcement actions—from Attorneys General and the Federal Trade Commission in the United States, for example—and lawsuits, including class actions. Payouts to consumers aren’t typically great because individualized damages aren’t great. But there are economies of scale here, too. Paying a little bit to a lot of people is expensive.

A solution? Hardly. It’s more like an ongoing conversation, administered collectively and episodically through consumption trends, news reporting, public awareness, consumer advocacy, lawsuits, legislative pressure, and more. It’s not a satisfactory conversation, but it probably beats politics and elections for discovering what consumers really want in the multi-dimensional tug-of-war among privacy, convenience, low prices, social interaction, security, and more.

There is appeal in declaring privacy a human right and determining to give people more of it, but privacy itself fits poorly into a fundamental-rights framework. People protect privacy in the shelter of other rights—common law and constitutional rights in the United States. They routinely dispense with privacy in favor of other interests. Privacy is better thought of as an economic good. Some people want a lot of it. Some people want less. There are endless varieties and flavors.

In contrast to what’s already happening, most of the discussion about property rights in personal data assumes that such rights must come from legislative action—a property-rights system designed by legal and sociological experts. But experts, advocates, and energetic lawmakers lack the capacity to discern how things are supposed to come out, especially given ongoing changes in both technology and consumers’ information wants and needs.

An interesting objection to creating new property rights in personal data is that people might continue to trade personal data, as they do now, for other goods such as low- or no-cost services. That complaint—that consumers might get what they want—reveals that most proposals to bestow new property rights from above are really information regulations in disguise. Were any such proposal implemented, it would contend strongly in the metaphysical contest to be the most intrusive yet impotent regulatory regime yet devised. Just look at the planned property-rights system in intellectual property legislation. Highly arguable net benefits come with a congeries of dangers to many values the Internet holds dear.

The better property rights system is the one we’ve got. Through it, real consumers are roughly and unsatisfactorily pursuing privacy as they will. They often—but not always—cede privacy in favor of other things they want more, learning the ideal mix of privacy and other goods through trial and error. In the end, the “privacy problem” will no more be solved than the “price problem,” the “quality problem,” or the “features problem.” Consumers will always want more and better stuff at a lower cost, whether costs are denominated in dollars, effort, time, or privacy.

Jim Harper is a visiting fellow at the American Enterprise Institute and a senior research fellow at the University of Arizona James E. Rogers College of Law.

12 Comments | Leave a Comment..

Posted on Techdirt - 23 March 2013 @ 12:00pm

Jim Harper's Favorite Techdirt Posts Of The Week

from the i-have-opinions dept


For those of you who don't know me, I'm director of information policy studies at the Cato Institute in Washington, D.C. I work mostly on privacy (including such things as anonymity and the Fourth Amendment), and also on telecom, intellectual property, government transparency (lots of that lately), and protecting the country from counter terrorism.

I'm a native of California and a lawyer. I always take it as a compliment when people who talk to me figure out the first one and have no idea about the second. On my Twitter feed, I sometimes share glimpses of the pageant that unfolds weekend nights, late, on D.C.'s buses.

I have opinions. I want less coercion in our society.

We're all agreed on opposing private violence such as rape and murder, but a lot of people indulge public violence too easily. Some people are OK with state violence visited on innocent foreign people because it might make us safer here. It won't, but no matter because the violence is remote in distance (I guess that's their thinking).

Some people are OK with economic regulation, taxation, and redistribution of wealth for a similar reason: The state violence behind it is conceptually remote. I want less of that, too—a truly peaceful society built on cooperation.

I was listening to "Screaming at a Wall" by Minor Threat when I wrote those last bits. Perhaps that's a metaphor for what I do much of the time. It's very hard to reach people with a possible insight at a moment when they're receptive to it.

What You're Dealing With When You Go to Congress

Hands down, my favorite post of the week goes after Rep. Louie Gohmert (R-TX) for his technical ignorance. I like Louie Gohmert. I think he's funny. He's a real character. And, I mean, his name sounds like "Gomer."

But I sure wouldn't want him governing me.

The colloquy featured in the post is very similar to one I had with a senator after I testified in the Senate Commerce Committee a few years ago. 'How are my searches giving my email over to the spammers?' That kinda stuff. Oh lord.

It was a Republican doing the asking that time, too. But congressional ignorance is a bipartisan problem—sometimes on matters even more basic.

I think a lot of people believe so strongly in democracy that they apply their ideal vision of Congress when they think about what Congress and the government might do. The reality is very different.

It's not that all members of Congress are gomers. They and their staffs are very smart, very dedicated people. But they haven't got the knowledge to organize a society as large, diverse, and open as ours.

Mike says at the end that we need better politicians. There are better, but the system that runs society better than we could ourselves? It does not exist.

Don't Trust the Cloud

I hang my head in shame for all the people who have jumped on the "cloud" bandwagon, and the post expressing skepticism about Google's new "Keep" service in light of Google Reader's demise expresses an important dimension of #cloudfail.

It's absolutely true that "cloud" makes sense given the current state of technology. You don't want to run your apps and your storage on your home server, because most of you don't have one. (I don't.) And you don't want to keep up its upkeep.

But what price do you pay for throwing everything up onto that "cloud" thingy? Greater risk of third-party access and your privacy's undoing, for one thing. Cloud services also can fail. "Cloud" is a marketing term that confuses people about the fact that there are network operators and software and database managers who have duties and responsibilities to their customers.</rant>

There will come a time—give me a long enough time horizon and you know I'm right—when software will be so stable, hardware so cheap, and connectivity so replete that throwing sensitive data and documents onto someone else's servers will seem like an embarrassing mistake.

That's not the point of the post, but it allows me to stretch for that point. I'm old enough to have played games on a mainframe through a teletype machine. I made copies of letters with carbon paper! We looked up information in books! And liked it!

The technology will change the economics, and I think "cloud" will go.

A solid institution like Google yanking Reader is just one, non-devastating dimension of #cloudfail, but other undesirable things can happen with cloud services.

The Business Model Problem

Nobody beats Masnick for illustrating that there are business models that can compete with "free." He apparently has a rival in Glyn Moody, though, who wrote this week about the wave of newspapers in London reducing their prices to zero.

That is classic Techdirt. And it makes Techdirt...how shall we put it...non-beloved by the copyright-reliant folks out there.

You'll be interested to know (or maybe not) that libertarians are divided on intellectual property laws. Some regard them as a gross imposition on the natural right to say and read and write and use whatever knowledge you want to. Others regard ideas and expressions as the rightful property of their creators, rightfully defended from expropriation by government in its proper role as a preventer of rights-violations. I did my best not to tip my hand at a Cato book forum on the topic this week. Haha!

Libertarians are even divided on whether you should call it "intellectual property" or not. I think it's fine to call it that.

I make a curious distinction—too rare in discussions of these topics—between intellectual property, the myriad things produced by cognition and volition, and intellectual property law, which is the assortment of statutes that extend greater control over intellectual property to certain of its beneficiaries. We should have a name for these things: inventions, expressions, and other ideal objects. "Intellectual" modifies "property" much the way "real" does when the object you're talking about is a chunk of earth.

Intellectual property laws have a very different reason for being than property laws pertaining to physical goods. That's what matters most.

Another "That's So Techdirt!"

Mike came up with the "Streisand effect" and don't you forget it.

So I had to love the triple-Streisand featured this week. What a bunch of maroons there are out there who think they can bully legitimate commentary and other good stuff off the Web.

Don't like that I said that?! Just let me know, and I'll take it down... :-/

Honorable Mention

Thanks, Techdirt, to the shout you gave to our Wikipedia and legislative data workshop late last week.

We've been working on modeling, advocating for, and now producing better government data, starting with legislation.

In short order, we're going to start systematically reporting on notable bills in Congress on Wikipedia, building the public's capacity and demand for information about what goes on in Washington, D.C.

Our data is perfectly amenable to many uses. Let me know if you want to build something with it.

36 Comments | Leave a Comment..

Posted on Techdirt - 12 September 2012 @ 1:35pm

TSA Still Not Taking Comments On Naked Scanners; So Public Interest Group Does It For Them

from the politicians-lagging-public-opinion dept

If you needed proof of politicians’ sensitivity to, and encouragement of, persistent terrorism fears, look no further than today’s hearing in the House Homeland Security Subcommittee on Transportation Security. It’s called “Eleven Years After 9/11 Can TSA Evolve To Meet the Next Terrorist Threat?” and it’s being used to feature—get this—a report arguing for a “smarter, leaner” Transportation Security Administration.

Could the signaling be more incoherent? The hearing suggests both that unknown horrors loom and that we should shrink the most visible federal security agency.

Lace up your shoes, America—we’re goin’ swimmin’!

Our federal politicians still can’t bring themselves to acknowledge that terrorism is a far smaller threat than we believed in the aftermath of the September 11, 2001, attacks, and that the threat has waned since then. (The risk of attack will never be zero, but terrorism is far down on the list of dangers Americans face.)

The good news is that the public’s loathing for the TSA is just as persistent as stated terrorism fears. This at least constrains congressional leaders to make gestures toward controlling the TSA. Perhaps we’ll get a “smarter, leaner” overreaction to fear.

Public opprobrium is a constraint on the growth and intrusiveness of the TSA, so I was delighted to see a new project from the folks at We Won’t Fly. Their new project highlights the fact that the TSA has still failed to begin the process for taking public comments on the policy of using Advanced Imaging Technology (strip-search machines) at U.S. airports, even though the D.C. Circuit Court of Appeals ordered it more than a year ago.

The project is called TSAComment.com, and they’re collecting comments because the TSA won’t.

The purpose of TSAComment.com is to give a voice to everyone the TSA would like to silence. There are many legitimate health, privacy and security-related concerns with the TSA’s adoption of body scanning technology in US airports. The TSA deployed these expensive machines without holding a mandatory public review period. Even now they resist court orders to take public comments.

TSAComment.com has gotten nearly 100 comments since the site went up late yesterday, and they’re going to deliver those comments to TSA administrator John Pistole, Homeland Security Secretary Janet Napolitano, and the media.

The D.C. Circuit Court did require TSA to explain why it has not carried out a notice-and-comment rulemaking on the strip-search machine policy, and assumedly it will rule before too long.

Getting the TSA to act within the law is important not only because it is essential to have the rule of law, but because the legal procedures TSA is required to follow will require it to balance the costs and benefits of its security measures articulately and carefully. Which is to say that security policy will be removed somewhat from the political realm and our incoherent politicians and moved more toward the more rational, deliberative worlds of law and risk management.

Hope springs eternal, anyway…

There could be no better tribute to the victims of 9/11 than by continuing to live free in our great country. I won’t shrink from that goal. The people at TSAComment do not shrink from that goal. And hopefully you won’t either.

Cross-posted from Cato-at-Liberty.

32 Comments | Leave a Comment..


This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it