Who owns the information?, 2005-07-08
Story continued from Page 1
These questions have largely been answered by laws created before the CD was even invented, in some ways. Yet even with a fairly thorough understanding of what I paid for, and what I can do with it, I can still find myself in a legal and moral quagmire. What responsibility do Internet Service Providers bear in violation of these laws, when they purely provide the medium to transfer file? How about the manufacturers of the various types of software that can share files? What do we do about those who manipulate the information itself for other purposes? Essentially we are asking what are the moral and legal responsibilities of the individual is with regard to this information.
If someone steals some content that I paid for, and misuses that information, do I have liability if I didn't take appropriate precautions? In the physical world, the answer is crystal clear so why is it not as clear in the electronic world?
Privacy and control
The problem gets more difficult when we change the roles and deal with vague concepts like personal information. Suppose you fill out a form that contains your email address, your birthdate and some other information required for a legitimate reason, to obtain a particular service. What happens to that information once it is typed into a computer? Who has access to it, and does it now belong to the entity that collected it?
What do we do about ensuring that the entities who collect, use and store personal information behave with appropriate responsibility? There have been so many massive security breaches in the last few months that it's clear the responsible nature is very often lacking.
As of late, some corporations have been aggressively pursuing legal options to ensure that the people who have bought access to their information behave responsibly in the existing legal framework. Who do we have ensuring that these same companies behave appropriately on behalf of the individuals who gave out the information in the first place?
The recent and wide-spread theft of credit-card information from a major credit card clearing house highlights the problem stored information. Most people are bothered by this, but few are bothered for the right reasons: why was the company storing the information in the first place? Psychology talks about human behavior being determined by incentives and dis-incentives. It seems to me that the behavior of large groups of people known as corporations and governments is even simpler to understand because this behavior is determined solely through economic incentive. If the penalties for security breaches are high enough, the corporate behavior will change - but until that happens, the security breaches will continue.
As more and more of our information is stored in databases, correlated with other information about us, and then made available through security breaches, we must continue to address the issue of who owns our information, who is allowed to store it, and what they are allowed to do with it. The current state of security (or lack thereof) among major stakeholders only serves to bring these issues evermore to the forefront of societal and legal change.
