If someone takes a photo of my driver's license and posts it on their website, does their right to communicate (and remember) override my right to have that photo deleted?
I realize that the privacy community is diverse, and different people have different opinions on this. In general, I've tried to be vague enough with how I stated rights so that they could be applied to multiple different situations. I wanted there to be a little bit of leeway and ambiguity.
However, on this point in particular, I take a hard stance:
> Users have the right to share information with others, to share indexes of that information with others, and to tell other people that the information exists.
I explicitly mentioned indexes to respond to people who claim that forcing information to be de-indexed or removing it from search queries isn't the same as censoring that information. I respect people who believe that, but I think they're wrong.
Any digital bill of rights that doesn’t protect my rights to my own information is worthless.
Parent: if you s/driver's license/credit card & CVV visible/, does your position change? It's "just another picture of a thing."
As a practical example, I am skeptical that Todd Davis should be able to force Wired to take down his social security number. I am also skeptical that people should be able to demand that HaveIBeenPwned remove their information from a database.
On social security numbers or IDs, I am definitely more open to discussing limits to the Right to Remember if they're very narrow and very rigidly defined, in the same way that I'm OK with exceptions to Freedom of Speech that are narrow and rigidly defined.
However, I want to posit that if infrastructure around identity verification is broken, we should focus on fixing the infrastructure, not curtailing rights as a band-aide. Identity theft is rampant because our identity metrics are horrible. Social security numbers are a joke. Credit card numbers are a joke; the only reason that system works is because banks are willing to reverse charges whenever identity theft happens. These are bad systems, but instead of forcing companies to fix them, we restrict user rights to make it easier to have some semblance of pseudo-security.
This same principle has come up in a few other places on this page, particularly with the Right to Filter, and whether that should allow a monopoly communication platform to circumvent the Right to Communicate. My take on that is similar: this sounds like an infrastructure problem. We wouldn't have an issue there if we didn't allow a private company to have a monopoly over communication online.
To me, it feels like people are attacking the wrong problem.
It's also important to remember that the Right to Be Forgotten is separate from GDPR. Where GDPR (arguably) is narrow and allows you to demand that a subset of companies delete specific PII, the Right to Be Forgotten is broad, and allows you to make demands regarding general information and your reputation.
I have some issues with GDPR as it's implemented today, and I won't go out of my way to endorse it, but I also won't take a strong stance that GDPR is incompatible with the Right to Remember. Readers can draw their own conclusions, but on GDPR, I'm neutral.
But I do take a hard stance on the Right to Be Forgotten. There's a difference between talking about edge-cases with IDs in a private, purely corporate database, and talking about deindexing news articles.
It a sane universe you simply share proof of your secret and we move on to discussing policies regarding data about you instead of data you have a direct interest in controlling.
I verified my ID for Freelancer.com once. They wanted a scan of your ID and a picture of you holding up the same ID and a random number they provided. A picture of your ID that someone got off a website is indistinguishable from a picture of a picture of your ID. A picture of you holding your ID is indistinguishable from a picture of you holding a picture of your ID. It could easily have been a deepfake.
I think this is a real problem and the right to communicate isn't stronger or deeper than the right to prevent illegal or provably harmful communications. (yes 'illegal' can become twisted, I'm limiting to just the painfully obvious things that everyone finds unacceptable (except would-be criminals))
(yes 'criminals' is frequently defined in terms of what's already illegal so I'm just making a fine mess here but while we're at it, let's appeal to the expectations of 'decent' people and then we just bounced it back to definition of 'decent' ad nauseum... ok I'm done)
I understand that rights are more like aspirational principles than concretely achievable properties, but I think this particular list of rights wants to give everyone everything.
Maybe the author could provide some more colour on what specific situations they have in mind and how the rights would be used.
My short answer is that where public communication (one-to-many) is concerned, the Right to Communicate:
A) describes voluntary communication. It doesn't give you the right to force someone to listen to you, it gives you the right to share information with someone who wants it. (I would be open to modifying the language if that distinction isn't currently clear.)
B) are designed to combat legal challenges (Facebook may ban you for talking about something they don't like on their platform, they shouldn't be able to sue you).
C) are designed to draw attention to infrastructure and monopoly problems (the existence of one company that controls a large majority of web content is in itself a threat to these rights).
These rights are purposely vague because I want them to be stronger than just my own opinion; I want them to be somewhat interpretable and adaptable.
However, in my opinion if I want to publish something and I have to publish it on Mastadon instead of Twitter, I don't consider that to be a violation of my Right to Communicate. If Twitter becomes the only way to publish content, or it controls so much of the Internet that publishing outside of Twitter is infeasible, then in my opinion it's reasonable to start talking about antitrust.
There's leeway there -- ISPs are always going to be gatekeepers just because of how the Internet is structured, so maybe we decide that it's OK to force Net Neutrality on them. In general though, we should break apart monopolies rather than force them to be neutral.
Bear in mind that the Right to Communicate is also about the right to encrypt message contents and to conceal message recipients, and to circumvent platform restrictions that try to remove those rights. The right to publicly publish information is only part of that, and is (imo) an already relatively well established right that I don't lose much sleep over. Other people may disagree with that, but I don't think Twitter/Facebook have as much control over modern communication as is often supposed.
Imagine you are running a forum.
A few users decide to use it to exchange some encrypted content,impenetrable walls of base64.
Should you be able to ban them, and remove their postings, if they don't listen to polite requests to stop?
How is this different from being an email service, or an ISP?
I mean, there are more relevant details than the very broad formulation assumes.
However, as a forum owner, I have the Right to Filter the content and users on my forum, so I can ban them. And they're free to go to another forum and communicate that way.
Now, let's say that my forum is ridiculously popular, and completely entrenched, and that I take active steps to kill or buy any competing forums, and eventually my forum becomes the only way to share content online. I still have the Right to Filter, but you could argue (and I personally would argue) that my existence as a monopoly is incompatible with the Right to Communicate. Essentially, I have privatized a public resource, and my forum should either be broken up or (if that's not possible) regulated like a publicly owned resource rather than as a private one.
That last point is where ISPs become interesting. ISPs aren't nationwide monopolies, but they are often regional monopolies. If your only choice of provider is Comcast, and Comcast doesn't follow Net Neutrality, then I would argue that Comcast's existence is incompatible with the Right to Communicate. You don't have a choice of going somewhere else -- if Comcast filters, you just flat-out can't access public content.
It is very, very difficult to break apart ISP monopolies. Additionally, ISP monopolies consume large amounts of public funding and subsidies, which means the public can make a strong claim that they are borderline essential, public utilities, at least partially funded through public taxes and city-wide contracts. And without a neutral ISP that everyone has access to, the Internet just flat-out doesn't work. Because of that, I personally support government restrictions that force ISPs to respect my Right to Communicate. But if someone thought that was a bridge too far, I wouldn't say they were stupid. The ambiguity on that issue in the manifesto is on purpose; I want guiding principles rather than a step-by-step tutorial on every problem.
In regards to email, the same principles apply. Is the current system making it impossible for users to (voluntarily) communicate with each other? Spam doesn't count here, the Right to Communicate is not a right to force everyone else to listen to you. What is concerning about email to me are cases where untrusted IPs mean that multiple parties who want to communicate with each other are getting emails bounced and/or silently rejected with no way to fix the problem or bypass it.
If you wanted to make a case for regulating an email service with some version of Net Neutrality, you would need to make a case that email is a fundamental public utility that users/communities can't just avoid or bypass, that providers like Gmail/Yahoo are so big that they can't be broken up or unseated by normal means, and that they're currently failing to meet the standards that their size/power demands. I think making that argument about email providers is a lot tougher than making it about an ISP. But again, different people might reach different conclusions.
Though, that right of platform owners to moderate content still feels valid, and I believe this is relatively easy to reconcile. If you believe in this manifesto, then you should draw the conclusion that Platform Owners cannot coexist with it. Companies like Twitter, Facebook, etc; they simply cannot exist in a world where these rights of individuals are respected. Fundamentally, they have to ignore some of these rights in their effort to police and keep control of their platforms.
If you look at something like Mastodon, the situation becomes clearer. There are "platform owners" but they do not control the entire network. They only control that server, and thus the community on that server, yet the servers are still capable of communicating with one another. Reddit is also kind of like this; not to the same degree, but the same idea of "sharded, opt-in moderation" applies (though obviously they do global moderation as well).
Also, tangentially related: Company's rights should never supersede People's rights.
At some point the pile of rights will start conflicting each other and will also start becoming too costly to enforce. Sorry for being overly cynical but I stay hopeful that in the near future code literacy will be as common as alphabet literacy thus allowing anyone to circumvent these trespasses.
Edit: I would expand the right to filter to include the right to sort. I was thinking about it earlier today when searching for what used to be a popular post on Reddit. I thought I'd find it by sorting by all-time top but the number of members community had grown considerably since that post was submitted there, making what used to be a very popular post actually insignificant. If I would've been able to sort I would've been able to normalize the votes count so that it is relative to the number of members in the community at the time of submission.
Whys such extremes? All you really need to be willing to do is to write some software to perhaps scrape data and then filter them locally. Certainly there's no need to die. Or did I miss something?
> Both users and communities have the right to filter and organize the content they consume and host
If I’ve banned you from my forum, you’ve lost your right to communicate there. If I can do that, if Facebook and Twitter and Hacker News can all “de-platform” you, all without violating your right to communicate, then the right to communicate means nothing.
- The Right to Communicate describes voluntary communication between multiple parties that want to communicate, not the ability to force someone to listen to you.
- The Right to Communicate is not a right to access to every single private platform or community, any more than the Right to Modify is a invitation to hack 3rd-party computers.
- Nevertheless, it is valuable to have a right that guarantees access to encryption, including encrypted metadata, and that enshrines a right to create, distribute, and host communication tools, including websites.
If it's not clear to readers that filtering content includes filtering content sources, I'll look into making that text easier to understand. But I do know what the Right to Filter is intended to mean, because I wrote it.
This seems to reuse a lot of material from the "Internet Citizen Bill of Rights" started sometime around Jan 27, 2016.
And there's a subreddit for it:
Daniel Shumway, please feel free to get in touch.
I'm unaffiliated with the Internet Citizen Bill of Rights, this is the first I've heard of it. I don't have any major criticisms of the document, but I still probably would have written my own manifesto even if I had known about it. Some of these seem a little over-broad just based on a quick glance, and at the very least I would have wanted something with more detail than just headers and a one-sentence description.
> For questions, comments, and criticism, write to <prefix-here>@anewdigitalmanifesto.com.
If you have questions/comments you're uncomfortable posting on HN, I'm pretty sure that email address works, but I haven't really tested it.
My instinct is to think of self-expression as a subset of communication, so I'd be curious to hear your thoughts on what parts of self-expression aren't currently being encapsulated or covered.
> Users and communities have the right to share filters, whether those filters take the form of software, algorithms, or manually curated whitelists and blacklists.
How about "Users have the right to not use software that forces [...]"? I have a hard time agreeing with the idea that people agree to a ToS and then have a right to abuse the platform. Seems like that could lead to an inconsiderate/unsafe/unfair place for other people and stakeholders in that platform. I understand that anyone can do whatever they want whenever they wish and that it's up to the platform to battle "subversion" and misuse – but I don't believe it should be an indoctrinated imperative.
This applies to most of what is found in "Right to Modify". I think there's truly a legal nuance to who owns what (especially when a lot of folks are currently renting their phones from their device manufacturers or service providers).
The sentiment seems to elevate the end user and expose the software developers a bit more than I personally care for. There should be more emphasis on the responsibility of users to understand what they are getting themselves into.
EDIT: I drew my guns too quickly and forgot to mention I appreciate most of the other points and its simple presentation. I see the OP in the comments and commend ya for taking the leap.
Ads are war. Just as a user has a right to avoid them, a content publisher has a right to try and push them on people. Cat and mouse game. It's not "abuse" when ads that cost users to view (bandwidth costs; attention-cost) are blocked or pushed on people.
If you send me a webpage full of advertisements, I'm under no obligation to look at those advertisements or display them on my monitor. I don't think there's much nuance here.
Maybe you could be more specific about the use-case you're thinking of? I can't think of a reason why the freedom to filter (alternatively, the choice to listen) takes much nuance at all.
My intention was yes, there is an expectation that if you're renting a computer on behalf of an employer or accessing their internal network, that's a different situation than using a personal device. In the same way, circumventing a captcha to automate logging into an account you own is a right I imagined being protected, but exploiting an XSS vulnerability to scrape private data behind a login is not.
I would be open to having my mind changed on where that line is. I'm cautious about trying to nail down a very hard line about what is and isn't 'public', because I see some ambiguity (using a personal device for work, using EULAs to enforce non-disparagement clauses).
With Right to Remember, I felt like I needed to at least allude to that distinction:
> and archiving information that they have lawful access to.
But I didn't feel comfortable drawing hard lines elsewhere. If I found a solid metric that I felt could be easily, universally applied, I'd be willing to adopt it.
It is a bit redundant, but I wanted to be certain I got across, "you have the right to put information on the Internet where everyone can see it, not just to post in someone else's walled garden."
If I create something, I get to say how people use it. That's the core of the wonderful proliferation of software licences.
If I don't want people to see the source code of something I write, either because I don't want to deal with the criticism or because I've hidden some malicious nasty in there, then that's my call. Anyone can choose not to execute my code on their machine, that's their call.
Anything else ends up enforcing a defacto GPL on the world.
Without the Right to Modify, anyone could restrict any of the other rights on this page just by flipping a few bits in software and calling it DRM. Imagine if a website operator could sue Gorhill because Ublock Origin circumvented anti-adblocking measures in clientside code.
However, imagine a term of service that only grants access to a website in exchange for viewing ads. (This is the implicit contract of ad-based web viewing from the beginning, but websites aside from some streaming video platforms have not really "enforced" the fact that users pay for content by viewing ads.)
Lets first imagine that the term of service is fully understood by the users. The tracking is explained and understood, the trading of personal data, the auction of targeting advertisement to anyone, the lack of liability in case of malware. In that world it make sense that websites enforce the trade of access in return for all the above.
Until then we have the wild wild west that is online advertisement without regulation, liability or contract between the user and the publisher.
Software licencing isn't DRM in my world... how are you equating them?
I'm not really talking about source code, let alone the GPL. You can still ship proprietary software, but you shouldn't be able to sue users for using it, examining it, or modifying it -- any more than you should be able to sue them for taking apart or modding a microwave oven or a ladder.
I agree with the microwave oven/ladder argument - we should be able to modify those, that makes sense.
I think the problem here is commercial re-use. If I make a modification to your source code, that I got from reverse-engineering a binary I purchased from you, should I be able to sell it?
After all, if I modify a ladder and resell it, I have to buy each unmodified ladder from the original manufacturer, so there's no problem. But I only need to buy one copy of code and I can resell it many times. Should I have to buy one copy from the original creator for every copy of the modified code I sell?
Think of it like a physical book. If I buy a physical book, I have the right to rip pages out of it, or rebind it with a new cover, or even scan it as a personal backup.
I also have the right to resale, so if I buy a book I can sell it to someone else, even if I've modified it (although I would need to destroy all of my own backups).
What I can't do is scan the book and start selling copies of it. That's covered by copyright.
In the same way, allowing someone to reverse-engineer and modify Photoshop, or even to share instructions on how to modify Photoshop, does not mean that they can turn around and start hosting copies of Photoshop downloads on their own servers and distributing them for free or for money.
Existing laws in the US cover this fairly well -- the problems I have are with EULAs that try to ban owner rights to modify their own software, and with the DMCA which makes it illegal to break DRM or tell people how to break it even if you're breaking it for a completely legal reason.
I don't want to get rid of copyright, but if you sell me an Kindle Ebook, and I break the DRM on that book to get it to load on my own Kobo reader, that should be legal. I don't believe an author has the moral authority to block something like that. It's not an obligation to distribute the source, or to allow anyone to do literally anything they want -- just to say that if content/code is executing on my device, I should be able to look at it and manipulate it. Once it leaves my device and re-enters the public sphere, feel free to start enforcing terms.
If you buy a book and then burn it, it's gone, and you have to buy a new one. If you download a book from a bookstore, and then delete it, you can just download a new copy whenever you like. Booksellers don't make you look after an "individual copy".
I totally grok the DRM problem, but look at it like this: if you bought the Large Print version of a book, and then got new glasses and decided you didn't want that version any more, you don't have the right to swap it for a normal print version. Same with Kindle/Kobo - if you bought a book for your Kindle (agreeing to the T&C's that said it could only be viewed on a Kindle), and then decided to move to Kobo (something I have recently done, and yes it's very annoying), then do you really have the right to all your Kindle books on the Kobo?
But we're getting away from my initial objection, which is actually covered by copyright. Software licences are powered by copyright. And copyright says that I do have the power to stop you from modifying my creation, because it's my creation and I created it and it's mine to do with as I please. So if I licence my software under a licence that says "you can't modify this, you either use it as it is, or don't use it at all", then surely that's my right as its creator?
I would personally reword the end of the sentence to be "...discovering, viewing, and archiving any discoverable information." I do think the abolishment of copyright and other IP is an important and necessary step of our progress in the information age (though not one that I expect to happen in my lifetime). I agree that as authors we should have no obligation to distribute our content, but when we do, our choice is effectively "how many global internets would you like to release your information to? Options: 0 or 1." Personal ownership of property is important, and should be inviolable. Copies of information are not property, nor is information a finite resource that can be boxed up into an ownable piece of property. As a creator, I still have full control and "ownership" of all of my time and resources, as well as copies of information that I produce for myself. I do not maintain any ownership over identical copies of information I have produce that others manufacture for themselves, or redistribute, or acquire from a source other than me.
All of the guiding principles in this manifesto rightly approach the recognition of this core idea that all individuals must be free to interact with information how they will, and that individual interactions with information take precedence over government and corporate interests. Duplication of information is likely the most common interaction we have with information. It should have no special exception that allows a government to set up and maintain regimes that enforce the monopoly ownership and artificial scarcity of copies of information.
All of this being said, I appreciate the thoughtful compilation of all of these guiding principles into a manifesto, and believe that overall, it describes the proper way we should recognise individual rights in the digital age. Thank you!
One of the points ESR listed with hackers' ethical considerations (sorry, I can't find it ATM) says roughly that "No problem should ever need to be solved more than once."
The GPL forces people to look away, to keep shopping for solutions or to write their own. The GPLed solution which could have made their life easier is on the wrong side of an event horizon which prevents them from taking advantage and causes a problem (many problems!) to be solved more than once, because they don't wish to go there and stay there.
Code without that one severely inconvenient restriction is code that can be more useful to more people, if that matters to you.
edit: Hey, search engines are neat. http://www.catb.org/~esr/faqs/hacker-howto.html#believe2
Oh, look! Item 5 in that section is all about how full of shit I really am, how droll... But the point stands. I once put a project on the shelf and promptly forgot about it because I needed some combination of µSD over SPI and FAT32 and 4-bit HD44780 LCD interfacing and these were doable with different already-published libraries for AVR chips, but if one of them was GPL then my whole project had to be 1) GPL, which I didn't want, or 2) never shared with anyone, which made it seem a waste of time. Arguably, I ought to have banged something out, made anything work, and then kept shopping for a proper replacement for that one lib, so it's still my fault, but the restriction was, and still is, somewhat demotivating.
That "event horizon" you're talking about is one that stops people from taking code that already exists, building on it to solve more problems, and... not letting anyone else use it.
I, too, believe that no problem should need to be solved more than once. The GPL is in part a tool to help ensure that.
I want to give everyone all the same freedoms that the GPL guarantees, and I want to include freedom from the GPL. I don't want to be afraid of wrong people doing wrong things so that I'd be spending time and energy trying to stop them, especially not if it interferes with doing useful things for anyone. The Sqlite blessing is really neat.
Is it selfish? Perhaps, in a way. I'm sure there are some who genuinely value the freedoms granted by more permissive licenses for their own sake, and who are principled enough to never take advantage of that and lock up the results. You may be one of them, and I can respect that position. I'm willing to bet most of those who strongly avoid the GPL are not.
this is not even close to being true. Specially in the smartphone world.