William Carleton, Counselor @ Law

To prep for the retrospective of Buster Simpson's work opening this weekend at the Frye Art Museum, I looked up the artist's name on Wikipedia.

Turns out he's referenced in entries for other artists, but does not have a Wikipedia entry of his own!

This in spite of a body of work in public, metropolitan spaces (New York, Boston, Seattle, probably others) over decades.

The search result has me thinking: how does one live in an open, thoroughly engaged manner that nevertheless resists digitization? In philosophical terms, what behaviors will not be assimilated into the Singularity? In terms of the news of the day, what is it about certain kinds of information in plain sight that causes the surveillance state to not know how to see?

One answer may be to not consume anything.

Resisting commercial supply chains certainly seems to be the operative guideline for how the Simpson show was installed at the Frye. At a preview of the show, Curator Scott Lawrimore explained that no new materials were used in the installation. Instead of cutting new vinyl for signs to identify and explain pieces, curators wrote on the walls. To support a sculpture needing a base, geometric sections of drywall were sawed out and folded to make a table. In order to provide seating to permit viewers to relax while watching looped videos, Simpson fashioned stools using screens from discarded televisions.

I plan on being at the Frye Saturday, June 15, at 2 pm, when Simpson and Lawrimore are scheduled to lead a public tour of the show. Meantime, you can go visit a Buster Simpson installation of clean laundry in Post Alley, off Virginia Street, just north of Pike Place Market, or the southern edge of the Belltown neighborhood in Seattle.

At a preview of the show at the Frye, Curator Lawrimore joked that Simpson had spent as much time writing letters and seeking permits for the outdoor laundry installation as he did prepping the interior of the museum. "In the old days," Simpson rejoined, "we just put things up." (That may not be an exact quote.)

Hats off to Linda Thomas whose early morning tweet confirmed that the Simpson laundry was flying. I went down and snapped photos.

Imagine Facebook had to pay you for using any information about you.

Instead of balancing "personal privacy" against some super-secret corporate imperative to profile you for the purposes of manipulating you, instead of that, your individual interests, and Facebook corporate interests, were perfectly aligned.

You and Facebook were partners in the monetization of your information, your personality.

In short, your information was your intellectual property.

In the privacy paradigm, Facebook may or may not get the "balance" - between your interests and its commercial imperatives - exactly right, but Facebook alone controls all exclusive intellectual property rights.

In the personal-information-as-intellectual-property paradigm, Facebook must account to you for how your information is processed and exploited. No "balancing act" required; simple commercial reporting obligations ensure accountability.

If we thought about our information this way, and if our commercial relationships with large web services were built to meet such expectations, it would be harder for companies like Facebook, Google, Apple, etc., to cooperate with government requests for all the data that runs through the corporate servers.

"That data does not belong to us," they could say. Depending on their contract with customers, they might also say, "It is, however, available for a premium fee."

Some people might be willing to sell their information to the government in exchange for good and valuable consideration - say, a federal income tax credit. For some, maybe patriotism would be sufficient consideration.

Yesterday, I listened to C-SPAN's rebroadcast of the ABC Sunday news show, This Week, and heard Senator Dianne Feinstein and Congressperson Mike Rogers speak about the government's collection and use of phone records.

Both feel that the surveillance being conducted is appropriate, and that there are programmatic safeguards that limit use of the collected data.

The positions expressed by both of these elected representatives were not absurd on their face, not to me. Obviously, there are separate process questions that can be asked. For instance, shouldn't more people have access to full and complete information about the program, and shouldn't the existence and parameters of the programs be subject to public debate? But both of these public officials left me with the impression that they, at least, are minding the store, and are betting their personal and professional reputations on the integrity of this national counterintelligence program.

At this stage in the developing story, both the President and those legislators defending the executive branch are emphasizing that the "content" of phone calls is not being collected. Of course, those of us working in and around technology industries know that the very most valuable content is exactly what is being assembled: the social graph, the data connecting and placing every participant in the network. It's also possible that the government may have a meta-view of all information networks, making its potential insight into patterns of both collective and individual behavior more exhaustive and more authoritative then anything a single Internet company or single telephone company could aspire to. Imagine combining all data from Google, Facebook, Microsoft, and every phone company, into a single social graph. What advertisers might not pay to the government to run algorithms against that data!

Neither Feinstein door Rogers made the mistake of saying that the metadata represented by call records was harmless. Sen. Feinstein did say that the Supreme Court has held that phone records are not protected personal information, but she also clearly appreciates how valuable big data is. I say this because she made the remark that "human intelligence alone" is not adequate to foil terrorist plots in the planning. Algorithms are finding the patterns, while human covert agents watch.

If Feinstein and Rogers are to be believed, the government does not look for patterns outside of specific investigations of specific foreigners. (Unless I misheard. Thinking about it, it's hard to imagine that the program would not be used to generate leads in the first place, spawning investigations, rather than assisting in investigations opened for other reasons.) in other words, the database is queried only in connection with the pursuit of a particular target within the social graph.

Private companies with Siren Servers (Lanier's term) have no such constraints. They can mine the data, they can fix the patterns, and they can employ the intelligence bus derived to sell to and manipulate the very persons in the network whose behavior is being mapped.

We should be talking about web commerce at the same time we are debating the trade-offs in the government's counter-intelligence program.

As news organizations turn attention to government intelligence gathering among the citizenry, let's hope the civic debate expands to include attention to private, corporate intelligence gathering.

Pressing questions we should ask:

>>>Why don't social media, search and other web services built on targeted advertising pay the people whose information and personality rights are exploited (in Jaron Lanier's view, these kinds of exchange are a form of accounting fraud; in legal terms, these are contracts that arguably should fail to be enforceable for lack of consideration)?

>>>Why hasn't a startup or entrepreneur emerged who would turn the advertising business on its head, instead of conforming to old business models as meekly as a telco complies with a government subpoena?

>>>Why won't leading social media and search services permit users to pay cash for the service?

>>>National security may justify massive information asymmetry, but, turning to the private sector, how can markets and capitalism work when big data is deemed to be proprietary?

When I go to the Washington Post to learn about gov data tracking, I'm hit by *fifty* commercial data trackers. twitter.com/dansinker/stat…

— dan sinker(@dansinker) June 7, 2013

Because a couple of years ago we unpacked, in a post here and in a follow-up post, the details in that devil of an iteration of legal terms of service from Dropbox - a version that had users worrying that the company would mine their uploaded files for nefarious corporate purpose - I thought we should circle back and formally acknowledge that Dropbox has (again) received high marks from a famous, progressive privacy watchdog, the EFF.

Here's a link to a new, 2013 iteration of the EFF report, "Who Has Your Back: Which companies help protect your data from government?"

Dropbox gets five stars out of a possible six. Only Twitter and Sonic.net score better.

(True, I'm comparing an apple and orange here. The ToS flap was over how Dropbox might monetize user content. The EFF report is about actions and policies Dropbox takes and follows with respect to government demands or requests for user content. Not the same thing.)

And here's a personal endorsement.

I get a lot of mileage out of Dropbox. It's a terrific service, and so far they haven't asked a thing of me, not even to expose myself to ads. So far, when I've hit my storage limit, I take that as an occasion to cull folders and big files I no longer need.

Thanks to Ken Priore for a tweet that gave the heads up.

Tesla Motors yesterday published a fascinating defense of the capabilities of one of its models of electric car.

The defense took the form of a blog post by Elon Musk, and presented charts, a map and other information in an effort to discredit the veracity of a recent, negative NY Times review of the model's performance.

There is a tone of righteousness in Musk's post:

"Our request of The New York Times is simple and fair: please investigate this article and determine the truth. You are a news organization where that principle is of paramount importance and what is at stake for sustainable transport is simply too important to the world to ignore."

I think that's okay. It may be true that electric cars will save the world, and presumably the idea that cars are a "cause" is consistent with the company's brand messaging. It certainly isn't the company's responsibility to welcome negative reviews (though surely it would be in the company's interest to ensure its assertions of what the data shows are credible).

Far more controversial is the apparent fact that Tesla was keeping tabs on the car's performance during the very drive written about by the New York Times reviewer.

"We always carefully data log media drives," Musk wrote.

Interestingly, in a Tuesday blog post, the NY Times reviewer, John Broder, knowing that a data-laden rebuttal would be coming, did not cry foul about the prospect that Tesla would cite information logged from the test drive. Presumably, the company made no assurance of privacy to the NY Times?

Eventually, all cars will gather and transmit travel and performance information. When cars become driverless or otherwise permit new levels of passivity in the driver's seat, travel won't be possible unless such information is gathered, networked and shared.

One can imagine a state of expectations in which a lack of personal roadway privacy is presumed, except when one is engaged in journalistic activity!

Legal blogger Eric Goldman posted something provocative this week about privacy policies - provocative to lawyers, anyway.

He suggests you now have to be a bona fide privacy law expert in order to draft privacy policies for clients:

"Unlike the good ol' days, the average competent lawyer--and even the sophisticated cyberlawyer who dabbles with privacy issues--may be unintentionally treading towards the malpractice line given the number and complexity of the applicable laws and technology."

It's going to take me a couple cycles to figure out what I think of Eric's position.

In the meantime - or by way of turning one cycle - I want to express a contrarian view about when it is preferable to engage no lawyer, not even the most expensive from the biggest firm who practices nothing besides privacy law.

You are better off having your CTO, a product manager or VP of marketing punch out some common sense bullet points about how your service collects, uses and protects (or doesn't) personal information, than putting any lawyer to the task without giving her access to service specs, engineers or the product roadmap.

That is a very long way of expressing the first principle we covered in yesterday's post about Path, Facebook and Twitter: your privacy policy should describe, not aspirations, but what your company actually does with personal information.

Drawing: W.W. Dixon, Lawyer, Butte, MT, image taken from p 35 of Cartoons and Caricatures of Men in Montana (1907) by E.A. Thomson / Butte-Silver Bow Public Library / Flickr.