What the Publisher Can Teach the Patient: Intellectual Property and Privacy in an Era of Trusted Privication
Jonathan L. Zittrain
Harvard Law School and Harvard Kennedy School of Government; Harvard School of Engineering and Applied Sciences; Berkman Center for Internet & Society
Stanford Law Review, Vol. 52
Individuals have long had the desire but little ability to control the dissemination of personal information about their health. Law has been a weak instrument for such control, given the articulate and powerful interests that insist upon maintaining and enhancing access and use of others' personal information, with sensitive medical data proving only a sporadic exception. Technology has so far only made exploitation of personal information easier. The evolving federal framework for the protection of electronic medical records is, at the moment, one in which individuals are third-party beneficiaries of what are likely to be flexibly-interpreted, ponderously-enforced fair information practices created in the shadow of a Congressionally-mandated networking of sensitive medical data. This networking promises to greatly lower the costs of accessing and using medical data for any number of purposes?including ones not central to health care, such as direct marketing. It is ushering in what some call the "Era of Promiscuous Publication." The danger this era portends is that what is gained in efficiency of health care provision may be lost in erosion of privacy. Privacy advocates could learn a new approach to this problem from an unlikely teacher: publishers of intellectual property?specifically the American music industry.
The music industry until recently feared ruin from the unauthorized swapping and rebroadcasting of high-quality audio reproductions among its customers, a phenomenon enabled by increasingly cheap networks, cheap data storage, and cheap processors?again, the Era of Promiscuous Publication. Despite access to a sympathetic Congress and extensive enforcement resources, the music industry has found recourse to law largely unavailing against this tide of technological progress. The industry is now embarking on a different strategy?changing the technology itself. At the core of the technological response lies the idea of "trusted systems": computer databases of the rights and privileges of specific entities vis-a-vis information, linked to hardware and software that recognize and enforce those rights. If fully deployed, trusted systems could trump the Era of Promiscuous Publication with what I call an "Era of Trusted Privication": one in which a well-enforced technical rights architecture would enable the distribution of information to a large audience?publication?while simultaneously, and according to rules generated by the controller of the information, not releasing it freely into general circulation?privication.
In my view there is a profound relationship between those who wish to protect intellectual property and those who wish to protect privacy. Their common desire to control the distribution of information, and the music industry?s potential success at regaining control through the implementation of trusted systems, offer several lessons to privacy advocates seeking to protect the privacy interests increasingly threatened by the advent of the Era of Promiscuous Publication. The paper explores these lessons first by mapping out the problem presented to the music industry by the advent of fast, cheap, and perfect copies, along with the music industry?s legal and technological strategies for regaining control. Second, it describes the similar problem faced by privacy advocates in the arena of medical privacy, the legal solutions that have been and might be attempted, and a hypothetical technological solution that demonstrates the enforcement power of the trusted system. Finally, it looks beyond the enforcement potential of the technological solution to demonstrate how thinking in terms of privication architectures might help negotiate the allocation of rights to medical data to account for the interests of individual "producers" of personal data in ways that need not disparage the legitimate interests of the sophisticated institutional players who wish to consume that data.
Number of Pages in PDF File: 71
JEL Classification: I10, K11, K32
Date posted: March 9, 2000