Private Communication in Public Spaces: The Paradoxical Economics of Exceptional Access and E-Privacy
39 Pages Posted: 3 Apr 2016 Last revised: 28 Sep 2016
Date Written: March 30, 2016
Recent regulatory developments have seemed to be heading in sharply divergent directions. Some (e.g. the UK’s Investigatory Powers Bill) expand government power to collect, retain, process and share data. Others, like the EU’s General Data Privacy Regulation (GDPR), the EU-US Privacy Shield and the Freedom USA Act (to a degree) protect individuals against new intrusions by public and private parties. The cybersecurity issues are by now well-known (e.g. Abelson et al. (2015) “Keys under doormats: mandating insecurity by requiring government access to all data and communications.” Journal of Cybersecurity and Zittrain et al. (2016) “Don't Panic: Making Progress on the ‘Going Dark’ Debate.” Berkman Center Research Publication 2016-1), as are the privacy dimensions and the unfortunate processes by which well-publicised incidents drive beliefs and trigger slow and difficult to reverse rulemaking. At the same time, the economic importance of data have been growing and the variety of technologies, business models market structures and activities through which data are generated and used have all been evolving. Despite this, the economic analysis of the mechanisms and effects of such rules remains rudimentary, at least in the policy process. This paper seeks to understand how the economics of this new landscape shapes this development and how these cases can influence modern economic thinking (e.g. about complex networks, behaviour and platforms). It analyses the economic mechanisms and likely effects of such rules, in isolation and together. It is based on the published impact assessments, economic modelling of multi-sided platforms and information security and on the economic analysis of cybersecurity and ethical issues connected with data handling.
To illustrate the issue, note that much of the existing literature and policy thinking conflates communication with the flow of information, privacy with data privacy, and security with an attacker-defender struggle over specific information assets. Few of these simplifications are accurate; most lead to unintended consequences. Consider communication; much of the traffic flowing through electronic networks, retained in data repositories and processed to support automated decisions is not communication that seeks to convey messages between people. It may be no more than traces of one-sided personal activity or the collective operation of large automated systems. Even consciously sent messages may be addressed to audiences that are diffuse, remote in time or space or purely imaginary. But once observed or captured as data, they can be regarded as communications. This can have paradoxical effects. An individual’s playful or careless expression or experimental search for variety, or observable patterns in large unstructured data sets may be regarded as an expression of fixed opinions, intentions or preferences or system laws. Rules based on communication miss this and the importance of actors at other levels of the system, from hardware to services. Vertical interactions and market power are hard to identify, and harder still to take into account when making policy. And as we know from net neutrality, the different of these actors (a bit is a bit, a bitcoin is a bitcoin) lead to novel phenomena. The paper gives a critical analysis of existing scholarly and policy debates, noting the disagreements between e.g. security and privacy or commerce and policy. It then analyses four cases to show how economic impacts have been neglected and could be incorporated.
Keywords: Privacy, cybersecurity, big data, encryption, blockchain, 2-sided markets, networks, algorithms
JEL Classification: A13, C62, C72, C79, D11, D21, D43, D52, D61, D63, D78, D8
Suggested Citation: Suggested Citation