So Whose Data Is It?
July 24, 2010 17 Comments
An interim decision was issued this week in the Facebook v. Power case in the US federal court for the Northern District of California that disposed of some of the claims, but left others open because facts are still disputed. Power.com aggregates users’ social network updates, e-mail, instant messages and contact lists together in one place after authorization by the user. The dispute is whether Power violated Facebook’s terms of service by acting as an agent for the user when logging into FB, as the user and with the user’s permission, instead of using Facebook Connect. Reports indicate that FB had initially encouraged Power to use the publicly available Connect program as a means to resolve the dispute.
In the decision, Judge Ware denied FB’s motion to find Power criminally liable under the California computer crime statute (section 502), at least at this point. This case is far from final, however, and the ultimate question of whether Power violated the TOS is still open.
Underlying the host of legal claims and counter-claims in this case, lurks the quintessential issue of whose data is it, and what rights do users have to access, move, manipulate their own data directly or via 3rd parties. Conversely, what rights do publishers have to restrain access to UGC and the incremental value added by the networks they facilitate. For lack of better legal mechanisms, this battle is being played out under the guise of copyright, DMCA, anti-trust, and criminal computer crime statutes – a sure way to get a bad result.
Applying first principles of user centricity, choice, and control (UC3), it would in my opinion seem the outcome in this particular case should be that retrieving your own data about you and your social graph (in its complete form) should not run afoul of civil or criminal law, regardless of whether you do it directly or via an authorized 3rd party. Ofcourse this is only my personal opinion and is not meant to be a comprehensive policy statement because there are many exceptions, edge cases, and other interests that would have to be reflected. Would this mean you have rights to hack into a system to get your data, absolutely not. Would it mean that data hosts would offer reasonable and complete access – which many do – for authorized extraction of your data, yes. Power thinks so clearly, and has articulated an Internet user bill of rights based on principles of data portability that calls for in part “The right to access, disseminate, transfer or aggregate their content on any platform, or to authorize third-parties to do so for them.“
No doubt this case underscores the importance of data freedoms enabled by “access” in the same way publishing source code helps to enable the FLOSS freedoms. Marcia Hofmann of the EFF summarized it stating “If the measure seeks to control access to or use of data, then evasion of it is almost certainly criminal. But if the restriction merely seeks to impose owner preferences or terms of service on otherwise authorized users, bypassing it should not be a crime.”
None of this is settled right now ofcourse, but releasing the data unlocks even more utility from your network and makes possible innovative services that we can’t even imagine. This suggests that there will be even more pressure, reason, and value from access and use of your own network data in multiple environments and applications.
It will be interesting to see how this develops, but Judge Ware’s decision so far is a positive step.