cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Internet Bill of Rights

Given that this idea seems to have been first proposed by a politician, my automatic reaction was that, while it sounded like an interesting idea, it was probably a spectacularly bad one.

 

After a bit more consideration, I don't think it is quite as terrible, but more, well, derivative and kind of pointless.

 

Herewith the proposed Bill of Rights, and a bit of commentary:

 

"Set of Principles for an Internet Bill of Rights
"The internet age and digital revolution have changed Americans’ way of life. As our lives and the U.S. economy are more tied to the internet, it is essential to provide Americans with basic protections online."

 

First off, this preamble completely ignores the fact that the Internet is a global phenomenon.  To try to restrict the Internet is to degrade its value.  And all of these principles have to be given the force of law to be of any value.  (We already have a "code of ethics" if you only want that: it's RFC 1087.)  Do you really think you are going to get every country in the world to pass these laws--and then enforce them?

"You should have the right:
"(1) to have access to and knowledge of all collection and uses of personal data by companies;
"(2) to opt-in consent to the collection of personal data by any party and to the sharing of personal data with a third party;"

 

These were part of the original EU privacy directives, and are therefore now part of the privacy laws of most developed countries (aside from the US, of course).  The tagging on of the issue of "sharing" here is a bit of a problem: sharing is an issue on its own and should be a principle on its own.  Also, the dropping of the aspect of "transmission to a jurisdiction" where equivalent protections don't apply shouldn't have been dropped.

"(3) where context appropriate and with a fair process, to obtain, correct or delete personal data controlled by any company and to have those requests honored by third parties;"

 

Again, part of the EU directive.  That "delete" part, though, has morphed into the "right to be forgotten" (which never existed up until now) and is, increasingly, becoming a problem.

"(4) to have personal data secured and to be notified in a timely manner when a security breach or unauthorized access of personal data is discovered;"

 

This is a conflation of two ideas that should probably be dealt with separately.

 

The "secured" part is what turned the EU privacy principles into the GDPR.  In theory it is a good principle: those who collect personal information (for their own or a corporate benefit) should have some responsibility for safeguarding that collection.  But it needs some detail and expansion.

 

The notification part is definitely an American inclusion.  In discussing privacy laws, I usually point out that most developed countries outside the US have privacy laws, the US has notification laws.  It does make sense to have both.

"(5) to move all personal data from one network to the next;"

 

I'd like this.  I really would.  But I'm sure this is where the companies would scream about proprietary systems and intellectual property rights and all manner of things.  (If everybody would use open systems it wouldn't be as much of an issue, but ...)  I think this one is good, but it's going to be a tough fight against corporations and money.

"(6) to access and use the internet without internet service providers blocking, throttling, engaging in paid prioritization or otherwise unfairly favoring content, applications, services or devices;"

 

Can you say "net neutrality"?  I knew you could.

"(7) to internet service without the collection of data that is unnecessary for providing the requested service absent opt-in consent;"

 

Kind of redundant, since it is basically a special case of principles one and two, but not really a problem ...

"(8) to have access to multiple viable, affordable internet platforms, services and providers with clear and transparent pricing;"

 

Yeah, since it's American we have to have "the invisible hand of Adam Smith" like it was some kind of magic remedy for anything we've forgotten ...

"(9) not to be unfairly discriminated against or exploited based on your personal data; and"

 

I'd say that's redundant as a basic human right, but I don't see any problem with keeping it ...

"(10) to have an entity that collects your personal data have reasonable business practices and accountability to protect your privacy."

 

Again, kind of a repeat of the "secured" part of principle four.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
1 Reply
CraginS
Defender I

There is a deeper flaw in using the name "Bill of Rights" than what Grandpa Rob @rslade has already pointed out.

In the USA, the Bill of Rights is not a stand-alone document used for reference and discussion, nor is it a set of "good ideas." It is a core part of the fundamental laws of the USA, by being part of the U.S. Constitution. The fact that the Bill of Rights was added to the Constitution by amendment after the States ratified the base document earned it its own name. (Tidbit: There were actually 12 items in the originally proposed Bill of Rights, but only 10 were ratified and added into the Constitution.) However, it has full legal standing and can be, and often is, the basis for changes to or elimination of legislated law, since the Constitution allows for and supersedes all legislated law.

 

As proposed, this "Internet Bill of Rights" is nothing more than a set of guidelines that some folks hope (wish) might influence legislated law.  I do not pretend to fully understand the way the Canadian Constitution and laws work, and the concept of an unwritten constitution in the UK mystifies e even more, so I would like those who understand each to explain how this batch of good ideas might work in those nations.  

 

If I understand the nature of the EU as a confederation properly, it is even messier there. "Laws" passed by the EU Parliament do not really go into affect until member nations each pass their own implementing laws, right? 

 

I guess Rob's comparison to a Code of Ethics, which is generally only a set of good ideas on how we wish other would act, is most apt.

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts