Date   

Re: W3C Privacy CG

Lisa LeVasseur
 

Excellent-- thanks for the additional info, Christine! It's great to see these worthwhile initiatives. Keen to see how we can help inform the work.

Lisa

-----Original Message-----
From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> On Behalf Of Christine Runnegar
Sent: Wednesday, May 13, 2020 3:34 PM
To: main@Me2BAlliance.groups.io
Subject: Re: [Me2BAlliance] W3C Privacy CG

Hi all.

For further information:

The W3C Privacy Community Group (Privacy CG) meets the second and fourth Thursday every month at UTC 16, alternating with the W3C Privacy Interest Group (PING) which meets the first and third Thursday.

The Privacy CG’s mission is to "incubate privacy-focused web features and APIs to improve user privacy on the web through enhanced browser behaviour”. If you are interested in seeing what they are working on, please take a look here: https://github.com/privacycg and/or consider joining the CG.

Today’s meeting was the first day of a “virtual F2F”. You can find out more here: https://github.com/privacycg/meetings/tree/master/2020/05-virtual

Speaking as a co-chair of PING, let me take the opportunity to invite and encourage any interested privacy experts here to join us to help with privacy reviews of Web standards, especially with draft APIs that access sensors and hardware connected to devices. Or, if you prefer, you could also lend your expertise to helping write a Web privacy threat model. You don’t have to be an expert in Web standards, although that would be a bonus. You also don’t have to be a W3C member, you can join as an invited expert. I would be happy to provide more information if that would be helpful. Please contact me off-list.

Christine

On May 13, 2020, at 9:46 AM, Lisa LeVasseur via groups.io <lisa.levasseur=me2balliance.org@groups.io> wrote:

Hi folks,

The W3C Privacy CG is meeting today and tomorrow 8-12 PT. https://privacycg.github.io/

Seems like this group could be called: Browser Privacy CG, because it does seem mainly focused on browsers.

Which reminds me that, as we contemplate product categorizing and correlating risk profiles, Browsers definitely have a higher duty of care, imo, so it’s good to see this work. I believe our principles and research can help ensure that any outcomes from this group truly respect people.

Check out this Privacy Promise from MS: https://microsoftedgewelcome.microsoft.com/en-us/privacy

Lisa


Re: W3C Privacy CG

Christine Runnegar
 

Hi all.

For further information:

The W3C Privacy Community Group (Privacy CG) meets the second and fourth Thursday every month at UTC 16, alternating with the W3C Privacy Interest Group (PING) which meets the first and third Thursday.

The Privacy CG’s mission is to "incubate privacy-focused web features and APIs to improve user privacy on the web through enhanced browser behaviour”. If you are interested in seeing what they are working on, please take a look here: https://github.com/privacycg and/or consider joining the CG.

Today’s meeting was the first day of a “virtual F2F”. You can find out more here: https://github.com/privacycg/meetings/tree/master/2020/05-virtual

Speaking as a co-chair of PING, let me take the opportunity to invite and encourage any interested privacy experts here to join us to help with privacy reviews of Web standards, especially with draft APIs that access sensors and hardware connected to devices. Or, if you prefer, you could also lend your expertise to helping write a Web privacy threat model. You don’t have to be an expert in Web standards, although that would be a bonus. You also don’t have to be a W3C member, you can join as an invited expert. I would be happy to provide more information if that would be helpful. Please contact me off-list.

Christine

On May 13, 2020, at 9:46 AM, Lisa LeVasseur via groups.io <lisa.levasseur=me2balliance.org@groups.io> wrote:

Hi folks,

The W3C Privacy CG is meeting today and tomorrow 8-12 PT. https://privacycg.github.io/

Seems like this group could be called: Browser Privacy CG, because it does seem mainly focused on browsers.

Which reminds me that, as we contemplate product categorizing and correlating risk profiles, Browsers definitely have a higher duty of care, imo, so it’s good to see this work. I believe our principles and research can help ensure that any outcomes from this group truly respect people.

Check out this Privacy Promise from MS: https://microsoftedgewelcome.microsoft.com/en-us/privacy

Lisa


W3C Privacy CG

Lisa LeVasseur
 

Hi folks,

 

The W3C Privacy CG is meeting today and tomorrow 8-12 PT. https://privacycg.github.io/

 

Seems like this group could be called:  Browser Privacy CG, because it does seem mainly focused on browsers.

 

Which reminds me that, as we contemplate product categorizing and correlating risk profiles, Browsers definitely have a higher duty of care, imo, so it’s good to see this work.  I believe our principles and research can help ensure that any outcomes from this group truly respect people.

 

Check out this Privacy Promise from MS:  https://microsoftedgewelcome.microsoft.com/en-us/privacy

 

Lisa


Re: Another one for GoodTech.wiki -> DotEveryone's Trustworthy Tech work

Lisa LeVasseur
 

This in particular:  https://doteveryone.org.uk/wp-content/uploads/2017/09/Doteveryone_TrustworthyTech-Partners_booklet.pdf 

 

I note that this was produced in conjunction with B-Corp (Guy).  Anyone know what’s come of this work?

 

From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> On Behalf Of Lisa LeVasseur
Sent: Tuesday, May 12, 2020 7:25 AM
To: Me2BAlliance@groups.io
Subject: [Me2BAlliance] Another one for GoodTech.wiki

 

https://www.doteveryone.org.uk/project/trustworthy-tech-partners-programme/ 

 


Another one for GoodTech.wiki

Lisa LeVasseur
 


Doteveryone publishing their 2020 Digital Attitudes Report + Good Example privacy policy for online events?

Lisa LeVasseur
 

I was looking at this event /report from doteveryone, which looks good:  https://www.doteveryone.org.uk/2020/05/people-power-and-technology-2020-report-launch-event/

 

And noted this referenced policy from the Ada Lovelace Institute:  https://www.adalovelaceinstitute.org/privacy-cookies-virtual-events/


"Trust Through Transparency"

 

As many of you know, a few of my fellow MyData Silicon Valley members and myself recently started Project App Assay for COVID-19.

This highly focused project examines apps in detail that claim to help with fighting the pandemic. We deep dive (“assay”) into the details, and evaluate how, among other things, app developers choose among the available alternatives for implementing specific features in their apps (e.g. different algorithms and data architectures for Bluetooth-based contact tracing).

Many of the questions that pop up in this very specific context are similar to the questions Me2BA works on in a broader context.

A core question is: “The app developer says X, but can we believe this?” E.g. privacy policy, or how often they do security audits, or … Because if all we have is the word of the developer, or some PR puff pieces, well …

In case of government-authorized / sponsored and sometimes mandated COVID-19 apps (like India, I am told), many of the free market / legal remedies against the developers having lied (like “we’ll sue their pants off”) may not be a realistic option.

So here is an idea for (one aspect of) how apps could be evaluated. As this is a draft idea, I put it on my blog first:


I would love your feedback, both in a COVID-19 apps context, and whether / how this could / should / should not be applied to my toaster and my search engine and whatever other tech I have.


P.S.S Spoiler alert: Most of today’s products score very low in this scheme. This won’t mean it’s a bad evaluation scheme, however. In particular because I believe that at least for larger businesses, it would be reasonably simple and not too expensive to move themselves into the green category if they chose to do so. And as a consumer, I’d love that ...



Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088




Re: Facebook Oversight Board

Kathryn Harrison
 

Great piece from David Kaye on it: https://www.justsecurity.org/70035/the-republic-of-facebook/



Kathryn Harrison

Founder & CEO
DeepTrust Alliance
kathryn@...
+1 917 648 7266

Linkedin
Twitter





On May 6, 2020, at 4:12 PM, Lisa LeVasseur <lisa.levasseur@...> wrote:

In the news today, the creation of this:  https://www.oversightboard.com/
 
 


Re: Facebook Oversight Board

Lubna Dajani
 

Very interesting thank you 

, so please forgive any typos or autocorrect fumbles 
+1 201-982-0934



On May 6, 2020, at 11:12 PM, Lisa LeVasseur <lisa.levasseur@...> wrote:



In the news today, the creation of this:  https://www.oversightboard.com/

 

 


Facebook Oversight Board

Lisa LeVasseur
 

In the news today, the creation of this:  https://www.oversightboard.com/

 

 


Policy brief on the US designating privacy as a human right in legislation

 

Interesting perspective on US privacy legislation.

Begin forwarded message:

From: Michelle De Mooy <mdemooy@...>
Subject: Policy brief on the US designating privacy as a human right in legislation
Date: May 5, 2020 at 10:14:36 PDT
To: Michelle De Mooy <mdemooy@...>

Hi friends,

I hope you are all safe and healthy. I wanted to share with you my policy brief, which describes why most privacy legislation is doomed to fail and why, instead, the United States should make privacy a human right via federal legislation. 

The brief lists 10 policy elements that I believe should be in federal legislation. It includes some ideas you've seen before and some that you haven't, such as why a person's data should be considered akin to the physical body and a requirement for platforms to provide a "trust" index for some types of information. There's also a brief section on data collection/sharing/use during the COVID-19 pandemic. 

Stay well and stay in touch!
Michelle





Johannes Ernst

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088




Certification Criteria Status for IIW

Lisa LeVasseur
 

Hi friends,

 

Here’s a link to the presentation I whipped through in this morning’s monthly status call:  https://me2ba.sharepoint.com/:p:/s/GoodCoPsWG/EVECb5VydRFEtXXeZLlqZ50BfzsKy1NzYuFIMflHt_jlUA?e=YmlBix 

 

Lisa


Report from Qualitative Test #2

Lisa LeVasseur
 

Hi folks,

 

Here is the final report from our second round of qualitative testing on the Me2BA Certification criteria/assurances: 

https://me2ba.sharepoint.com/:b:/s/GoodCoPsWG/EbTAUHO9ku9DhLF72sOwt-wBWqTUyvUw7e9oRx8R-_i0Ug?e=b7lfOB

 

Lisa


Upcoming Event: Me2B Alliance Monthly Call - Mon, 05/04/2020 8:00am-9:00am #cal-reminder

main@Me2BAlliance.groups.io Calendar <main@...>
 

Reminder: Me2B Alliance Monthly Call

When: Monday, 4 May 2020, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles

View Event

Organizer: Megan Bekolay

Description:

Lisa LeVasseur is inviting you to a scheduled Zoom meeting.
 
Topic: Me2B Alliance
Time: Mar 2, 2020 08:00 AM Pacific Time (US and Canada)
        Every month on the First Mon, until Aug 3, 2020, 6 occurrence(s)
        Mar 2, 2020 08:00 AM
        Apr 6, 2020 08:00 AM
        May 4, 2020 08:00 AM
        Jun 1, 2020 08:00 AM
        Jul 6, 2020 08:00 AM
        Aug 3, 2020 08:00 AM
Please download and import the following iCalendar (.ics) files to your calendar system.
Monthly: https://zoom.us/meeting/vpMoce6qqDkph3jl_ajkRgY0KikqhW7ZHQ/ics?icsToken=98tyKuqvqz0tGNKXs1_Hf6kqE9r8b9_qknkdoK9inRXuMSdqMij_PfNKBeVFOOmB
 
Join Zoom Meeting
https://zoom.us/j/375672623
 
Meeting ID: 375 672 623
 
One tap mobile
+16699006833,,375672623# US (San Jose)
+14086380968,,375672623# US (San Jose)
 
Dial by your location
        +1 669 900 6833 US (San Jose)
        +1 408 638 0968 US (San Jose)
        +1 646 876 9923 US (New York)
Meeting ID: 375 672 623
Find your local number: https://zoom.us/u/acUTI5Weo
 


Monthly call tomorrow

Lisa LeVasseur
 

Hi friends,

 

I hope you’re all enjoying a lovely spring (or fall) weekend!

 

Reminder that tomorrow is our monthly Me2B Full Alliance call at 8:00am PT.

 

Join Zoom Meeting

https://zoom.us/j/375672623

 

Meeting ID: 375 672 623

 

One tap mobile

+16699006833,,375672623# US (San Jose)

+14086380968,,375672623# US (San Jose)

 

Dial by your location

        +1 669 900 6833 US (San Jose)

        +1 408 638 0968 US (San Jose)

        +1 646 876 9923 US (New York)

Meeting ID: 375 672 623

Find your local number: https://zoom.us/u/acUTI5Weo

 

Lisa

 


Re: VRM/Me2B day at IIW is next Monday 4/27/20

Doc Searls
 

 If I put it on the Eventbrite or the ProjectVRM list, there is a larger chance we'll get zoombombed. See https://www.consumerreports.org/video-conferencing-services/how-to-prevent-zoombombing/. Thoughts on approaches?

We're up to about 40 signed up now.

Doc

On Apr 26, 2020, at 6:54 PM, Lisa LeVasseur <lisa.levasseur@...> wrote:

Thanks Doc! 
 
And here’s the Zoom bridge info:
 
 
Topic: IIW - VRM/Me2B Day
Time: Apr 27, 2020 09:00 AM Pacific Time (US and Canada)
 
Join Zoom Meeting
 
Meeting ID: 947 9994 7093
One tap mobile
+16699006833,,94799947093# US (San Jose)
+12532158782,,94799947093# US (Tacoma)
 
Dial by your location
        +1 669 900 6833 US (San Jose)
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        +1 408 638 0968 US (San Jose)
        +1 646 876 9923 US (New York)
        +1 301 715 8592 US (Germantown)
        +1 312 626 6799 US (Chicago)
Meeting ID: 947 9994 7093
Find your local number: https://us02web.zoom.us/u/kXoV4UTLC
 
From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> On Behalf Of Doc Searls via groups.io
Sent: Sunday, April 26, 2020 2:12 PM
To: main@Me2BAlliance.groups.io
Cc: Me2BAlliance@groups.io
Subject: Re: [Me2BAlliance] VRM/Me2B day at IIW is next Monday 4/27/20
 
I added the bullets below to the Eventbrite. Additional changes welcome.
 
 
Registered so far:
 
Estee Solomon Gray
Michelle Klein
Sergey Tolkachev
Lisa LeVasseur
Guy Gabriele
Dan Miller
John Janowiak
Nitin Badjatia
mary hodder
Iain Henderson
Guy Gabriele
Kaliya Young
Cisa Kurian
Gam Dias
Erick Verry
Brent Shambaugh
Jim Hewitt
Katie Sousa
Bill Wendel
Paul Nemitz
Samuel Agrela
Britt Blaser
Adrian Blakey
Phil Wolff
Kevin Cox
Doc Searls
Cam Geer
Richard Whitt
Ernst Johannes
Milton Pedraza
John Wunderlich
Scott Mace
Jeff Orgel
James Pasquale
celine takatsuno
John Philpin


On Apr 22, 2020, at 5:14 PM, Lisa LeVasseur <lisa.levasseur@...> wrote:
 
Hi friends,
 
We’re hard at work finalizing the agenda for VRM/Me2B day next Monday.  Here are the proposed outcomes for the day:
  • Alignment on The Movement and how we want to refer to it.
  • Defining the space:  Alignment on the high level map of the ecosystem.
  • Dividing the work:  Readout from participants on where their orgs “live” in the ecosystem map, and how the movement is going from their perspective.
  • Measuring Products’ Me2B Alignment:  Intro to the Me2B Alliance Testing Criteria
  • Alignment on the Me2B Relationship Lifecycle Reference Model and Scenarios – [the start of] a common vision of a fully realized Me2B future world
Please let me know if you have suggestions on this. 
 
Don’t worry if you haven’t signed up yet, there’s still time to sign up and you can do so here:  https://www.eventbrite.com/e/vrmme2b-day-2020a-tickets-100546832282
 
Lisa
 
P.S.  PSA:  Today is Wednesday.  Tomorrow is Thursday.  See some of you on the UMA or ISI WG calls tomorrow morning.  
 
 
 



Re: VRM/Me2B day at IIW is next Monday 4/27/20

Lisa LeVasseur
 

Thanks Doc!

 

And here’s the Zoom bridge info:

 

 

Topic: IIW - VRM/Me2B Day

Time: Apr 27, 2020 09:00 AM Pacific Time (US and Canada)

 

Join Zoom Meeting

https://us02web.zoom.us/j/94799947093

 

Meeting ID: 947 9994 7093

One tap mobile

+16699006833,,94799947093# US (San Jose)

+12532158782,,94799947093# US (Tacoma)

 

Dial by your location

        +1 669 900 6833 US (San Jose)

        +1 253 215 8782 US (Tacoma)

        +1 346 248 7799 US (Houston)

        +1 408 638 0968 US (San Jose)

        +1 646 876 9923 US (New York)

        +1 301 715 8592 US (Germantown)

        +1 312 626 6799 US (Chicago)

Meeting ID: 947 9994 7093

Find your local number: https://us02web.zoom.us/u/kXoV4UTLC

 

From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> On Behalf Of Doc Searls via groups.io
Sent: Sunday, April 26, 2020 2:12 PM
To: main@Me2BAlliance.groups.io
Cc: Me2BAlliance@groups.io
Subject: Re: [Me2BAlliance] VRM/Me2B day at IIW is next Monday 4/27/20

 

I added the bullets below to the Eventbrite. Additional changes welcome.

 

 

Registered so far:

 

Estee Solomon Gray
Michelle Klein
Sergey Tolkachev
Lisa LeVasseur
Guy Gabriele
Dan Miller
John Janowiak
Nitin Badjatia
mary hodder
Iain Henderson
Guy Gabriele
Kaliya Young
Cisa Kurian
Gam Dias
Erick Verry
Brent Shambaugh
Jim Hewitt
Katie Sousa
Bill Wendel
Paul Nemitz
Samuel Agrela
Britt Blaser
Adrian Blakey
Phil Wolff
Kevin Cox
Doc Searls
Cam Geer
Richard Whitt
Ernst Johannes
Milton Pedraza
John Wunderlich
Scott Mace
Jeff Orgel
James Pasquale
celine takatsuno
John Philpin



On Apr 22, 2020, at 5:14 PM, Lisa LeVasseur <lisa.levasseur@...> wrote:

 

Hi friends,

 

We’re hard at work finalizing the agenda for VRM/Me2B day next Monday.  Here are the proposed outcomes for the day:

  • Alignment on The Movement and how we want to refer to it.
  • Defining the space:  Alignment on the high level map of the ecosystem.
  • Dividing the work:  Readout from participants on where their orgs “live” in the ecosystem map, and how the movement is going from their perspective.
  • Measuring Products’ Me2B Alignment:  Intro to the Me2B Alliance Testing Criteria
  • Alignment on the Me2B Relationship Lifecycle Reference Model and Scenarios – [the start of] a common vision of a fully realized Me2B future world

Please let me know if you have suggestions on this. 

 

Don’t worry if you haven’t signed up yet, there’s still time to sign up and you can do so here:  https://www.eventbrite.com/e/vrmme2b-day-2020a-tickets-100546832282

 

Lisa

 

P.S.  PSA:  Today is Wednesday.  Tomorrow is Thursday.  See some of you on the UMA or ISI WG calls tomorrow morning.  

 

 

 


Re: VRM/Me2B day at IIW is next Monday 4/27/20

Doc Searls
 

I added the bullets below to the Eventbrite. Additional changes welcome.


Registered so far:

Estee Solomon Gray
Michelle Klein
Sergey Tolkachev
Lisa LeVasseur
Guy Gabriele
Dan Miller
John Janowiak
Nitin Badjatia
mary hodder
Iain Henderson
Guy Gabriele
Kaliya Young
Cisa Kurian
Gam Dias
Erick Verry
Brent Shambaugh
Jim Hewitt
Katie Sousa
Bill Wendel
Paul Nemitz
Samuel Agrela
Britt Blaser
Adrian Blakey
Phil Wolff
Kevin Cox
Doc Searls
Cam Geer
Richard Whitt
Ernst Johannes
Milton Pedraza
John Wunderlich
Scott Mace
Jeff Orgel
James Pasquale
celine takatsuno
John Philpin

On Apr 22, 2020, at 5:14 PM, Lisa LeVasseur <lisa.levasseur@...> wrote:

Hi friends,
 
We’re hard at work finalizing the agenda for VRM/Me2B day next Monday.  Here are the proposed outcomes for the day:
  • Alignment on The Movement and how we want to refer to it.
  • Defining the space:  Alignment on the high level map of the ecosystem.
  • Dividing the work:  Readout from participants on where their orgs “live” in the ecosystem map, and how the movement is going from their perspective.
  • Measuring Products’ Me2B Alignment:  Intro to the Me2B Alliance Testing Criteria
  • Alignment on the Me2B Relationship Lifecycle Reference Model and Scenarios – [the start of] a common vision of a fully realized Me2B future world
Please let me know if you have suggestions on this. 
 
Don’t worry if you haven’t signed up yet, there’s still time to sign up and you can do so here:  https://www.eventbrite.com/e/vrmme2b-day-2020a-tickets-100546832282
 
Lisa
 
P.S.  PSA:  Today is Wednesday.  Tomorrow is Thursday.  See some of you on the UMA or ISI WG calls tomorrow morning.  
 
 


VRM/Me2B day at IIW is next Monday 4/27/20

Lisa LeVasseur
 

Hi friends,

 

We’re hard at work finalizing the agenda for VRM/Me2B day next Monday.  Here are the proposed outcomes for the day:

  • Alignment on The Movement and how we want to refer to it.
  • Defining the space:  Alignment on the high level map of the ecosystem.
  • Dividing the work:  Readout from participants on where their orgs “live” in the ecosystem map, and how the movement is going from their perspective.
  • Measuring Products’ Me2B Alignment:  Intro to the Me2B Alliance Testing Criteria
  • Alignment on the Me2B Relationship Lifecycle Reference Model and Scenarios – [the start of] a common vision of a fully realized Me2B future world

Please let me know if you have suggestions on this.

 

Don’t worry if you haven’t signed up yet, there’s still time to sign up and you can do so here:  https://www.eventbrite.com/e/vrmme2b-day-2020a-tickets-100546832282

 

Lisa

 

P.S.  PSA:  Today is Wednesday.  Tomorrow is Thursday.  See some of you on the UMA or ISI WG calls tomorrow morning. 

 

 


Re: Visualizing the Length of the Fine Print, for 14 Popular Apps

Richard Whitt
 

Thanks for your contribution to this thread, Scott.  Great substance to chew on.

My one modest contribution is: Yes, the "offline," "analog" world presents numerous examples of bad notice and consent practices.  Why though can't the digital world provide a far better experience?  What is the use of all this amazing tech, if it primarily will be harnessed by those eager to find yet additional ways of obfuscating and defrauding us?
 
Enter the Me2BA....

-Richard


On Mon, Apr 20, 2020 at 3:04 PM sldavid <sldavid@...> wrote:
I think is it mostly because my arguments are lame and unsupportable!

Also, I don't know whether any courts have found TOS/TOU to be unconscionable for any purposes.  Might be interesting to research that. Also, whether what circumstances unconscionability has been found in other similar contract settings.

I don't know whether those "the contract is too complex"-type lawsuits tend to be brought under consumer protection laws (federal and state), rather than common law tort, which might "guide" the nature of the claim made, the description of the harm, and the potential remedies.  Statutory administration of consumer harms can introduce constraints on case scope, etc. (Compare book "Turning Troubles into Problems."

Also, perhaps, because the cost to individuals of a lawsuit are prohibitive, and some TOU/TOS have provisions against class actions (which would otherwise make the lawsuits economically feasible).  The credit card companies were the first to put "no class action" clauses in their mediation/arbitration clauses, and that  anti-consumer trend has caught on in other areas.

In the absence of class actions for defense organization, one can also imagine organization for offensive, active assertions of rights.  For instance, you will recall my suggestion that we look at forms of "production cooperatives" to organize people for economic rights purposes (noting the dangers of "commodification of self" that attend to such approaches).  Look at Jay Glasgow's "Privacy Co-op" for an interesting approach to organization using the existing TOS/TOU terms.

Also, Settled cases may include placing plaintiffs under NDAs?

Mostly, however, it is probably the first reason - my arguments are not supported under current law.  One can, however, dream. . .

As a former corporate lawyer, I feel like Mary Shelley.

Warm regards, 
Scott

Scott L. David


Executive Director

Information Risk Research Initiative 

University of Washington - Applied Physics Laboratory


m- 206-715-0859

Tw - @ScottLDavid



From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> on behalf of Lisa LeVasseur <lisa.levasseur@...>
Sent: Monday, April 20, 2020 1:02 PM
To: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io>
Subject: Re: [Me2BAlliance] Visualizing the Length of the Fine Print, for 14 Popular Apps
 

Hi Scott,

 

Thanks for taking the time to walk us through this background.  Rich with information.

 

I want to zero in on your last paragraph.  It relates with Nancy Kim’s work describing Defective Consent—which the vast majority of online consent would be classified as.  At the time I read her definition of Defective Consent, I thought, “where are all the lawsuits?”  Your last paragraph conjures up the same question in my head:  Why aren’t we seeing any legal cases pressing the issue of misappropriation due to lack of valid contract? 

 

Lisa

 

From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> On Behalf Of sldavid
Sent: Monday, April 20, 2020 9:12 AM
To: main@Me2BAlliance.groups.io
Subject: Re: [Me2BAlliance] Visualizing the Length of the Fine Print, for 14 Popular Apps

 

It is definitely hilarious, and tragic!

 

We should not, however, forget to apply the perspective gained through comparison with the (length, complexity) of TOS/TOU with other terms required by interfaces with other systems of modern life such as: 

 

the PCI-DSS rules (applicable to credit cards), 

insurance contracts (life, auto, etc. etc. with exclusions, etc.), 

UPS/Fed ExShipping terms, 

revolving and term loan agreements, 

auto rental agreements, 

rules/conditions for operating a motor vehicle, 

zoning rules, covenants and other public and private rules that affect housing and other buildings, 

tax laws (state, local, federal county), 

medical procedure disclosures, 

pharmaceutical counter indications for medicines, 

criminal codes that define social behaviors, 

consumer credit terms for large appliance purchases.

 

None of which are read by citizens. Have any of us ever read these terms? 

 

Complex society yield complex artifacts (including information networks).

 

Entities with access to more resources are able to retain the advisers to navigate the complexity more effectively and efficiently, and with less risk.  TOS/TOU are written by the advisers of companies to protect them from complexity (and risk).  Period.  Those companies are programmed under state law to generate revenue for owners.  Period.  

 

When we look at the ridiculous information differentials created and maintained by TOS/TOU, we are looking at an artifact of this massive power/information differential caused by complexity, and amplified by anachronistic state corporate laws.

 

That leaves open the question of what degree of advantage a given society is willing to allow to the powerful.  Clearly the playing field is tilted, sometimes by intention and sometimes by weight of available resources.  This is both a cultural power question AND a practical question for TOS/TOU "use case" of those power differentials.

 

So TOS/TOU are both an artifact of power imbalance in society, and a possible source of a "spark" that affects folks broadly and deeply enough for them to demand change.

 

If and to the extent that the charade of consumer "informed consent" under current TOS/TOU is due less to "let's screw the consumer" attitude, and more to a let's maximize our statutory-mission of revenue generation (both nefarious in their own way), it is more readily possible to imagine mechanisms to soften to negative impact on consumers.

 

We might consider how consumers are protected in other complex regimes (and whether they are adequately protected) where they also don't/cannot reasonably read the terms.

 

For example, PCI-DSS enjoys the backstop of Reg E (&Reg Z?) that limit liability of consumers to $50 for card misuse (subject to notice conditions).  State insurance laws require certain core disclosures in selling insurance, as do certain banking laws, etc.

 

All power and "default states" in late capitalism are set to advantage entities with power/money.  The preparation of TOU/TOS is intended to protect the interests of the parties paying the legal bills for that work.  As long as people continue to use the service, the company has little incentive to make the terms easier to read (if indeed that is possible).

 

As long as the company is acting legally, there is little incentive for it to alter behavior.  Of course, if folks are migrating away from the service because they don't like the company's tactics, that could cause change (see buying cooperative argument); but in the absence of that, they will serve shareholders needs first, as they are programmed to do under state law.

 

I have long advocated for corporate reform along the lines of "B" and Benefit Corporation law to address this structural problem.  The problem is that any existing "C" corporation will be hard pressed to win a shareholder vote to reincorporate as a "B" corporation, and any excess expenses for charity, public benefit by a "C" corporation could attract shareholder suits for "breach of duty of care" or "breach of duty of loyalty," etc.  Corporations are powerful, but they are not parental.  They are programmed to produce/extract value.  Period.  

 

So any regulatory move to affect the situation will, in effect, just deem the liability/responsibility to be shifted to the company in a "no fault insurance" kind of arrangement.  

 

I personally think GDPR (and other FIPPs-based rules) are not relevant here, and are too "data focused."  It is like regulating "looting" by applying rock law, it ignores the causation issue and the dual-use nature of data.

 

There seems to be little energy currently to catalyze a shift of the power relationship to a new stable state where consumers are advantaged in TOU/TOS.  Short of the equivalent of a "purchasing cooperative" type structure among consumers of websites, or a regulatory no-fault/consumer oriented protection (which won't extend across jurisdictions), the commodification of people as information consumers in large scale networks is likely to demonstrate persistence through time and space. 

 

One shift that could help is to view people as "data producers."  A data production cooperative could drive social/cultural power on the momentum of economic power.  Some folks are concerned that such a commodification of PI can yield a commodification of self - a valid concern that will require care and analysis.

 

People in banking systems are "deposit producers" that enable banks to engage in fractional reserve lending (1$ in deposits lets them lend $7).  People in Network TV systems are "attention producers" the enable stations to engage in advertising sales.  In neither of these systems are people organize to protect their rights against powerful networks.  They rely on law and regulation to curb the worse abuses.  More is needed in these areas as well.

 

The other concept, that I have been advocating for a decade, is that if consumers cannot read these (which, of course, they cannot), then there is no "meeting of the minds" and the contract is "unconscionable." (it is not an "adhesion" contract as often asserted, since it is not "compelled" by entry into another agreement).  

 

If unconscionable under contract law, one could argue that a contract never formed (it is "void ab initio"), in which case the analysis is thrown into the world of tort law.  Under the tort of "Misappropriation" (Part of NY law since 1906), a cause of action can be brought for "use of a persons name and/or likeness for economic purposes without permission."  Seems like a good fit with current sites using PI for revenue generation.

 

But I digress. . . .

 

 

Warm regards, 

Scott

 

Scott L. David

 

Executive Director

Information Risk Research Initiative 

University of Washington - Applied Physics Laboratory

 

m- 206-715-0859

Tw - @ScottLDavid

 

 


From: main@Me2BAlliance.groups.io <main@Me2BAlliance.groups.io> on behalf of Jim Pasquale <jim@...>
Sent: Monday, April 20, 2020 8:02 AM
To: main@me2balliance.groups.io <main@Me2BAlliance.groups.io>
Subject: Re: [Me2BAlliance] Visualizing the Length of the Fine Print, for 14 Popular Apps

 

Hilarious! And so very pathetic at the same time. Clearly here’s an area the policy groups needs to demand regulation of simple terms by law. 

 

Richard….  Chris…  tap tap tap is this thing working? 

 

 



On Apr 19, 2020, at 8:24 PM, Johannes Ernst via groups.io <jernst@...> wrote:

 

Hmmm ….

 

 

https://www.visualcapitalist.com/terms-of-service-visualizing-the-length-of-internet-agreements/

 

 

 


Johannes Ernst

 

Encryption preferred. GPG fingerprint: 106E F92A BEBD 0C31 1DAF 7CD8 5726 2658 070F 1088

 


<indie-computing-logo-01.png>

 

 

 

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorised to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. If you have received this email in error, please delete it and advise the sender.

.



--
______________________________________________


Richard S. Whitt

President, GLIA Foundation

richard@... | 650.450.1705

Building a more trustworthy and human-agential Web

Check out my brand new law journal article on digital fiduciaries, my recent podcast on human agency in the digital era, and my Medium series (parts one, two, and three) making the case for personal AIs.