↳ Privacy

November 10th, 2018

↳ Privacy

Two Figures



On the varying modes of conceiving of privacy (and its violation) in the law

In a 2004 YALE LAW JOURNAL article, comparative legal scholar JAMES Q. WHITMAN explores differing cultural and legal postures toward privacy. Through his comparison, he draws a slim taxonomy: privacy rights are founded on either dignity (throughout Western Europe) or on liberty (in the United States). The distinction—while far from perfectly neat either historically or in the present—raises a number of interesting questions about privacy law that are currently being worked out as scholars and legislators move forward in the creation and implementation of digital governance procedures. From the paper:

"If privacy is a universal human need that gives rise to a fundamental human right, why does it take such disconcertingly diverse forms? This is a hard problem for privacy advocates who want to talk about the values of ‘personhood,’ harder than they typically acknowledge. It is a hard problem because of the way they usually try to make their case: Overwhelmingly, privacy advocates rely on what moral philosophers call ‘intuitionist’ arguments. In their crude form, these sorts of arguments suppose that human beings have a direct, intuitive grasp of right and wrong—an intuitive grasp that can guide us in our ordinary ethical decisionmaking. The typical privacy article rests its case precisely on an appeal to its reader’s intuitions and anxieties about the evils of privacy violations. Imagine invasions of your privacy, the argument runs. Do they not seem like violations of your very personhood?

Continental privacy protections are, at their very core, a form of protection of a right to respect andpersonal dignity. The core continental privacy rights are rights to one’s image, name, and reputation, and what Germans call the right to informational self-determination—the right to control the sorts of information disclosed about oneself. They are all rights to control your public image.

By contrast, America is much more oriented to values of liberty. At its conceptual core, the American right to privacy is the right to freedom of intrusions by the state, especially in one’s own home."

Link to the paper.

  • Forthcoming in the Harvard Journal of Law & Technology, an in-depth review of the significance of the Supreme Court's June decision in Carpenter v. United States: "Carpenter holds that the police may not collect historical [cellphone location tracking data] from a cellphone provider without a warrant. This is the opinion most privacy law scholars and privacy advocates have been awaiting for decades." Link.
  • An excellent repository of scholarship on the GDPR—the new European data protection law—from the journal International Data Privacy Law. Link.
  • Danielle Citron and Daniel Solove's 2016 paper explores how US courts have dealt with legal standards of harm—anxiety or risk—in cases of personal data breaches. Link. See also Ryan Calo's 2010 article "The Boundaries of Privacy Harm." Link.
  • Khiara Bridges' 2017 book The Poverty of Privacy Rights provides a corrective to universalist claims to a right to privacy: "Poor mothers actually do not possess privacy rights. This is the book’s strong claim." Link to the book page, link to the introductory chapter.
⤷ Full Article

July 21st, 2018

High Noon



History of risk assessment, and some proposed alternate methods 

A 2002 paper by ERIC SILVER and LISA L. MILLER on actuarial risk assessment tools provides a history of statistical prediction in the criminal justice context, and issues cautions now central to the contemporary algorithmic fairness conversations:  

"Much as automobile insurance policies determine risk levels based on the shared characteristics of drivers of similar age, sex, and driving history, actuarial risk assessment tools for predicting violence or recidivism use aggregate data to estimate the likelihood that certain strata of the population will commit a violent or criminal act. 

To the extent that actuarial risk assessment helps reduce violence and recidivism, it does so not by altering offenders and the environments that produced them but by separating them from the perceived law-abiding populations. Actuarial risk assessment facilitates the development of policies that intervene in the lives of citizens with little or no narrative of purpose beyond incapacitation. The adoption of risk assessment tools may signal the abandonment of a centuries-long project of using rationality, science, and the state to improve upon the social and economic progress of individuals and society."

Link to the paper.

A more recent paper presented at FAT* in 2018 and co-authored by CHELSEA BARABAS, KARTHIK DINAKAR, JOICHI ITO, MADARS VIRZA, and JONATHAN ZITTRAIN makes several arguments reminiscent of Silver and Miller's work. They argue in favor of causal inference framework for risk assessments aimed at working on the question "what interventions work":

"We argue that a core ethical debate surrounding the use of regression in risk assessments is not simply one of bias or accuracy. Rather, it's one of purpose.… Data-driven tools provide an immense opportunity for us to pursue goals of fair punishment and future crime prevention. But this requires us to move away from merely tacking on intervenable variables to risk covariates for predictive models, and towards the use of empirically-grounded tools to help understand and respond to the underlying drivers of crime, both individually and systemically."

Link to the paper. 

  • In his 2007 book Against Prediction, lawyer and theorist Bernard Harcourt provided detailed accounts and critiques of the use of actuarial methods throughout the criminal legal system. In place of prediction, Harcourt proposes a conceptual and practical alternative: randomization. From a 2005 paper on the same topic: "Instead of embracing the actuarial turn in criminal law, we should rather celebrate the virtues of the random: randomization, it turns out, is the only way to achieve a carceral population that reflects the offending population. As a form of random sampling, randomization in policing has significant positive value: it reinforces the central moral intuition in the criminal law that similarly situated individuals should have the same likelihood of being apprehended if they offend—regardless of race, ethnicity, gender or class." Link to the paper. (And link to another paper of Harcourt's in the Federal Sentencing Reporter, "Risk as a Proxy for Race.") 
  • A recent paper by Megan Stevenson assesses risk assessment tools: "Despite extensive and heated rhetoric, there is virtually no evidence on how use of this 'evidence-based' tool affects key outcomes such as incarceration rates, crime, or racial disparities. The research discussing what 'should' happen as a result of risk assessment is hypothetical and largely ignores the complexities of implementation. This Article is one of the first studies to document the impacts of risk assessment in practice." Link
  • A compelling piece of esoterica cited in Harcourt's book: a doctoral thesis by Deborah Rachel Coen on the "probabilistic turn" in 19th century imperial Austria. Link.
⤷ Full Article

July 14th, 2018

Traveling Light



Considerations on data sharing and data markets 

CHARLES I. JONES and CHRISTOPHER TONETTI contribute to the “new but rapidly-growing field” known as the economics of data:

“We are particularly interested in how different property rights for data determine its use in the economy, and thus affect output, privacy, and consumer welfare. The starting point for our analysis is the observation that data is nonrival. That is, at a technological level, data is not depleted through use. Most goods in economics are rival: if a person consumes a kilogram of rice or an hour of an accountant’s time, some resource with a positive opportunity cost is used up. In contrast, existing data can be used by any number of firms or people simultaneously, without being diminished. Consider a collection of a million labeled images, the human genome, the U.S. Census, or the data generated by 10,000 cars driving 10,000 miles. Any number of firms, people, or machine learning algorithms can use this data simultaneously without reducing the amount of data available to anyone else. The key finding in our paper is that policies related to data have important economic consequences.”

After modeling a few different data-ownership possibilities, the authors conclude, “Our analysis suggests that giving the data property rights to consumers can lead to allocations that are close to optimal.” Link to the paper.

  • Jones and Tonetti cite an influential 2015 paper by Alessandro Acquisti, Curtis R. Taylor, and Liad Wagman on “The Economics of Privacy”: “In digital economies, consumers' ability to make informed decisions about their privacy is severely hindered, because consumers are often in a position of imperfect or asymmetric information regarding when their data is collected, for what purposes, and with what consequences.” Link.
  • For more on data populi, Ben Tarnoff has a general-interest overview in Logic Magazine, including mention of the data dividend and a comparison to the Alaska Permanent Fund. Tarnoff uses the oil industry as an analogy throughout: “In the oil industry, companies often sign ‘production sharing agreements’ (PSAs) with governments. The government hires the company as a contractor to explore, develop, and produce the oil, but retains ownership of the oil itself. The company bears the cost and risk of the venture, and in exchange receives a portion of the revenue. The rest goes to the government. Production sharing agreements are particularly useful for governments that don’t have the machinery or expertise to exploit a resource themselves.” Link.
⤷ Full Article

February 3rd, 2018

The Greatest Strategies



This week, an Australian college student noticed how data from Strava, a fitness-tracking app, can be used to discover the locations of military bases. Many outlets covered the news and its implications, including Wired and the Guardian. In the New York Times, Zeynep Tufekci’s editorial was characteristically insightful:

“Data privacy is not like a consumer good, where you click ‘I accept’ and all is well. Data privacy is more like air quality or safe drinking water, a public good that cannot be effectively regulated by trusting in the wisdom of millions of individual choices. A more collective response is needed.”

Link to the editorial.

Samson Esayas considers the collective nature of data privacy from a legal perspective:

"This article applies lessons from the concept of ‘emergent properties’ in systems thinking to data privacy law. This concept, rooted in the Aristotelian dictum ‘the whole is more than the sum of its parts’, where the ‘whole’ represents the ‘emergent property’, allows systems engineers to look beyond the properties of individual components of a system and understand the system as a single complex... Informed by the discussion about emergent property, the article calls for a holistic approach with enhanced responsibility for certain actors based on the totality of the processing activities and data aggregation practices."

Link to the paper. ht Jay

  • A Twitter note on Strava from Sean Brooks: “So who at Strava was supposed to foresee this? Whose job was it to prevent this? Answer is almost certainly no one…I’ve always hated the ‘data is the new oil’ metaphor, but here it seems disturbingly accurate. And ironically, organizations with something to hide (military, IC, corporate R&D) have the resource curse. They want to benefit from the extraction, but they also have the most to lose.” Link.
  • We mentioned Glen Weyl last week as a noteworthy economist engaging with ethical issues (see Beatrice Cherrier’s Twitter thread). A speculative paper he co-wrote on "data as labor" imagines a world in which companies paid users for their data. (We find the framing "data as labor" slightly misleading—Weyl's larger point seems to be about data as assets—the product of labor.) Link. ht Chris Kanich for bringing the two threads together on Twitter.
  • This Economist article also covers Weyl's paper: “Still, the paper contains essential insights which should frame discussion of data’s role in the economy. One concerns the imbalance of power in the market for data. That stems partly from concentration among big internet firms. But it is also because, though data may be extremely valuable in aggregate, an individual’s personal data typically are not.” Link.
  • A potentially exciting aspect of the GDPR is the right to data portability: "A free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data." Link.
⤷ Full Article