Wednesday, March 9, 2011

Foggy thinking about the Right to Oblivion



I was lucky enough to spend a few days in Switzerland working on Street View. And I treated myself to a weekend of skiing too. The weather wasn't great, we had a lot of mountain fog, but then, the entire privacy world seems to be sort of foggy these days.

In privacy circles, everybody's talking about the Right to be Forgotten. The European Commission has even proposed that the "right to be forgotten" should be written into the up-coming revision of the Privacy Directive. Originally, a rather curious French "universal right" that doesn't even have a proper English-translation (right to be forgotten? right to oblivion? right to delete?), le Doit a l'Oubli, is going mainstream. But, what on earth is it? For most people, I think it's an attempt to give people the right to wash away digital muck, or delete the embarrassing stuff, or just start fresh. But unfortunately, it's more complicated than that.

More and more, privacy is being used to justify censorship. In a sense, privacy depends on keeping some things private, in other words, hidden, restricted, or deleted. And in a world where ever more content is coming online, and where ever more content is find-able and share-able, it's also natural that the privacy counter-movement is gathering strength. Privacy is the new black in censorship fashions. It used to be that people would invoke libel or defamation to justify censorship about things that hurt their reputations. But invoking libel or defamation requires that the speech not be true. Privacy is far more elastic, because privacy claims can be made on speech that is true.

Privacy as a justification for censorship now crops up in several different, but related, debates: le droit a l'oubli, the idea that content (especially user-generated content on social networking services) should auto-expire, the idea that data collection by companies should not be retained for longer than necessary, the idea that computers should be programmed to "forget" just like the human brain. All these are movements to censor content in the name of privacy. If there weren't serious issues on both sides of the debate, we wouldn't even be talking about this.

Most conversations about the right to oblivion mix all this stuff up. I can't imagine how to have a meaningful conversation (much less write a law) about the Right to be Oblivion without some framework to dis-entangle completely unrelated concepts, with completely unrelated implications. Here's my simple attempt to remember the different concepts some people want to forget.

1) If I post something online, should I have the right to delete it again? I think most of us agree with this, as the simplest, least controversial case. If I post a photo to my album, I should then later be able to delete it, if I have second-thoughts about it. Virtually all online services already offer this, so it's unproblematic, and this is the crux of what the French government sponsored in its recent Charter on the Droit a l'Oubli. But there's a big disconnect between a user's deleting content from his/her own site, and whether the user can in fact delete it from the Internet (which is what users usually want to do), more below.

2) If I post something, and someone else copies it and re-posts it on their own site, do I have the right to delete it? This is the classic real-world case. For example, let's say I regret having posted that picture of myself covered in mud, and after posting it on my own site, and then later deleting it, I discover someone else has copied it and re-posted it on their own site. Clearly, I should be able to ask the person who re-posted my picture to take it down. But if they refuse, or just don't respond, or are not find-able, what can do I do? I can pursue judicial procedures, but those are expensive and time-consuming. I can go directly to the platform hosting the content, and if the content violates their terms of service or obviously violates the law, I can ask them to take it down. But practically, if I ask a platform to delete a picture of me from someone else's album, without the album owner's consent, and only based on my request, it puts the platform in the very difficult or impossible position of arbitrating between my privacy claim and the album owner's freedom of expression. It's also debatable whether, as a public policy matter, we want to have platforms arbitrate such dilemmas. Perhaps this is best resolved by allowing each platform to define its own policies on this, since they could legitimately go either way.

3) If someone else posts something about me, should I have a right to delete it? Virtually all of us would agree that this raises difficult issues of conflict between freedom of expression and privacy. Traditional law has mechanisms, like defamation and libel law, to allow a person to seek redress against someone who publishes untrue information about him. Granted, the mechanisms are time-consuming and expensive, but the legal standards are long-standing and fairly clear. But a privacy claim is not based on untruth. I cannot see how such a right could be introduced without severely infringing on freedom of speech. This is why I think privacy is the new black in censorship fashion.

4) The Internet platforms that are used to host and transmit information all collect traces, some of which are PII, or partially PII. Should such platforms be under an obligation to delete or anonymize those traces after a certain period of time? and if so, after how long? and for what reasons can such traces be retained and processed? This is a much-debated topic, e.g., the cookies debate, or the logs debate, the data retention debate, all of which are also part of the Droit a l'Oubli debate, but they completely different than the categories above, since they focus on the platform's traffic data, rather than the user's content. I think existing law deals with this well, if ambiguously, by permitting such retention "as long as necessary" for "legitimate purposes". Hyper-specific regulation just doesn't work, since the cases are simply too varied.

5) Should the Internet just learn to "forget"? Quite apart from the topics above, should content on the Internet just auto-expire? e.g., should all user posts to social networking be programmed to auto-expire? Or alternatively, to give users the right to use auto-expire settings? Philosophically, I'm in favor of giving users power over their own data, but not over someone else's data. I'd love to see a credible technical framework for auto-delete tools, but I've heard a lot of technical problems with realizing them. Engineers describe most auto-delete functionalities as 80% solutions, meaning that they never work completely. Just for the sake of debate, on one extreme, government-mandated auto-expire laws would be as sensible as burning down a library every 5 years. Even if auto-expire tools existed, they would do nothing to prevent the usual privacy problems when someone copies content from one site (with the auto-expire tool) and moves it to another (without the auto-expire function). So, in the real world, I suspect that an auto-expire functionality (regardless of whether it was optional or mandatory) would provide little real-world practical privacy protections for users, but it would result in the lose of vast amounts of data and all the benefits that data can hold.

6) Should the Internet be re-wired to be more like the human brain? This seems to be a popular theme on the privacy talk circuit. I guess this means the Internet should have gradations between memory, and sort of hazy memories, and forgetting. Well, computers don't work that way. This part of the debate is sociological and psychological, but I don't see a place for it in the world of computers. Human brains also adapt to new realities, rather well, in fact, and human brains can forget or ignore content, if the content itself continues to exist in cyberspace.

7) Who should decide what should be remembered or forgotten? For example, if German courts decide German murderers should be able to delete all references to their convictions after a certain period of time, would this German standard apply to the Web? Would it apply only to content that was new on the Web, or also to historical archives? and if it only applied to Germany, or say the .de domain, would it have any practical impact at all, since the same content would continue to exist and be findable by anyone from anywhere? Or to make it more personal, the web is littered with references to my criminal conviction in Italy, but I respect the right of journalists and others to write about it, with no illusion that I should I have a "right" to delete all references to it at some point in the future. But all of my empathy for wanting to let people edit-out some of the bad things of their past doesn't change my conviction that history should be remembered, not forgotten, even if it's painful. Culture is memory.

8) Sometimes people aren't trying to delete content, they're just trying to make it harder to find. This motivates various initiatives against search engines, for example, to delete links to legitmate web content, like newspaper articles. This isn't strictly speaking "droit a l'oubli", but it's a sort of end-run around it, by trying to make some content un-findable rather than deleted. This will surely generate legal challenges and counter-challenges before this debate is resolved.

Next time you hear someone talk about the Right to be Oblivion, ask them what exactly they mean. Foggy thinking won't get us anywhere.

40 comments:

Anonymous said...

Great post. I am convinced that there is no sensible regulatory way to stop the information wave that is rolling. Any law on a droit a l'oublie even if it can be enforced in practice can only affect a very small portion of the web. I think a solution lies in the last point you make in 6). The information will always be available but we must and will all "learn to ignore" certain pieces of it. I remember a lot of debates from two years ago where advocates for regulation of a droit a l'oublie mentioned the example of a teenager who posts a picture of himself drunk at a party. The claim was that that teenager will find it harder to get a job when he applies for one five or ten years later. Heads nodded in audiences when this example was given. Now, this example has disappeared from these debates because everyone realized that future employers will not make such an outdated photo the basis for their decision to hire a person. We seem to have outgrown this example very quickly which shows our capability to adapt how we consume and evaluate information in the face of an every growing amount of information.

Anonymous said...

A European Commissioner cited God to justify her proposal on a right to be forgotten: As she said in a written speech: "Personal data can easily be stored and then even more easily multiplied on the Web. But it is not easy to wipe it out. As somebody once said: “God forgives and forgets but the Web never does!" This is why the "right to be forgotten" is so important for me." You can read her speech here: http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/700

Well, I always find it distasteful when European politicians cite God on their side, it almost makes them sound like American Tea Party activists. But more importantly, God forgives, but He certainly doesn't forget. I doubt many religious people share Ms Reding's sense that God is a rather old man with memory lapses.

Marcoantonio said...

Interesting post. As an internet user, I prefer the ability to delete (or set an expiry date) to my comments and online conversations. I expect the same from passing real life conversations, post-it notes on the fridge, love letters on a napkin and my scribbles on my high-school textbooks.

I don't want to double-think every.thing.I.post in an infinite-future scenario in which everything I say (or do) online might be used against me someday, for good or evil. There might be a time in which I will rather say nothing for fear of where my information might end up.

There is such a thing as too much information. Not all data-mining is done for our benefit, and we are quickly losing control of the wonderful tool that is the internet.

Anonymous said...

This is a good post. It raises several pertinent issues which are likely to come ever more to the fore.
"Should the Internet be re-wired to be more like the human brain? ... I guess this means the Internet should have gradations between memory, and sort of hazy memories, and forgetting. Well, computers don't work that way."
I respectfully disagree. We do have the ability to design our systems differently. For instance, Your employer is in the business of assigning statistical weight to signal/noise ratio. It is not inconceivable that an open system based on information entropy could become standard.

JimAtLaw said...

Question Peter - Does someone posting their picture on a site automatically grant you rights to cache it and distribute or display it yourself? Are their terms of use relevant and did you read them before caching the data? Did you consider the extent of any implied license, or assume it to permit redistribution, creation of derivative works, and display to third parties?

Be careful when you think about the right for them to delete - if you never had the right to make more than a temporary local copy while viewing, which may be the extent of the implied (or express) license they're granting, then caching and displaying that data later may not just be breaching the person's privacy (whether or not actionable), but could be breach of a license and/or copyright infringement.

DISCLAIMER: Not legal advice, haven't really thought about this in any depth, just tossing around ideas here.

Dale said...

right on!

I even see parallels with burning books, if people have a right to destroy information how is that any different to burning books and not learning from history?

We have been able to document people for centuries, the internet just makes it easier and now practically *anyone* can publish stuff, so the twits are getting twitchy...

Inovision said...

I think that if you don't want it to be seen/publish/crawled, you shouldn't say it in the first place. What happened in Vegas stayed in Vegas before, but now what happened in Vegas stays on Google, Youtube, facebook, etc...

By the way, I'm french!

Louis-philippe Bellier
Consultant www/SEO
Inovision Int.

Josh said...

I don't believe in a right to delete. When you say something to another person, something you regret, you can't take that back. The person you tell is free to spread that information. Once you make something public it's public. We all make mistakes and do and say things we regret. I may regret this comment some day. This is of course different from a scenario when someone else makes damaging information public, which is already covered through libel and trade secret laws.

I think there's some confusion as to the meaning of privacy. I understand a right to privacy to mean a right to prevent information from going public. That does not include a right to retract information already made public.

As for #4, I think we need a standardized privacy system where users can choose a default level of privacy and choose how much of their information the web sees. Then, websites that require more information from a user for a given task can request more information from the user. For the same reasons as above, I don't think information should "expire."

Unknown said...

This seems to be a very thorough list of some very thorny issues but I detected in your post an under-current opinion of "this problem is so hard, there really is no way to solve it."

I hope I misread that. Yes, these are some very challenging issues but we, as a global society, have a right to protect the well being of its inhabitants as much as we have a right to protect things like free speech or freedom of expression.

I'm not sure why companies such as Google, Twitter and Facebook feel that freedom of expression is somehow a more sacred right than freedom from ridicule and public humiliation (especially when it's not at all deserved).

I've seen first hand how people, protected by the Internet's anonymity, can act with a "mob mentality" to wreck a person's reputation without consideration of truth, fairness or the harm they can bring to bear on an innocent soul.

The Internet makes it possible to rapidly discover information from unthinkably large databases of information regardless of how malicious that information is. Prior to the Internet, it would have been much more difficult to uncover such damaging information. Without the Internet, the desire to have something "disappear into oblivion" becomes less urgent a need since the difficulty of discovery renders it virtually invisible.

I completely understand the benefits of this level of information access but we can't simply ignore the damage we can do to people just because the benefits are so great.

That would be like saying we don't need to worry about the pollution cars cause since the benefit they provide is so great.

We must always strive to enhance the benefits while seeking to minimize or eliminate the inherent problems. But right now, it seems pretty clear there's not much movement toward protecting people's basic rights to dignity.

Weaver said...

I'm so glad that someone else sees this issue, sans fog. Human beings, by my lights, have three inalienable rights: the right to make their own decisions on their own personal existence; the right to make the wrong decision, and; the right to suffer by it. It is only through our embarrassment or other style or degree of pain that we achieve personal growth. The memories of these experiences are what enable us to activate behaviour management strategies that ensure we don't lock ourselves in to the knots of repetitive behaviour which can rob us of personal evolution. To err is human, to repeat the error is the only stupid thing. To forget our maturing influences, or to enable them to be forgotten by others, is to enable existence only within a fantasy realm and therefore, not a life anchored in reality, which is the only context in which we can achieve the overcoming of obstacles, either within ourselves or without. Heroes need their flaws. How else are they in a position to overcome them in order to become heroes? For others to observe that 'she came from there, but despite, look where she is now' is a mechanism to produce the next generation of heroes. Denial has never been useful. Nobody has the right to remove the responsibility for our personal existence from us.

FinalShaft said...

In a few years this problem will become moot. The world is trending towards irrelevant attitudes towards the past sins of others. Charlie Sheen is loved because he ignores the elephant in the room. Eventually we are all blackmailing ourselves with data.

The Charlie Sheens among us will keep living life without apology. As we all relax and realize that life is not about being perfect, we will begin to judge people on a different set of qualities. The winner will not be the one with the spotless record. That person will be examined with skepticism and disdain. The winners will be able to accept the actions of their past and focus on what they are doing now.

Anonymous said...

@webmaster - The reason why companies like Google, Facebook or Twitter have a bias in favor of freedom of expression has nothing to do with politics or moral values.

The reason is that they built their business around data. They make money by figuring out trends and information from raw noisy data. The more data they have, the more information they can discover and more value they deliver. Anything that reduces the volume of data provided by users is bad for their business.

We could even say that freedom of speech is the new black in data mining fashion.

Joe said...

Great post.

I, mostly, outrightly dismiss privacy advocates. If something was meant to be private, it should not have been on the Internet in the first place.

Jean said...

"I think that if you don't want it to be seen/publish/crawled, you shouldn't say it in the first place." <-- what's more, you should not-say it in a place where no one you know is present, and where no cameras are present, and no security cameras either, nothing that will be submitted to Facebook's et al's face recognition algorithms.

Jean said...

Oy, Steeve, you've never had a girlfriend, have you?

("If something was meant to be private, it should not have been on the Internet in the first place." <-- you've never said something you wish you could un-say? That could only be forgiven or understood by a close and trusted friend? Ever?)

Shava said...

It seems to me that there are some more funny boundaries. For example is it censorship or chilling speech if I want to know who is making money of my PII, and selectively deny that privilege? The standard answer is that I enjoy free services online, but I'm pretty sure companies exploit my info with no benefit to me, through web bugs and such.

Some aspects you mention are a chill on free expression, but very few are "censorship.". I think I would say that a takedown to a marketing company can't be considered censorship, and that is really the core implication of this article.

Anonymous said...

The question maybe should be reversed. Should a company have the right to collect certain information? At one point in history a person could move to a new town, state or country and recreate themselves. Today that is much harder. For a few dollars you track anyone. More than technology issue it is a social issue where at what point can people disappear and re-event themselves. People mind wander to criminals as an argument against this but I would argue people disappear for many reasons. A battered wife and abused teen among some. As a Christian based nation we have always given people the ability to reevent themselves and leave a past somewhat behind.

People do stupid things. Our brain is built to reflex and forget. It is a protection built into our brain. People do stupid things and we regret them. If there is no forgetting then you are going to relive the regret and/or nightmare. What if a rape victim had to relive through the media everyday a rape that occurred years prior.

In the business world a sale people would be devastated if every failed sale was available. Sales people tend to forget and move to the next big deal.

I still question if a company or government has the right to keep everything on me that I have ever said or done. What purpose does it server. We can argue that the amount of informtion is to large to really create a world of always remembering. I argue it is the lack of technology a this moment in time that is the issue. What new technology is someone working on in their garage or dorm room that will be able slice and dice it where it is actually meaningful.

Philosopher's Beard said...

I'm afraid this post still leaves things rather foggy.

1. Distinguish internet actions from other actions. JimAtLaw made an excellent point on this. Much of the data-leakage on the internet that takes information out of our control in the first place is in breach of existing copyright laws. A stronger (and more enforced) system of copyright over your image and words would dramatically reduce the scope for your own embarrassing internet actions to come back to bite you.

2. The problem of persistence concerns disproportionality - that people judging your suitability for a job/relationship now will be biased in their assessment according to what an internet research company throws up. In particular the internet's long memory for public records of your offline actions (like court convictions or plagiarising a termpaper) means that such information remains "current" and may poorly reflect the person you have since become. But surely there is nothing new here. In any case, much of this would seem like exactly the kind of public record information that either is not important enough to be online in the first place, or could be made to auto-delete (which is often status quo for the offline information anyway).

3. Distinguish your actions from other people's reporting of them. Why should other people have the right to report on you? We give journalists special rights to do this kind of thing about certain people because of its benefits for the public interest, but that is exactly not the case for ordinary people. If I have an affair, what business is it of anyone else? The charge of censorship must be supported by some analysis of the importance of the information concerned.

vint cerf said...

Thought-provoking post!! And an important array of questions. The context draws to mind the so-called Internet Archive and its "Way-Back Machine" that is attempting to record the Internet (at least, its web content) for reference later.

What to make of print publications that you cannot "erase" nor stop people from saving?

It is fair to observe that the online medium is far more easily searched than paper archives. Online content is more "discoverable" than offline print (or other hard medium such as DVDs) and that may change our attitudes about what should be considered "public" information.

vint cerf

Mary Hodder said...

I think you are missing an important distinction. There is data a user puts on the web: a facebook comment, a tweet, a flickr photo, etc. And there is data the user didn't expect to go anywhere except with the business they do business with:

* geolocation logs from one's carrier
* purchases made with a vendor
* financial statements and the various actions one takes with bill pay, online banking and financial organization
* search activity logs
* an email address given to Facebook to be used as a login

The problem is that users expect that this data will stay with the obvious parties: you purchase something and your data should stay with the vendor and the shipping company. But the reality is your data is being sold all over, beacons are all over the purchase site, and you have no notice at all.

Or Facebook gives your email address to Rapleaf who matches it with activities all over the web. You have no idea, nor did you expect this.

Or you search on your mom's medical condition and now the beacons have transmitted the info to advertisers and pharmaceutical companies.

And you thought deleting your cookies would help. A complete waste of time now with flash cookies, beacons and fingerprinting of your computer.

What I think user's want is the right to control their own data. The right to ask that it be deleted after a period. The right to correct it if something is wrong, and the right to hold it, so they may store it in a personal data store (PDS).

And why, you ask would anyone use that? Well.. do you use Mint, or Dopplr, or Trippit, or have a mileage account? For that last one, you can get amazing things like free hotel room or plane tickets or even goods like flowers. We already use personal data stores now.. just very primitive ones. And we want the ability to trade our data because we might get a free book or discounted things.

There is a lot to work out here, but there is a Personal Data Ecosystem coming.. companies are building for it, and frankly, we do need a little regulatory help on the side to support user's rights to their data.

And to keep sites, like the examples above, from sending your data off site through beacons and trackers. Instead, Ad companies should be sending sites a black box to choose the ads, so that sites never have their user's data leaving the site for any reason, unless the user takes it to their PDS.

It's the right thing to do for people.

Myron Rosmarin said...

First, a matter of business. I was the author of the @webmaster post above ... not sure why it showed my identity that way, I had no intention of posting anonymously (something I believe is a huge contributor to the problem at hand).

Now back to the comments:

This issue of removing information from the Web can not be compared to offline "burning of books" ... these two mediums are not at all similar.

In order for a book to get printed, there is a serious amount of *accountability* that happens along the way where the identity of the authors, printers and publishers are knowable. This means that a considerable amount of thought had to be baked into the process before the book got printed.

The other thing that doesn't happen with print media is the incessant Ctrl-C/Ctrl-V problem that is currently plaguing the Web. On the Internet, a piece of misinformation, defamation or libel also gets *replicated* rapidly and without remorse or accountability.

I also take great exception with the concept that if "you didn't want it out there, you should have never put it online" ... this too completely misses some of the more troubling scenarios that are completely outside of an individual's control.

Here's a scenario: you are a psychologist that treats criminally insane patients. Your safety is tied up in your ability to keep your home address private. But some company who makes its living from posting doctor and hospital information somehow discovers your home address and publicizes it as if its your practice's office (yes, that does happen). Now that information gets copied by the competitors of the original company multiplying the problem.

As the doctor in this scenario, you now fear for your life because your criminally insane patients can find out where you live. And you have little if any control over this because the Internet is unforgiving when it comes to your ability to take control of your private information.

So again I raise the point ... which is the more sacred freedom here? Freedom of expression/free speech or an individual's right to live in safety?

Guido Scorza said...

Peter,
interesting post.
Also in Italy, we have the same debate.
Maybe, with google translator, you (and yours readers) can read my ideas here: http://daily.wired.it/news/cultura/il-diritto-all-oblio-caro-web-dimenticami.html

Many thanks,
www.guidoscorza.it

Caroline said...

Hi Peter

I explored the same type of thoughts and tried to put them in infographic form on my site http://www.lobbynomics.com/2010/11/my-right-to-be-forgotten-your-obligation-to-forget/
some time ago. Enjoyed your post.

Richard M Stallman said...

It is absurd, as you say, to give people a right to insist on deletion
of published information about them, and that would be a form of
censorship.

However, it is not so hard to require companies to delete (and not
publish) the personal data that they systematically keep collect
people, once that data is not inherently needed; and that is not
censorship.

By keeping these two issues separate, we can protect a lot of privacy
without any censorship.

Anonymous said...

The government in '1984' claimed a right to delete, as well. As your post alludes, a more important question than 'will this have the intended effect?' is 'what un-intended effects will this also have?'.

How does this square with the Shoah 'Never Forget'? Or people who, we swear, should never be forgotten? If I can force my forgetting, then someone else can also force my forgetting.

Anonymous said...

Thought provoking article.

As others have mentioned there needs to be a distinction between my posts and actions and those of commercial interests. Like our ability to examine our credit record there needs to be a way to inspect and challenge commercial information gathered about us.

Further we need to get to a societal understanding of private. Just because you post on facebook does not give an employer the right to access what is clearly private material.

Anonymous said...

People abusing "privacy" is pretty sad. Especially as it means they don't really understand what it is, and what it's for. Overly simply put, it's the freedom from nosy prying sods.

1) is very clear, at least on the internet: My server, my rules. I post something, I get to un-post it. This gets murkier if I choose to post elsewhere, because then it's their server, their rules, and if I choose to agree to their rules I had better understand what their Ts&Cs say.

2) is very clear for the same reason: If I let someone copy that material to do with as he pleases, then he can do exactly that. If I don't want him to do it, I put a copyright on it and a licence forbidding copying. You basically tag the work with the rules you want the copyer to abide by.

We're not all lawyers, but there's enough canned options to get by.

If you put something in the public domain and afterward ask people to take it down after all, you're entirely at the mercy of their goodwill. And good luck with that. Involving third parties is a sure way to get them in hot water.

As to 3), I think I'll agree with you, which should follow from the introduction.

4) is pretty deeply undermined by data retention laws, and is related to similar rules like how certain national revenue services require every "transaction" to be kept on record for seven(!) years. That would then include things like name, bank account, and often much more.

It also shows the fundamental weakness in privacy laws: It amounts to nicely asking to please not abuse all that data and certainly not lose it or sell it or have it stolen. Since the subject has no power over the holding and the holders have no stake in protected the held data, it's fairly hard to make work
reliably.

Ad 5), I like the "data fading" idea and is probably best integrated between administration and curating the archive. But on the general internet? That notion seems a bit silly. You don't artificially "fade" a city either. It makes little sense, and yet another framework.... Not something I'd put forward as realistic, not now, maybe never.

Rewiring the internet? What's 6) about? Wouldn't that mean more gossip, not less? Sounds like clueless milling about, having nothing better to do.

7) is fairly obvious under the "my server, my rules" doctrine, though you can ask if servers should fall under the straight up jurisdiction of the soil as they're now. Host a virtual server under german law on an amazon (us company) cloud in japan? Why not? Well, because that freedom to choose might require international treaties and otherwise make things problematic. But it's a nice idea.

No idea what to think of 8), but in france and a couple other places, linking equals publishing. Personally I think that's deeply wrong and lopsided; linking doesn't appear to confer rights, only liabilities.

Anonymous said...

This comment is more directed to the comment posters. The blog entry is refreshing and inspiring but there are some fundamental things about what we call the Internet that should be highlighted..

Face it, the Internet is a crap-load of networks connecting computer devices over the world. Professional life (when required) aside, you chose to connect to the Internet. You chose to create accounts using your real personal information on webapps such as Facebook which is owned by a company, and which you also "sign" an agreement with that anything and everything you put on there will be owned by that company the second it lands on their physical machines.

If you let your house door open and unlocked, leave a stack of post-it notes on your kitchen table together with a pen, and ask me to come around sometime to write you a note; would it be sensible for me to really and honestly believe that you will destroy the notes I wrote you if I asked you to, but you do not want to do it? You will be the owner of those notes. They are in your house, you bought them, and they are not illegal by the laws in that geographical area. It will be your property and you can do whatever you want with it.

Now if you go and send some data onto a storage device, text/binary/whatever, that lives in my basement or in my datacenter where I own that particular storage device; I will own that data. It will be in my possession. I can do whatever I want with it as long as I don't violate any laws in that country.

Going around and thinking that "zomg the Internet is evil and we have to do something about it because I potentially do not want to see a future employer in 10 years still being able to stumble across a picture or a piece of text I wrote on whateversite dot com" is weird and wrong.

In the end of the day, think about what you do. Someone commented along the lines of "I don't want the Internet to be a place where I have to think about everything I do"... well, stop crying and realize what the Internet is.

If you want it changed, just try. I'll tell you it will never work due to what the Internet is. Unless all countries in the world would create a new law that any piece of data that is somehow connected to the Internet must be destroyed 5 years after creation. Seriously, think about it.

Sincerely,
John Smith

Vittorio Bertola said...

There are several dimensions to this problem - let me present some as a long-time Internet user and expert who is now running for Mayor in his home town.

Recently, our local newspaper made all of its past issues since 1867 digitally available. This really enhanced the political debate, since people, with a couple of clicks, could prove that a certain candidate did or said something wrong thirty years ago. The information was already there, only it wasn't easily available to everyone. However, the candidate who was prosecuted and found guilty of stealing or beating other people 30 years ago does not want that to appear in public - and so he calls upon his "right to oblivion". Actually, I could bet that there will soon be political pressures on the newspaper to remove their archive.

So you may think that the "right to oblivion" is bullshit, but then I think of myself. I never did anything illegal in my life, but things I did or said in the past are resurfacing in several manners - for example, vulgar jokes posted onto the Usenet when I was 20, or blog posts from ten years ago in which I said things that are entirely opposite to what I think and say now as a candidate.

Personally, I don't want anything to be removed. I'm not ashamed of anything I ever did or said, I think only stupid people never change their mind on anything. But the problem is that, at least here, media are corrupt and hysterical. If they support a party opposite to yours, they will do whatever they can to attack you personally. They would pick your stupid photos from when you were 20 and put them on the front page for all the city to see, *and* they will put carefully drafted comments near to them to make the reader think that it's a huge affair. You may have experimented a bit of this during your Italian trial (but I guess that the US is not that different to this regard).

So the issue is not about information being still available, it is about how it is presented to the public.

Thus, we should not ponder about removing information from the Internet, but about defining correct ways to use it and to present it. More honest media would do a lot to solve the issues. Internet-age redress and libel procedures would also do (now we're stuck with the expensive traditional libel trial, which means that if you're rich and powerful you can scare anyone just with the threat of starting one, otherwise there's no way for you to get even clear defamation redressed). And, in general, educating the public to the fact that it is normal for people to change during their lifetime would also be useful. Unfortunately, all these actions are not so easy to implement, but I think that they could be the right way to go.

Steve Magruder said...

The public realm should simply not have an "undo key" attached. If something is released into that realm, it needs to stay. There would be no public record, no history, no non-fictional literature, etc. if we bend to this crazy notion of giving people a right to un-say something. It's like giving a criminal a right to un-commit their crimes.

I have few regrets about the things I've said online, and I've said some outlandish things. As others have noted, I can write off a lot of that as "personal growth", but I would never even dream of wanting a right to delete any of it. Why should anyone be able to self-absolve their public behavior? Sheer nonsense.

I want to relate a specific story that outlines more qualms.

I run a discussion board, and a few years ago, one user requested that I remove his posts due to some job-related embarrassment over his posts. I did something I now regret: I obliged him. Why? Because removing his posts from a topic somewhat disrupted the record of what was/is a public discussion. The removal warped the context. If the request was made today, I would basically say "tough luck" or "show me a court order". This person posted publicly and should have expected it would stay part of the public record, forever. And I mean, FOREVER.

People often forget that embarrassments like this fade, and that the balance of data about a person ultimately controls what most people think about said person. Just because a person says something they regret doesn't mean people won't also know a lot of the other things this same person said. Charlie Sheen is a good example, because despite his current crazy behavior, and saying many things he may ultimately regret, he also has the proud record of entertaining millions of people over a long period of time.

Consider the balance of public information about you, and stop this silly notion of deleting the regrettable public things people may find out about you. Stop it, or we will destroy human culture itself.

Seaton Daly said...

While the framework of Mr. Fleischer's thesis around censorship and privacy is reasonable, he does miss on one important concept, and it directly deals with how American's view "privacy" compared to the rest of the world. The word "privacy" does not exist in the U.S. Constitution (it is interpreted under the 4th and 14th Amendments), and the interpretation of privacy can be argued to only apply to the government's intrusion upon an individual's privacy (not, for instance, a private compay). Expectation of privacy is not the same as expectation of confidence (I'm not talking about the kind of "confidence" a pugilist has before a big fight). If my best friend takes pictures of our latest "guys weekend in Vegas," the expectation if he posts the photos onto Facebook is not one of privacy, but rather one of confidence. Intuitively, the simple act of posting the picture to Facebook has unveild the expectation of privacy. What I'm expecting is that by posting photos of my Vegas weekend on Facebook, I'm putting trust, or confidence, in my best friend that he, and Facebook, will not share them with anyone outside of our designated circle. Just who we "designate" as our circle of friends is where the tension starts. We all have BBF's who are BBF's with people we can't stand, and now you add in a social media company to the mix (who has its own set of BBF's), and there is bound to be conflict. I equate this to back in the day when you were on the playfield at school, and you wanted to pick your best friend for dodgeball, but your bitter rival picked him/her first (for the unitiated, BBF means Best Best Friend).

Those pictures of me taken at my guys weekend in Vegas may not tell the whole story of what went on, and therefore I really only have three choices: (1) ostrich approach - do nothing, bury head in sand, and hope no one sees it; (2) le Doit a l'Oubli (i.e. tell your buddy to take it down, and hope no one else has copied it); or (3) post a message, or other pictures, explaining that the Go-Go dancer was dancing for a non-profit charity (could possibly be digging myself deeper than I want).

The debate over privacy has more to do with the universal right to control our image than anything else. We lose this ability once we download a picture to Facebook, or a comment is posted about us on a referral Web site. Perception versus reality is the struggle we face in a Web 2.0 world - le Doit a l'Oubli. Who we perceive ourselves to be, and what people really see us for - that's the debate, and citizen's are mandating that we get some of that control back for which companies have taken from us. While I may not have a problem checking my medical files on line, I do have a problem with the online medical file service selling that data to an insurance company thereby raising my insurance rates.

There is no expectation of privacy on the Internet. However, Internet users do have an expectation that is based on the establishment of a relationship, express or implied, whereby the individual and third-party acts as trusted agents to hold certain information in confidence. This is like trying to connect two positively charged magnets or serving two masters. One magnet is charged by maximizing shareholder expectation, and the other magnet is charged by simple human behavior/interaction. Prior to the Internet, human behavior and interaction did not need a third-party provider we had to walk over to the girl and ask her to dance. Now, we live in a world where if you ask one girl to dance, she may be dancing with another person at the same time, and that could be someone you don't like. It is hard to tango with three people - le Doit a l'Oubli.

Ardyvee said...

Well. There is one thing that people must understand when they use the Internet.

Imagine having all the world in a single room, where everyone could hear/watch everyone. If you do something, it's gonna be seen / heard / etc by anyone. It's now on their memory. What stops them from writing it in their diary (or blog)? Nothing, as that is a personal that allows them to record what ever they want.

So. Let's face it. Those who want anything to be deleted from the Internet (not facebook, not youtube, not nothing, but Internet -- See web archives [would they then have to stop existing? They exist for a reason, preserve previous versions of a website]), shouldn't have posted it in the first place. Yes, you have to mind what you write -- or not care about it since you should be using a nickname anyway, and if you don't, it was your choice.

And above all, the fact that the Internet does not forgets, it is what makes the Internet such a wonderful thing. And nobody made you use it.


And so: If the Internet were to forget (and it, sadly does in rare cases of obscure information) more than it already does, I would not want to be part of it. Sure, I'll regret some things, but it's something we gotta learn to live with.

Unknown said...

Is it helpful to bring up "statutes of limitations" when trying to think about regulating stuff like this? Social fauz pas are what we usually want forgotten; see historical records of peccadilloes - few and far between, despite Caligulas and Casanovas.

Kudos to Mary Hodder for discerning that Advertising is the crucial point where loss of discretion/confidence is MONETIZED.

For the rest, comments for and against data expiration seem to vary with the mental model of the author. If a web posting is like a newspaper, it's one thing, if it's like a love letter, it's another. I think we could profitably discuss these mental models of information management - not standardize, but enumerate a set, so as to have a naming convention or taxonomy for privacy discussions.

Anonymous said...

I recently knowingly disrespected my grandmother's right to oblivion by donating her private love letters to Trinity College Dublin library. In her letters to my grandfather she would remind him to destroy the letters, but he clearly thought her words were worth preserving. And so do I. They are pieces of her that her children or grandchildren never knew, they don't represent the person she wanted people to remember but they are Real.I wrestled with power I had in my hands to respect her wishes, or not and in the end I know I made the right decision. Her words shouldn't be obliviated.

Anne said...

I'm going to pull an example out of my own experience. About a year ago, I began to shop on Internet sites for a particular item of inexpensive jewelry. I had difficulty in finding it and eventually landed on a fairly large discount site. I won't say which one, but their slogan is "It's all about the O." I browsed through several items, found that they had what I wanted, and ordered four of them. I used my husband's credit card (with his permission!) to pay for the transaction. It's important to know that my spouse and I have replaced our landline, so his cell number went on the transaction, together with his name and our mutual address.

Adverts with links for the items I had looked at but not purchased began following me everywhere--from CNN to Facebook to humor sites to other news outlets. Obviously they had placed a rather intrusive beacon on my computer. I ignored this until it began to give me the creeps, and then I went in and located and demolished the beacon. When a "customer satisfaction survey" arrived, I filled it out. I indicated that I really didn't like the tracking, that I probably would not shop with them again, and that I would share the experience with any friends who mentioned their store.

In response to this I received an email from a real person--the secretary to one of their officers--indicating that it was "perfectly safe and perfectly OK" for them to place their beacon on my system and that everybody was doing it. I ignored this.

Next up was a phone call from the same woman to my husband's cell phone. Since I'd told him what had happened, he simply asked her (politely) not to call him again.

I consider this behavior to be shocking and egregious. I had no problems providing the address and phone number in order to complete the transaction. But its further use was improper and abusive. I agree that we have no constitutional "right to privacy" in this country. But we should have a reasonable expectation of confidentiality for our transactions on the Web.

I'm now browsing with software that allows me to choose which beacons and cookies--if any--I prefer to see. I will never navigate to that particular site again.

Kathryn said...

As a professional writer, I am constantly encouraged to do my best by this neverending story we call the internet. I might wish to remove my earliest writings, but they are there for all to see. And from a historical perspective...I'm concerned about revisionists, and how easily so many can be manipulated by carefully constructed "truths". It is important that we each tell our stories, and imperative that we stand corrected, moderated, and questioned by as many others as possible. Only then can we even approach a consensus about the truth.

Anonymous said...

This is particularly relevant to a problem a friend is experiencing. On a company's Google Page, it cited her street address as the company's street address -- so that it could rise in the natural search results and look more credible to local customers, no doubt. She has provided public records demonstrating her ownership of the property and the absence of even a business license in the city for the company claiming her address. Even so, Google will not remove her address from the Google Page listing for that company. worse, other websites have picked it up. So the wave picked up false information and it continues to reverberate. So, aside from embarrassing stuff we post when we're young, there's false -- even fraudulent -- stuff out there that can't be fixed once launched.

Unknown said...

Is it helpful (again) to contemplate how this problem is dealt with in ID credentialing? I can't revoke my Driver's License, but a lady can change her name on her social security number in U.S. In extreme cases, I can get a totally different social security number. By contrast, I can revoke any credit card (doesn;'t even have to be my own,) by asserting that I found it lying in the street, and providing the correct numbers. In the filed of encryption, this discussion comes under the heading "REVOCATION PRIVILEGES."

Anonymous said...

A few thoughts (use whatever however if ever)

Bad event: "Never forget" so learning from the bad can prevent repeatedly doing stupid and/or stupid stuff.

[Pretty hard to stuff a cat in a bag once it has been out.; harder is retrieving the feathers when the pillow breaks. Moral: don't spill the beans (to cliche' away)]

When it is bad behavior, don't the rules still apply? Or has the curse "may his name be erased" become something sought (a blessing)?

In a media savvy society we can all be stars and stalkers. Everyone can be a celebrity with a star on some sidewalk somewhere. Everyone is part of the paparazzi wanting a scoop to dish out on Youtube. (Notice it is not Metube.)

It only takes a star to get a wannabesomebody to take potshots to prove the best and brightest can be brought down to the dirt in which the rest who are not a Richard Cory meander.

So let us all fabricate virtual histories where we can all be impressed with our own imaginary lives and sign our checks "Walter Mitty"

SamSam said...

I would have loved for you to read the dissertation that I am writing about privacy intrusions on social networking sites to get your opinion..