Noah Brier | June 6, 2019

Why is this interesting? - The Information Fiduciary Edition

On Facebook, privacy, and their fiduciary responsibility to protect your data

Recommended Products

Zojirushi SM-SA48RW Stainless Steel Vacuum Insulated Mug
Zojirushi SM-SA48RW Stainless Steel Vacuum Insulated Mug

The to go mug recommended is known for keeping hot liquids hot and cold ones cold for a long time. It is manufactured by the Japanese brand Zojirushi and has a cult following for its durability and effectiveness.

Noah here. As we all know at this point, Mark Zuckerberg sets a challenge for himself each year. This year’s challenge is to talk to smart people about the future of technology in society. The first of the conversations was an engaging discussion with Harvard Law Professor Jonathan Zittrain about encryption, AI, and, most interestingly to me, information fiduciaries.

The latter is a term I first ran across last Spring after the Cambridge Analytica debacle. In a Times op-ed titled Mark Zuckerberg Can Still Fix This Mess, Zittrain laid out the basic thesis:

On the policy front, we should look to how the law treats professionals with specialized skills who get to know clients’ troubles and secrets intimately. For example, doctors and lawyers draw lots of sensitive information from, and wield a lot of power over, their patients and clients. There’s not only an ethical trust relationship there but also a legal one: that of a “fiduciary,” which at its core means that the professionals are obliged to place their clients’ interests ahead of their own.

The legal scholar Jack Balkin has convincingly argued that companies like Facebook and Twitter are in a similar relationship of knowledge about, and power over, their users — and thus should be considered “information fiduciaries.”

Why is this interesting?

Information fiduciary is one of the few ideas around governing Facebook that feels possible to achieve. It sits somewhere between the platforms promising they’ll figure it out themselves and full-scale government oversight (and possible breakup). Even Zuckerberg seems aligned with the idea, noting in the conversation that “The idea of us having a fiduciary relationship with the people who use our services is kind of intuitively … how we think about how we’re building what we’re building.”

In Balkin’s much longer and surprisingly readable paper on the idea he lays out an argument for why we should take the concept seriously. The paper starts by replaying a question Zittrain posed in 2014 New Statesman article after Facebook ran a get out the vote experiment that drove impressive numbers:

Now consider a hypothetical, hotly contested future election. Suppose that Mark Zuckerberg personally favors whichever candidate you don’t like. He arranges for a voting prompt to appear within the newsfeeds of tens of millions of active Facebook users—but unlike in the 2010 experiment, the group that will not receive the message is not chosen at random. Rather, Zuckerberg makes use of the fact that Facebook “likes” can predict political views and party affiliation, even beyond the many users who proudly advertise those affiliations directly. With that knowledge, our hypothetical Zuck chooses not to spice the feeds of users unsympathetic to his views. Such machinations then flip the outcome of our hypothetical election. Should the law constrain this kind of behavior?

Balkin argues that we don’t really have any way to stop Facebook from doing that legally. The First Amendment gives them the right to political speech. We could hope that they wouldn’t do it because of the backlash it would likely create (and it’s true that it would probably be enough to prevent them), but do we feel good relying on the market in this case?

After going through a bunch of options for dealing with the situation, he lands on the fiduciary concept. “Generally speaking, a fiduciary is one who has special obligations of loyalty and trustworthiness toward another person,” Balkin writes. “The fiduciary must take care to act in the interests of the other person, who is sometimes called the principal, the beneficiary, or the client. The client puts their trust or confidence in the fiduciary, and the fiduciary has a duty not to betray that trust or confidence.”

But how would it all work? Well, Zittrain and Balkin tackled that too. In a 2016 Atlantic article, they present a theoretical framework for application in a similar way to the Digital Millennium Copyright Act (DMCA) which, while it has its flaws, is a solution that seems to generally work for the various parties involved. Here’s their proposal for a Digital Millennium Privacy Act (DMPA):

The DMPA would provide a predictable level of federal immunity for those companies willing to subscribe to the duties of an information fiduciary and accept a corresponding process to disclose and redress privacy and security violations. As with the DMCA, those companies unwilling to take the leap would be left no worse off than they are today—subject to the tender mercies of state and local governments. But those who accept the deal would gain the consistency and calculability of a single set of nationwide rules. Even without the public giving up on any hard-fought privacy rights recognized by a single state, a company could find that becoming an information fiduciary could be far less burdensome than having to respond to multiple and conflicting state and local obligations.

This feels like a real idea that has value for all parties involved and a legitimate framework for implementation. I don’t know that it will ever come to pass, but I know some smart people are working hard to make it happen. (NRB)

Recommendation of the Day:

This is my to go gift for coffee lovers: Wirecutter’s top pick for a to go mug. It’s made by the Japanese brand Zojirushi and has a cult following for keeping hot liquids hot (and cold cold) for a long time. Made with care and silently bombproof. I dig it. (CJN)

Quick Links:

Thanks for reading,

Noah (NRB) & Colin (CJN)

© WITI Industries, LLC.