Recently, Nitin and myself engaged in a bit of intellectual banter.
I've adjusted a few things for ease of reading (spacing, etc), but
I've copied the chat verbatim below because this is a useful base for
future discussion.

After a brief chat picking up from a previous chat, you will notice
Nitin stating his position and myself stating mine. Thereafter, we
explore Nitin's idea that you "own" your data. I'm still not
convinced, but I certainly think it's a valuable discussion we should
record and explore

------------------------------------------------

Elias Bizannes says: Am I being unfair to suggest though, that
clarifying what exacty a users rights are, is a precursor to the TOS?
Can we define what data is, what portability is or do people think
this is unnnessary?
I'm just of the bakground that you need a large conceptual framework
before you determine standards, positions, and exposure drafts. We
lack a conceptual framework.
Nitin - don't get me wrong, I am loving you are taking this on. But
wondering if you and everyone else recognise the need for a larger
framework, whereby the TOS is merely an output of that framework

Mary Trigiani says: 2 cents:  it's always good to drop in a paragraph
or two, up front, with a definition of the problem/opportunity and a
description of the "landscape."  Doesn't hurt to think of this as a
white paper or even a prospectus.

Nitin Borwankar says: Elias, no all that makes sense - I am not
envisaging a set of TOS templates in a vaccuum - they make sense only
in a context and a set of assumptions about user rights or at least a
POV whihc should be made clear - i.e. a set of motivating statements
and definitions
My approach at least at first cut will be pragmatic and I'd like to
put a very early idea up here for general tomato throwing and pinata
bashing :-
** I enter a set of address book entries into my Blackberry and at
somepoint I enter them into/sync them with a service like Plaxo
If RIM the owners of Blackberry have no rights to my data, why does
Plaxo automatically have any?  This is not a rhetorical question or
flamebait - it is carefully constructed meant as a question to provoke
carefully constructed answers
not owners, manufacturers of Blackberry, ..
not its the same data its about my social network perhaps but when
it's on my Blackberry we don't even think twice about who owns it.
Why is it even an issue when it is on Plaxo?
note:- it's the same data ....

Elias Bizannes says: Nitin: So putting into context of how a
conceptual framework is needed -  is the ability to sync an
entrepreneurial opportunity - ie, a person creates agreements that his
services works with her service - or it is a requirement requires by
all to adopt? We've said sync is a requirement all along, but why is
it? Christian main some good progress when he posted about the
different types of portability on his blog. That's a start that we
need to build on, which I see you did in the discussion just above
Clarifying what dataportability is and isn't, makes things like this
clearer
at the moment, dataportability is everything.

Nitin Borwankar says: to me sync = read + write between two data
endpoints and it requires  read/write capability - so I'd rather use
read/write which is well understood rather than 'sync' whihc needs
another definition
my approach is to be as close to the  ground using simple and well
understood concepts and build up things from first principles and at
all times be grounded in the real world issues that led to us being
here in the first place
I agree that clarifying Data Portability is extremely important and
the fact that we have not done it before doing so many other things
has always been bothersome to me
so I intend to take a small stab at clarifying the what I mean by Data
Portability and I hope that will be useful to the bigger taks of
defining Data Portability for other projects task

Elias Bizannes says: thanks

Nitin Borwankar says: also another reason I want to avoid sync if I
can is because sync is essentially a property or an interaction
between two data repositories and I am firstgoing to clarify the
properties we want of one data repository by itself - so if a two data
repositories separately have read/write available then syncability
follows trivially
hope this is making sense - it is partly very condensed and also
somewhat stream of consciousness

Elias Bizannes says: It does make sense, just relecting on it.

Nitin Borwankar says: "Yes it does" or "No it doesn't" which
one  ? ;)  you are confusing me

Elias Bizannes says: haha sorry, I mean you are making sense

Nitin Borwankar says: re: entrepreneurial opportunity - as my initial
post at GigaOm suggested - DP throws up huge entrepreneurial
opportunities - e.g for services offering one or more of the features
"accessibility, visibility, deletability.... " in the form of  well
defined and fully featured services with full user choice ... so yes
that is a given but should that be something that needs to  be
addressed in the TOS/EULA template effort - I like it being there but
I am not sure if it distracts from the opportunity to have a deeper
discussion ....
I'd hate for people to just descend on the set of templates and look
at them as the next big thing to do on the web ....
we hope it does happen but my personal hope is that it is just one of
the things that happens and not the only thing ...
my hope is that it actually leads to a lot more user empowerment in
spirit and not just the letter of the agreement ..

Mary Trigiani says: Nitin, you should put some of this thinking into
the paper!  Great.

Nitin Borwankar says: thanks glad this is in sync with people's
thinking - I mean in "read/write" with .... :)

Elias Bizannes says: :)

Nitin Borwankar says: aside from the three "accessibility, visibility,
deletability.." in the GigaOm article I also had data ownership but
that one seesm to be controversial here - based on earler verbal
jousting in this thread
I personally am a strong believer that the creator of the content owns
the content but I understand that might not be the consensus here
however I'd like to allow in the TOStemplates the possibility that a
service may want to give users full data ownership and that case
should also be included

Elias Bizannes says: ...whereas I am a strong believer you own the
right to determine how data is used (which is beyond just media
creation). Owning data gives you benefit by controlling its usage, so
it's better to say you determine how the data is used, rather than
owning it, because determinig ownership is in the too hard basket (ie,
the name "Nitin" is a noun - you don't own it, but you own the usage
of it when associated with your identity).
Photos, blog posts = content. Yep, that's ownership. Friend lists,
profile data = data. Data, by definition, can't be owned. But when it
generates information (connecting data to generate meaning), you have
the right to determine how it's used. Data is free - no one owns it.
(data by my researched definition)

Nitin Borwankar says: so if I create an address book in my blackberry
its not my property ?
because its a list of friends ?

Elias Bizannes says: so you own your friends phone number?

Nitin Borwankar says: no I won the record of it on my blackberry - you
are confusing the object with its representation
lown
own ... arrgh
I own the photo I took of the eiffel tower but not the eiffel tower
so this is not confusing unless you want to make it so

Elias Bizannes says: Not true with photos. Plenty of museums deny you
the right to take photos, because they own the economic right to
generate revenue from the image

Likewise, when I went travelling in Bolivia, people hesistated at me
taking a photo of them. Sure, it's my photo - but they argued it their
identity being represented.
But yes, I hear your point. Don't want to overcomplicate

Nitin Borwankar says: ok again you are complicating - I said eiffel
tower not museum - my examples are deliberate and well thought out so
I request at least a well thought out response

Elias Bizannes says: but that's not consistent. You can't say you own
a photo of the eiffel tower, but you don't own a photo taken in a
museum.

Nitin Borwankar says: you are creating many many edge cases and
thinking that the union of them is the universe whereas the universe
here is much larger than the edge cases you mention

Elias Bizannes says: For your example to stand, it needs to work on
multiple levels. Which I why I insist on the conceptual framework

Nitin Borwankar says: yes we can becuase the added factor is that you
are on private property versus public property

Elias Bizannes says: Ok - how about this

Nitin Borwankar says: and the onwer of the private property gets to
make the rules

Elias Bizannes says: ok, thank you
Lets try another approach

Elias Bizannes says: we have say 10 scenarios (like above), and we
apply it
A photo
An addressbook
A list of preferences

Nitin Borwankar says: apply what ?

Elias Bizannes says: You insist a user owns their data; I insist a
user owns the right to usage of data. These are two different ways of
thinking about it, so if we have a core set of scenarios, we can
evolve the ideas like how you just did by suggesting private vs public
property which I hadn't thought of before.

Nitin Borwankar says: I insist that ownership includes usage rights
and my rights are stronger that yours and I believe they need to be
Elias Bizannes says: what are those rights?

Nitin Borwankar says: the right to do whatever I want with it within
the limits of the law - that's what ownership means - just like
ownership of a 1$ bill or a pencil or a piece of land
it includes use rights but it is not limited to use rights
it includes the right to transfer ownership the ...

read more »

I cannot state strongly enough my belief that the focus on "ownership" is a
siren song.
If the question of ownership becomes central, we place service providers in
the impossible position of having to determine who owns what before data can
be moved.  It is not Facebook's job to figure out whether or not the picture
I uploaded was actually copyrighted to someone else.  Making them do so only
creates the environment for more restrictive policies, which is the exact
opposite of what we want to achieve.
The question of portability comes down to just that: portability.  Who has
access to the data, and what can they do with it?

To my way of looking at the world, there are three classifications of data
that we need to worry about:

   1. "First Party data" refers to data that I have entered myself.  For
   the purposes of portability, it is irrelevant whether I "own" the data or
   not.  What matters is that I entered it into the system.
   2. "Second Party data" refers to data that some other end user
   entered, but to which I have access.  This could be message board posts,
   member photo galleries, or address information.
   3. "Third Party data" refers to aggregate data that is generated by
   the service itself.  It may or may not be originally based upon First or
   Second party data.

Each site, of course, will want to offer a different mix of these three as
befits it's particular business model.

All of these models are reasonable and rational.  Our goal should be to
invent a standard way of discussing them so that users know what to ask for
and sites know what is expected.

   - No portability:  Sites that deal in taboo or unpopular topics may
   not want their users to take anything off site.  Other sites whose business
   model is based upon offering a service free of explicit charge, but which
   use control over user data to force users to return, might not want to allow
   portability.  As long as the user knows what they're agreeing to, these are
   reasonable.
   - First party portability: The user can freely move data that they
   have provided, but are discouraged from attempting to download any
   derivative data
   - Limited second party portability: Others can mark their data as
   being available
   - Full second party portability: Second party data is fully available
   - Fully open: All data on the site, regardless of source, is
   available.

Yes, we need better names for the groupings.

Your thoughts?

    Steve

Steve, I like the way you have broken down the five degrees of
portability.  I think it might not hurt to try to pair that down to
three different models (at least as far as the user is concerned), so
as to avoid potentially overwhelming end-users.  We should also add
the first, second and third party data definitions to the wiki.

-Brady

On May 2, 10:43 pm, "Steven Greenberg" <green...@puzzlingevidence.net>
wrote:

Thanks.   I was starting to worry that the group had collectively shaken its
head at me and decided that the only response was an Amish style shunning.
Having had that small amount of validation, I will put this on the wiki.

    Steve

Plus one from me. I think several of us had been saying the same thing
but using the "own" word. I never really meant literally "own" in a
legal, copyright sense. It was always in a social sense which is what
you're saying here.

Having said all that copyright of content posted on shared sites is
equally contentious and obviously has a direct bearing on the ToS. I
take the view that both the author and hosting site have some moral
right to the copyright simultaneously. Barring any other agreement (like
a journalist being paid to write) the author ought to be able to do
whatever they like with the content they've posted including post it
elsewhere. And at the same time the hosting site should also be able to
do whatever they like with it include re-publish it elsewhere without
asking the author. So I could post words on a social networking site on
my own blog without asking. And the social networking site could produce
a book on the wisdom of crowds, containing my words, without asking.

JB

Steven Greenberg <green...@puzzlingevidence.net> Tue, 6 May 2008
08:49:25

--
Julian Bond  E&MSN: julian_bond at voidstar.com  M: +44 (0)77 5907 2173
Webmaster:          http://www.ecademy.com/      T: +44 (0)192 0412 433
Personal WebLog:    http://www.voidstar.com/     skype:julian.bond?chat
                          Get _Sirius_ in 2008

Hi Steve,

Silence may not show the whole picture.   Your posts and the  
discussion here provides excellent food for thought.
I may be able to contribute.  Can you please send me information  
regarding the wiki address, and any other activities/communication  
channels which may be actively used by this topic so there are more  
options for communicating rather than just this mailing list?

As for your last post, it has been very thought provoking and this  
mailing list has already helped me wrestles with some of the more core  
issues with data portability and management of identities.   I agree  
that ownership is the wrong focal point for discussion, and believe  
that focusing on the more obvious control and access control issues  
surrounding data portability may be fruitful.

As for the classifications you have mentioned, this is a great way to  
look at data portability but I wonder about the technical legal aspect  
of control and wonder if a framework with a legal/functional  
classification system would address both the legal dimension and the  
order of access functionality which is required from a framework.  In  
fact more dimensions may need to be added here.

I have started conceptualising something I have been calling the  
Master Data Controller Access Framework which I think would be very  
helpful.  This is intended to provide a hierarchy based on the legal  
guardian and/or originator/ subject of data and then an access  
framework like first, second, third, party contract usage and control  
rights. In my view law needs to be interpreted to articulate granular  
data usage/export rights, to deal with a major issue know these days  
as 'informed consent'.

I completely agree the job is to articulate a standard.  +1  if I can  
I would like to help.

- Mark

On 6 May 2008, at 13:49, Steven Greenberg wrote:

Hi Steve,

A couple of comments.

you say "> If the question of ownership becomes central, we place
service providers in

IMHO, a huge logical jump here and a couple of major misunderstandings
of the whole data ownership issues as well.

The logical jump :-

"> If the question of ownership becomes central, we place service
providers in

Could you explain how one follows from the other?
At no point does the vendor need to decide who owns the content - they
just need to stop acting as if they themselves do.
It doesn't matter at first who it belongs to as long as the vendor
does not claim it belongs to them. To a first approximation the person
who uploads it
is the owner.  If they have stolen something Facebook can't be held
responsible - but if Facebook claims it as their own don't they now
claim something as their own
which was stolen? So it would seem they better determine the ownership
before they claim it as their own.
So the whole logic there is pretty broken from my POV.  And there's a
huge misunderstanding about what I said.  Because none of my arguments
imply that the vendor needs to determine ownership.

Finally I would agree that data ownership wasn't the central issue
proposed by the initial dataportabilty effort.  And I think that was a
mistake that ownership was left off.

In initial discussions with DP folks (Mike Reynolds, Marjolein, Elias)
after I wrote the GigaOm article people
a) insisted that what I said in the article was included or aligned
with the DP effort and
b) grudgingly agreed that the Data Portability name was probably not
the best description of the whole effort

see below for context
http://changingway.org/2008/02/06/data-property-rights/
http://gigaom.com/2008/02/06/data-property-rights-not-portability/

So if the argument is "it needs to be about portability because the
name says so "  then that is also not a very strong argument.
Especially given the general agreement, at least among some, that the
word "portability" does not encompass all the things we wish to
include in this effort.  So talking about ownership expecially if it
supports data rights for users isn't a siren song - it just wasn't
originally included and I argue it should.

In the interest of accuracy and generally making sense when using
words it's also useful to remember that the word "portable" means
"able to be carried" and implies a move from one place to another.
Accesible ultimately comes down to "having a URL to"  - while
portability in its full meaning of "being able to be moved" implies
the ability to take data off a web site i.e. there must not only be
accessibility but deletability as well.

So while data portability is a useful loose notion it is not crisp
enough until we parse it down into the lower level operations of
"read" "write" "delete" etc.
IMHO, any new concepts we introduce need to be grounded in these
fundamental operations that we already understand, IMHO.  Just to
respect the great Mr. Occam.

As far as whether the term ownership is a "siren song" it would be
useful to look in detail at the TOS's where vendors claim ownership
rights on user data.
If they find it necessary to put it in the TOS and claim ownership it
would "ostrich-with-head-in-sand" behavior to imagine that ownership
is irrelevant.
I'l believe that when TOS's stop claiming ownership - until then I
can't see how we can ignore the issue.

Nitin

Hi!

Maybe words, not so sure about multimedia content. Ask the flickr community
what they think about flickr creating photobooks out of their photos
without asking
and you will create uproar. This even happened already when they switch from
their flash interface to the AJAX one allowing then to download a photo by
right-clicking.

Recently I also got a reply on seesmic after talking about DP there
where somebody
complained about seesmic suddenly making all videos available to Google search.
So I think if you have a community at hand you need to be careful of what you do
and you also should give people control about where data can go. This
should include
the site itself. At least it should be made clear in which ways
uploaded data is and can be
used.

Otherwise +1 to what Steve said. Where do comments actually fit in?

-- Christian

--
Christian Scholz
Tao Takashi (Second Life name)
taotaka...@gmail.com
Blog/Podcast: http://mrtopf.de/blog
Planet: http://worldofsl.com

Company: http://comlounge.net
Tech Video Blog: http://comlounge.tv
IRC: MrTopf/Tao_T