|Home|
Collectivization of Knowledge: The Urgency of Now
Overview: Take a moment to consider: Would you have the job you do if an algorithm was the sole factor in hiring you? Christina Colclough will provide an overview of issues and Johnnie Penn will lead this discussion session. This session looks at information asymmetries, specifically in the context of data, dangerous paths for algorithms, the need for human in command, and imagines: what if our data could work for us?
Direct link to video: https://youtu.be/GWkosw56_hA
Student Engagement
We will elicit feedback from students in three phases:
-
First, we will ask your feedback on alternative potential paradigms for the use and protection of personal data. Then we will provide all students an opportunity to review and prioritize the responses from the class. We will collect your feedback on this initial question through Friday, February 1st. The results of this first phase of student proposed potential alternatives is available for review below.
-
Second, we will provide the top few proposed alternative paradigms and ask what benefits, costs and unintended consequences or other risks could arise from each top proposed alternative paradigm. We will curate the responses and provide them back to the class as a whole.
-
Third, we will ask how you would propose implementing one each top proposed paradigm including what business, social, economic, policy or other practical steps would be needed. Will wilk also ask what legal framerwork would be needed to implement and sustain the top proposed paradigms. We will curate the responses and provide them back to the class as a whole and provide the entire exercise to Christina and Jonnie for their feedback by YouTube and we will share that feedback with the class as a whole.
NOTE: We have extended the deadline for this session and will accept responses to phase 2 and 3 questions through Friday 15th, 2019.
What alternative paradigm can you propose for use and protection of personal data?
Student proposed alternatives follow:
Alternative 1: US Constitution 1st Amendment Paradigm
The framework may be the US Constitution 1st Amendment, right to free speech (or not to speak). Existing identity-dossiers about beliefs/values assembled by AI are unconsented appropriations of speech.
Willing release of identity data requires knowledge of benefits (customer profiling for mutually beneficial mass customization) – or a citizen’s implied consent for safety (TSA inspection), knowledge of potential uses and laws defining lines users cannot cross (HIPAA).
To prevent unconsented release, data should be embargoed (Sovrin container) with release normally requiring express consent, perhaps with rescission period (HUD mortgage) and use limited to time periods (Snapchat at one extreme).
Data now in the wild is too problematic to pull back but amnesty for the FAANGs is not OK (nor was the Music Modernization Act’s gift to the DSPs). Individuals should have the right to see/dispute/correct all their identify-dossiers (FCRA; a major line extension opportunity for Experian/TransUnion/EquiFax).
What benefits, costs and unintended consequences or other risks could arise from this proposed paradigm?
Student 1 Reply:
It is a great idea to give the possibility to people to see and eventually contest/correct their identity dossiers, in particular when information inserted in these dossiers could affect the reputation of individuals. This paradigm has also the merit to increase people’s awareness concerning the Orwellian customer profiling. At the same time, this paradigm could increase compliance costs for companies, in order to establish the best procedure to guarantee these possibilities to customers.
Student Reply 2
There are clear benefits to maintaining privacy over one’s personal data.
Health data, private keys social security numbers etc. should be under the control of the individual. There are extreme benefits to controlling one’s personal data and anonymity- including democracy voting and the ability to ring light to her situation without fear of retribution.
It is not clear to me how an amendment to the US Constitution would provide a framework for this in light of the Internet being split into two- where China and other countries do not have personal anonymity or control of one’s personal data.
In a world where that it is international and many governments will not going along with this- the risks are that Legal measures western nations take, simply will not be adopted.
In light of the fact that the western Internet is going to be split up into an infinite number of micro ecosystems (platforms)- Data privacy must come from a plethora of these ecosystems providing a bottom up approach to data privacy.
If there are a vast number of micro ecosystems providing data privacy then there will be a vast number of choices for people in the west and east to control privacy.
Given the rise of the vast number of decentralized autonomous ecosystems-
It is not unreasonable to think that these ecosystems will not self-arise.
The age of centralized control of data is coming to a close.
How would you propose implementing this proposed paradigm?
Student Reply 1:
Considering that the paradigm can be implemented in many industries, the attention should be canalized to industries that process sensitive data (health, religious beliefs etc.). The implementation could be done with a notification to the customer of his/her rights and how to exercise them. The information would be given when the customer subscribes to a service and s/he consents to the processing of personal data. The communication could be transmitted also later via email (in order to have a copy of the consent and terms to exercise rights).
Student Reply 2
At best there should be a finite number of data points that could be deemed private under a high-level government the law. Such as phone number age address etc.
What legal framework would be needed to implement and sustain this proposed paradigm?
Student Reply 1:
For the implementation of this paradigm it would be necessary to guarantee a high-level protection of customer rights, but in respect of the principle of proportionality, namely avoiding unjustified and unnecessary measures that would harm the business organization of companies involved. Hence a valid instrument would be represented by the implementation of privacy and administrative rules as well as independent authorities’ regulation that aim to discipline customers’ right to see, dispute and correct the content of identity dossiers.
Student Reply 2:
It becomes extraordinarily difficult do you dictate other types of private data that would come under such a law as private data and it’s meaning is dynamically generated.
If I buy 3 cups of coffee every other Thursday that may be private information but you would have air extremely difficult time determining before hand How this fits into a legal structure without a clear understanding of implementation organization and jurisdiction.
Alternative 2: Open Source Software Paradigm
I propose a paradigm based on open source software. The current paradigm in which big companies accumulate massive amounts of data can be stopped only by a movement of experts developing an open source software that would enable individuals to protect their data. This software would act as an intermediary between an individual and a company which products one wants to use. All data would be only collected within one place – in an open source software – and only after one would agree to transfer it to the given company it would be able to publish it or use it in any other way. From technological point of view it seems challenging and worth discussing during the live session. I would propose something similar to ProtonMail zero access architecture. In this way no company would be able to have access to data – only individuals. This mechanism would allow to precipitate couple of changes. Firstly, it would most likely create a market for data – people would start earning money if they decided to share data. In the data-driven economy it seems like a natural change. Secondly, it would make people aware of the amounts of data they share with private companies. Thirdly, it would be possible to ban and enforce sharing some kinds of data through this software – it is connected to the discussions we had during the Legal Frameworks for Humanity session.
What benefits, costs and unintended consequences or other risks could arise from this proposed paradigm?
Student Reply 1
Ideally, affirmative release of one’s data to specified users may drive more knowledgeable behavior by individuals, though they simply may continue to click-through to expedite receipt of whatever benefit is promised). It also may establish a market-clearing price for data. However, this may increase the cost of providing the benefits individuals expect in return, to the point where provision of such benefits may become uneconomical. Additionally, the benefit providers may be phishing or otherwise nonobvious bad actors.
Student Reply 2
Benefits
There are clear benefits to having an intermediary data repository of personal data between oneself and companies. The benefits are personal control over data and ability to monetize one’s own data. There are deep unintended consequences of a model that is based on open software A better model maybe one that deals with data… more like a personal Creative Commons…. what we have now for personal data is copyright.
if I have information which is about me then I should be able to Control it and copyright it- if I really have control over my personal data then that would mean I can copyright The phone number the telephone company issues to me- after all it’s my personal information- oh but they own it all but it’s mine…. clearly were in trouble.
There are other unintended consequences of thinking about data in terms of open source software. Data is hard enough to sort through and find what you’re looking for… but hiding Data in software or a software model makes it that much more difficult for external systems to be able to interact with it.
How would you propose implementing this proposed paradigm?
Student Reply 1
Free market system for price-setting. Trusted consumer review sites to review behavior by data users. Service providers should be required to periodically report-out their acquired data to the data owners. Resale of acquired data must be prohibited.
Student Reply 2
A better way is a light weight way of tagging data in a blockchain.
The practical steps would be to define sets of common data that you would like to exchange with most companies- determine percent of meta-tags describing it and publish a bite special occasion that would be needed to encode it.
What legal framework would be needed to implement and sustain this proposed paradigm?
Student Reply 1
Giving individuals control over the release of their data does not assure data will be used only as promised, so a model code of ethics for data services and perhaps a governance body should exist to constrain behavior.
Student Reply 2
Something like a personal creative Commons but more dynamic than copyright
Alternative 3: Supra National Harmonized Rules on Data Protection
In my opinion a possible alternative solution can be represented by the implementation of harmonized rules about data protection which act at a “supra” national level (a sort of soft law at an international level). Let’s call them UNIData principles (my random name suggestion for this paradigm). Let’s assume that these UNIData rules are not mandatory, everything is based on trust. For instance: there is a company which is compliant with UNIData principles (and maybe it has a certificate, similar to ISO 9001) so consumers/workers know that they can trust this company about the protection of their data.
Concerning the content of UNIData, there shall be principles that guarantee a high level protection of personal data: the acceptance of terms and conditions is not sufficient, increase of opt-out rights, simplifications of the procedures in order to easily exercise the right to be forgotten.
Unintended consequences: increase of compliance costs, possible effects on competition for small enterprises. Possible reactions of domestic supervisory authorities to be evaluated.
Benefits: increase of international transaction, improvement of consumers and workers’ protection.
How do we actually implement this? Creation of a UNIData Committee composed of experts in different fields (legal experts/data scientists/engineers etc.) for the elaboration of UNIData principles and maybe creation of a supervisory institution which gives advice on the implementation and interpretation of the principles.
How do we engineer the legal responsibilities and relationship about this? This paradigm is conceived as a soft law, so any company is free to adhere. At the same time, it is necessary to attract interest on this project and on its benefits in order to guarantee effectivity and the spread of the principles.
What benefits, costs and unintended consequences or other risks could arise from this proposed paradigm?
Student Reply
There are benefits to having a UNIData principles and rating system people have a sense ability who they can trust and this is strictly important for all sorts of entities including news.
Costs unintended consequences
The consequences regarding-
……principles that guarantee a high level protection of personal data: the acceptance of terms and conditions is not sufficient, increase of opt-out rights, simplifications of the procedures in order to easily exercise the right to be forgotten….
Are several- first it is extremely difficult to implement except for a very small amount of data that one generates. The vast amount of data will be auto generated data. It is not clear that the user would have the capability to manage this.
How would you propose implementing this proposed paradigm?
Student Reply
Also you cannot have the right to be forgotten with GDPR erasure. Blockchain technology’s and digital Leger’s are incompatible.
The main challenge in implementing a system like this is that managing data assumes that you have the ability to find it in the context in which it occurs-
This is an exceedingly difficult problem.
I suppose though, that when the robots take our jobs we will have plenty of time to spend all day managing our data. These are non-trivial problems.
What legal framework would be needed to implement and sustain this proposed paradigm?
Student Reply
Contract Law ??
Alternative 4: DecentralizedVariablePrivacy {DVP}
DecentralizedVariablePrivacy {DVP}
Our Understanding of Organizations and Data is inadequate for what is about to happen.
Starting next year we are going to start to see the first trials of Fling Taxi Drones (Uber Air).
Four to five years latter there will be operational deployment. Autonomous Cars are already here. In the next 3 to 4 years they will start replace humans. Robots now have the dexterity of humans. Blockchains and software agents AI will replace most white collar jobs as we know them in 5 Years.
It is easy to believe that all or problems are because the big 5 own all or data.
There is great danger thinking the problems are the current corporations. There are much bigger problems then how the big 5 own data.
China is beating us in intelligence (AI). Then nature of work is about to change rapidly.
People are scared. People are worried.
They are afraid of their data is centralized and that it will be used against them.
Rest assured this will not be the case.
We are going to have to be prepared.
80% of all jobs will be eliminated in the next 10 years. If you work with your hands your job will be replaced by a robot. If you work in an office your job will be replaced by a Blockchain. The reality is your job will not be replaced but rather your entire industry will be eliminated.
There is Hope.
There will be plenty of opportunity for all to earn it decent living- one even better than what they have now.
We are obsessed now with data privacy, and the centralized control of corporations. Blockchains, robotics and AI, however, will eliminate whole industries and the centralize control of data.
As we move into the world of blockchains
Centralize control of data will be pushed out to the edges of the network.
These efficiencies (of blockchains) will allow push DATA to the edges of the network (closer to the people).
Centralized control of data will be come less of an issue Because elimination of whole industries will also elimination those centralized corporate controls.
Opportunity, data privacy and control will pass closer to the hands of the people and edge organizations.
We should not focus on centralized corporations and their data privacy but rather the mechanisms that allow more people to have control of data at the edges of the network.
What you want is individuals AND entities at the edges of the network to be able to specify a variable range of privacy and control over their data.
The most efficient path forward is NOT to try to legislate Data silo’ed corporations but rather promote the Evolution of data used at the edges of the network where People and edge organizations can have direct control over their data and it’s monetization.
You cannot have computational laws about DATA (privacy) unless you have a computable form of contract.
To do this you need a computable form of jurisdiction.
If you want people (and edge entities) to receive financial benefits from their data .
They must be able to efficiently pay taxes.
To do this you need a computable form tax payment.
To speed innovation in Law, toward these ends, you want a WireProtocol (defined below) for specifying jurisdiction, tax payment and proof of age (eg over 18 in most jurisdictions).
What is needed is A Wire Protocal is Like ERC-20 (Which specifies what the bytes are) such as:
- WireProtocolForTaxes
- WireProtocolForJuristiction
- WireProtocolForProofOf18
The reason you want a WireProtocol (like ERC-20) is because the the geeks can write (anything to it) in any language.
You cannot do this with an API or Rest…..
Law published as a WireProtocol allows it to be use in ALL languages and ANY Blockchain.
This is the fastest way to spur innovation and put control of data and financial benefit of data into the hands of people (and entities) that are at the edges of the network ( non centralized control).
What benefits, costs and unintended consequences or other risks could arise from this proposed paradigm?
Student Reply 1
Benefits:
- instantly gather the entire set of transactions thus enabling analysis of an economy rather than having to rely on statistical surveys that can be manipulated for political purposes
- Autonomous organisations combined with artificial intelligence can be used for decentralized economic planning, going around the local knowledge problem and coordinating behaviour of millions of agents at low cost by using market mechanisms
- every agent regains data sovereignty
- in a world of computable organisations a voice can be endowed to every stakeholder via tokenisation **the question is through which master structures will this signalling take place thus determining the strength of the individual signal.
- autonomous organisations+A.I combined with IoT can lead to self owning assets and objects, as well as self preserving natural ecosystems (nature 2.0 paradigm)
- data funds/commons that aggregate data of many agents which collectively decide on the use (Datafund). Incentivization+aggregation (+anonymization) can then be used to better allocate an anti-rival good such as data.
Costs:
- Data sovereignty means the user needs to keep control of their keys or rely on a trusted 3rd party, at least until the advent of ungameable forms of decentralized identification or some cryptographic primitive (such as having a network of friends or 3rd parties that hold part of a shamir secret scheme)
- for such data to be preserved from privy centralised parties such as states and corporations it must be itself routed via a messaging protocol that is not susceptible to centralization: if an entity exerces control over TCP/IP, you could then selectively route packets to favour some miners and thus change the consensus and modify data.
- This resulting in a huge cost and effort to change the existing information infrastructure.
Unintended consequences:
- shift from democratic/oligarchic political forms to forms of social control arising from complex systems theory: already happening today with “social management” and “social credit system” in China, attention/reputation economies in the West. Accentuated by increased tokenisation and use of A.I for data processing and autonomous decision making
- difficulties in enforcing taxation if these computable forms are autonomous and feature privacy by design
- major socio-political shift in moving from centralised hierarchies to decentralized networks: while there can be an opportunity for enlarged participation in political and economic activity this paradigm can also turn into a more pernicious evolution of control society and surveillance capitalism: in other words it is easier to protest and effect change by putting pressure on a ruling/managerial class than fighting against a “decentralized consensus”
Student Reply 2
Benefits
The Benefits of having a clear definition of want to personal data and various licensing of how it can be used Is the fastest way to spur innovation at the edges of the network.
Costs unintended consequences-
The consequences are developing systems that gain traction and many people use.
How would you propose implementing this proposed paradigm?
Student Reply 1
- computable contract=smart contract, other forms of Ricardian contracts
- computable organisation= a DAO
- computable jurisdiction=Aragon Network Jurisdiction?, computable national jurisdiction such as Estonia?
- proof of jurisdiction not provided by a centralised entity (premise of this paradigm) has to take the form of verification of activity on a computable juridiction, i.e: how do you prove to a computable jurisdiction you are part of a non-computable jurisdiction?
- erc 20 is not a protocol per say but a technical standard for tokens which are units of account defined by a protocol such as the ethereum network
- But say we want such standard for data à la OpenLaw, Coala IP etc… There must be interoperability and expendability at heart while providing a common enough structure to give rise to a schelling point
- You need a certified proof of identity which is decentralised: i.e the register is not maintained or KYCed by a centralised entity such as a State but by agents at the edge
In short one such practical implementation can take the following form:
- using sharing/zero knowledge proofs and multi party computation/shamir to host the encrypted and split data (to avoid future breaking of the encryption revealing all data down the line) on a decentralized storage protocol such as IPFS/Swarm.
- Agents can then choose not to give access to the entire data trove but to sell access for one or several pieces of data for a certain price. Valuation of data can be made using OTC/ data exchanges of comparable data/token bonding curves and curation markets (such as Ocean Protocol).
- Management of data as a common resource can take the form of a data DAO where the total value contributed by an agent determines their voting power in the DAO.
- Autonomous purchaser DAOs using A.I and crowd intelligence can then buy and resell this data.
- Regarding collectivisation of knowledge a decentralized versioning control system can be used to track contributions of workers used to collaboratively produce code/information troves/cultural goods.
- Combining this VCS with a DAO protocol (such as Pando Network) enables crowd governance and distribution of income.
Student Reply 2
Providing a clear definition and a byte specification-wire protocol allows many different blockchain and non blockchain systems to interact with the data. Various kinds of signatures would allow Innovacion for new uses
Better monetization opportunities for one’s individual data
What legal framework would be needed to implement and sustain this proposed paradigm?
Student Reply 1
- data must to be recognised as sacrosanct right where theft and misuse is heavily sanctioned.
- Regulation that has been beneficial for the end user such as GDPR must be rewritten to take into account the fondamental contradiction with storage of data on immutable ledgers.
- Legal recognition for a DAO to collectively decide on the terms of a contract that controls a dynamic I.P licence (content DAO by Pando Network)
- computational contracts, organisations and jurisdiction must be recognised within the scope of traditional law, from the moment a clause in a contract/object of the DAO is not inherently contradicting a clause in the body of law of the relevant jurisdiction
Student Reply 2
Contract Law
Provide Your Feedback on the Alternatives
Direct link to form for you feedback: https://goo.gl/forms/X1kTtwGco3qBWcKB3
We will schedule an online hangout session to discuss the responses with Christina and Jonnie after collecting feedback from the class.