What the Publisher Can Teach the Patient: Intellectual Property and Privacy in an Era of Trusted Privication
Zittrain, Jonathan, Stanford Law Review
Individuals have long had the desire but little ability to control the dissemination of information about their health. Law has been a weak instrument for such control, given the articulate and powerful interests that insist upon maintaining and enhancing access to others' personal information, with access to sensitive medical data proving only a sporadic exception. Technology has so far only made exploitation of personal information easier. The evolving federal framework for the protection of medical records likely will make individuals the third-party beneficiaries of flexibly interpreted, ponderously enforced fair information practices created in the shadow of a congressionally mandated networking of sensitive medical data. This networking promises to lower greatly the costs of accessing and using medical data for any number of purposes--including ones not central to health care, such as direct marketing. It is ushering in what some call the "Era of Promiscuous Publication."(1) The danger this era portends is that what is gained in efficiency of health care provision may be lost in erosion of privacy. Privacy advocates could learn a new approach to this problem from an unlikely teacher: publishers of intellectual property--specifically the American music industry.
The music industry until recently feared ruin from the unauthorized swapping and rebroadcasting of high-quality audio reproductions among its customers, a phenomenon enabled by increasingly cheap networks, cheap data storage, and cheap processors--again, the Era of Promiscuous Publication. Despite access to a sympathetic Congress and extensive enforcement resources, the music industry has found recourse to law largely unavailing against this tide of technological progress. The industry is now embarking on a different strategy--changing the technology itself. At the core of the technological response lies the idea of "trusted systems": computer databases of the rights and privileges of specific entities vis-a-vis information, linked to hardware and software that recognize and enforce those rights. If fully deployed, trusted systems could trump the Era of Promiscuous Publication with what I call an "Era of Trusted Privication": one in which a well-enforced technical rights architecture would enable the distribution of information to a large audience--publication--while simultaneously, and according to rules generated by the controller of the information, not releasing it freely into general circulation--privication.
In my view, there is a profound relationship between those who wish to protect intellectual property and those who wish to protect privacy. Their common desire to control the distribution of information, and the music industry's potential success at regaining control through the implementation of trusted systems, offer several lessons to privacy advocates seeking to protect the privacy interests increasingly threatened by the advent of the Era of Promiscuous Publication. I will explore these lessons first by mapping out the problem presented to the music industry by the advent of fast, cheap, and perfect copies, along with the music industry's legal and technological strategies for regaining control. Second, I will describe the similar problem faced by privacy advocates in the arena of medical privacy, the legal solutions that have been and might be attempted, and a hypothetical technological solution that demonstrates the enforcement power of the trusted system. Finally, I will look beyond the enforcement potential of the technological solution to demonstrate how thinking in terms of privication architectures might help negotiate the allocation of rights to medical data to account for the interests of individual "producers" of personal data in ways that need not disparage the legitimate interests of the sophisticated institutional players who wish to consume that data.
I. THE MUSIC INDUSTRY: A TRAJECTORY OF INTELLECTUAL PROPERTY WORRIES--AND RESPONSES TO THEM--IN A DIGITALLY NETWORKED ENVIRONMENT