Privacy, secrecy, innovation and open source

Can the techniques we have developed to track the provenance of code be applied to the data we have released on ourselves?

Network audit, from Kojac Consulting
Many arguments over open source are re-hashed versions of arguments we have about data and the Internet. (Kojac Consulting audits networks. I'll explain why this is relevant soon.)

When I say users should see the code they are getting the response might be what about incentives for invention. And we're off on the argument about whether open source innovates.

Something similar happens when we get to questions of user data on the Internet. Mainly it's the terms which change.

The difference is that instead of arguing about economic concepts like growth or incentive, we start getting into political discussions involving values.

For examples we turn to Google, as we're doing again this week regarding Google Friends and Google Health. (For more on Google Health, see my Healthcare post from yesterday.)

In this case the folks seeking proprietary advantage are Facebook and your family doctor. But notice how they justify their secrecy.

They call it privacy.

Privacy, when justified by government, is secrecy. Transparency, when sought by citizens against government, becomes a question of executive privilege.

My point today is that all these questions are, in the end, the same question.

Who gets to know? And how do we know they have permission?

The simple answer to this simple question is usually, I'll decide.

  • It's my code and I'll choose how to license it (but what if it came through the GPL).
  • It's my profile and I should decide who gets a copy (so how do I prove I gave permission).
  • It's my medical history and I can share it (but how do I audit that permission)?

You'll see that questions of code, when applied to data, involve questions of identity. I can give permission but how do we prove it was me who gave that permission?

Which brings up my final question.

Can the techniques we have developed to track the provenance of code be applied to the data we have released on ourselves? Do we need a personal network audit?