Control as Liability

This same kind of thought process--that one should strive not for &quot;do no evil&quot; but &quot;can&#x27;t do evil&quot;--really applies everywhere, as it is somewhat general: amassing control over other people and their resources (money, data, whatever) is always going to be dangerous.<p>Maybe you are good today, but in the future you might start to be swayed by changing incentives or situations due to forces such as &quot;absolutely power corrupts absolutely&quot;.<p>Or maybe you manage to always be good, but--as humans have fixed life spans--eventually retire or die or simply move on and are replaced by someone who is less good than you are.<p>Or maybe you are good but the power you manage to concentrate gets stolen by someone (in the digital world, maybe you get hacked) and used without your permission to do bad things.<p>Or maybe you want to be good, but your power is seen as an asset for something external--such as a government--and you end up being required to do bad things that make you sad.<p>We see all of these issues play out constantly with large tech companies, with control techniques such as curated application markets getting abused as anti-competitive measures, or getting regulated by authoritarian governments as a tool for their regime.<p>In 2017, I gave a talk at Mozilla Privacy Lab that looked at many of these issues, citing tons of situations--every slide is a screenshot of a news source, as somehow people always want to believe these situations are far-fetched--where having control has gone badly:<p><a href="https:&#x2F;&#x2F;youtu.be&#x2F;vsazo-Gs7ms" rel="nofollow">https:&#x2F;&#x2F;youtu.be&#x2F;vsazo-Gs7ms</a>

At common law, certain relationships are characterised as fiduciary relationships and come with certain additional onerous obligations, such as the duty to act in the best interests of the person you are representing, the duty to avoid conflicts of interest, the duty to account for any undisclosed profits, etc.<p>Though perhaps a slight oversimplification, I would say that a guiding principal for determining whether a relationship is characterised as fiduciary one is the possibility of control over another person&#x27;s affairs, either literally (as in the case of a trustee or agent), or because that person is accustomed to place a high degree of trust in your judgement (attorneys, financial advisors).<p>In that context, I find this article quite interesting (if a little short). Maybe there is a concept emerging of &quot;data fiduciaries&quot;, even if regulators and courts don&#x27;t yet call it that. It has long been accepted that a financial institution that holds your stocks and bonds has onerous obligations not just to their regulators but to you as their principal. Given how important and valuable data is becoming, people may begin to question why data custodianship should be treated any differently.<p>Incidentally, in some European asset-backed finance transactions, I have already seen &quot;data trustees&quot; appointed to hold personal data relating to the underlying assets in accordance with applicable data protection laws.<p>(The specific rules about fiduciaries will vary by jurisdiction, so don&#x27;t complain if the above is not a perfect description of the rules in your location, though I&#x27;d be interested to hear if your rules are fundamentally different.)

Similar idea as &quot;big data&quot; as a toxic asset.<p><a href="https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2016&#x2F;03&#x2F;data_is_a_toxic.html" rel="nofollow">https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2016&#x2F;03&#x2F;data_is_a_tox...</a><p>Once you collect data, it can become very attractive to various parties, like nation states and snooping employees. Google found this out the hard way multiple times!

Well, yes, in the money area. It&#x27;s generally accepted in finance that custody implies responsibility. It&#x27;s taken a while for that to penetrate to the crypto sector. The earlier players, lacking assets, desperately tried to evade their responsibilities for other people&#x27;s money. Now there are some players you can actually find and sue if they screw up.

&quot;Here though, I would argue that the forced shift in developers&#x27; mindsets, from &quot;I want to control more things just in case&quot; to &quot;I want to control fewer things just in case&quot;, also has many positive consequences.&quot;<p>For the US, I think the most expedient route to this climate of fear (caution) that yields positive consequences lies not in government regulation but in removing impediments to private liability, or perhaps creating new sources of private liability. The requisite fear of liability to yield positive consequences is a threat of private litigation, not a threat of fines set by government agencies.<p>It is not for the government to decide how much &quot;tech&quot; companies should pay for their wrongdoing. It is for the victims of that wrongdoing and a jury of their peers to decide.<p>It is not users who have pushed us to this breaking point. it is &quot;tech&quot; companies and web developers.

<i>&quot;Hence, even though these regulatory changes are arguably not pro-freedom, at least if one is concerned with the freedom of application developers, and the transformation of the internet into a subject of political focus is bound to have many negative knock-on effects, the particular trend of control becoming a liability is in a strange way even more pro-cypherpunk (even if not intentionally!) than policies of maximizing total freedom for application developers would have been. Though the present-day regulatory landscape is very far from an optimal one from the point of view of almost anyone&#x27;s preferences, it has unintentionally dealt the movement for minimizing unneeded centralization and maximizing users&#x27; control of their own assets&quot;</i><p>The intent of privacy protecting legislations like GDPR was explicitly and intentionally to give individuals &#x2F; &#x27;natural persons&#x27; control and ownership of their own data, it says so in Chapter 1 of the entire thing.<p>Vitalik is right I think but it&#x27;s funny how he frames this as some sort of unexpected or revelatory thing. Well functioning ecosystems are created through rules, and people benefit from having the protection of these laws. That the people don&#x27;t benefit if you let the wolves run around freely in the henhouse is obvious.

I wonder if, in some ways, this might also lead to <i>more</i> centralization. If your answer to &quot;control == liability&quot; is decentralized protocols, the answer is obviously no. But if these protocols either don&#x27;t exist for your use case, or are not practical, I could also see these efforts leading to things being centralized in the hands of a few large providers who take some of the control and are better positioned to shelter the associated liability.<p>We already see this with hosting on cloud services, or external auth providers and the like — for small players, it is very unlikely that they&#x27;re better at e.g. security or availability than google, aws, et al. The downside is obviously that this clusters a lot of the risk and when something does go wrong, it takes many more people down in its wake.

The article sounds good. It depicts how current mainstream business models collect data and maintain control over their users, in a way, it seems it will legally challenged.<p>But wait a moment. It offers, in exchange, and in an indirect way, but as the author being the founder of Ethereum, the decentralized app business model, where app developers &#x2F; users must pay a fee to participate.<p>So the current choice is: Go develop a business the classic &#x2F; mainstream &#x2F; centralized way, and do, or do not harm by collecting data and control the users. Or, create a decentralized app, where the first thing, for you or your users is to &quot;Get some ETH&quot;.<p>No thanks. I don&#x27;t think the answer for what FAANG did wrong is me &#x2F; my users to pay a fee to develop &#x2F; use an app. There should be a third way.

Consider the life of a cell phone, or any other electronic gadget... it has value because of the utility it offers at first, that declines as it ages, until it becomes a special form of hazardous waste that you have to pay to dispose of.<p>Perhaps this analogy of private user data to electronic gadgets is helpful for predicting the future? Public data is another matter all together.

Just burn the admin key! Love smart contracts, and no I don&#x27;t care that the name is a misnomer

Power as Responsibility

I know that the European DPA&#x2F;GDPR has made being a data controller a non-trivial thing, for several years.<p>I’m working on a social media-style app that needs to take <i>very</i> good care of its member data. Many folks here would probably be appalled at the measures I’m taking.

Didn’t EtherDelta follow this advice and get shutdown anyway?

irony