Mind the Gap (Symposium on Configuring the Networked Self)
posted by Paul Ohm
Julie Cohen has written a great book, perhaps the most important Cyberlaw book since Code. I say this even though I recognize the many virtues of Cyberlaw books written by Jonathan Zittrain, Tim Wu, Yochai Benkler, and Barbara van Schewick, privacy books written by Dan Solove, Lior Strahilevitz, Viktor Mayer-Schönberger, and many other books published recently. But not since Code has one book challenged the way we conceptualize and try to solve technology problems as much or as well as this book does.
In this post, I want to focus on “semantic discontinuity,” the label Cohen gives to the most novel and interesting construct in the book. Semantic discontinuity is one of three “principles that should inform the design of legal and technical architectures,“ along with “access to knowledge” and “operational transparency.” In her words, “semantic discontinuity is the opposite of seamlessness. . . . It is a function of interstitial complexity within . . . institutional and technical frameworks.” It serves a “vital” function, “creat[ing] space for the semantic indeterminacy that is a vital and indispensable enabler of the play of everyday practice.” (Kindle location 4288)
In other words, semantic discontinuity valorizes noise, inefficiency, constraints, and imperfections. As this list illustrates, the most striking thing about this book is the size of the herd of sacred cows it leads to the slaughter.
But, to repeat the question Cohen asked during this symposium, how do you operationalize semantic discontiuity? Focusing on privacy law, semantic discontinuity leads to what she calls a principle of “just aggregation,” which will animate “interventions aimed at preserving the commercial, technical, and spatial disconnects that separate contexts from one another.” (Kindle 4843) To put it more metaphorically and concretely, “privacy law and policy should reinforce and widen gaps within the semantic web so that situated subjects can thrive.” (Kindle 4765)
This is heady stuff, and I really love it. I am attracted to this metaphor, that privacy law (and copyright law, and unauthorized access law) must protect, create, or widen “gaps” in enforcement, coverage, and definition. It provides a goal with an easy-to-understand label, built upon a deep theoretical base, for defending aggressive regulatory interventions that are likely to improve privacy.
But I think Cohen has not yet done enough to explain how we get from the abstraction to concrete, defensible solutions. Somehow, the principle of just aggregation leads her to something like the Fair Information Practice Principles (FIPPs) on steroids. We should treat companies who hold information about us as “data fiduciaries,” and force them to obey restrictions on how they can use data and with whom they can share data. And when they are done using the data, they must destroy it. (Kindle 4836) Then, we should temper these obligations in certain contextual situations, giving more freedom for data retention and sharing when the data are being used to advance individual well-being or medical research or shared on social networking platforms. (Kindle 4852) Law enforcement access will be subject to its own set of rules, ones developed by those who understand the perils of an obsession with risk management and a tendency to engage in security theater. (Kindle 4900)
This is a fine list. I think a society that embraces and enforces rules like these would enjoy significantly more privacy than we do today, albeit at some significant cost. It is hard to justify the cost for now, however, because the book skips too many steps from the abstract idea of “gaps” to this fine-grained set of prescriptions. And I agree with Anita Allen that many theorists have used liberal political theory and rights-talk to end up with very similar lists.
I think we need to do more work to better explain what the “gaps” of information privacy law should look like. As a modest start, I would like to make a claim about the nature of these gaps, one I see woven throughout the book, but never stated plainly enough: we will be forced to carve out these gaps using machetes not scalpels. It seems hard, almost by definition, to design legal or technological architectures finely-tuned to bolster “the play of everyday practice” and foster “evolving subjectivity.” The very ideas of play and subjectivity seem tied in important ways to the unexpected. As Cohen puts it:
[A]n important function of play is the opening of spaces or gaps into which evolving subjectivity (and also evolving collectivity) might move. Evolving subjectivity, or the everyday practice of self, responds to the play-of-circumstances in unanticipated and fundamentally unpredictable ways. . . . [T]he play-of-circumstances operates as a potent engine of cultural dynamism, mediating both evolving subjectivity and evolving collectivity, and channeling them in unexpected ways.
(Kindle 2591) (emphases added). By calling for machetes, I understand that I might be confusing the thing we are trying to produce with the tool we need to produce it. It may be that a precisely defined, narrowly tailored, and rigidly constructed set of “gaps” in law or technology might somehow best foster “fundamentally unpredictable” results. But I doubt it. It seems to me that the type of architecture best suited to channeling responses “in unexpected ways” will themselves be unpredictably lumpy, misshapen and even somewhat illogical. As Cohen explains in the most bumper-sticker-worthy passage in the book, “privacy consists in setting of limits precisely where logic would object to drawing lines.” (Kindle 4846)
I’m still not sure whether Cohen will manage to pull us out of the flightpath to zero privacy in which we find ourselves, but for now, wherever she’s going, I’m happy to follow.