Thanks for writing. I’m inspired to write a couple of comments in response.

First, are academic, professional ethicists as irrelevant as you suggest? (Okay, that’s a bit of a strawman framing, but I hope the response is still useful.)

Floridi is an interesting example. I’m also a fan of his work (although I know him more for his philosophy of information work — I like to cite him on semantics/ontologies, for example (Floridi 2013) — rather than his ethics work), but he’s also in the news this week because he’s on Google’s panel of experts (their “Advisory Council”) for determining the right balance in processing right-to-be-forgotten requests.

Also, I think we see the influence of these ethical and other academic theories play out in practical terms, even if they’re not cited in a direct company response to a particular scandal. For example, you can see Nissenbaum’s contextual integrity theory of privacy (Nissenbaum 2004) throughout the Federal Trade Commission’s 2012 report on privacy (FTC 2012), even though she’s never explicitly cited. And, forgive me for rooting for the home team here, but I think Ken and Deirdre’s research of “on the ground” privacy (Bamberger and Mulligan 2011) played a pretty prominent role in the White House framework for consumer privacy (“Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy” 2012).

But second, I’m even more excited about your conclusion. Yes, decentralize!, despite the skepticism about it (Narayanan et al. 2012). But more than just repeating that rallying cry (which I still think needs repeating – I’m trying to support #indieweb as my part of that), is the form of the problem.

I think a really cool project that everybody who cares about this should be working on is designing and executing on building that alternative to Facebook. That’s a huge project. But just think about how great it would be if we could figure out how to fund, design, build, and market that. These are the big questions for political praxis in the 21st century.

Politics in our century might be defined by engineering challenges, and if that’s true, then it emphasizes even more how coding is not just entangled with, but is itself a question of, policy and values. I think our institution could dedicate a group blog just to different takes on that.

—Nick

Some references:

Bamberger, KA, and DK Mulligan. 2011. “Privacy on the Books and on the Ground.” Stanford Law Review. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1568385.

“Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” 2012. White House, Washington, DC. http://www.whitehouse.gov/the-press-office/2012/02/23/fact-sheet-plan-protect-privacy-internet-age-adopting-consumer-privacy-b.

Floridi, Luciano. 2013. “Semantic Conceptions of Information.” In Stanford Encyclopedia of Philosophy, edited by Edward N. Zalta, Spring 201. http://plato.stanford.edu/archives/spr2013/entries/information-semantic/.

FTC. 2012. “Protecting Consumer Privacy in an Era of Rapid Change Recommendations for Businesses and Policymakers.” Technical report March. Federal Trade Commission. http://ftc.gov/os/2012/03/120326privacyreport.pdf.

Narayanan, Arvind, Vincent Toubiana, Helen Nissenbaum, and Dan Boneh. 2012. “A Critical Look at Decentralized Personal Data Architectures.” http://arxiv.org/abs/1202.4503.

Nissenbaum, Helen. 2004. “Privacy as Contextual Integrity.” Washington Law Review 79 (1): 101–139. http://heinonlinebackup.com/hol-cgi-bin/get_pdf.cgi?handle=hein.journals/washlr79&section=16.



The Knight News Challenge applications are in and I find them a particularly exciting batch this year, perhaps because of a burst of activity spurred on by a handful of surveillance revelations you might have heard about. I read through all 660: below are my list of promising applications from friends and colleagues. I’m sure there are many more awesome ones, including some I already “applauded”, but I thought a starter list would still be useful. Go applaud these and add comments to help them improve.

Which are your favorites that I’ve missed? I’m keeping a running list here: https://pinboard.in/u:npdoty/t:newschallenge

Encrypt all the things

Mailpile - secure e-mail for the masses!

Making secure email (using the OpenPGP standard) easier by developing an awesome native email client where encryption is built-in. They already have an alpha running that you might have seen on Kickstarter.

Encryption Usability Prize

Peter Eckersley, just over the Bay at EFF, wants to develop criteria for an annual prize for usable encryption software. (Noticing a theme to these encryption projects yet?) Notes SOUPS (CMU’s conference on usable security, happening this summer at Facebook) as a venue for discussion.

LEAP Encryption Access Project: Tools for Creating an Open, Federated and Secure Internet

LEAP (leap.se) is a project for developing a set of encryption tools, including proxies, email (with automatic key discovery) and chat, in an effort to make encryption the default for a set of at-risk users. (My colleague Harry Halpin at W3C works with them, and it all sounds very powerful.)

TextSecure: Simple Private Communication For Everyone

TextSecure is likely the most promising protocol and software project for easy-to-use widely adopted asynchronous encrypted messaging. (Android users should be using the new TextSecure already, fyi; it basically replaces your SMS app but allows for easy encryption.) Moxie (formerly of Twitter) is pretty awesome and it’s an impressive team.

Standards

Speaking of encryption, there are two proposals for standards work directly related to encryption and security.

Advancing DANE (DNS-Based Authentication of Named Entities) to Secure the Internet’s Transport Layer

This one may sound a little deep in the weeds, but DANE is a standard which promises end-to-end transport security on the Internet via DNSSEC, without relying on the brittle Certificate Authority system. Yay IETF!

Improved Privacy and Security through Web Standards

My colleagues at W3C are working on WebCrypto — a set of APIs for crypto to be implemented in the browser so that all your favorite Web applications can start implementing encryption without all making the same mistakes. Also, and this is of particular interest to me, while we’ve started to do privacy reviews of W3C specs in general via the Privacy Interest Group, this proposal suggests dedicated staff to provide privacy/security expertise to all those standards groups out there from the very beginning of their work.

Open Annotations for the Web

Hypothes.is (with lots of I School connections!) has been contributing to standards for Web annotations, so that we can all share the highlights and underlines and comments we make on web pages; they’re proposing to hire a developer to work with W3C on those standards.

Open Notice & Consent Receipts

A large handful of us I School alumni have been working in some way or another on the idea of privacy icons or standardized privacy notices. Mary Hodder proposes funding that project, to work on these notices and a “consent receipt” so you’ll know what terms you’ve accepted once you do.

Documenting practices, good and bad

Usable Security Guides for Strengthening the Internet

Joe Hall, CDT chief technologist and I School alumnus extraordinaire, has an awesome proposal for writing guides for usable security. Because it doesn’t matter how good the technology is if you don’t learn how to use it.

Transparency Reporting for Beginners: A Starter Kit and Best Practices Guide for Internet Companies, and a Readers’ Guide for Consumers, Journalists, & Advocates

Kevin Bankston (formerly CDT, formerly formerly EFF) suggests a set of best practices for transparency reports, the new hot thing in response to surveillance, but lacking standards and guidelines.

The positive projects in here naturally seem easier to build and less-likely to attract controversy, but these evaluative projects might also be important for encouraging improvement:

Ranking Digital Rights: Holding tech companies accountable on freedom of expression and privacy

@rmack on annual ranking of companies on their free expression and privacy practices.

Exposing Privacy and Security Practices: An online resource for evaluation and advocacy

CDT’s Justin Brookman on evaluating data collection and practices, particularly for news and entertainment sites.

IndieWeb and Self-Hosting

IndieWeb Fellowships for the Independent and Open Web

I’ve been following and participating in this #indieweb thing for a while now. While occasionally quixotic, I think the trend of building working interoperable tools that rely as little as possible on large centralized services is one worth applauding. This proposal from @caseorganic suggests “fellowships” to fund the indie people building these tools.

Idno: a collective storytelling platform that supports the diversity of the web

And @benwerd (werd.io) is one of these people building easy-to-use software for your own blog, not controlled by anyone else. Idno is sweet software and Ben and Erin are really cool.

Mail-in-a-Box

Even if you had your own domain name, would you still forward all your email through GMail or Hotmail or some free webmail service with practices you might not understand or appreciate? This project is for “a one-click, easy-to-deploy SMTP server: a mail server in a box.”

Superuser: Internet homeownership for anyone

Eric Mill (@konlone) has been working on a related project, to make it end-user easy to install self-hosted tools (like Mail-in-a-box, or personal blog software, or IFTTT) on a machine you control, so that it’s not reserved for those of us who naturally take to system administration. (Also, Eric is super cool.)