The Chain of Data Acquisition (Part 2)
Part 1 recap
In part 1 I outlined the relevant steps to determining how possible it is to create (capture) particular data and store it, and then how access to to this data can be restricted (or not), ultimately appealing to the system itself or outside regulation.
The Chain of Data Acquisition
- A technological method of capture and data storage must be possible and available
- Capture protection, and data storage protection must be practically and technologically possible and available
- If possible and available, some kind of regulation must be in place to restrict what is possible
- If regulation is in place, infringements must be reportable, verifiable and / or discoverable
- If so, the consequences must be actionable and the will exist to action them
The first point was detailed, along with an argument for a conceptual extension of capture data protection. In this part I will look at the second and third points in detail.
2. Capture protection, and data storage protection must be practically and technologically possible and available
Capture protection for me would include protection from being tracked or recorded in any way by others without permission. Obviously full coverage could never be practically implemented but this is the starting point.
In a very real way, though it's absurd to think you could go unnoticed by everyone, you are actively pursued, tracked and recorded all the time. Any CCTV camera, any bureaucratic document you are required to fill in which overreaches in it's requests, any use of almost any website, etc., is a continuation.
There's no question, it is possible and happening! 😩
We can identify two broad categories of storage data protection:
- Hardware / physical protection
- Software / connections protection
In most places in the world, where photography is permitted from the vantage of anywhere you are legally allowed to be (most places, which restriction in some areas), physical obstruction and private land property rights are used to curb that and gain privacy for those able to afford these measures. If you can't get access to a place where you can see me, you can't take a photo of me. Other methods also exist to disrupt visibility in capture technology, such as ultra-reflective glasses frames.
Similarly, if you cannot get access to my data by way of visibility, it is secure my circumstance (from you at least 😬). This is most obviously exemplified by an air-gap, where a computer is not connected to any network, and it cannot be accessed by remote sources, reducing the potential attack surface significantly.
Of course, this does not reduce the effectiveness of physical access attacks. Worse, theft or seizure would be even more effective than open network access. But because the physical hardware within which data resides is property, traditional methods of securing property will apply to data stored in this way on hardware, again, if these measure are affordable.
Protection as a result of defensive software is more difficult to assess. All software contains the potential for undiscovered bugs, perhaps except for software for which is it mathematically provable for no flaws to exist - but this kind of software is not in any way widespread. For all the other software out there (read: all the software you're using), you are vulnerable.
However, as Edward Snowden has remarked:
Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
So while there are potential vulnerabilities in any system you use, encryption does work and you can use it to secure your data. Some protection is there, but there are major gaps, what Snowden refers to as "endpoint security".
3. If possible and available, some kind of regulation must be in place to restrict what is possible
I know a lot of people here are hostile to the concept of regulation. It's no doubt one of the reasons why you are here: freedom from top down regulation. The #fakenews tag is trending here a lot in reaction to Facebook's crackdown on so-called fake news which the powers that be are concerned are tricking the masses with disinformation. The opposite usage of the term "fake news" has also been adopted, as an accusation of the clear bias of mainstream news media. It's evident that we do not want to be told what the facts are and aren't by the platform provider.
But actually Steemit is a self-regulating community, not at odds with the concept of regulation in general. The flagging system, tied to reputation, and ad hoc defence against abuses (such as the @steemcleaners account) seem to be the main ways methods of regulation. The same kind of thing happens on StackExchange and Wikipedia, but in a more traditionally credentialed way. It's also worth noting that the Steemit central authority (i.e. the incorporated company) reserves the ability to remove users themselves, as laid out in the Terms of Service, section 16. So regulation is not a concept hostile to Steemit, however I would argue that people here are in search for more fair ways of doing this.
You could even consider curation and voting as a kind of regulation system. The more popular a post is, especially with larger STEEM stakeholders AKA whales, the higher it is valued and the more profitable it is for everyone. The flip side of this is obviously that posts that the community at large does not like are not picked up, and the network and feedback effects will take over to discourage these kind of posts.
This is an example of the system being designed in such a way that it "regulates itself" by incentivising positive behaviour. However other, externally imposed regulation are still a reality today and deserves to be considered.
Anyone who accepts the legitimacy of democratic government (that might be no one here 😵 but there's plenty out there) will agree that the government has a duty to protect citizens from the worst of each other, both in an individual capacity and from legal persons such as corporations, as well as foreign forces. For a long long time this has been an assumption of mainstream politics. It affects all our lives, as we are subject to them. Note: do not read my points as an endorsement, it's a statement of fact.
Where the technological systems fail us, legal regulation steps in. In the previous example, you may be physically able to take a photo of me as I walk to the shop 💃, but in Brazil you are forbidden by law 🚫 📷. Or you may have discovered a vulnerability in my computer storage system, but if you use it you are breaking the law.
As you see me walk, or as you read my article online, we have established that you are probably able to capture my data, with a camera in the first example and copy-and-paste in the second. The difference between these two is that in one you capture data I have not created, and in the second you copy data which I have created. In this later situation I am automatically protected by intellectual property laws. And so simply viewing data cannot and should not be thought of as capture because
We don’t store words or the rules that tell us how to manipulate them. We don’t create representations of visual stimuli, store them in a short-term memory buffer, and then transfer the representation into a long-term memory device. We don’t retrieve information or images or words from memory registers. Computers do all of these things, but organisms do not.
I won't go into it in any more detail here, but while copyright laws do not cover viewing data, there is no practical way to view data unless physically present at the data storage site without transferring AKA downloading the data. Even streaming is actually only a better managed download for all intents and purposes.
Steemit, Inc. is an incorporated company based in the United States of America and is bound by a massive amount of regulation. Additionally, the flagging system which is built into the platform is intended to support the Terms of Service which state that
Steemit respects the intellectual property of others by not reading infringed content from the Steem blockchain. If you believe that your work has been copied in a way that constitutes copyright infringement, you may notify Steemit’ s Designated Agent by contacting: [email protected]
These intellectual property rights are upheld by law, though they have a moral basis, like most rights. This is an example of the interaction between regulatory systems.
It's clear, there is plenty of regulation, both from within data systems, and outside. I'd be interested to hear your thoughts on this. Do we have too much? Not enough? I imagine many will disapprove of externally imposed regulation, but what is the alternative?
End of part 2
Thanks for your time! ✋💥🤚 Part 3 coming soon 🙏 😉 In it I will discuss how effective the regulation is and can be expected to be, and whether or not anyone can really use them or get help when protection is outside their individual power.
Please note
As always, all artworks are original and presented without any license whatsoever, AKA part of the commons.
This is an interesting topic. It has occured to me that 'democratizing' the network by owning all data that references you would flip the tables on companies like Facebook and they would have to pay a licensing fee for the use of the data of each person on it. It would be kind of like looking at ad monetization system from the inverted perspective.
It is very shortly going to get really complicated. Deep learning will begin effectively passing the Turing test from within the limited scope of the various social media platforms - think super bots that are really hard to tell from people.
I have a 'textual steganography' project I am working on that is designed to counter NSA & large actor data collection on a systemic level that scales well. The part that applies here is that each user would represent a small hive of bots that create spurious metadata by communicating with other members in the crypto net. The result is that the crypto net creates a haystack that the data & meta-data hide in.
It really is, I'm very interested in it at the moment. At the end of the day, it's Facebooks prerogative to run the way it does, and it is entitled to by the law. I think we need more comprehensive laws as well as the technology to back them up. This has probably got to come from some kind of disruption though because I can't imagine Facebook will change the sweet deal they have now. I'll have to come from resistance.
I hadn't thought of it from the perspective of AI here, that a really good insight. As bots get more intelligent the idea of verification might be even more important than it already it. I can imagine some kind of one time key system linked to your biometric data to sign a post 🙀 😓 It would get complicated!
Do you have a link to that 'textual steganography' project? That sounds really interested, kind of like how WikiLeaks and other services operate where protecting one's anonymity can mean protecting one's life and freedom. It's already shown to work well, good luck with it, it's needed! Please let us know about it here on steemit.