Re: [GNU/consensus] [RFC][SH] User Data Manifesto

[Frank Karlitschek]

On 21.01.2013, at 14:17, Michael Rogers <address@hidden> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Frank,
> 
> I agree with the spirit of the manifesto but I have a couple of
> reservations.
> 
> First, the idea that people own the data they create is problematic.
> The manifesto describes rights belonging to the creator of personal
> data, which must be respected by those who store and process the data.
> In contrast, European data protection law describes rights belonging
> to the *subject* of the data, which must be respected by those who
> store and process it. I hope those two sets of rights can be
> reconciled, since it seems to me that both the creator and the subject
> have an interest in how the data's used; but I'm not sure ownership is
> the best approach to reconciling such conflicting interests, since it
> tends to produce binary outcomes (either you own something or you don't).

I'm not an expert in that.
Do you have a suggestion to to rephrase that?



> Second, having the source code to server software doesn't enable you
> to confirm that it works as specified; it's not possible to know
> whether the binary running on the server corresponds to the source
> code you've downloaded. I still think we should insist on free
> software, but we should recognise that it only protects us if the
> server operator is acting in good faith.

I agree. The idea is to describe here what the right of the users are. How to 
do this in reality might be tricky but this doesn't change the principals 


Cheers
Frank

> 
> Cheers,
> Michael
> 
> On 21/01/13 12:43, Frank Karlitschek wrote:
>> Hi,
>> 
>> let's try to create a version 2 of the manifesto together. I
>> created a draft 1 based on the feedback. So What do you think?
>> 
>> 
>> Frank
>> 
>> 
>> -- User data manifesto V2 draft 1
>> 
>> Changeslog:
>> 
>> - Add a remark to 3. that it is recommended to have an own server
>> for the personal data. - Removed "open source" so that only "free
>> software" is in point 8. - Replaced "Invulnerability of data" with
>> "Protect the data from loss" - Replaced "own data" with "personal
>> data"
>> 
>> ---------------- 1. Control the personal data The data that someone
>> directly or indirectly creates belongs to the person who created
>> it.
>> 
>> 2. Know where the data is stored Everybody should be able to know:
>> where their personal data is physically stored, how long, on which
>> server, in what country, and what laws apply.
>> 
>> 3. Choose the storage location Everybody should always be able to
>> migrate their personal data to a different provider, server or
>> their own machine at any time without being locked in to a specific
>> vendor. It is recommended to have the personal server for the
>> personal data in the long term.
>> 
>> 4. Control access Everybody should be able to know, choose and
>> control who has access to their personal data to see or modify it.
>> 
>> 5. Choose the conditions If someone chooses to share their personal
>> data, then the user selects the sharing license and conditions.
>> 
>> 6. Protect the data from loss Everybody should be able to protect
>> their personal data against surveillance and to federate their
>> personal data for backups to prevent data loss or for any other
>> reason.
>> 
>> 7. Use it optimally Everybody should be able to access and use
>> their personal data at all times with any device they choose and in
>> the most convenient and easiest way for them.
>> 
>> 8. Server software transparency Server software should be free
>> software so that the source code of the software can be inspected
>> to confirm that it works as specified.
>> 
>> 
>> --
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> On 15.01.2013, at 17:03, Rich Hilliard <address@hidden> wrote:
>> 
>>> if it allows rms to participate, I'm in favor.
>>> 
>>> ________________________________________ From: Frank Karlitschek
>>> address@hidden Sent: Tuesday, January
>>> 15, 2013 10:56 AM To: Rich Hilliard Cc: address@hidden;
>>> address@hidden Subject: Re: [GNU/consensus] [RFC][SH] User
>>> Data Manifesto
>>> 
>>> O.K.
>>> 
>>> Let's try to do it by email. I hope it's O.K. if we use this
>>> mailinglist :-)
>>> 
>>> I will take the current text and merge all the discussed
>>> improvements in and send it to the list as first draft. Then we
>>> can iterate until we have something that works for everybody.
>>> 
>>> I will send something probably tomorrow.
>>> 
>>> I hope thats a good approach.
>>> 
>>> 
>>> Frank
>>> 
>>> On 15.01.2013, at 16:34, "Rich Hilliard" <address@hidden> wrote:
>>> 
>>>> Email is fine with me; who has the current draft version?
>>>> 
>>>> ________________________________________ Sent: Sunday, January
>>>> 13, 2013 5:42 PM To: Frank Karlitschek Cc: address@hidden 
>>>> Subject: Re: [GNU/consensus] [RFC][SH] User Data Manifesto
>>>> 
>>>> I'd rather participate the way I have done thus far: by email.
>>>> 
>>>> -- Dr Richard Stallman President, Free Software Foundation 51
>>>> Franklin St Boston MA 02110 USA www.fsf.org  www.gnu.org Skype:
>>>> No way! That's nonfree (freedom-denying) software. Use Ekiga or
>>>> an ordinary phone call
>>>> 
>>>> 
>>> 
>> 
>> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iQEcBAEBAgAGBQJQ/T/qAAoJEBEET9GfxSfMNJ8H/26scjfyRokSOrTxUHwNlV0+
> RxNeHaXDB6BEHnfz/8uLfzDjIDAqR7hICZpjiVIvGotWCszdI3ssCadxFLCAIqsK
> ZESW7S6QoAbVCsFxQHwDBkvx4SpMWJ2En/RuKYYGs+/AnJHa/bvCt6t8j8kAvqjY
> I2tYuq3Sz0yoBPFPuBDtRHlg21g6CQjLLmoKgwTBnHx1xt+I17N14A87uAhGOwts
> VSfj9AQP3kavWNbuHlEiG8vx/PGUq2kj4LMV5gl/4B08kgZ3u+UUFtjWHB0PET+V
> AKIAHwiuwANlqdL6hjrwsKeAwHZUzaWvIRua7rGOOSxjPCP2zR1YXeZ4nx0CedE=
> =2sUe
> -----END PGP SIGNATURE-----