Monday, February 03, 2014

The Missing Commandment

Having been intimately involved in the development of the original Jericho Forum Commandments, https://collaboration.opengroup.org/jericho/commandments_v1.2.pdf there were a lot of hours spent in many fuggy rooms, with drained coffee flasks more often than not, with some very impressive individuals.  It is only now many years afterwards that I realise that we missed a key commandment, arguably the most critical of the commandments.  

Happily there are a number of precedents, for missing a keystone Commandment, the fundamental principle, the prime rule, or key law.  Jesus in John 15:12 did this when he gave us an additional commandment, "Love they neighbour as I have loved you", presumably because he recognised that the original commandment covering this area, relied on human foibles; "Love thy neighbour as you love yourself."

My favourite example of realising a "law" was missing and adding the missing law was achieved by Isaac Asimov after his Three Laws of Robotics:

"1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law."

After Asimov started to have robots, like Daneel, have impact on humanity, he recognised the need for a Zeroth Law:

"0. A robot may not harm humanity, or, by inaction, allow humanity to come to harm."

Some apparently establish the prime law in their initial attempt, in 2009, Robin Murphy (Texas A&M) and David D. Woods (Ohio State) proposed "The Three Laws of Responsible Robotics" 

The laws are as follows:

  1. A human may not deploy a robot without the human-robot work system meeting the highest legal and professional standards of safety and ethics.
  2. A robot must respond to humans as appropriate for their roles.
  3. A robot must be endowed with sufficient situated autonomy to protect its own existence as long as such protection provides smooth transfer of control which does not conflict with the First and Second Laws.
I suspect that even this set of laws could be manipulated in true Asimov style to posit the need for a Zeroth Law "A Robot may not deploy a robot without embedding these laws within it."

However I digress, and am in danger of starting to explore the areas of ethics and trust, so back to the missing Jericho Forum Commandment. When we created the original 10 Commandments we added an Eleventh to ensure that Secure was the Default position.  At the time we coined the Deperimeterization word, it was clear that we had information security at the fore front of our thinking.   (I got over the 's' vs 'z' spelling tension after I learned that 'z' was originally used in Olde English.) We saw the term had two fundamental meanings, the first to imply that it was a natural entropic force that impacts all information, resulting in reduced integrity and data spread.  The second to imply the existance of a set of external negative forces attacking the structure and value of the data.  Both of these meanings could arguably be covered with what I have recently identified as Anti-Clockwise Security. (Shorthand for having a largely Information Risk Reduction mindset)

The 11 Commandments were split into 5 areas:
  1. Fundamentals
  2. Surviving in a Hostile World
  3. The Need to Trust
  4. Identity, Management, and Federation
  5. Access to Data

So what is the missing Commandment?

The fifth area; "Access to Data", arguably signals that we were discussing the underlying concept of the Zeroth Law in those fuggy rooms.  I posit the Zeroth Law should cover the basic concept that data should not be stored, by interested parties; rather, the relevant information should be accessed.  As an example; an entity should not need to transfer their precise date and time of birth, arguably a critical identifier, to a third party who simply wants to know that they are over 18.  Another example would have the reader, listener, viewer or player being trained to understand that they are no longer acquiring full rights to a physical asset, but they are being given licensed access to digital assets, the two books that I just connected to my Kindle account are such examples.  We are in a transitional era moving from physical to digital, paper to silicon, silo to network, moving from egosystem to ecosystem.

In this transitional era, we are in an age of the "big data grab", whole industries are seeing it as their right to insert themselves into our data streams and hoover up all our data.  See my Samsung & LG TV blog posts.  In the prior "Physical" era we had got used to being able to "own" the intellectual assets of others, and felt we had the right to share the physical instantiation of their efforts, either an Vinyl LP or a Book, with others as we saw fit.  The creation of the Philips Cassette, and latterly Video Casettes even allowed us to make physical copies of such intellectual property, while it was being broadcast by radio and TV.  The artists or authors involved thus lost control over their assets in the physical era, and are still doing so in the transitional era.  Apple with it's iBeacon technology are rolling out a technology that has been architected not to share vast mounts of data, but arguably could be part of a huge hoovering effort, or the start of rolling out the solution, something to keep an eye on!.  As individuals we would do well to consider our digital address books, do we own the rights to all the data in our digital address book?  To this day, I still feel guilty about allowing Plaxo a look at my address book, apologies to any impacted by my faux pas! Hopefully no more than an increase in Spam!

As I have previously stated we need to shift from a privacy focus to an agency focus.  In order to achieve that shift and maintain control over our assets we need a new approach, a new mindset, a prime commandment?

"Owning entities should not allow their data to be uncontrollably stored by others"

Remember In the Jericho Forum we included the following as entities:
    People, Organisations, Devices, Code, and Agents.
We recognised that Agents were a special form of Entity that could be any of the five!

In the address book example implementing such a prime commandment would have the benefit of my address book always being up/to date, and not containing the addresses of folks who no longer want a Christmas card from me! Exploring the other examples I can only see positives, of course we won't be able abuse the assets of others, but surely that would be a good thing?

Oh yes the e-Trust ecosystem that enables this Prime Commandment is yet to be built, so until then consider carefully who you chose to give your data to.

To be clear the above is not the final wording of the Zeroth Commandment, simply my first crack at it...

Improvements welcome.

Aside: Before the Jericho Forum quiesced, we posited the need for a set of Jericho Forum Data Commandments, this would surely be one of the first of these?





1 comment:

  1. Two thoughts, first on music, in the 70's I purchased a 7in Single, the "data" that I licensed was the song, the media surely is irrelevant; SoundHound would identity it as just one data set irrespective of whether it was my single on a record player, a cassette, DAT tape, MP3 or even FM or DAB radio.
    Oh wait, the record company want me to buy a new copy every-time I change format.
    Maybe there are a lot of vested interests that need re-educating......
    Meanwhile I'm off to search the Internet for; and download, whole bunch of MP3 matching the 2000 singles that I have already purchased. (NSA please note this is British Irony, aka a joke).

    On your "zeroeth" commandment - I see where you are going, but would challenge your direction.

    "Owning entities should not allow their data to be uncontrollably stored by others"

    Thus mandates;
    If I don't DRM that music then I loose my rights to sue.
    IRL - If I loan my lawnmower to my neighbour, then it's my responsibility to ensure they do not mistreat it.

    To use your example;
    Love thy neighbours lawnmower as you love your own lawnmower. - Jesus put the onus clearly on the end-user.

    Paul

    Paul

    ReplyDelete

Thanks in advance for sharing your thoughts...