Книга: Code 2.0
The reader who was dissatisfied with my argument in the last chapter is likely to begin asking pointed questions. “Didn’t you reject in the last chapter the very regime you are endorsing here? Didn’t you reject an architecture that would facilitate perfect sale of intellectual property? Isn’t that what you’ve created here?”
The charge is accurate enough. I have endorsed an architecture here that is essentially the same architecture I questioned for intellectual property. Both are regimes for trading information; both make information “like” “real” property. But with copyright, I argued against a fully privatized property regime; with privacy, I am arguing in favor of it. What gives?
The difference is in the underlying values that inform, or that should inform, information in each context. In the context of intellectual property, our bias should be for freedom. Who knows what “information wants”; whatever it wants, we should read the bargain that the law strikes with holders of intellectual property as narrowly as we can. We should take a grudging attitude to property rights in intellectual property; we should support them only as much as necessary to build and support information regimes.
But (at least some kinds of) information about individuals should be treated differently. You do not strike a deal with the law about personal or private information. The law does not offer you a monopoly right in exchange for your publication of these facts. That is what is distinct about privacy: Individuals should be able to control information about themselves. We should be eager to help them protect that information by giving them the structures and the rights to do so. We value, or want, our peace. And thus, a regime that allows us such peace by giving us control over private information is a regime consonant with public values. It is a regime that public authorities should support.
There is a second, perhaps more helpful, way of making the same point. Intellectual property, once created, is non-diminishable. The more people who use it, the more society benefits. The bias in intellectual property is thus, properly, towards sharing and freedom. Privacy, on the other hand, is diminishable. The more people who are given license to tread on a person’s privacy, the less that privacy exists. In this way, privacy is more like real property than it is like intellectual property. No single person’s trespass may destroy it, but each incremental trespass diminishes its value by some amount.
This conclusion is subject to important qualifications, only two of which I will describe here.
The first is that nothing in my regime would give individuals final or complete control over the kinds of data they can sell, or the kinds of privacy they can buy. The P3P regime would in principle enable upstream control of privacy rights as well as individual control. If we lived, for example, in a regime that identified individuals based on jurisdiction, then transactions with the P3P regime could be limited based on the rules for particular jurisdictions.
Second, there is no reason such a regime would have to protect all kinds of private data, and nothing in the scheme so far tells us what should and should not be considered “private” information. There may be facts about yourself that you are not permitted to hide; more important, there may be claims about yourself that you are not permitted to make ( “I am a lawyer”, or, “Call me, I’m a doctor”). You should not be permitted to engage in fraud or to do harm to others. This limitation is an analog to fair use in intellectual property — a limit to the space that privacy may protect.
I started this chapter by claiming that with privacy the cat is already out of the bag. We already have architectures that deny individuals control over what others know about them; the question is what we can do in response.
My response has been: Look to the code, Luke. We must build into the architecture a capacity to enable choice — not choice by humans but by machines. The architecture must enable machine-to-machine negotiations about privacy so that individuals can instruct their machines about the privacy they want to protect.
But how will we get there? How can this architecture be erected? Individuals may want cyberspace to protect their privacy, but what would push cyberspace to build in the necessary architectures?
Not the market. The power of commerce is not behind any such change. Here, the invisible hand would really be invisible. Collective action must be taken to bend the architectures toward this goal, and collective action is just what politics is for. Laissez-faire will not cut it.