20 May 2018


'Why Do Startups Use Trade Secrets?' by David S. Levine and Ted M. Sichelman in (1018) 94 Notre Dame Law Review comments  
Empirical studies of the use of trade secrecy are scant, and those focusing on startups, non-existent. In this paper, we present the first set of data — drawn from the Berkeley Patent Survey — on the use of trade secrets by U.S. startup companies in the software, biotechnology, medical device, and hardware industries. 
Specifically, we report on the prevalence of trade secrecy usage among startups. Additionally, we assess the importance of trade secrets in relation to other forms of intellectual property protection and barriers to entry, such as patents, copyrights, first-mover advantage, and complementary assets. We segment these results by a variety of factors, including industry, company business model, overall revenue, patenting propensity, funding sources, innovation types, and licensing. From this segmentation, we implement a basic regression model and report on those factors showing a statistically significant relationship in the use of trade secrets by startups. 
Our results point to three major findings. First, trade secrecy serves other important aims aside from first-mover advantage. Second, trade secrets may act both as economic complements and substitutes to patenting. Third, trade secrets may serve as important strategic assets, functioning much in the same manner as patents in terms of licensing and setting the boundaries of the firm.

18 May 2018


Protecting unit-record level personal information: The limitations of de-identification and the implications for the Privacy and Data Protection Act by Vanessa Teague, Chris Culnane and Benjamin Rubinstein for the Office of the Victorian Information Commissioner (OVIC) offers cautions about de-identication in Victoria's public and private sectors.

The report states
De-identification is a subject that has received much attention in recent years from privacy regulators around the globe. Once touted as a silver bullet for protecting the privacy of personal information, the reality is that when it involves the release of data to the public, the process of de-identification is much more complex. 
As improvements in technology increase the type and rate at which data is generated, the possibility of re-identification of publicly released data is greater than ever. Auxiliary information – or secondary information – can be used to connect an individual to seemingly de-identified data, enabling an individual’s identity to be ascertained. Auxiliary information can come from anywhere, including other publicly available sources online. 
In recent examples of successful re-identification that we have seen in Australia, it is clear that those releasing de-identified data did not appreciate the auxiliary information that would be available for re-identification – in that they did not expect re-identification would be possible. Individual data elements may be non-distinct and recognisable in many people, but a combination of them will often be unique, making them attributable to a specific individual. This is why de-identification poses a problem for unit-record level data.
 OVIC comments
This report is one of a number of publications on de-identification produced by, or for, the Victorian public sector. Notably, in early 2018 Victoria’s Chief Data Officer issued a de-identification guideline to point to what ‘reasonable steps’ for de-identification looks like in the context of data analytics and information sharing under the Victorian Data Sharing Act 2017 (VDS Act). This paper is not aimed at the work conducted by the Victorian Centre for Data Insights (VCDI), where information sharing occurs within government with appropriate controls, and it is not intended to inhibit that work. Rather, it speaks to the use of de-identification more broadly, in circumstances where so-called ‘de-identified’ data is made freely available through public or other less inhibited release of data sets, which occurs in so-called “open data” programs. This report should be interpreted in that context. ...
This report has been produced to demonstrate the complexities of de-identification and serve as a reminder that even if direct identifiers have been removed from a data set, it may still constitute ‘personal information’. The intention is not to dissuade the use of de-identification techniques to enhance privacy, but to ensure that those relying on and sharing de-identified information to drive policy design and service delivery, understand the challenges involved where the husbandry of that data is not managed. ... Public release of de-identified information may not always be a safe option, depending on the techniques used to treat the data and the auxiliary information that the public may have access to. Wherever unit level data – containing data related to individuals – is used for analysis, OVIC’s view is that this is most appropriately performed in a controlled environment by data scientists. Releasing the data publicly in the hope that ‘de-identification’ provides protection from a privacy breach is, as this paper demonstrates, a risky enterprise.
The authors go on to state
A detailed record about an individual that has been de-identified, but is released publicly, is likely to be reidentifiable, and there is unlikely to be any feasible treatment that retains most of the value of the record for research, and also securely de-identifies it. A person might take reasonable steps to attempt to deidentify such data and be unaware that individuals can still be reasonably identified.
The word ‘de-identify’ is, unfortunately, highly ambiguous. It might mean removing obvious identifiers (which is easy) or it might mean achieving the state in which individuals cannot be ‘reasonably identified’ by an adversary (which is hard). It is very important not to confuse these two definitions. Confusion causes an apparent controversy over whether de-identification “works”, but much of this controversy can be resolved by thinking carefully about what it means to be secure. When many different data points about a particular individual are connected, we recommend focusing instead on restricting access and hence the opportunity for misuse of that data. Secure research environments and traditional access control mechanisms are appropriate.
Aggregated statistics, such as overall totals of certain items (even within certain groups of individuals) could possibly be safely released publicly. Differential privacy offers a rigorous and strong definition of privacy protection, but the strength of the privacy parameters must be traded off against the precision and quantity of the published data.
This paper discusses de-identification of a data set in the context of release to the public, for example via the internet, where it may be combined with other data. That context includes the concept of “open data”, in which governments make data available for any researchers to analyse in the hope they can identify issues or patterns of public benefit.
Therefore, it’s important to emphasise that this document should not be read as a general warning against data sharing within government, or in a controlled research environment where the combination of the data set with other data can be managed. It is not intended to have a chilling effect on sharing of data in those controlled environments.
 In reference to statutory responsibilities the report comments
In taking ‘reasonable steps’, a data custodian must have regard to not only the mathematical methods of de-identifying the information, but also “the technical and administrative safeguards and protections implemented in the data analytics environment to protect the privacy of individuals”.
Therefore, there is a possibility that in some circumstances, a dataset in which ‘reasonable steps’ have been taken for de-identification under the VDS Act may not be de-identified according to the PDP Act, because individuals may still be ‘reasonably identified’ if the records are released publicly outside the kinds of research environments described in the VDS Act.
In this report, we describe the main techniques that are used for de-identifying personal information. There are two main ways of protecting the privacy of data intended for sharing or release: removing information, and restricting access. We explain when de-identification does (or does not) work, using datasets from health and transport as examples. We also explain why these techniques might fail when the de-identified data is linked with other data, so as to produce information in which an individual is identifiable.
Does de-identification work? In one sense, the answer is obviously yes: de-identification can protect privacy by deleting all the useful information in a data set. Conversely, it could produce a valuable data set by removing names but leaving in other personal information. The question is whether there is any middle ground; are there techniques for de-identification that “work” because they protect the privacy of unit-record level data while preserving most of its scientific or business value?
Controversy also exists in arguments about the definitions of ‘de-identification’ and ‘work’. De-identification might mean:
• following a process such as removing names, widening the ranges of ages or dates, and removing unusual records; or 
• achieving the state in which individuals cannot be ‘reasonably identified’.
These two meanings should not be confused, though they often are. A well-intentioned official might carefully follow a de-identification process, but some individuals might still be ‘reasonably identifiable’. Compliance with de-identification protocols and guidelines does not necessarily imply proper mathematical protections of privacy. This misunderstanding has potential implications for privacy law, where information that is assumed to be de-identified is treated as non-identifiable information and subsequently shared or released publicly.
De-identification would work if an adversary who was trying to re-identify records could not do so successfully. Success depends on ‘auxiliary information’ – extra information about the person that can be used to identify their record in the dataset. Auxiliary information could include age, place of work, medical history etc. If an adversary trying to re-identify individuals does not know much about them, re-identification is unlikely to succeed. However, if they have a vast dataset (with names) that closely mirrors enough information in the de-identified records, re-identification of unique records will be possible.
4. Can the risk of re-identification be assessed?
For a particular collection of auxiliary information, we can ask a well-defined mathematical question: can someone be identified uniquely based on just that auxiliary information?
There are no probabilities or risks here – we are simply asking what can be inferred from a particular combination of data sets and auxiliary information. This is generally not controversial. The controversy arises from asking what auxiliary information somebody is likely to have.
For example, in the Australian Department of Health's public release of MBS/PBS billing data, those who prepared the dataset carefully removed all demographic data except the patient’s gender and year of birth, therefore ensuring that demographic information was not enough on its own to identify individuals. However, we were able to demonstrate that with an individual's year of birth and some information about the date of a surgery or other medical event, the individual could be re-identified. There was clearly a mismatch between the release authority's assumptions and the reality about what auxiliary information could be available for re-identification.
5. How re-identification works
Re-identification works by identifying a ‘digital fingerprint’ in the data, meaning a combination of features that uniquely identify a person. If two datasets have related records, one person's digital fingerprint should be the same in both. This allows linking of a person's data from the two datasets – if one dataset has names then the other dataset can be re-identified.
Computer scientists have used linkage to re-identify de-identified data from various sources including telephone metadata, social network connections, health data and online ratings, and found high rates of uniqueness in mobility data and credit card transactions.  Simply linking with online information can work.
Most published re-identifications are performed by journalists or academics. Is this because they are the only people who are doing re-identification, or because they are the kind of people who tend to publish what they learn? Although by definition we won’t hear about the unpublished re-identifications, there are certainly many organisations with vast stores of auxiliary information. The database of a bank, health insurer or employer could contain significant auxiliary information that could be of great value in re-identifying a health data set, for example, and those organisations would have significant financial incentive to do so. The auxiliary information available to law-abiding researchers today is the absolute minimum that might be available to a determined attacker, now or in the future.
This potential for linkage of one data set with other data sets is why the federal Australian Government's draft bill to criminalise re-identification is likely to be ineffective, and even counterproductive. If re-identification is not possible then it doesn't need to be prohibited; if re-identification is straightforward then governments (and the people whose data was published) need to find out.
The rest of this report examines what de-identification is, whether it works, and what alternative approaches may better protect personal information. After assessing whether de-identification is a myth, we outline constructive directions for where to go from here. Our technical suggestions focus on differential privacy and aggregation. We also discuss access control via secure research environments

15 May 2018

Should Robots Have Privacy?

'Schrödinger's Robot: Privacy in Uncertain States' by Ian E Kerr in (2019) 20 Theoretical Inquiries in Law asks
Can robots or AIs operating independent of human intervention or oversight diminish our privacy? There are two equal and opposite reactions to this issue. On the robot side, machines are starting to outperform human experts in an increasing array of narrow tasks, including driving, surgery, and medical diagnostics. This is fueling a growing optimism that robots and AIs will exceed humans more generally and spectacularly; some think, to the point where we will have to consider their moral and legal status. On the privacy side, one sees the very opposite: robots and AIs are, in a legal sense, nothing. Judge Posner, for example, has famously opined that they do not invade privacy because they are not sentient beings. Indeed, the received view is that since robots and AIs are neither sentient nor capable of human-level cognition, they are of no consequence to privacy law. 
This article argues that robots and AI operating independently of human intervention can and, in some cases, already do diminish our privacy. Rejecting the all-or-nothing account of robots and privacy described above, I seek to identify the conditions that give rise to diminished privacy in order to see whether robots and AI can meet those conditions. To do so, I borrow from epistemic privacy — a theory that understands a subject’s state of privacy as a function of another’s state of cognizance regarding the subject’s personal facts. Epistemic privacy offers a useful analytic framework for understanding the kind of cognizance that gives rise to diminished privacy. 
I demonstrate that current robots and AIs are capable of developing truth-promoting beliefs and observational knowledge about people without any human intervention, oversight, knowledge, or awareness. Because machines can actuate on the basis of the beliefs they form in ways that affect people’s life chances and opportunities, I argue that they demonstrate the kind of cognizance that definitively implicates privacy. Consequently, I conclude that legal theory and doctrine will have to expand their understanding of privacy relationships to include robots and AIs that meet these epistemic conditions. An increasing number of machines possess epistemic qualities that force us to rethink our understanding of privacy relationships with robots and AIs.


The Age reports that Australian Federal Police 'will be given sweeping new powers to demand identification from travellers under new laws to boost counter-terrorism efforts at Australia's airports' on the basis of what Prime Minister Turnbull characterises as 'dangerous times'.

The AFP will be able to ask anyone for ID and eject them from the airport as part of a 2018 budget announcement. Under existing laws, police can only demand ID if they have reasonable grounds to suspect someone is involved in criminal activity.

Home Affairs Minister Peter Dutton commented 
There's certain conditions that need to be met at the moment before police can ask for that identification. Which is an absurdity and it’s an issue that the police have raised with us. So we're addressing an anomaly and a deficiency in the law at the moment. 
The new rules will not require domestic  travellers to carry ID.

We can presumably expect calls for similar checking by state/territory police at other transport nodes, such as major rail stations, and public/private entertainment or retail facilities.

14 May 2018

Information Economics

'Information Wants to Be Expensive, Not Free! And this is Bad for Justice, Democracy, the Economy' by Dieter Zinnbauer ( (Transparency International) comments
This essay is rather speculative. I argue that there is a very much overlooked characteristic of information goods, particularly digital information goods – that leads to a substantive, yet rarely discussed market failure with far-reaching consequences for important classes of information related to our education and research system, the judiciary, markets and democracy at large. 
This overlooked feature is the positionality of many information goods. Positionality means that the utility of a specific information item for user x depends on the level of consumption of the same item by other users. Specific types of information are more valuable (or at times only valuable), when they are very exclusively available only to a small band of users. Or more intuitively, the fewer other people have a specific piece of information at a given point in time, the more valuable it may be to me.
Surprisingly, this simple characteristic is rarely discussed in the information literature or perhaps seems just too obvious to merit deeper analysis. Yet, as I will try to show, the positionality of information has far-reaching implications for the functioning of information markets and for the actual incentive systems of different players that all too often seem to be mis-construed as overly pro-social. And putting a focus on positionality also highlights the relevance and urgency for revisiting related regulatory policies, in order to ponder possible corrective interventions to tackle the ensuing informational imbalances and exclusive practices that positionality-oriented pricing structures for such information will generate.
The argument is developed as follows: The introductory chapter presents a number of quotes that are indicative of different perspectives on information dynamics and lays out the rationale for this essay. Chapter 2 briefly discusses the conventional view and analysis of market failures in information that serve as backdrop against which the argument developed here is set. Chapter 3 introduces the concept of positionality and argues for its applicability to many information markets. Chapter 4 traces the implications of informational positionality that primarily works through pricing for exclusivity across key societal institutions: research and education; the judicial system, markets and investment and finally politics and democratic decision-making.
The concept of information as positional goods offers a fresh perspective with regard to market failures and informational problems in all these areas. In addition, such a prism suggests to revisit the incentives involved and thus the overall political economy dynamics of how different stakeholders define and act upon their interests in these situations. As it turns out, commitment to openness and fair and inclusive information access may run less deep than is usually assumed. The analysis also suggests that many open government initiatives have only a limited remedial effect on these market failures. Chapter 5 develops a set of speculative conjectures about how information positionality might shape information markets in the near future – or may have already begun to do without much public notice. Finally, chapter 6 flags some ideas for possible entry points for remedies and regulatory approaches. As mentioned at the outset the line of reasoning is rather exploratory and seeks to flag specific issues and ideas for discussion and further investigation rather than exploring them in detail.

Cashless Economy

Goodbye privacy? Matthew Lesh of the IPA in today's The Age - 'Measures to tackle black economy are suspiciously totalitarian' - comments
The Turnbull government’s proposed ban on cash payments above $10,000 is a disturbing breach of our right to privacy, an attack on the basic liberty of free exchange, and will worsen Australia’s red tape crisis. ... In practice, the ban will be ineffective and unenforceable. A transaction limit will not make criminals suddenly law-abiding citizens – they will flout the rules by using multiple smaller transactions and illegal bank accounts with stolen identities. 
The ban will, however, prevent the many genuine uses of cash, including keeping transactions private from prying eyes, avoiding credit card transaction fees, and the preference for physical cash over non-material digital currency. 
In 1984, George Orwell explored how Big Brother uses surveillance to control citizens. "Always the eyes watching you and the voice enveloping you. Asleep or awake, working or eating, indoors or out of doors, in the bath or in bed – no escape," Orwell wrote. 
The intention of the cash ban is to create an accessible digital record of transactions that government can monitor. This establishes a creepy precedent, foreshadowing a future in which you are only allowed to make purchases that Big Brother can watch. If the government should be able to track our transactions why stop at $10,000? Why not $5000? Why not, as some commentators have proposed, $0? 
In the long-run, a cashless society would immensely empower the state, which could use our spending habits to reward and punish certain behaviour, or introduce taxes on savings. Imagine a future in which because you spend "too much" on unhealthy food, the government charges you higher taxes; or because you don't have a gym membership you have to pay a higher Medicare surcharge. 
Cash is not only an important protection from state power, it also provides privacy from partners and families, and financial institutions and businesses.
 The Treasurer's Budget Speech referred to measures that
include outlawing large cash payments of greater than $10,000 in the Australian economy. 
This will be bad news for criminal gangs, terrorists and those who are just trying to cheat on their tax or get a discount for letting someone else cheat on their tax. 
It's not clever. It's not OK. It's a crime.
More detail is provided in the statement that
The Government will combat the harm the black economy is doing to honest individuals, businesses and the Australian community. The black economy is a complex, costly and growing economic and social problem covering a range of issues which detract from the integrity of Australia’s tax system. 
In response to the Black Economy Taskforce Final Report, the Government is announcing a comprehensive approach to stamping out the black economy, levelling the playing field for all businesses, and changing perceptions that black economy behaviour is acceptable. 
New measures include
  • increasing the ability of enforcement agencies to detect and disrupt black economy participants. 
  • removing the unfair advantage black economy participation gives businesses by removing deductions for non‑compliant payments and changing the Government’s procurement procedures to incentivise tax compliance in supply chains. 
  • consulting on reforms to the Australian Business Number (ABN) system to improve the confidence the community has in identifying who they are dealing with, including development of rigorous new identification systems for company directors (DINs). 
  • introducing an economy‑wide cash payment limit for large cash transactions of $10,000 to reduce the ability of black economy operators to use cash to avoid their tax and reporting obligations and launder the proceeds of crime.  
  • providing additional funding to the Tax Practitioners Board to take action against tax agents that facilitate activity in the black economy. 
  • expanding the taxable payments reporting system to contractors in industries with higher identified risks of not reporting their income.
The Government is also creating an Illicit Tobacco Taskforce which will investigate, prosecute and dismantle organised crime groups operating in illicit tobacco. The taxing point of tobacco will also be moved to when it enters Australia to help starve the illegal tobacco market.


'Exonerating the Innocent: Habeas for Nonhuman Animals - Wrongful Convictions and the DNA Revolution: Twenty-Five Years of Freeing the Innocent' (University of Denver Legal Studies Research Paper No. 18-16) by Justin F. Marceau and Steve Wise comments
It is hard to conceive of a greater blemish on our justice system than the punishment of innocent persons. The idea of imprisoning or executing an innocent person almost defies the human capacity for empathy; it is nearly impossible to imagine oneself in such circumstances. Advances in science and the work of non-profits like the Innocence Project have made the exoneration of more than 300 people possible. And while the struggle to liberate unjustly incarcerated persons must continue, and should be accelerated, the cruelty of punishing innocents is not limited to the incarceration of human animals. It is time to consider the need to liberate at least some nonhuman animals from the most horrible confinement. These nonhuman animals are unquestionably innocent, their conditions of confinement, at least in some cases, are uniquely depraved; and their cognitive functioning, much less their ability to suffer, rivals that of humans. It is time to seriously consider habeas type remedies for nonhuman beings. 
We are cognizant that the call for nonhuman habeas may cause some to construe this project as one that dishonors or diminishes the efforts that have led to exonerations and the work that remains to be done in the context of human innocence. Nothing could be further from our purpose. One of us has been involved in death penalty defense and litigating claims of wrongful incarceration since graduating from law school, and the commitment to those issues remains unflappable. Indeed, we hope the salience of the cause of liberating humans will be reinforced by our efforts to cross the species barrier. It does no disservice to the cause of innocent humans to suggest that we pay closer attention to the suffering of nonhuman animals. Just as we look back in disgust at our forefathers who were less careful in their protection of human innocents, we predict that our grandchildren will judge us for the way we collectively treat nonhuman animals.
This Chapter proceeds in three parts. First, it analyzes the question of whether exoneration or innocence in the context of nonhuman confinements is illogical. Second, assuming it is a proper question at all, it examines why we would consider exonerating nonhuman animals, that is to say, what are the scientific and social reasons for contemplating relief for humans? Finally, the Chapter considers the practical viability of nonhuman habeas at least for a limited class of nonhuman animals subject to particularly harsh conditions. In so doing, the Chapter discusses the cutting-edge cases filed in recent years by the Nonhuman Rights Project (“NhRP”) seeking habeas review for chimpanzees.
'Meaning in the lives of humans and other animals' by Duncan Purves and Nicolas Delon in (2018) 175(2) Philosophical Studies 317–338 argues that
contemporary philosophical literature on meaning in life has important implications for the debate about our obligations to non-human animals. If animal lives can be meaningful, then practices including factory farming and animal research might be morally worse than ethicists have thought. We argue for two theses about meaning in life: (1) that the best account of meaningful lives must take intentional action to be necessary for meaning—an individual’s life has meaning if and only if the individual acts intentionally in ways that contribute to finally valuable states of affairs; and (2) that this first thesis does not entail that only human lives are meaningful. Because non-human animals can be intentional agents of a certain sort, our account yields the verdict that many animals’ lives can be meaningful. We conclude by considering the moral implications of these theses for common practices involving animals.
 The authors ask
Can animals1 have meaningful lives? This question has been largely omitted from discussions of meaning in contemporary analytic philosophy. It has also been largely ignored by the animal ethics literature. Perhaps the omission is a result of philosophers thinking that the question is misplaced or that it involves a category mistake. Yet, we will argue, the omission is important, because assessing the possibility of meaning in animal life is vital for understanding the full scope and content of our ethical obligations to animals. If meaning is a constituent of a good life, and some of our practices deprive animals’ lives of meaning, then this may be an overlooked way in which our practices harm them. 
In this paper we argue for two theses about the meaningfulness of animal life: (1) that the best account of meaningful lives requires acting intentionally in ways that contribute to final value; and (2) that this does not entail that the lives of animals are necessarily meaningless. A life can count as ‘meaningless’ either because it possesses zero meaning or because attributing meaning to a life of that sort would be a category mistake. To illustrate the difference, the number 2 is heatless, not because it is cold, but because it is not the sort of thing to which the concept HEAT applies. Analogously, a virus’s life is meaningless, not because it possesses zero meaning, but because the concept MEANING simply doesn’t apply. Our second thesis can be understood as a rejection of the claim that the lives of animals are meaningless in either of these senses. To the contrary, to the extent that animals can be intentional agents, our account of meaning yields nuanced verdicts concerning which animal lives are meaningful. It also accounts for the intuitively right range of cases involving humans. Section 2 discusses some prominent theories of meaning in the recent philosophical literature and their associated problems. In Sect. 2 we also propose and defend our intentional theory of meaning. In Sect. 3 we consider the implications of this theory for the possibility of meaning in the lives of animals. In Sect. 4 we discuss the ethical importance of the possibility of meaning in animal life.