jgd@Dixie.Com (John G. DeArmond) (12/19/90)
abrams@cs.columbia.edu (Steven Abrams) writes: >Is this sufficient reason for making databases illegal? This is >almost along the lines of the "guns don't kill people" type of >argument, with the major exception that there is nothing implicitly >dangerous about data. Yes it is. The gun analogy is not quite right. In general, things that can easily cause harm to people through inadvertant use and/or things that have the potential for mass destruction are most heavily regulated. Plus the degree of regulation (should) depend on the ease of use of the potential harmful force. To look at the destructive devices issue in a different light, consider that blunt instruments are not nearly so regulated as, say, explosives. Though both can effectivly kill, the wad of Centex does so much more efficiently and with much less effort. IN other words, the window of opportunity is much easier. (Plus the use of guns is explicitly protected by the constitution, a fact not true about databases.) Similiarly, most people don't get terribly upset that personal information is available in phone books and at the county court house in the form of record books. Procedures used to harm you via your personal data such as pattern matching and searching and modeling are difficult to impossible until that data is placed in a database. Most people don't even get upset knowing that personal data is available in credit databases because they (sometimes wrongly) assume that the filtering process dictated by law makes it difficult to abuse. Once that same data is in a database manipulatable at will by the abuser, the issue changes remarkably. Since the same data becomes trivially easy to abuse, it stands to reason that additional regulations and prohibited uses should be identified and codified. Like the old saying goes, " an NRA member is often a liberal who has been mugged", those of us who most vigorously fight for personal privacy are often those who have been abused or have seen the abuse done to others. John -- John De Armond, WD4OQC | "Purveyors of speed to the Trade" (tm) Rapid Deployment System, Inc. | Home of the Nidgets (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"
abrams@cs.columbia.edu (Steven Abrams) (12/19/90)
In article <5308@rsiatl.Dixie.Com> jgd@Dixie.Com (John G. DeArmond) takes my bait and writes: >abrams@cs.columbia.edu (Steven Abrams) writes: >>Is this sufficient reason for making databases illegal? This is >>almost along the lines of the "guns don't kill people" type of >>argument, with the major exception that there is nothing implicitly >>dangerous about data. > >Yes it is. The gun analogy is not quite right. In general, things >that can easily cause harm to people through inadvertant use and/or >things that have the potential for mass destruction are most heavily >regulated. Plus the degree of regulation (should) depend on the ease >of use of the potential harmful force. I'm glad someone took didn't let this slide. It wasn't meant sarcastically, but it was meant to get a reaction. To put databases in the same category as guns or explosives is ludicrous, in my opinion. Let me explain what I feel to be true about databases, computers and regulations. These are IMHO, and not meant to be construed as law or my opinion of law. 1) A "Data base" is a collection of knowledge. You can not forbid knowledge. You can't even prevent people from writing down everything they hear. You certainly can't pass a law against someone with a photographic memory from remembering things. 2) Any data that is presented or discovered by someone is free to all, unless the ideas are patented or they are discovered while under a non-disclosure agreement. (I'll get to this later...) 3) Computers are rapidly becoming the primary ways in which we store and analyze data. I don't think I have to go into the reasons why. 4) The fact that a device can be misused to harm people is not cause in and of itself for regulation. Yes, guns and explosives are and should be heavily regulated. Probably because if you use a gun correctly, you shoot someone or something, not only if you misuse it. And explosives blow things up as a rule, not an exception. Knives, on the other hand, have many uses. They cut wood, meat, wires, and yes, they kill people. But they are not (nor should they be) regulated. Now, mind you, I am scared of the prospects of Lotus, et al, having my life story on CD-ROM, and being able to predict what, when, and how I buy everything from engagement rings to toilet paper. I am even more afraid of the government coming in and passing laws about who can store and search what types of data. Do I have to now explain how I get my "hit list" of potential leads for contract work to the government? What if this list grows to be so big and detailed that it could be searched for, say, all computer companies with more than a million dollars worth of hardware and are looking for night staff or are located in secluded parts of town? Is this now a "dangerous" database? No, they can't touch this. What if I give this list (or sell it?) to colleagues looking for similar work. Is this now a regulateable database? Hmmm. I mentioned above that acquired data is freely distributable unless obtained under an (explicit or implied) nondisclosure (this is again, my belief, and I'd appretiate one of the net.lawyers, Mike, to correct this if wrong). Perhaps the approach is to pass a law that allows the safe assumption that certain types of data are automatically confidential, i.e. there is a de facto non disclosure on addresses obtained by mail-order houses, retail stores, periodical publishers, etc., unless explicitly waived. The waiver must be explicit, not implicit, to prevent stupid fine-line type stuff. This might satisfy lots of people. Now, what about data already in circulation? Tough call, and also impossible to retroactively make such data "illegal." Well, perhaps Brad's idea (was it you in fact?) about protecting mailboxes and phone numbers from junk mail/phone calls/faxes. Banning the databases? Don't think so. Let me safely assume that certain stuff is confidential? Sounds better. ~~~Steve -- /************************************************* * *Steven Abrams abrams@cs.columbia.edu * **************************************************/ #include <std/dumquote.h> #include <std/disclaimer.h>
brad@looking.on.ca (Brad Templeton) (12/19/90)
Well, it's a nice analogy, but if I were a supreme court justice, and I listened to the EFF when it told me that electronic publishers were real publishers, then if somebody presented me with a law that said electronic publishers could not publish certain types of non-private information (such as your name, address, etc.) then I would strike down that law as a violation of the constitutional guarantees of freedom of the press. The government shalt not tell publishers what they can and can't publish. (Except, it seems, if it's obscene in some states, or violates national security.) Citizens have redress if material published about them is false, but that's not a prohibition on publication, only a requirement that publishers be responsible for what they publish. And there is no redress on true material. I do not propose changing the 1st amendment in order to stop database publishers. They (we) are the press as much as the New York Times. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
lear@turbo.bio.net (Eliot) (12/19/90)
How about the following? [1] Creditors and those who would provide input for such databases should be required to get your approval to report TO the databases. In fact, to prevent pressure tactics, we might need a law requiring the input sources to not discriminate based on one's refusal to sign such a form. and/or [2] You may sue the database provider AND consumer (that is - the one using the database) for some vast quantity of money if an error on their part harms you in some way. A bank could still turn you down if you don't have good credit or enough references, etc., and you will know who is reporting information about you. It's not quite prohibition, but it is pretty serious regulation. -- Eliot Lear [lear@turbo.bio.net]
abrams@cs.columbia.edu (Steven Abrams) (12/20/90)
In article <1990Dec19.065012.1634@looking.on.ca> brad@looking.on.ca (Brad Templeton) writes: >Well, it's a nice analogy, but if I were a supreme court justice, and I >listened to the EFF when it told me that electronic publishers were real >publishers, then if somebody presented me with a law that said electronic >publishers could not publish certain types of non-private information >(such as your name, address, etc.) then I would strike down that law as >a violation of the constitutional guarantees of freedom of the press. Thank you Brad. This is exactly what I've been trying to get across. ~~~Steve -- /************************************************* * *Steven Abrams abrams@cs.columbia.edu * **************************************************/ #include <std/dumquote.h> #include <std/disclaimer.h>
cyberoid@milton.u.washington.edu (Robert Jacobson) (12/20/90)
European data laws presume that data is in fact a property, a commodity, and its use can be regulated as is the use of other property (even in our liberal society). Who owns the data is less important than what is done with it. But some data is considered highly personal and its first right of ownership is with the person about whom it pertains. This right does not necessarily prohibit the use of the data by others, but it does permit the property owner to negotiate, individually or through the means of government, that it be dealt with in socially responsible ways. In a democracy, that generally means in ways that will produce the greatest social good. In a democracy with a bill of rights, there is also the criterion that the employment of property -- in this case, data -- not be used to damage another's interest, particularly a right. Bob Jacobson
cyberoid@milton.u.washington.edu (Robert Jacobson) (12/20/90)
So let's get to the bottom line: what's * private information * ? Bob Jacobson
jgd@Dixie.Com (John G. DeArmond) (12/21/90)
lear@turbo.bio.net (Eliot) writes: >How about the following? >[1] Creditors and those who would provide input for such databases > should be required to get your approval to report TO the > databases. In fact, to prevent pressure tactics, we might > need a law requiring the input sources to not discriminate > based on one's refusal to sign such a form. >and/or >[2] You may sue the database provider AND consumer (that is - the > one using the database) for some vast quantity of money if an > error on their part harms you in some way. I like this, Elliot. In fact, I like it so much that I can say that it is almost in sync with my proposal a month ago that caused so much smoke and flame. About the only difference is that I provide for the government to pay for the consumer's litigation so that economic pressure would not preclude one from exercising one's rights. Financing the cost of litigation, or better, having the justice department act on your behalf (but only at your request) would put real teeth in the law. And if we establish, a priori, certain acts that are by definition violations of a person's privacy rights, then we remove a large burden from the courts and from the citizen. A violated citizen must then prove only that the act occured and not whether he was harmed. The law would establish that he was indeed harmed. Let's keep working. WE may come up with something that will fly yet. John -- John De Armond, WD4OQC | "Purveyors of speed to the Trade" (tm) Rapid Deployment System, Inc. | Home of the Nidgets (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"
zane@ddsw1.MCS.COM (Sameer Parekh) (12/22/90)
In article <13284@milton.u.washington.edu> cyberoid@milton.u.washington.edu (Robert Jacobson) writes: > >So let's get to the bottom line: what's * private information * ? > >Bob Jacobson Information that only you (and yours) know. -- zane@ddsw1.MCS.COM
jonl@pro-smof.cts.com (Jon Lebkowsky) (12/24/90)
In-Reply-To: message from cyberoid@milton.u.washington.edu Bob J's post about European data laws articulates the opinion that was shaping in my own feeble brain, that data laws should look at how it's used rather than what it is....
cyberoid@milton.u.washington.edu (Robert Jacobson) (12/25/90)
In article <1990Dec22.040101.26926@ddsw1.MCS.COM> zane@ddsw1.MCS.COM (Sameer Parekh) writes: >In article <13284@milton.u.washington.edu> cyberoid@milton.u.washington.edu (Robert Jacobson) writes: >> >>So let's get to the bottom line: what's * private information * ? >> >>Bob Jacobson > Information that only you (and yours) know. > > >-- >zane@ddsw1.MCS.COM How about information that you choose to share with someone -- a doctor, priest, or attorney -- in confidence? Or information that you give up for a commercial transaction having first obtained the agreement of the new holder of the information that it will not be passed to a third party or used for some other purpose? Or information about you that is somehow purloined or misgotten? Easy answers to "personal information" abound, but usually don't work.