Re: [GNU/consensus] [RFC][SH] User Data Manifesto

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Frank,

I agree with the spirit of the manifesto but I have a couple of
reservations.

First, the idea that people own the data they create is problematic.
The manifesto describes rights belonging to the creator of personal
data, which must be respected by those who store and process the data.
In contrast, European data protection law describes rights belonging
to the *subject* of the data, which must be respected by those who
store and process it. I hope those two sets of rights can be
reconciled, since it seems to me that both the creator and the subject
have an interest in how the data's used; but I'm not sure ownership is
the best approach to reconciling such conflicting interests, since it
tends to produce binary outcomes (either you own something or you don't).

Second, having the source code to server software doesn't enable you
to confirm that it works as specified; it's not possible to know
whether the binary running on the server corresponds to the source
code you've downloaded. I still think we should insist on free
software, but we should recognise that it only protects us if the
server operator is acting in good faith.

Cheers,
Michael

On 21/01/13 12:43, Frank Karlitschek wrote:
> Hi,
> 
> let's try to create a version 2 of the manifesto together. I
> created a draft 1 based on the feedback. So What do you think?
> 
> 
> Frank
> 
> 
> -- User data manifesto V2 draft 1
> 
> Changeslog:
> 
> - Add a remark to 3. that it is recommended to have an own server
> for the personal data. - Removed "open source" so that only "free
> software" is in point 8. - Replaced "Invulnerability of data" with
> "Protect the data from loss" - Replaced "own data" with "personal
> data"
> 
> ---------------- 1. Control the personal data The data that someone
> directly or indirectly creates belongs to the person who created
> it.
> 
> 2. Know where the data is stored Everybody should be able to know:
> where their personal data is physically stored, how long, on which
> server, in what country, and what laws apply.
> 
> 3. Choose the storage location Everybody should always be able to
> migrate their personal data to a different provider, server or
> their own machine at any time without being locked in to a specific
> vendor. It is recommended to have the personal server for the
> personal data in the long term.
> 
> 4. Control access Everybody should be able to know, choose and
> control who has access to their personal data to see or modify it.
> 
> 5. Choose the conditions If someone chooses to share their personal
> data, then the user selects the sharing license and conditions.
> 
> 6. Protect the data from loss Everybody should be able to protect
> their personal data against surveillance and to federate their
> personal data for backups to prevent data loss or for any other
> reason.
> 
> 7. Use it optimally Everybody should be able to access and use
> their personal data at all times with any device they choose and in
> the most convenient and easiest way for them.
> 
> 8. Server software transparency Server software should be free
> software so that the source code of the software can be inspected
> to confirm that it works as specified.
> 
> 
> --
> 
> 
> 
> 
> 
> 
> 
> On 15.01.2013, at 17:03, Rich Hilliard <address@hidden> wrote:
> 
>> if it allows rms to participate, I'm in favor.
>> 
>> ________________________________________ From: Frank Karlitschek
>> address@hidden Sent: Tuesday, January
>> 15, 2013 10:56 AM To: Rich Hilliard Cc: address@hidden;
>> address@hidden Subject: Re: [GNU/consensus] [RFC][SH] User
>> Data Manifesto
>> 
>> O.K.
>> 
>> Let's try to do it by email. I hope it's O.K. if we use this
>> mailinglist :-)
>> 
>> I will take the current text and merge all the discussed
>> improvements in and send it to the list as first draft. Then we
>> can iterate until we have something that works for everybody.
>> 
>> I will send something probably tomorrow.
>> 
>> I hope thats a good approach.
>> 
>> 
>> Frank
>> 
>> On 15.01.2013, at 16:34, "Rich Hilliard" <address@hidden> wrote:
>> 
>>> Email is fine with me; who has the current draft version?
>>> 
>>> ________________________________________ Sent: Sunday, January
>>> 13, 2013 5:42 PM To: Frank Karlitschek Cc: address@hidden 
>>> Subject: Re: [GNU/consensus] [RFC][SH] User Data Manifesto
>>> 
>>> I'd rather participate the way I have done thus far: by email.
>>> 
>>> -- Dr Richard Stallman President, Free Software Foundation 51
>>> Franklin St Boston MA 02110 USA www.fsf.org  www.gnu.org Skype:
>>> No way! That's nonfree (freedom-denying) software. Use Ekiga or
>>> an ordinary phone call
>>> 
>>> 
>> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQ/T/qAAoJEBEET9GfxSfMNJ8H/26scjfyRokSOrTxUHwNlV0+
RxNeHaXDB6BEHnfz/8uLfzDjIDAqR7hICZpjiVIvGotWCszdI3ssCadxFLCAIqsK
ZESW7S6QoAbVCsFxQHwDBkvx4SpMWJ2En/RuKYYGs+/AnJHa/bvCt6t8j8kAvqjY
I2tYuq3Sz0yoBPFPuBDtRHlg21g6CQjLLmoKgwTBnHx1xt+I17N14A87uAhGOwts
VSfj9AQP3kavWNbuHlEiG8vx/PGUq2kj4LMV5gl/4B08kgZ3u+UUFtjWHB0PET+V
AKIAHwiuwANlqdL6hjrwsKeAwHZUzaWvIRua7rGOOSxjPCP2zR1YXeZ4nx0CedE=
=2sUe
-----END PGP SIGNATURE-----