April 4, 1994 Barbed Wire Fences in Cyberspace: The Threat Posed by Calls for Ownership of Transactional Information By David R. Johnson People leave tracks as they move through electronic networks. Whenever we do business, electronically or otherwise, the other party knows something about our preferences and activities. But when we use the new electronic vending machines and digital cash, the merchants with whom we deal can keep a detailed record that reveals much more, in aggregate, about our activities. Store and forward messaging systems can continue to store after they forward. As we all conduct more and more of our lives on the networks, we will necessarily create a much more detailed digital record of those lives. Concerned about the threat to privacy created by such electronic dossiers, some have called for new laws granting each of us "ownership" of all the transactional information generated as we move around the network. Third parties would have to bargain with us to obtain the right to use "personal" information. This may produce a sort of cattle drive vs. sheep herder battle on the electronic frontier. Either "information wants to be free" or we can all put barbed wire around the tracks we leave -- but we can't have both a free information range and a system of information ownership. The First Amendment implications of any such privacy regime are staggering. This real contract is, in a sense, internal to every user of the networks. You want your own information to be private, at least to some degree. But you want to be able freely to find out about everything and everyone else. You want to get customized marketing services and eliminate junk mail. But it's annoying to think that the marketing companies, not you, profit from knowing what you want. You want to be free to investigate and speak your mind about any subject. But it can be devastating when someone else feels free to broadcast a critical comment about you across the world. April 4, 1994 Barbed Wire Fences in Cyberspace Ironically, despite recent calls to create a proprietary interest in personal information, it may not matter who "owns" this data. Economists tell us that the market -- especially a super-efficient low-transaction-cost online market -- will operate quickly to create trades that allocate information rights in an optimal way no matter what the starting point. If consumers "own" their personal data, critics of the privacy initiatives suggest, they will trade away this transactional privacy for convenience every time. Even if we all get to sell our privacy in this way, the price will be low and the economic benefits will flow primarily to the rich (whose preferences are worth more to marketers). So we are faced with the prospect of a range war over ownership of data that may, in the end, settle nothing of importance and cost us all something to create the markets in which we negotiate transactions in these rights. Let's go back to privacy basics. What we all fear most is the ability of the government or a personal enemy to put together a detailed dossier, compiled from easy-to-obtain electronic sources, that becomes the basis for a damaging publication or prosecution. And we want to know the ground rules under which we transact any given interchange -- are we in a quiet corner, whispering, or in a public square trading in the open? The way to avoid both confusion and undue invasion of property, in light of these basics, is not to create a new property interest. It is to allow (and require) system operators to establish and enforce clear rules -- and then to allow system users to decide where to conduct their business taking into account the degree of privacy they want with respect to particular types of transactions. The operationally efficient way to provide optimal privacy and openness is to let users decide which sysop's rules are right for them -- and to select the systems through which they want to conduct their business. Even if we select a legal regime based on choice among communication systems -- as opposed to a default "ownership" principle -- there will be a need for new law regarding detailed electronic transactional data. We will need to be sure that users can find out about the rules of any given system with which they interact and enforce the rules against both sysop and other parties they meet online. We will need direct prohibitions or warrant conditions applicable to potential abuses of governmental powers. And we will need to consider whether to ban outright the publication (or threat of publication) of certain types of detailed dossiers for tortious reasons -- such as extortion or coercion. As the electronic frontier matures, there will be continual conflicts between those who want free access to information and those who want to participate in the networks without automatically giving up all rights to control the flow of the resulting transactional data. Before we treat these conflicts as appropriate matters for a new type of "property" law, however, we should remember that almost everyone will be on both sides of any new "fence." If we approach this problem by allowing a variety of new spaces to develop -- allowing users to reward and punish optimal sets of rules by sending their business to the stores of sysops who get the rules right, we'll have saved a lot of unnecessary transaction costs and we'll all end up owning a more civilized patch of cyberspace that is appropriately (by our own lights) accommodating to both privacy and freedom of speech.