Re: [GNU/consensus] [RFC][SH] User Data Manifesto

[hellekin (GNU Consensus)]

On 03/01/2013 05:39 AM, Hugo Roy wrote:
> 
> Any comment on these suggestions?
> https://lists.gnu.org/archive/html/consensus/2013-02/txtZ5VLz15Cr2.txt
>
*** Hello Hugo,

I think you're right. Reducing the UDM to its core ideas, and expanding
on them would probably help making it both more consensual, and easier
to understand. It would still leave space for discussion.

About the first point on "user control of data", I still think that
"user data" is a problematic concept. Not only the contents one is
uploading forms the "data" in my opinion, but also the relations one
establishes with other people, and other people's contents. Let me give
an example: in a forum, a conversation can span years and each
contribution has the potential to make the conversation evolve in one
way or another. Yet, if some participant leaves the network, I don't
think there's any value to anyone that her contributions
disappear--leaving a hole in the conversation, potentially a big one
that would make the whole conversation unreadable, and I do doubt that
for that participant, sticking with her own contributions out of context
makes any sense either. Therefore, there's more to "user data" than just
blocks of contents: it looks to me more like a flow that creates agency
out of which the data loses value.

That said, I believe that this point should encompass access and
availability as well (as in: export in a format suitable for importing
elsewhere, that is covered by 3.)

Point 8. Server Software Transparency might be extended to client
software as well. As in UnHosted apps, the distinction between server
and client software is blurring, and with the expansion of
Javascript-based social software (e.g., NodeJS), the same code is
supposed to run on both sides, leaving the data flowing in-between.
Truth is, unless your business model is about surveillance, there's no
technical reason why private messages would ever need to appear to the
service provider at all.

But this manifesto being addressed to users of existing social software
platforms, it makes sense to mention that messages exchanged over the
Internet between individuals, and between members of the same non-public
group, should benefit from the same rights as offline exchange by means
of the postal service, that is: inviolability of correspondence.

Re-reading the original points, it appears to me that the whole
manifesto assumes a defensive position facing an invasive state of
affairs on the part of service providers. Indeed, "social networking
companies" assume that anything you submit to them is their property,
and they have the right to use it as they wish. In the same way the
computer industry assumes failure as part of the business (e.g., bugs),
in a manner unknown to any other industry, it now assumes that, on the
pretext we're using their machines, our correspondence can be violated
with impunity and worse, that it can be used for statistical analysis to
build a probabilist model of any user, for reasons of marketing,
surveillance, etc.

What we need instead, is to denounce that practice, and stand for
extending the rights of correspondence to the Internet, so as to protect
ourselves from the prying eyes of any entity that is potentially using
"our data" for their own interests. Free software is one way of
guaranteeing that the code we're using is indeed doing what it's made
for, and no hidden spyware feature is included. That does not prevent
any service from running their own proprietary analysis software on top
of it, given the fact that they can, but it would at least forbid them
from running spyware on our own devices without our express consent.

That brings me to another point: that remote control of third parties on
devices we have purchased should not be possible at all. That Amazon can
wipe out legally purchased books from your electronic-book-reader is
outrageous; that any company would be able to make an inventory of
what's on your device with impunity is outrageous.

Then, I would make the first point about the nature of online
communications: communication on the Internet is private, unless it's
explicitly made available to the public--which is in accordance to the
principle of network neutrality. Therefore, the rule of inviolability of
correspondence applies on the Internet, and in particular in the context
of social networking services. It is not enough that it is technically
possible to violate one's communications for it to be either legal or
ethical. It is indeed technically possible to wipe out an entire
population by means of artillery or poisoning; however none of it is
legal, nor ethical.

It seems to me that living in a "temporary" exception to the rules since
2001, under the pretext of terrorism, should not make us forget about
the exceptional nature of that fact. The law did not cease to be when
belligerent powers took over civil life. We're looking at things on our
heads if we think it's normal that companies can benefit from anything
we do or say online, on the pretext we're using their service. It is
indeed the fact, for those hundreds of millions of people who are under
the spell of Facebook and friends, but it doesn't make it more
exceptional. Next time you write a love letter, try and think about how
you would feel if anyone on the way to delivery would read it.

==
hk

signature.asc
Description: OpenPGP digital signature