Chuck Cosson is Director, Legal Affairs, Privacy & Security, at T-Mobile US, based in Bellevue, WA. At T-Mobile, Chuck oversees privacy compliance programs and provides legal guidance on mobile Internet, location services, incident response, and other privacy, security, and business issues. Chuck spent 7 years at Microsoft leading that company’s public policy work on human rights, free expression, and child online safety. He has also worked in Washington, D.C. on telecommunications policy and regulation. His engagement with Stanford focuses on the role of metaphor as a guide for contemporary technology law and policy - a conception of the Internet not as a “place you go” but as a “tool you use.”
Recent reflection has prompted me to ask if quantum mechanics might help illuminate a path towards better dialogue about the Internet and data privacy in particular. Are network technologies tools? Or landscapes? Is the Internet a tool you use or a place you go? Perhaps the networked technologies exhibit properties of both, depending on the beliefs and perspective of the observer.
I consider this question in the instance of defining "personal data," and conclude personal data exhibits quantum properties in the following ways:
1) It can be in more than two places at once, or at least appear to be. The same data element can be both “private” (treated as confidential) and “public” at the same time.
2) The trajectory of data is not always subject to the same mechanical laws of physics that allow for relatively simple predictions of motion;
3) Data are “entangled”: one data element can be influenced by another unrelated and seemingly disconnected data element, even at a distance Read more about "Tool Without a Handle: 21st Century Privacy – A Quantum Puzzle
In the previous blog, I noted that the logical next step in understanding “privacy as fairness” was to examine if it is possible to identify principles that would effectively guide regulation based on "privacy as fairness." In this blog post, I observe that debate about regulations based on "privacy as fairness" should be oriented by three considerations: 1) regulations should be linked back to legitimate concerns about human emotional and physical well-being, not just abstract concepts such as "autonomy"; 2) regulations should enjoy a broad consensus as to both the harm to be addressed and the effectiveness of the proposed rule, and 3) “privacy as fairness” should not be confused with the protection of privacy as “solitude.” In this light, I note favorably regulations that are demonstrably necessary to ensure access to economic opportunity, while suggesting caution when considering official legal intervention aimed at balancing power among economic actors. Read more about “Tool Without A Handle”: Privacy and Regulation – An Expanded Rationale
This blog draws a basic distinction - between “privacy” questions on one hand, and “fairness” questions on the other. I believe the “privacy” conversation is not well served when we fail to carefully distinguish “privacy” and “fairness” issues. Moreover, for much of current privacy law and policy, the debate is not really about privacy (solitude or a "right to be let alone") so much as it is about “fairness." Read more about “Tool Without A Handle” “Justified Regulation (Part 2 – Privacy)
This blog post picks up (finally) on the topic of regulation – in particular to discuss cases where the issue is universally understood as worthy of regulation, so much so that variation in regulatory approaches is less desirable. One example of tool use that is worthy of sanction is the non-consensual public distribution of private, sexually explicit images, particularly of children. Questions remain, though, as to whether regulation should apply to direct actors or also to intermediaries, and what specific requirements should apply.
In this post, I suggest some core criteria that should be present whenever any regulation of tool providers is considered: 1) strong social consensus there are concrete and significant harms to be addressed; 2) strong consensus that obligations should apply equally across all intermediaries and online providers; 3) strong consensus the regulation is appropriately tailored and enforceable as a technical and practical matter. Read more about Tool Without a Handle: "Justified Regulation"
In my last post, I explored how law influences use of information technology through both rules and a concomitant degree of social consensus that a particular behavior creates undue risk or otherwise warrants a response. In this post, I’ll explore this point further in the context of two areas: legal obligations regarding data security, and attempts to regulate the use of “cookies.”
My point though, is the same in both cases: effectively regulating the use of information technology tools effectively requires a degree of social consensus on critical points. Whether a moral or social obligation exists is only one of several considerations. This, in turn, points out an advantage for thinking of information technology as tools, rather than as a “space” or as a thing analogous to a sovereignty unto itself. Read more about Tool Without a Handle: “Getting A Grip”