In favour of privacy legislation

[Rishab Aiyer Ghosh <rishab@best.com>]

> The problem is the WILDLY broad/excessive scope of the legislation AS WRITTEN.

I agree that the legislation, as written, one of the shortest I've seen, 
is overbroad. However, it's not _that_ far off the mark. Most of your
objections (such as the one relating to unauthorised biographies, which 
are more likely to be challenged using existing libel laws than privacy 
legislation that doesn't specify penalties) can be answered with a simple
change: replace "personal information concerning an individual" with
"personal information concerning an individual directly gleaned from that
individual's statements or actions." Or something. So if you build
a database tracking my purchases at your store, or what I fill in
your subscription forms, you can't resell it. OTOH if you buy my
dossier from someone _else_, you're not liable, though your source
probably is. So you could publish biographies or political exposes
and only the primary source would be liable. That source is often 
liable in any case, due to existing laws concerning theft, trade secrets,
breach of contract etc; it's just that primary sources in these situations
are almost never identified.

> AS WRITTEN, it would prohibit --
> * making available for a fee, information about pedophiles, rapists, etc.,

Ah yes, this would include the 98.32% of Internet users who are paedophiles.
You don't believe that paedophiles and rapists deserve the same legal
and constitutional treatment as anyone else? "First they came for the Jews..."

> * maintaining a public-access database for profit, offering consumer
> information about landlords' abuses of security deposits -- or renters'
> abuses of property,
> * making available for profit, almost all information about individuals in
> public civil and criminal court records,

These, along with databases on (proven) rapists, depend on policy for
the use of "public" - government-held - information on individuals.
In most countries, this is governed by widely distributed regulations,
not any single privacy law. For example, the European restriction on
publicising names of minors charged for serious offences _during_ trial.
If the simple change on direct sources is made, these do not impact
privacy legislation.

> I have no problem with *carefully* constructed privacy protection.  But (1)
> that turns out to be VERY hard to construct, and (2) this bill ain't it.

Legislation governing free speech in the US is huge. The body of law
that strengthens free speech (interpreting "Congress shall make"
as "any level of government shall make") and restricts it (taking
"no law" to mean "no law except to prevent obscenity, libel, etc")
goes far beyond the deceptively simple First Amendment, but this 
complexity and bulk is not a common argument against free speech 
legislation. The California bill, with some changes, may not
be a carefully constructed body of law but could be a decent start.

My personal opinion, living as I do between one country - India - that is 
still (fortunately?) fond of habitual civil disobedience, and another - 
the Internet - where civil disobedience is a technologically assisted
state of mind, laws are an irritation. But if they are to exist to
protect _some_ rights, they should, for aesthetic balance if nothing
else, exist for _all_.

Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA