on privacy, quality, and autonomy

July 21, 2008 in theory by luis | 3 comments

I’ve noticed some complaints that the Franklin Street Statement does not address privacy issues. I thought it might be worth explaining here why I am less concerned. As usual, I speak for myself here, rather than the group, but we all welcome constructive feedback on the issue.

Free and open software has a slightly indirect mechanism for dealing with software of low quality. It gives people the freedom to fix the problems themselves, pay for someone else to fix it, or to get their data out and use other software. In other words, freedom creates choices and markets- which allow and encourage quality to happen. Given that free software originates in one man’s quest to improve the quality of his printer, this side effect of freedom shouldn’t be too surprising.

It is a good thing that better quality software happens as a pleasant side effect of freedom, because quality is really hard to define, and anything which is hard to define is almost impossible to mandate. One man’s bug is often another man’s feature, so even though we’d all agree that less buggy software is good, it’d be pretty hard to write a free software license that says “you can modify this software, as long as you don’t introduce new bugs.” Under such a license, who would decide if the new version of the software was buggier or not, and hence whether or not it was acceptable? Hard to picture that working, especially as standards change over time. Instead, we’ve put our faith in the choices of autonomous individuals. This has created incentives to create some pretty high quality software despite the noticeable lack of licenses or philosophies that mandate quality.

Privacy is (to me) remarkably similar to software quality. Defining privacy is hard- like pornography, we know it when we see it, but usually can’t explain it. Valuing privacy properly is also hard- can you articulate when you are willing to compromise it, and for what reasons? And valuing and defining privacy consistently is nearly impossible- Europeans tend to give very different answers to these questions than Americans, for example, and teens give very different answer than adults. Given all that, it would be very difficult, if not impossible, to mandate privacy in a statement like the Franklin Street Statement, or in a license- whose definition would you use? when could it be compromised? etc.

The good news is that I don’t think we have to mandate privacy for good privacy to happen, just like Richard Stallman didn’t need to mandate quality in order to create high quality software. Services which respect user autonomy could ’solve’ the privacy problem the same way autonomy-protecting software has solved the quality problem- by giving users the right to fix problems or use different software, rather than by mandating specific standards or approaches. Don’t like your DiSo provider’s privacy policy? Move to a different DiSo provider, or start your own; soon enough there will be a variety of DiSo providers with varying privacy standards you can choose from.

It isn’t guaranteed that this will work, of course. People who feel locked in by network effects (like facebook users) might not have true autonomy in the way an emacs user does. And privacy may be different than quality, since a single crash is temporary but a personal data leak may be forever. So this issue could easily merit more discussion. But until then, trusting in the cumulative effect of personal choice seems like the most reasonable starting approach to the complex and thorny problem of privacy in networked services.

Luis is a law student at Columbia Law School; a director of the GNOME Foundation; a member of OSI’s legal advisory board; and many other hats. He wrote this at 2am, so cut him some slack :) .

  1. mako on July 28, 2008 at 2:50 pm

    Thanks Luis! I also think we’re going to be best served by keeping issues of empowerment and control over one’s technology orthogonal to issues of privacy.

    You may be correct (and I suspect you are) that autonomy leads to a better privacy situation. That said, I can imagine quite a few different privacy situations that people seem to like. There are wonderful network services (nearly every Mediawiki installation) that basically say that they don’t do private data (or rather, it’s all open, or all closed). There are others that have much more nuanced privacy policies. Most importantly, I think people can have very different ideas about what constitutes a good approach to privacy while being completely in sync with each other when it comes to the core issues of technological empowerment and autonomy.

    In other words, I think that we can build a stronger coalition around autonomy and network services by leaving out the discussions of privacy and agree that a good privacy situation (or a multiplicity of privacy situations to fit different definitions of good) will sort itself out.

  2. luis on July 29, 2008 at 1:54 am

    Most importantly, I think people can have very different ideas about what constitutes a good approach to privacy while being completely in sync with each other when it comes to the core issues of technological empowerment and autonomy. Absolutely, especially since (relatively speaking) our notions about privacy are vastly immature when compared to our notions about empowerment/autonomy.