Who owns data PRoperties in view of Information Security Measures?

The media currently ventilates a lot of heat about boundless governmental spying activities whereas the most citizens stay astoundingly calm.
As I however see the debate on PRISM and whatever emerges nowadays it goes back to a very old issue: code versus data.

Code belongs to an entity in order to work on data obtained from any valid source. Code emanates and absorbs data. Data can be ported much easier to any other code base than the code itself. But code itself is effectively useless without data.
Back in the 1990’ies, Lawrence Lessig argued in his book “CODE” that “code is law” as it forms and therefore rules the internet. Hence, the internet convenes individual regulations through code provided by their owners as an unlimited and unregulated space. Nowadays, we see the down side of Lessig’s argument. Since the internet is regulated at most on a national level, say fiscal laws or reasons of law enforcement, the internet has only feeble checks and balances on the governmental and global level.

Too big to jail

The US, once great for their antitrust cases like AT&T in the 1980’ies, watered down its liberal attitude from downsizing companies that had become too mighty to jeopardize the economic interest of stability, down to a laisser-faire attitude as long as the functional entity serves the vested national security interest. That’s how “too big to fail and jail” became the raison d’être.
That way, the soft and indecisive talks on regulation and tax evasion by certain famous companies are to be looked at in a different light, i.e. whether the government’s interest of controlling an entity in cases of national security exceeds the government’s interest of fairness in taxation. Guess, who is to bear the costs of that attitude?

On the other hand, if Germany’s Federal Intelligence Service BND did something of the dimension of PRISM the US would have justifiably claimed an immediate stop to all activities infringing their citizen’s rights. Ironically, the rights of US citizens justify that the EU has to hand out all flight passengers data to US governmental bodies.
Suddenly, no political majority stands up to represent the need for protecting EU people’s interest on their data.

The whole affair reminds the reader on the good old industrial policy of the “Gilded Age” in the 19th century, as Paul Krugman characterized that time.
Property rights of functional entities, aligned to an “economic nationalism” on the policy level, shaped the interests of a society.
Therefore, it took decades to trade off environmental policy for profit seeking and economic expansion.

Lessons to learn from environmental policy

There we are, all issues of data protection and informational security resemble those of environmental policy as soon as one understands that data is an exhaust of functional entities and therefore a trade-able good generating profits and harm almost anywhere!
The continued tug-of-war over entrenched national economic interests in view of environmental pollution that does not stop at national borders provides the lessons to be learned while dealing with data protection and information security.
[Note: information security is treated as a larger topic including data protection in this article.]

By substituting the term environmental issues against issues of information security, the lessons to be taken are:

  1. Issues of information security transcend national borders, i.e. the perimeter, wherefore such issues cannot be wholly sanctioned on a local or national level.
  2. Issues of information security transcend temporal boundaries since their impact cannot be reversed or measured.
  3. Issues of information security transcend media boundaries since cause and impact fall locally apart.
  4. Issues of information security transcend boundaries of scientific disciplines since the solutions cannot be found in one area of research alone.
  5. Issues of information security transcend systemic borders since humans are embedded into subsystems and therefore bound by its structure and dynamic.

For anybody who  is interested: these lessons were penned as laws for environmental policy by an unnamed author under the name “Proposition of how the problem of ecology and economy is transcended fivefold” (“Fünffacher Sprengsatz der Ökologie-Ökonomie-Problematik”), probably in the 1980’ies.

Solutions, please

Are we at an inflection point from where companies and institutions can abandon any legal obligation regarding the data ownership and the context of data creation without any limitation or control just for the sake of individual interest just by owning the CODE?

What can the public do else than staying calm since they cannot do anything?

In fact, demanding the public to limit and carefully consider their exhaust, i.e. their data output, might be a consequential solution as long as one follows the good old linear cause-and-effect chain. Behind that logic stands traditional industrial policy that any externality can be repatriated. But such demand would shake the business model of several IT companies while their data supply dries out.

Building new walls around the national network perimeter could be another approach but would effectively open the door to more governmental control over data within its borders and at the gates. Rising international tensions regarding the free flow of data could put the nations close to the brink of cyber war.

Finally, a different business model may help. Such a model honors the creation of data rather than handling data. That way, data producers are compensated if they permit the reuse of the values they produce. The admission has to be given for each unit of data, say, a message, a picture, or a tone.
Today’s business models puts code owners into a higher position by requiring data producers to cede all their rights to code owners without any compensation and no real consent. Consent has to be given in general terms without regard to the value of data and through a check box at the end of a form linking some terms and conditions.
The form itself was generated by – CODE.

Advertisements

1 Response to “Who owns data PRoperties in view of Information Security Measures?”



  1. 1 Information Security: YES, YOU CAN! | The German Angst faces IT Security and Risk Trackback on July 13, 2013 at 10:09 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s





%d bloggers like this: