Democratizing Data Ownership
June 29, 2021 11:04 AM   Subscribe

KDE Akademy 2021 - How We Can Solve the Personal Data Problem by Björn Balazs

He has named his project Privact, but the website is a little sparse on the details of his implementation. His talk goes into more details than the website does, but still leaves questions around what this would truly look like in practice, what financial incentives there are to move to a model like this, and how would it be able to compete with Big Tech's data vacuum.
posted by thebotanyofsouls (17 comments total) 8 users marked this as a favorite
 
Hey, we'll solve the problem of Big Data...by being Big Data, but with 'better' PR. This strikes me as another example of late stage engineer's disease. I don't need some entity to protect my data for me (and allow other groups to have "fair access") - I need there to be regulations on what data can be collected, who can access it, and how long its kept. And amazingly, we have models for how this works - systems like HIPAA, which has done a lot to protect medical data.
posted by NoxAeternum at 12:33 PM on June 29, 2021 [20 favorites]


Glad to see I was the only one that noticed the conspicuous absence of 'regulation' and 'government' in both the website and the presentation. I'll stop thread-sitting now.
posted by thebotanyofsouls at 12:54 PM on June 29, 2021 [3 favorites]


And amazingly, we have models for how this works - systems like HIPAA, which has done a lot to protect medical data.

Liability is magic in it’s effectiveness. It’s not perfect but nothing else even comes close.
posted by mhoye at 12:54 PM on June 29, 2021 [17 favorites]


We do not want to loose the comfort big data brings.

Hmm. That's the crux of it, I think. I had to log into a Google-based work account this morning, so that I could do work stuff. Google would not allow me to authenticate until my ad blockers were disabled. Why does Google need to do advertisement-related tracking for authentication? But I turned off the ad trackers so that I could log in.

Facebook's stock just skyrocketed the other day, after a federal judge threw out an antitrust case against it. Users want convenience or even just be able to do their work, and all that the Googles and Facebooks have to do is threaten to make tech an unpleasant experience, to argue that restrictions are antithetical to "innovation", in order to coerce the public to accept what these companies are doing. The judge was pretty harsh in throwing out the case against Facebook; threats against society work.

Without privacy laws and enforcement of antitrust laws, there is no teeth for protecting personal data. Laws and democracy do not mesh well with the gilded age.
posted by They sucked his brains out! at 1:21 PM on June 29, 2021 [1 favorite]


There is no going back, well unless we rip out the fiber and wires and electricity. There are databases of databases that have data about you (yes you) going back before you were born. It's accelerating and algorithms (ML/big data) are going to get better at an accelerating rate.

We need an amendment, not the 28th but the 0th. Something like citizens can not be caused harm by their own data.

That plus the vast folders of case law that would grow to fill more db's would at least give us people a chance.
posted by sammyo at 1:21 PM on June 29, 2021


There is no going back, well unless we rip out the fiber and wires and electricity.

That’s simply not true, and medical data is a good example. Regulation and liability are the way forward.
posted by mhoye at 1:37 PM on June 29, 2021 [11 favorites]


But we should probably also rip out the fiber and wires and electricity, just to be sure.
posted by Faint of Butt at 1:38 PM on June 29, 2021 [3 favorites]


There is no going back, well unless we rip out the fiber and wires and electricity. There are databases of databases that have data about you (yes you) going back before you were born. It's accelerating and algorithms (ML/big data) are going to get better at an accelerating rate.

HIPAA solved this by making data liability bait. If you have an unauthorized disclosure of protected health information - even if it's not your fault - it costs you money for each piece that was breached. And it doesn't matter how old that data is - you lose control of it, you're liable.

The result is that storing data under HIPAA has a cost. And as a result, the value of PHI is a balance between its positive value and the negative value of its potential liability and the cost to keep it safe. And when that value goes negative, well - that's why companies dealing with PHI have things like "minimum necessary" rules (only collect the data you actually need) and aging out (old data is no longer as valuable, so it needs to be destroyed to no longer be a liability.)

Big Data acts as a data Hoover because there is no liability for them to do so. We can fix this by creating liability, so that data collection has a cost, and thus they are incentivized to figure out what data is actually worth collecting.
posted by NoxAeternum at 1:41 PM on June 29, 2021 [21 favorites]


Is this anything like Prof. K Pistor’s idea (previously)?
posted by progosk at 3:52 PM on June 29, 2021


Having watched the presentation now, I can answer myself: pretty much yes, in the sense that both are positing proposals for a collective governance structure for databases of personal data (as the concrete solution to contrasting the current power imbalance favouring Big Tech companies), only where Pistor explores a Depository Trust Company (DTC) model, whereby a trust fund owns the data (and regulations and liability govern the establishment and running of the trust), he imagines/outlines a cooperative model of ownership for the data (and on a a global scale, whereas Pistor's is US-based).

His cooperative needs a for-profit company that runs the technical solution. That then poses the problem of the ownership of that company, and he posits a foundation run by (in-house) parliament, elected via a global chain of trust, based on NGOs. He goes into some FOSS weeds, and the concept of a marketable seal of compliance.

Pistor's essay does a good job of explaining what market characteristics structurally favour the current power imbalance, how firms are themselves circumventing markets/regulations. I have no expertise to judge whether liability is a better/simpler solution, but it seems to me Pistor is less optimistic about that:

"Moreover, law privileges hierarchy over markets. It is not a coincidence that Big Tech companies are all organized as corporations, with their hierarchical governance structure and built-in legal privileges such as limited liability for shareholders and protection of the corporations from claims on their assets by their own shareholders or their personal creditors. These features have allowed Big Tech companies to raise capital in the early stages of their operation when they still depended on outside capital and to incubate the returns they made behind a corporate veil.

Given that both markets and firms are legal constructs, and that information costs alone cannot explain when one prevails over the other, what or who determines when either markets or firms shall reign? The case of Big Tech suggests that private agents will often prefer hierarchy over markets, because it greatly increases their control rights and creates economies of scale from which they can benefit disproportionately, especially when they have free rein to design the governance structure of these firms. If hierarchy is the “natural” outcome, proactive intervention is needed to recreate the resemblance of markets in which parties can bargain at least on formally equal footing.
"

Overall, both of them, in different ways, are attempts to imagine moving beyond current market logic. I salute their separate visions, because whatever's currently in place now is clearly not working for us all.
posted by progosk at 1:29 AM on June 30, 2021


There are databases of databases that have data about you (yes you) going back before you were born.

I don't believe you.

Show me them.
posted by flabdablet at 6:13 AM on June 30, 2021


...as free software and as kde specifically why we are the ones who can start it. We don't have to wait for anybody else. We can just hack the current system and start it and change the world to a better place...
Situation: there are fourteen competing standards.
posted by flabdablet at 6:21 AM on June 30, 2021 [3 favorites]


Show me them.

The DB's I became aware of are propriety business information. So perhaps a bit bloviating but how does airbnb know where I lived 20 years before the internet? When I signed up it confirmed my identity with several questions about where I lived in the 70's. I had to zoom into a map to remember the actual street number. Did your parents use water or electricity? That billing info has not gone away, it's in a db somewhere. Can you be connected to where you were living in the womb? I suspect that may not be a difficult correlation.

There are whole terabytes of data quietly tucked away by commercial data brokers. Not bad guys, I'm happy that airbnb does the best identity certification they can. (LOL I reread that sentence, terabytes sounds so trivial today, but data is dense and it's probably peta if not exa anyway) A small startup I worked for basically had a write only policy unless specifically asked to remove client info, the data, and then usually just broke links ;-)

That proverbial station wagon rolling down the highway... how many 10TB drives could it hold? Data is not going anywhere. We are known.
posted by sammyo at 6:35 AM on June 30, 2021 [1 favorite]


This strikes me as another example of late stage engineer's disease.

(/me reads transcript)

Ayuh.

The guy is a UX engineer, and he thinks that app developers being able to hoover up usage information is vital to keeping free software's UX competitive with commercial software's.

To which I say: nope. The main reason I prefer free software is because by and large its UX is stable. Except for a few egregious cases like Firefox and Gnome 3 it doesn't inflict pointless UX rearrangements on me with every other update for no better reason than that somebody else likes it better that way and/or that some asshole marketroid has dreamed up some evil new way to yoink my eyeballs in the direction of their latest sales pitch.

He's also missing the point that the main reason personal data is valuable is because the advertising industry wants it, and wants it as non-anonymized as it can possibly get it. So he's talking about setting up this personal data co-operative that anonymizes and aggregates members' data before onselling it to fund its own ongoing activities, but aggregated anonymized data is shit-grade as revenue raisers go. It may well be all that a UX engineer's heart desires, but it's almost completely useless to an advertiser.

So perhaps a bit bloviating but how does airbnb know where I lived 20 years before the internet? When I signed up it confirmed my identity with several questions about where I lived in the 70's. I had to zoom into a map to remember the actual street number.

So you told airbnb your address from the 70s. What evidence do you have that they were actually checking this information against something they already knew, as opposed to merely setting up the usual "security question" crap that's been made necessary by the demonstrated reluctance of the masses to use proper credential management software?

I am never going to sign up for airbnb but if I ever change my mind I will be shocked if they have any clue where I was in the 70s.

All my "security" questions make it look like I grew up on Nbwxq.vship.lcgol.oeycg.uhikx Street with a pet named Nbwxq.vship.lcgol.oeycg.uhikx Pet and attended Nbwxq.vship.lcgol.oeycg.uhikx School where I was taught by Nbwxq.vship.lcgol.oeycg.uhikx Teacher; after leaving school I bought a Nbwxq.vship.lcgol.oeycg.uhikx Car. And of course every organization where I have credentials gets a different version of this story because KeePassXC makes doing that super easy. Never had any of them knock me back.

The only address I don't routinely lie about is my current one, because doing so is pointless; it's really easy to look that up. And I was certainly not here before the Internet was a thing.

You might be known. I don't believe Faceboogle could even dig out a properly tagged photo of me, let alone construct anything vaguely resembling a timeline of my life.
posted by flabdablet at 7:03 AM on June 30, 2021 [1 favorite]


There are whole terabytes of data quietly tucked away by commercial data brokers.

Commercial data brokers are horribly underregulated, which has had repercussions across the board - one ugly one is that because they don't have any liability for the info they carry and they talk to one another, it's near impossible to get erroneous data corrected.

And again, make these companies liable for the security of that data, and I can guarantee that those DBs will slim down. As long as data capture has no downside for the company, then they will engage in it. Make it have real costs, and then these companies will be more judicious in their capture.
posted by NoxAeternum at 7:57 AM on June 30, 2021 [2 favorites]


Google would not allow me to authenticate until my ad blockers were disabled.

Something hinky is going on there. I just tried logging into my Google account with uBlock Origin and NoScript active in a Firefox private window, and only google.com and gstatic.com set to Trusted in NoScript; no problem.

Which ad blockers are you using?
posted by flabdablet at 12:18 AM on July 1, 2021


When I signed up it confirmed my identity with several questions about where I lived in the 70's...

Just because they ask you a question does not mean they already hold the answer, this is sometimes how they sneakily collect additional personal data.
posted by Lanark at 1:56 AM on July 4, 2021 [1 favorite]


« Older Not the year of the MOOC but the week of cashing...   |   The Six Degrees of Ryu Newer »


This thread has been archived and is closed to new comments