Law in the Internet Society

View   r3  >  r2  ...
RyoichInoueFirstEssay 3 - 24 Dec 2020 - Main.RyoichInoue
Line: 1 to 1
 
META TOPICPARENT name="FirstEssay"
Changed:
<
<
As the Internet of Things (known as "IoT" become more and more popular, our lives are getting more and more convenient. However, is there anything that we lose in exchange of enjoying convenient life that derives from IOT? This essay will address this issue.
>
>

Age of IoT? (2nd draft)

 
Changed:
<
<

Age of IoT

>
>
-- By RyoichInoue - 24 Dec 2020
 
Changed:
<
<
-- By RyoichInoue - 06 Oct 2020
>
>

What are users' rights in a system of sensor-based data gathering and how should those rights be protected?

 
Changed:
<
<

What are examples of more convenient life because of IoT?

>
>

OSS and GPLv3

 
Changed:
<
<

Connected Cars

>
>
In relation to IoT? , the devices used by users are the surveillance devices pointed at the users. The way by which such user’s rights are protected will be enabling the users to modify the software that is embedded in the device. This is because the one who controls power over the software is regarded to have the power over the users. Of course, the user has the right to control himself, therefore the users should be vested with such power. Then, how can we enable the users to have the power to modify the software installed in the device? If the manufacturer of the device has the copyright over the software, it is impossible for the users to modify the software, as it would be the violation of the copyright held by the manufacture. The best way to enable the user to modify software would be to make the software installed in the devise to be Open Source Software (“OSS”). OSS generally refers to the software with source code that anyone can inspect, modify, and enhance. But what makes software OSS is not the nature of software itself, but the nature of license for such software. The institution which has crucial role in developing such OSS license is Free Software Foundation, Inc. Free Software Foundation Inc. has developed version 3 of the GNU General Public License (GPLv3). GPLv3 is the template for the license document for OSS. GPLv3 has four essential factors, which are (1) the freedom to use the software for any purpose, (2) the freedom to share the software with your friends and neighbors, (3) the freedom to change the software to suit your needs and (4) the freedom to share the changes you make. The third element is essential for securing the user’s right to modify the software embedded in the IoT? devise. By using GPLv3 for the software installed in the IoT? device, the user is given the right to modify the software.
 
Changed:
<
<
There is small device that will be installed to the car. Such device, car and the server of IoT Company will be connected through the Internet. The IoT Company will obtain information from where the car went, which route it took, and how long it stayed at the particular point from the device. IoT Company then process the information, then turn them into useful advise to the car owner, such as "you have to consider changing the tier", "there is a new route available to get to the place that you always go". This would indeed give you the convenience that you have never experienced before the age of IoT.
>
>

MIC and MITI in Japan

 
Changed:
<
<

Health Devise

>
>
However, it seems that the use of GPLv3 or OSS in general is not so prevalent in Japan. One of the reasons are the political context. There are 2 ministries in Japan which have interest in OSS, which are Ministry of Internal Affairs and Communications (MIC) and Ministry of Economy, Trade and Industry (METI). The views of MIC and METI over OSS and GPLv3 are different. MIC had long been reluctant for the introduction of OSS. The reason of this is the security and intellectual property risk. MIC is concerned that the use of OSS and GPLv3 would make it mandatory to disclose the source code of modified portion, and also concerned that the responsibility relating to the use of OSS would lie on the user, so in case OSS violates intellectual property of the third party, the user would be liable for such infringement. On the other hand, METI had been proponent of OSS and GPLv3 and promoting the introduction of OSS and GPLv3, from the perspective that OSS and GPLv3 would promote the open innovation. However, given its relatively weak position in the ministries, it was unsuccessful for make them prevalent.
 
Changed:
<
<
There is small device that can be worn by a person on this finger or wrist. The device will be connected to the server of IoT Company. The devise will send the information about your heart beat or blood pressure for 24 hours, 7 days a week. The IoT Company will help identify any health issues at the very early stage, which will be hard to be located otherwise. This is indeed helpful for us to find out any illness at early stage, and cure them to live healthy lives.
>
>

The absolute power of manufacture

 
Changed:
<
<

What are the things that we can lose in exchange of the convenience brought by IoT?

>
>
Another reason why OSS is not so prevalent in Japan is the absolute power of manufacture in determining the software to be installed in the device. The large manufactures in Japan had traditionally developed software by themselves without the reliance on the OSS, which gives it absolute power to control the software in the device in the supply chain, because it is the holder of the copyright over the device, and they can impose whatever conditions over the use of software in the device. In Japan, the presence of the platform companies are relatively weak, so the manufactures does not face the pressure from them.
 
Changed:
<
<

Privacy concerns

>
>

Comparison with China

 
Changed:
<
<
As anyone can easily see, what is on stake is privacy. In Connected Car case, the IoT Company can trace all of the activity that you did with your car. That include where you live, where you work, how long you work, where you like to go after work, and who you meet. In Health Devise case, IoT Company can get so many pieces of information, which you don't even know. It is fairly agreeable that these pieces of information all belong to the realm of privacy.
>
>
The uniqueness of this would become clearer when we compare the situation in Japan with that in China. Unlike MIC in Japan, Chinese government had been strongly supporting the introduction of OSS. One of the reasons is because Chinese government is concerned about Microsoft from the national security perspective, because source code of Microsoft cannot be seen. In China, privacy against the government is considered to be non-existence, given Cyber Security Law and other regulations with the primarily purpose of conferring the surveillance power to the government. However, the government backed OSS had enabled the users to modify software embedded in IoT? device, resulting in securing the user's right against the one who operates the IoT? system. Also, in China, powerful platform company, Baidu, had big influence in the promotion of OSS.
 
Changed:
<
<
Because the convenience that people receive from IoT is so great, they don't really think about the privacy that they are giving away. People tend to think that "they cannot do any harm to me just because they know these pieces of my information. So why do I care so much about it?". Is this really true? I would like to think about the implication that it has. The core value of privacy derives from the fundamental desire of human beings to have a space where nobody else can have access to. Having such space itself has a value. Even though there is no physical or financial damages, losing such space itself would be crucial impairment to value of privacy. Losing such space completely would be equivalent to the ultimate surveillance society. Either government or private companies, there is someone who has access to that space, and knows everything about you. The very important function of protecting privacy is to avoid such undesirous ultimate surveillance society.

Is it practical to limit the information that IoT companies can obtain from you?

On the other hand, the evolution of society toward more convenient lives cannot and should not be impeded. Therefore, we need to come up with the solution, which reconcile the collection of data by IoT Company and privacy. One of the solutions for that would be establishing limits and rules for handling of information and data by regulations, like many countries are doing rapidly. The example of that would be, establishing statutory obligation of IoT Company to clearly disclose the types of information that they will obtain and the purpose of it. It is possible that the users can opt out from certain information to be collected. Theoretically, this could give individuals the freedom to chose, how much access to their space they would be willing to IoT Company.

However, is it practical solution? IoT devices are often designed in the way that it is necessary to collect all information in order for it to offer the value that is intended by it. If the users opt out some of the data, for example giving access to the places they went but deny access to the speed with which they were driving in the case of Connected Car,

A poor example. Timestamps are associated with all communications automatically. If I know when the car was at point A and when it was at point B, I obviously know the average speed of travel from A to B. I'll bet that was the very example used in your first calculus course, when Rolle's Theorem was discussed.

the device might not result in offering the best performance for the users.

As defined by somebody other than the user, evidently.

Because of this, there is strong incentive to the users to just give whatever access requested by the device, that could lead to the ultimate surveillance society.

Only if users have a strong incentive not to care about their rights.

So what is the solution? Well, the world is still trying to figure it out. It is important that each of us have high privacy literacy and actively think about the solution to this problem.

This is not a conclusion, just a shrug.


As we have already discussed these issues in a phone call, I can be more brief here. The next draft needs to dig deeper: we are at too superficial a level here. The incoherence of the conclusion, and the fact that the initial "idea" statement asks a basically tautological question (are their trade-offs involved in the "trillion sensor universe"?) tell us that the analysis doesn't cut deep because there is no edge on the instrument.

The best route to improvement at this level is to ask instead, "what are users' rights in a system of sensor-based data gathering?" and "how should those rights be protected?" Then we can see that these devices, like the smartphone, are basically surveillance instruments pointed at the user who quaintly used to be considered to control the devices she or he owns. Control over those switches is determined by who controls the software in them; therefore who controls that software controls power over users. Requiring the devices to be made of user-modifiable free software—under legal arrangements like the GPLv3 that ensure users have the information sufficient to make and install modified versions—is one way to ensure users' rights are protected. That's not necessarily what you would want to recommend in your draft, of course, but considering the possibility clarifies the questions before us, cutting deeper than the "are their trade-offs" formulation of this draft.

As we discussed, technology is designed and distributed in a political context, expressed in legal rules, that vary from society to society. Understanding the effects of Japanese government and political structures (the unusually intense hostility of MIC to user-modifiable communications devices; the ineffectivenes of MITI in assisting the FOSS revolution among its core owners, the SONY/Mitsubishi class of manufacturers; the absolute power of the manufacturers over the supply chain; the relative societal weakness of the platform companies that usually masquerade as user advocates; etc.) is helpful. But it is even more helpful when compared to the other, quite different contexts in which the supposedly-uniform "IoT" technology is developed. We could start with the situations in China and Korea, to take just two other places. Where "rights" are not supposed to exist, but software made for freedom is a crucial building block and manufacturers are seeking markets for their devices on global scale, what happens? Where chaebol have a different relationship to government than keiretsu, and where the captive consumer market is too small to sustain national champions, what happens? How will European privacy regulation affect East Asian manufacturers who need the European market? And so on.

This is where your biggest route to improvement lies. You want a sharper edge on the analysis, and you want to use your deep particular knowledge of one society's situation to compare with others. That should generate a clear proposition, a crystallized idea, that can form the basis for the next draft.

>
>

Conclusion

 
Added:
>
>
The introduction of OSS based on GPLv3 is recommended to secure the user’s right to modify software installed in IoT? device.

Revision 3r3 - 24 Dec 2020 - 11:40:18 - RyoichInoue
Revision 2r2 - 11 Oct 2020 - 14:04:41 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM