Data rights and data ownership

8 views
Skip to first unread message

Elias Bizannes

unread,
May 2, 2008, 9:42:06 PM5/2/08
to DataPortability.Action.Policy
Recently, Nitin and myself engaged in a bit of intellectual banter.
I've adjusted a few things for ease of reading (spacing, etc), but
I've copied the chat verbatim below because this is a useful base for
future discussion.

After a brief chat picking up from a previous chat, you will notice
Nitin stating his position and myself stating mine. Thereafter, we
explore Nitin's idea that you "own" your data. I'm still not
convinced, but I certainly think it's a valuable discussion we should
record and explore

------------------------------------------------

Elias Bizannes says: Am I being unfair to suggest though, that
clarifying what exacty a users rights are, is a precursor to the TOS?
Can we define what data is, what portability is or do people think
this is unnnessary?
I'm just of the bakground that you need a large conceptual framework
before you determine standards, positions, and exposure drafts. We
lack a conceptual framework.
Nitin - don't get me wrong, I am loving you are taking this on. But
wondering if you and everyone else recognise the need for a larger
framework, whereby the TOS is merely an output of that framework

Mary Trigiani says: 2 cents: it's always good to drop in a paragraph
or two, up front, with a definition of the problem/opportunity and a
description of the "landscape." Doesn't hurt to think of this as a
white paper or even a prospectus.

Nitin Borwankar says: Elias, no all that makes sense - I am not
envisaging a set of TOS templates in a vaccuum - they make sense only
in a context and a set of assumptions about user rights or at least a
POV whihc should be made clear - i.e. a set of motivating statements
and definitions
My approach at least at first cut will be pragmatic and I'd like to
put a very early idea up here for general tomato throwing and pinata
bashing :-
** I enter a set of address book entries into my Blackberry and at
somepoint I enter them into/sync them with a service like Plaxo
If RIM the owners of Blackberry have no rights to my data, why does
Plaxo automatically have any? This is not a rhetorical question or
flamebait - it is carefully constructed meant as a question to provoke
carefully constructed answers
not owners, manufacturers of Blackberry, ..
not its the same data its about my social network perhaps but when
it's on my Blackberry we don't even think twice about who owns it.
Why is it even an issue when it is on Plaxo?
note:- it's the same data ....

Elias Bizannes says: Nitin: So putting into context of how a
conceptual framework is needed - is the ability to sync an
entrepreneurial opportunity - ie, a person creates agreements that his
services works with her service - or it is a requirement requires by
all to adopt? We've said sync is a requirement all along, but why is
it? Christian main some good progress when he posted about the
different types of portability on his blog. That's a start that we
need to build on, which I see you did in the discussion just above
Clarifying what dataportability is and isn't, makes things like this
clearer
at the moment, dataportability is everything.

Nitin Borwankar says: to me sync = read + write between two data
endpoints and it requires read/write capability - so I'd rather use
read/write which is well understood rather than 'sync' whihc needs
another definition
my approach is to be as close to the ground using simple and well
understood concepts and build up things from first principles and at
all times be grounded in the real world issues that led to us being
here in the first place
I agree that clarifying Data Portability is extremely important and
the fact that we have not done it before doing so many other things
has always been bothersome to me
so I intend to take a small stab at clarifying the what I mean by Data
Portability and I hope that will be useful to the bigger taks of
defining Data Portability for other projects task

Elias Bizannes says: thanks

Nitin Borwankar says: also another reason I want to avoid sync if I
can is because sync is essentially a property or an interaction
between two data repositories and I am firstgoing to clarify the
properties we want of one data repository by itself - so if a two data
repositories separately have read/write available then syncability
follows trivially
hope this is making sense - it is partly very condensed and also
somewhat stream of consciousness

Elias Bizannes says: It does make sense, just relecting on it.

Nitin Borwankar says: "Yes it does" or "No it doesn't" which
one ? ;) you are confusing me

Elias Bizannes says: haha sorry, I mean you are making sense

Nitin Borwankar says: re: entrepreneurial opportunity - as my initial
post at GigaOm suggested - DP throws up huge entrepreneurial
opportunities - e.g for services offering one or more of the features
"accessibility, visibility, deletability.... " in the form of well
defined and fully featured services with full user choice ... so yes
that is a given but should that be something that needs to be
addressed in the TOS/EULA template effort - I like it being there but
I am not sure if it distracts from the opportunity to have a deeper
discussion ....
I'd hate for people to just descend on the set of templates and look
at them as the next big thing to do on the web ....
we hope it does happen but my personal hope is that it is just one of
the things that happens and not the only thing ...
my hope is that it actually leads to a lot more user empowerment in
spirit and not just the letter of the agreement ..

Mary Trigiani says: Nitin, you should put some of this thinking into
the paper! Great.

Nitin Borwankar says: thanks glad this is in sync with people's
thinking - I mean in "read/write" with .... :)

Elias Bizannes says: :)

Nitin Borwankar says: aside from the three "accessibility, visibility,
deletability.." in the GigaOm article I also had data ownership but
that one seesm to be controversial here - based on earler verbal
jousting in this thread
I personally am a strong believer that the creator of the content owns
the content but I understand that might not be the consensus here
however I'd like to allow in the TOStemplates the possibility that a
service may want to give users full data ownership and that case
should also be included

Elias Bizannes says: ...whereas I am a strong believer you own the
right to determine how data is used (which is beyond just media
creation). Owning data gives you benefit by controlling its usage, so
it's better to say you determine how the data is used, rather than
owning it, because determinig ownership is in the too hard basket (ie,
the name "Nitin" is a noun - you don't own it, but you own the usage
of it when associated with your identity).
Photos, blog posts = content. Yep, that's ownership. Friend lists,
profile data = data. Data, by definition, can't be owned. But when it
generates information (connecting data to generate meaning), you have
the right to determine how it's used. Data is free - no one owns it.
(data by my researched definition)

Nitin Borwankar says: so if I create an address book in my blackberry
its not my property ?
because its a list of friends ?

Elias Bizannes says: so you own your friends phone number?

Nitin Borwankar says: no I won the record of it on my blackberry - you
are confusing the object with its representation
lown
own ... arrgh
I own the photo I took of the eiffel tower but not the eiffel tower
so this is not confusing unless you want to make it so

Elias Bizannes says: Not true with photos. Plenty of museums deny you
the right to take photos, because they own the economic right to
generate revenue from the image

Likewise, when I went travelling in Bolivia, people hesistated at me
taking a photo of them. Sure, it's my photo - but they argued it their
identity being represented.
But yes, I hear your point. Don't want to overcomplicate

Nitin Borwankar says: ok again you are complicating - I said eiffel
tower not museum - my examples are deliberate and well thought out so
I request at least a well thought out response

Elias Bizannes says: but that's not consistent. You can't say you own
a photo of the eiffel tower, but you don't own a photo taken in a
museum.

Nitin Borwankar says: you are creating many many edge cases and
thinking that the union of them is the universe whereas the universe
here is much larger than the edge cases you mention

Elias Bizannes says: For your example to stand, it needs to work on
multiple levels. Which I why I insist on the conceptual framework

Nitin Borwankar says: yes we can becuase the added factor is that you
are on private property versus public property

Elias Bizannes says: Ok - how about this

Nitin Borwankar says: and the onwer of the private property gets to
make the rules

Elias Bizannes says: ok, thank you
Lets try another approach

Elias Bizannes says: we have say 10 scenarios (like above), and we
apply it
A photo
An addressbook
A list of preferences

Nitin Borwankar says: apply what ?

Elias Bizannes says: You insist a user owns their data; I insist a
user owns the right to usage of data. These are two different ways of
thinking about it, so if we have a core set of scenarios, we can
evolve the ideas like how you just did by suggesting private vs public
property which I hadn't thought of before.

Nitin Borwankar says: I insist that ownership includes usage rights
and my rights are stronger that yours and I believe they need to be
Elias Bizannes says: what are those rights?

Nitin Borwankar says: the right to do whatever I want with it within
the limits of the law - that's what ownership means - just like
ownership of a 1$ bill or a pencil or a piece of land
it includes use rights but it is not limited to use rights
it includes the right to transfer ownership the right to monetize it
how I please and the right to just destroy and abuse it again within
the limits of the law

Elias Bizannes says: If we agree ownership is simply a concept
representing a set of rights, it makes sense we determine what those
rights are exactly. Because my experience in the accounting standards,
is determing thr right to ownership for a business acquisition is a
real pain in the arse
so, the rights to control the economic benefits?
rights to economic benefit + legal tite = ownership

Nitin Borwankar says: onwership is a concept but that has been
codified into law in the physical world so we don't really need to
reinvent the wheel - we just need to agree whether a creator of the
content owns the content

Elias Bizannes says: Like I said, appying law - the international
accounting standards for a business combination - is a real pain in
the arse. Just because the concept has been laid down as law, doesn't
means it's a walk in the park. It's extremely problematic, subjective,
and IF we can avoid determining it, it saves us a lot of effort./

Nitin Borwankar says: I think trying to extensively define ownership
backwards by adding up other things is the wrong way to go about it
and I would rather appeal to common sense understanding of what
ownership means - you own your car - whether you then want to gain
economic benefit from it is your own decision and doesn't need further
definition
I again suggest that we don't need to redefine things that people
already understand in the physical world - that's just a complete
waste of effort
as I said I am going to start from firts principle and ground the
discussion in the physical world where we already have a strong
experiential foundation for much of this

Elias Bizannes says: I think it's more a case of circular logic. How
can you say "I own my e-mail address" and then go on to say "I own the
e-mail address of a contact".
What I propose, is not worry about ownership, and focus more on why
people want ownership - economic value - and then work on that.

Nitin Borwankar says: again you are confusing the object and its
representation
I own my email address is different from I own the email address of my
friend in the follwoing ways :-
when I say I won my email adress I am implying that I own my email
account and I am responsible for paying the bills and in return I get
to use my email account and also that the email address is bound to
my identity that use of the word "own" has multiple layered meanings
and needs to be unpakkced as above
when i say i own my friends email address I mean I own the electronic
record of the address in my blackberry not the email account at the
ISP
so you are confusing two different senses of the word "own" in one
sentence and comparing apples to oranges

Elias Bizannes says: right - so we an an identifier and an account.
The acocunt holder owns the account. But the identifier - are we
saying no one owns that?

Nitin Borwankar says: again the confusion of object and representation
- the users still owns the address to use, to abuse to discontinue and
to transfer to another person if they are stupid enough
howver when they give me their business card I own the business card
with their email address on it becuas ethey gave it to me
now I create an electronic version of their business card on my
blackberry I won that too - just like I own the photo I took of the
eiffel tower but I don't own the eiffel tower
please subs "own" for "won" my fingers are not following my command
today

Elias Bizannes says: haha no worries
if you press the up key, or right click a message, you can edit it

Nitin Borwankar says: ahhh learn something new everyday ! thanks
so to your earlier point that use rights === ownership I am saying
ownership includes use rights but ownership is a strict superset of
use rights

Elias Bizannes says: I still am a bit un-easy about the representation
thing. What springs to mind is defamation law. In Australia, a
journalist can publish information about a celebrity - and the
celebrity can invoke their right to the representation of that
information. They can do this through the courts of equity to create
an injunction or through damages
Just because someone creates their own representations, Privacy law
dictates people still own that representation
(as in, the person being represented)

Nitin Borwankar says: I think there in yur first example we are not
talking about property per se but of libel/defamation - the
representation is merely a vehicle for the defamation and the
defamation cannot stop without the words/pictures etc being restricted
so the issue at hand there is not property its just a subtext there
on the other hand if I take a picture in a public place of the eiffel
tower and it includes some tourists - they don't own my picture.
however if I publish the picture in LIFE magazine and I win 20,000$
becuase of the way the tourist was standing on his head in front of
the eiffel tower ( added value )
then if the tourist sues me for part of the prize money then if he has
a really smart lawyer then he might win some money ... so its a really
really edge case
and the law doesn't give people in public places rights to photos
taken of them

Elias Bizannes says: Ok - good points. But explain the defamation one,
still don't get what you mean

Nitin Borwankar says: now TV shows make sure they get waivers from
passersby becuase they don't want to get sued and just want to get on
with it .... etc
about the defamation the case is about defamation and whether it was
print photos or a guy standing on the side of the road shouting John
Doe is a fi*ing idiot,
the defamation is the issue not the medium

Elias Bizannes says: actually not quite. In Australia, a journalist
can reveal truthful information - and still be sued for defamation
The libel laws arn't just about defaming them - it's about what is
allowed to be represented about someone

Nitin Borwankar says: sure but the truthfulness is not an issue here -
say he's shouting John Doe has a wart on his butt 9and say that's
true) ... no change in my argument
my argument being the medium inwhihc th edefamation took place will be
restricted to stop the defamation - so the guy may be ordered to stop
shouting or the placard he is holding may be seized to prevent him
from showing it etc. the point I am making is that an additional
variable - defamation - has been added to the equation so we are not
comparing apples and oranges
my earlier comment had the phrase - withn limits of the law - so if I
use my property and break the law then the law in question will
determine how my property rights will be restricted - but the example
you gave was a use outside the limits of the law so we were not
comparing apples and oranges - as I mentioned earlier the examples I
am giving are deliberately constructed to illustrate the issues so
they have a lot of meaning in them

Elias Bizannes says: good points, digesting them :)

Elias Bizannes says: so to rehash - there are objects and there are
repesentations. An object is a photo, an e-mail account.

Representations are things that identify an object. So an e-mail
address is a representation?

And objects in that sense - I agree are owned. But representations are
owned by whoever creates them?

Nitin Borwankar says: no an object is the thing of which the photo is
taken, the email account, the email address ....
the representastion of my email address could be
"notmyrea...@somedomain.com" and this may be cut and pasted many
times each copy is a representation
a photo of the eiffel tower is a representation of the object the
eiffel tower

Elias Bizannes says: so a representation is defined by how an object
is placed in a medium
e-mail address, eiffel tower = objects
business card, photo of tower = representation

Nitin Borwankar says: representation could be loosely defined as how
an impression of the object is projected onto a medium - the object
itself is not placed there
yes to your pair of examples
my address book is a representation of a collection of email addresses
of my friends/contacts
I own my address book on my Blackberry but not the email accounts of
my friends
whose addresses are in my address book
I own my phone book but not all the businesses in the yellow pages,
just their representation on paper - in general think of the analog in
the physical world and understand it there - the electronic online
version follows relatively straightforwardly after that - modulo a
number of unique chracteristic s of the online medium such as the
ability to reproduce copies easily etc. In general its far simpler
to explain and give real world examples as they are grounded in
people's everyday experience

Elias Bizannes says: true - when you frame everything as a piece of
media, ownership rights are clearer cut

Nitin Borwankar says: also I am not strident about asserting my
property rights except when people try to blatantly take them away
from me ;)
make a copy of my data and monetize it - I may not be too upset
(unless its really sensitive) but stop me from accessing and using
data that i created I get a little pissed off ... so that's where I am
coming from

Elias Bizannes says: Going back to the concept of owning the media
that represents someone

In Australian law, a job interviewer's notes about a candidate can be
accessed by a candidate.

So if the interviewer owns the media of that representation, doesn't
that mean he can control who has access it? It's invalid to say he
owns that media if he cannot control how its used.

Sorry, just thinking through what you've said by application
Or do we say here, even though he owns the media (like lets say
facebook), the user still has the right to access that information

Nitin Borwankar says: an email address record in my address bokk is a
representation
sorry responding to some older comment ...
well I am not making a blanket comment that a creator owns content -
clearly if I photograph a top secret facility I not only don't own the
photo I will end up in jail

Elias Bizannes says: But applying what you've said that an e-mail
address (ie, a representation) in a piece of media like a business
card, is owned by by you. You could say the same thing tha facebook as
a storage facility outputing the data as a medium, is the same thing.
Therefore they own that e-mail representation, and therefore, you
cannot export that address

Nitin Borwankar says: all my examples assume that the creation of the
content doesn't bump up against other laws - the clause "within limits
of the law" is critical

Elias Bizannes says: agreed and good point

Elias Bizannes says: google's change of mission statement due to china
taught us that one :)

Nitin Borwankar says: my copy of the email is owned by me and their
copy of the email - if I allowed facebook to make it - is owned by
them - now when we start talking about free services we add another
wrinkle which is data monetization
Facebook wnats to make a copy because they want to monetize the social
graph becuase I am not paying for the service and they have to make
money somehow so my argument is that by default I own what I make
(within the limits of the law) - and I should be allowed to have an
option to pay for the services I use so I am not forced to trade my
data ownership rights for the use of Facebooks disk, webapp and
bandwidth. There are two reasons why i don't want to do this trade
a) the equation is horribly biased towards facebook in terms of value
given up versus value gained
b) I don't want rights to my data to be used against me
and I am willing to pay for value but facebook (and google and yahoo
and plaxo and .....) don't want to give me the option because they
have the massive advantage in the tradeaway fo my data rights for us
eof their web app
so I want to include all this in TOStemplates because I want to
catalyse a wave of entrepreneurship on the web that allows all these
different models to be created and user choice to be amplified
currently we have a very boring set of models and its time for some
excitement IMHO ;) ;)

Elias Bizannes says: :)
I'm still a bit weary about the representation thing

Nitin Borwankar says: sure it takes some time - I had a minor in
philosophy along with my BS EEng

Elias Bizannes says: Privacy is the right to control the
representation made abotu you by others regardless of who owns the
medium that publishises that representation

Nitin Borwankar says: yes whatever the law allows
The law does not allow peopl eiwth telephoto lenses to take photos of
activity in people's bedrooms
becaus ethey have a "reasonable expectation of privacy"
the guy who was buying his girlfriend an engagement ring had a
reasonable expectation of privacy becuase he didn't tell anyone about
it
but the jeweller's web site sent a message to facebook wihtout his
permission and all his social network knew that he was about to
propose - do we need a better example than that
if we don't strongly assert the boundaries of what vendors can do with
our data there will be no limits - they will not have self imposed
boundaries

Elias Bizannes says: But you've aknowledged above that currently
facebook's showing a friends e-mail, is owned by FB because they own
the media object displaying the representation.

Elias Bizannes says: but if you copy that e-mail somewhere else
manually, you can own it?

Nitin Borwankar says: or what if I write a script like Scoble did ?

Nitin Borwankar says: I should be able to - I put the darn data in for
God's sake !!! where do they get off resticting me from doing
that ..... that's where I put my foot down

Elias Bizannes says: ...you didn't put the data there.
your friend put the data there, facebook gave you access once the
friendship was approved

Nitin Borwankar says: I caused it to be aggregated on my page or in my
book - my friends put it there for me
facebook did nothing active - they provided the resources
I use a taxi and a private road to carry my silver from my home to the
bank - does the taxi owner and the private road owner have rights to
the silver?
Only if they strongarmed me and forced me to becuase I wanted to use
the taxi and the road and I didn't have the power to resist

Elias Bizannes says: I think it's more a case of your friend allows
you to share a cab with his silver. Are you allowed to take that
silver and claim it as your own?

Nitin Borwankar says: and I didn't have any other way to get there
from here
in this case the person who owns the silver is my friend, the taxi and
road are facebook and the silver is the emailaddress and the bank is
my addressbook, no need to add another friend

Elias Bizannes says: yep - so to export that e-mail into you address
book, you need your friends approval
because that representation is owned by them
whereas above we are saying the representation of the person who
created it on a piece of media, is owned by them

Nitin Borwankar says: not once they have given it to me - once you
give me my business card you can't call me a week later and say you
can't enter it into your laptop or you can only look at it at a
certain angle
also we need to be careful not to mix privateky created data with
socially created data - with the friend example we cannot apply the
eralier example blindly becuas ethe earlier example only applies to
privateky created data - only one person was involved in the ceration
with socially created data we need to carefull parse out the different
situations just like we are right now
carefully

Elias Bizannes says: which is like saying anything publicly available,
can be taken by someone to use. No one really owns this
representation, as no one can control how it gets used.
I suppose the difference with my thinking is that I am thinking of the
data as intangiable information whereas you frame is as a physical or
equivilant media property

Nitin Borwankar says: when a person puts their data into my address
book I don't get a right to their address book just the copy in my
addressbook
data as something known is abstract information - facts etc. in the
context of DP we are always always talking about some bits on a disk
somewhere - not an abstract idea without the bits
so as you mention earlier I don't own your name but if I make a note
of your name in my paper address book i own that addressbook and that
includes the writing on it but i don't own your name - similarly I
don't own the fact that today is say the 10th of July 1999 but when I
enter that into my diary I own the diary and the writing on it

Elias Bizannes says: So it's not that anyone owns the actual data, but
rather, who can use it and see it on a medium?

Nitin Borwankar says: similarly I look at a sports event and I write
up a story about the match - so do you - you own your story I own
mine, and if we did it for hire then California law says that the
person who hired us to write the story owns it - but they don't own my
memories in my head of the event
each data record is a unique set of bits - this sentence exists on my
disk in my log and on your in your log and unless you said something
copyrighted and as longa s I don't start violating other laws I own my
log file and you own yours and Skype ha sthis in their log too - who
owns the log in the Skype server becuase I gave them the right to do
that in my EULA - Wesabe maintains no unencrypted copies of your
private data on their server - only the encrypted version and the keys
reside on your server - so only you can really use the data (aside
from the guys at the 3 letter agencies) so Wesabe maintains bits that
represent your data but really can't monetize them in the way facebook
can monetize your addressbook because Wesabe is doing the "right thing
by users" and facebook is doing the right thing for their VC's and
founders at the cost of their users.
the keys reside on your client not server sorry ...
"So it's not that anyone owns the actual data, but rather, who can use
it and seen through a medium?"
what is the "actual data" separate from its representation ? do you
mean "object" instead ?
to it is that someone owns it, to others it may not be that important
who owns it - tha fact is that the law assigns ownership to digital
bits and thats why the EULA's make suer they say that the ownership is
handed over to the vendor - ownership is not being magically imposed
on this scenario artificaially - it exists, has been defined and has
been given away (IMHO, coercively) by EULA's that do not do the right
thing
so make no mistake ownership isn't something we need to invent - we
just need to understand it and reclaim it - if we want to - it so
happens I do - but some people may choose not to
anyway it's been a great conversation and I need to go get dinner
thanks for the great questions - they have helped clarify and refine
my ideas

Elias Bizannes says: thank you too - till next time :)


Steven Greenberg

unread,
May 3, 2008, 1:43:37 AM5/3/08
to dataportabili...@googlegroups.com
I cannot state strongly enough my belief that the focus on "ownership" is a siren song.  

If the question of ownership becomes central, we place service providers in the impossible position of having to determine who owns what before data can be moved.  It is not Facebook's job to figure out whether or not the picture I uploaded was actually copyrighted to someone else.  Making them do so only creates the environment for more restrictive policies, which is the exact opposite of what we want to achieve.

The question of portability comes down to just that: portability.  Who has access to the data, and what can they do with it?  

To my way of looking at the world, there are three classifications of data that we need to worry about:
  1. "First Party data" refers to data that I have entered myself.  For the purposes of portability, it is irrelevant whether I "own" the data or not.  What matters is that I entered it into the system.
  2. "Second Party data" refers to data that some other end user entered, but to which I have access.  This could be message board posts, member photo galleries, or address information.
  3. "Third Party data" refers to aggregate data that is generated by the service itself.  It may or may not be originally based upon First or Second party data.
Each site, of course, will want to offer a different mix of these three as befits it's particular business model.

All of these models are reasonable and rational.  Our goal should be to invent a standard way of discussing them so that users know what to ask for and sites know what is expected.
  • No portability:  Sites that deal in taboo or unpopular topics may not want their users to take anything off site.  Other sites whose business model is based upon offering a service free of explicit charge, but which use control over user data to force users to return, might not want to allow portability.  As long as the user knows what they're agreeing to, these are reasonable.
  • First party portability: The user can freely move data that they have provided, but are discouraged from attempting to download any derivative data
  • Limited second party portability: Others can mark their data as being available
  • Full second party portability: Second party data is fully available
  • Fully open: All data on the site, regardless of source, is available.

Yes, we need better names for the groupings.  

Your thoughts?

    Steve


Brady BD

unread,
May 5, 2008, 8:56:07 PM5/5/08
to DataPortability.Action.Policy
Steve, I like the way you have broken down the five degrees of
portability. I think it might not hurt to try to pair that down to
three different models (at least as far as the user is concerned), so
as to avoid potentially overwhelming end-users. We should also add
the first, second and third party data definitions to the wiki.

-Brady

On May 2, 10:43 pm, "Steven Greenberg" <green...@puzzlingevidence.net>
wrote:
> I cannot state strongly enough my belief that the focus on "ownership" is a
> siren song.
> If the question of ownership becomes central, we place service providers in
> the impossible position of having to determine who owns what before data can
> be moved.  It is not Facebook's job to figure out whether or not the picture
> I uploaded was actually copyrighted to someone else.  Making them do so only
> creates the environment for more restrictive policies, which is the exact
> opposite of what we want to achieve.
> The question of portability comes down to just that: portability.  Who has
> access to the data, and what can they do with it?
>
> To my way of looking at the world, there are three classifications of data
> that we need to worry about:
>
>    1. "First Party data" refers to data that I have entered myself.  For
>    the purposes of portability, it is irrelevant whether I "own" the data or
>    not.  What matters is that I entered it into the system.
>    2. "Second Party data" refers to data that some other end user
>    entered, but to which I have access.  This could be message board posts,
>    member photo galleries, or address information.
>    3. "Third Party data" refers to aggregate data that is generated by
>    the service itself.  It may or may not be originally based upon First or
>    Second party data.
>
> Each site, of course, will want to offer a different mix of these three as
> befits it's particular business model.
>
> All of these models are reasonable and rational.  Our goal should be to
> invent a standard way of discussing them so that users know what to ask for
> and sites know what is expected.
>
>    - No portability:  Sites that deal in taboo or unpopular topics may
>    not want their users to take anything off site.  Other sites whose business
>    model is based upon offering a service free of explicit charge, but which
>    use control over user data to force users to return, might not want to allow
>    portability.  As long as the user knows what they're agreeing to, these are
>    reasonable.
>    - First party portability: The user can freely move data that they
>    have provided, but are discouraged from attempting to download any
>    derivative data
>    - Limited second party portability: Others can mark their data as
>    being available
>    - Full second party portability: Second party data is fully available
>    - Fully open: All data on the site, regardless of source, is

Steven Greenberg

unread,
May 6, 2008, 8:49:25 AM5/6/08
to dataportabili...@googlegroups.com
Thanks.   I was starting to worry that the group had collectively shaken its head at me and decided that the only response was an Amish style shunning.

Having had that small amount of validation, I will put this on the wiki.

    Steve

Julian Bond

unread,
May 6, 2008, 9:21:29 AM5/6/08
to dataportabili...@googlegroups.com
Plus one from me. I think several of us had been saying the same thing
but using the "own" word. I never really meant literally "own" in a
legal, copyright sense. It was always in a social sense which is what
you're saying here.

Having said all that copyright of content posted on shared sites is
equally contentious and obviously has a direct bearing on the ToS. I
take the view that both the author and hosting site have some moral
right to the copyright simultaneously. Barring any other agreement (like
a journalist being paid to write) the author ought to be able to do
whatever they like with the content they've posted including post it
elsewhere. And at the same time the hosting site should also be able to
do whatever they like with it include re-publish it elsewhere without
asking the author. So I could post words on a social networking site on
my own blog without asking. And the social networking site could produce
a book on the wisdom of crowds, containing my words, without asking.

JB

Steven Greenberg <gree...@puzzlingevidence.net> Tue, 6 May 2008
08:49:25

--
Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173
Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433
Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat
Get _Sirius_ in 2008

Mark L

unread,
May 6, 2008, 7:37:11 PM5/6/08
to dataportabili...@googlegroups.com, gree...@puzzlingevidence.net

Hi Steve, 

Silence may not show the whole picture.   Your posts and the discussion here provides excellent food for thought. 
I may be able to contribute.  Can you please send me information regarding the wiki address, and any other activities/communication channels which may be actively used by this topic so there are more options for communicating rather than just this mailing list?

As for your last post, it has been very thought provoking and this mailing list has already helped me wrestles with some of the more core issues with data portability and management of identities.   I agree that ownership is the wrong focal point for discussion, and believe that focusing on the more obvious control and access control issues surrounding data portability may be fruitful. 

As for the classifications you have mentioned, this is a great way to look at data portability but I wonder about the technical legal aspect of control and wonder if a framework with a legal/functional classification system would address both the legal dimension and the order of access functionality which is required from a framework.  In fact more dimensions may need to be added here. 

I have started conceptualising something I have been calling the Master Data Controller Access Framework which I think would be very helpful.  This is intended to provide a hierarchy based on the legal guardian and/or originator/ subject of data and then an access framework like first, second, third, party contract usage and control rights. In my view law needs to be interpreted to articulate granular data usage/export rights, to deal with a major issue know these days as 'informed consent'.  

I completely agree the job is to articulate a standard.  +1  if I can I would like to help.


- Mark


nitinborwankar

unread,
May 7, 2008, 2:57:20 AM5/7/08
to DataPortability.Action.Policy
Hi Steve,

A couple of comments.

you say "> If the question of ownership becomes central, we place
service providers in
> the impossible position of having to determine who owns what before data can
> be moved. "

IMHO, a huge logical jump here and a couple of major misunderstandings
of the whole data ownership issues as well.

The logical jump :-

"> If the question of ownership becomes central, we place service
providers in
> the impossible position of having to determine who owns what before data can
> be moved. "

Could you explain how one follows from the other?
At no point does the vendor need to decide who owns the content - they
just need to stop acting as if they themselves do.
It doesn't matter at first who it belongs to as long as the vendor
does not claim it belongs to them. To a first approximation the person
who uploads it
is the owner. If they have stolen something Facebook can't be held
responsible - but if Facebook claims it as their own don't they now
claim something as their own
which was stolen? So it would seem they better determine the ownership
before they claim it as their own.
So the whole logic there is pretty broken from my POV. And there's a
huge misunderstanding about what I said. Because none of my arguments
imply that the vendor needs to determine ownership.

Finally I would agree that data ownership wasn't the central issue
proposed by the initial dataportabilty effort. And I think that was a
mistake that ownership was left off.

In initial discussions with DP folks (Mike Reynolds, Marjolein, Elias)
after I wrote the GigaOm article people
a) insisted that what I said in the article was included or aligned
with the DP effort and
b) grudgingly agreed that the Data Portability name was probably not
the best description of the whole effort

see below for context
http://changingway.org/2008/02/06/data-property-rights/
http://gigaom.com/2008/02/06/data-property-rights-not-portability/

So if the argument is "it needs to be about portability because the
name says so " then that is also not a very strong argument.
Especially given the general agreement, at least among some, that the
word "portability" does not encompass all the things we wish to
include in this effort. So talking about ownership expecially if it
supports data rights for users isn't a siren song - it just wasn't
originally included and I argue it should.

In the interest of accuracy and generally making sense when using
words it's also useful to remember that the word "portable" means
"able to be carried" and implies a move from one place to another.
Accesible ultimately comes down to "having a URL to" - while
portability in its full meaning of "being able to be moved" implies
the ability to take data off a web site i.e. there must not only be
accessibility but deletability as well.

So while data portability is a useful loose notion it is not crisp
enough until we parse it down into the lower level operations of
"read" "write" "delete" etc.
IMHO, any new concepts we introduce need to be grounded in these
fundamental operations that we already understand, IMHO. Just to
respect the great Mr. Occam.

As far as whether the term ownership is a "siren song" it would be
useful to look in detail at the TOS's where vendors claim ownership
rights on user data.
If they find it necessary to put it in the TOS and claim ownership it
would "ostrich-with-head-in-sand" behavior to imagine that ownership
is irrelevant.
I'l believe that when TOS's stop claiming ownership - until then I
can't see how we can ignore the issue.

Nitin

Christian Scholz / Tao Takashi (SL)

unread,
May 7, 2008, 5:59:06 AM5/7/08
to dataportabili...@googlegroups.com
Hi!


On Tue, May 6, 2008 at 3:21 PM, Julian Bond <julia...@voidstar.com> wrote:
>
> Plus one from me. I think several of us had been saying the same thing
> but using the "own" word. I never really meant literally "own" in a
> legal, copyright sense. It was always in a social sense which is what
> you're saying here.
>
> Having said all that copyright of content posted on shared sites is
> equally contentious and obviously has a direct bearing on the ToS. I
> take the view that both the author and hosting site have some moral
> right to the copyright simultaneously. Barring any other agreement (like
> a journalist being paid to write) the author ought to be able to do
> whatever they like with the content they've posted including post it
> elsewhere. And at the same time the hosting site should also be able to
> do whatever they like with it include re-publish it elsewhere without
> asking the author. So I could post words on a social networking site on
> my own blog without asking. And the social networking site could produce
> a book on the wisdom of crowds, containing my words, without asking.

Maybe words, not so sure about multimedia content. Ask the flickr community
what they think about flickr creating photobooks out of their photos
without asking
and you will create uproar. This even happened already when they switch from
their flash interface to the AJAX one allowing then to download a photo by
right-clicking.

Recently I also got a reply on seesmic after talking about DP there
where somebody
complained about seesmic suddenly making all videos available to Google search.
So I think if you have a community at hand you need to be careful of what you do
and you also should give people control about where data can go. This
should include
the site itself. At least it should be made clear in which ways
uploaded data is and can be
used.

Otherwise +1 to what Steve said. Where do comments actually fit in?

-- Christian

--
Christian Scholz
Tao Takashi (Second Life name)
taota...@gmail.com
Blog/Podcast: http://mrtopf.de/blog
Planet: http://worldofsl.com

Company: http://comlounge.net
Tech Video Blog: http://comlounge.tv
IRC: MrTopf/Tao_T

Reply all
Reply to author
Forward
0 new messages