There is a substantial and growing danger in our culture to focus the law on ridiculously low levels of detail. I am not sure where it comes from but the result is that we now live in a society where having "Byzantine Law" would be relief.
The first area of confusion is what is intended for "privacy".
For example, a file exchange site called "Drop Box" offers a service whereby you can exchange files with others. Initially in the myriad of disclaimers and disclosures the site claimed that "All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password." Later on that claim was changed to "All files stored on Dropbox servers are encrypted (AES 256)." (See this PDF.)
The real issue here is whether its possible that someone outside of you, the uploader, can access the files and are you and your intended recipient satisfied with the service. The service should not have to worry about exactly how secure this is and, if you care, then you need to take the burden upon yourself to figure it out.
The big additional problem here is that neither of these statements make any sense to begin with. "Servers" cannot be incrypted - only information on the servers. Clearly the first sentence indicates that the "servers" would be inaccessible without your account password. In no case does it mention files.
The second sentence cannot be true either because any server on which all files where encrypted would not function - because the operating system files must be free of encryption in order for the server to run and obviously you would need to view unencrypted web pages in order to use them.
At issue is what is the "intended" purpose of Drop Box from the perspective of a user.
Users see the site as protecting their information for casual interception for sure. But what else is expected? Protection from governments? Aliens? Where doe the line get drawn and at what cost...?
If an arms dealer uses this site and the government intercepts his information then I guess he was at fault for using the site in the first place.
Now let's look at another area of confusion: sexual encounters.
The most recent Byzantine case I can think of is the Julian Assange (WikiLeaks) case where part of the allegations include a statement by Miss A that “but that it was too late to stop Assange as she had gone along with it so far” (see this for the full statement). Similarly Miss W claims "during the night, they had both woken up and had sex at least once .... She had awoken to find him having sex with her."
Again we have nonsensical statements being parsed by the law.
Can you be willing doing something you do not consent to?
Previously "macro" events - for example exchanging a file with someone or have sex with someone - were what was considered before the eyes of the as "atomic" - that is either you did it or you did not - the "it" being, in either case I suppose, the "exchange".
There was little or no consideration of the "low level details".
But today all of that has changed dramatically - particularly before the law.
It used to be that if you were in bed with someone else naked that was sufficient to be considered to be "having sex" - specific details of who did what to whom were of little consequence - the assumption being that if both parties had willing gone along together to that point then it wasn't important what else might or might not have happened unless a pregnancy resulted. There were considered to be having consensual sex regardless.
Its much less clear today.
And what is my expectation if I buy an iPhone that is supposed to know where I am...? Should I expect to the phone to in fact know where I am? Doesn't that expectation fly directly in the face of my expectation of "location privacy?"
And no matter what a company does to try and mitigate all of this someone will always find a "flaw" that could be used to circumvent any protection.
The law today is far worse than the Byzantine Law of the 14th century because it attempts to spell out specific details of each and every possible type of offense, isolates specific activities already covered by other laws as well as include specific penalties for different types of "intention" while committing crimes, e.g., hate crimes as opposed to crimes.
In the past if you killed someone you killed someone - while motive might be an issue determining the length and severity of your punishment the crime itself was the principle issue - killing someone. Today there is a myriad of other details - details that do not mitigate the killing - yet consume enormous amounts of legal cost, time and effort and do not change the outcome. These details offer no "value" to society and open even more loopholes for lawyers to maneuver guilty defendants to innocence.
And what is the cost of all of this nonsense to the rest of us?
I believe that it is becoming enormous and will begin to exceed the cost (if it has not already) of imposing basic justice in the first place.
The cause of this, of course, is unscrupulous defense attorney's that manage to claim a defendant did not break the letter of the law when in fact he did. "He was copying files, not stealing your honor blah blah blah..."
And because judges, legal systems and juries are not technologically sophisticated things only become worse.
Now we see the Obama Administration asking for mandatory three year prison sentences for "critical infrastructure hacking" - whatever that might be. One imagines that associated stealing, breaking and entering, trespassing, trafficking in stolen goods, and God knows what else would be sufficient for prosecutors to obtain a conviction - but apparently no longer.
There is a very great danger here that the number and specificity of laws will become so great that society will be unable to accomplish anything at all - in terms of generating work for its members and in terms of what its members can do.
And now we have copyright trolls literally suing people based solely on IP addresses (see this). Will you be one of the 23,000 defendants?
No comments:
Post a Comment