A Response to Jonathan Zittrain in The New York Times

by on July 27, 2009 · 16 comments

In response to Professor Jonathan Zittrain’s op-ed in The New York Times last Monday about online privacy and open platforms (which Adam thoroughly refuted last week) I have a letter to the editor in today’s The New York Times:cloud

To the Editor:

Re “Lost in the Cloud” (Op-Ed, July 20):

In discussing the privacy risks that have accompanied the growth of the Internet, Prof. Jonathan Zittrain rightly bemoans the willingness of governments to violate individuals’ privacy rights. Unfortunately, he proposes new legal restrictions that would stifle online innovation while doing little to enhance consumer privacy.

Mr. Zittrain proposes a “fair practices law” that would require companies to release personal data back to users upon request. Such a rule may sound workable, but purging specific data across globally dispersed server farms is no simple endeavor. Who is to pay for the implementation of such privacy procedures — especially for free services like Facebook or Twitter that have yet to turn a profit?

A better approach to online privacy is to educate users on safeguarding personal information. Ultimately, however, the only foolproof approach to protecting sensitive data online is to simply not disclose it.

To clarify my last point, I don’t think that universal nondisclosure of sensitive data online is necessarily a wise approach to privacy. Rather, my point is that it’s important to remember that transmitting data on the Internet — a very public network — entails some degree of risk, no matter how strong the encryption or how diligent the party at the other end. And free services like Facebook and Twitter are all about making personal information public — they simply aren’t designed to provide ironclad data security or anything remotely resembling it. Other online services, like bank websites or enterprise-grade Web collaborative tools, are able to offer far stronger privacy assurances backed by strong terms of service. Privacy is not a black and white matter. It involves shades of gray, which is one reason why legislation is such an ineffective means of dealing with privacy challenges.

  • http://www.facebook.com/RichardBennett.Cal Richard Bennett

    It doesn't seem to me that the ability to delete user data on demand is all that onerous. The same technology that allows data to be uploaded and distributed across a distributed server farm allows it to be deleted, and any service that can't take it down shouldn't put it up.

    In the event that there is some technical reason that a cloud service is not able to take user data down, if not instantly at least eventually, surely the service should be required (by good form, if not by regulation) to clearly disclose this when the data is uploaded.

    I certainly wasn't impressed with Zittrain's op-ed, but this particular point isn't my bone of contention. He seems to think we've only done backwards since Windows 3.1, Trumpet, and Mosaic, silly goose.

  • Ryan Radia

    A lot of cloud services backup data offsite (on magnetic tapes, for instance) which makes it somewhat challenging to purge specific data. Yes, it can be done, but it entails a cost, and it's hardly reasonable to mandate that all cloud services bear that cost when many of them are barely scraping by.

    I'm skeptical of disclosure mandates because they presume that data security should be the default state of affairs. I tend to think otherwise; as I state above, the Internet is a very public network and anything you transmit is only as secure as the party at the other end of the line promises it will be. In other words, users should simply assume that any personal data handed over online will forever be gone — unless otherwise stated. A disclosure mandate would lull users into a false sense of security, making it seem as if data is secure by default when the opposite is true.

    You're absolute right that Zittrain made many other objectionable arguments in his op-ed. Adam hit on many of them last week. But the issue that I'm especially interested in is the privacy angle; thus my letter.

  • http://www.facebook.com/RichardBennett.Cal Richard Bennett

    Whoa, dude. Deleting data from the working copy of the database is all I'm asking for. In the fullness of time, the data on the backups will age out, as it reflects the working copy absent operator intervention. This problem is not anywhere near as hard as you make it out to be.

    Re: disclosures, I'm not asking for a false sense of security, I'm asking for some notice to the 12-year-olds that they should expect their remarks to be archived until the end of time.

    This archive thing has huge consequences, and it's silly to gloss over them on the basis of some (misguided, it turns out) concerns about limitations of the technology. We've never had archives so strong before, and the implications need to be examined from every angle.

  • Ryan Radia

    Perhaps I'm making the problem of purging data seem harder than it really is, but a “fair practices law” likely wouldn't leave room for error. And while archival backups should age out, guaranteeing with certainty that no remnant of a particular user's data exists anywhere on a massive network would likely require some non-trivial compliance expenditures. I suppose Zittrain may have been merely calling for a rule requiring online services to make a reasonable effort to delete user data upon request. Data privacy laws, however, have a tendency to be pretty heavy-handed.

  • http://www.facebook.com/RichardBennett.Cal Richard Bennett

    As I tried to say up front, deleting data from a database, even one with multiple backups, is actually not any different in a technical sense from adding data to a database: both are updates. If you can update a database, and *keep track of the updates that were made since the last backup*, the problem is solved.

    The problem with the early social networks was that they didn't allow users to close accounts and purge their data. That's just incompetent design.

  • mwendy

    Good points on both commenters.

  • mwendy

    Good points on both commenters.

  • mwendy

    Good points on both commenters.

  • Pingback: nono hair removal price canada

  • Pingback: Visit Website

  • Pingback: DDOS Protected VPS

  • Pingback: Cigarette electronique

  • Pingback: premier league philippines

  • Pingback: Jurk Online

  • Pingback: prix de l'immobilier

  • Pingback: payday loans

Previous post:

Next post: