Illustrations by Cathryn Virginia
Illustrations by Cathryn Virginia

The website’s name is unequivocal, its user agreement refreshingly transparent and to-the-point. At WeSellYourData.com, “You give us your data and we sell it,” the homepage declares. And, just to be clear, “In return for your data, you receive nothing.”

Ridiculous! Who would do that?

Which of course is exactly the point of WeSellYourData, which is not actually a business and doesn’t really sell your data. It is instead the work of California artist and software engineer Sarah Dapul-Weberman, and its intent is to make transparent what has become a ubiquitous feature of 21st-century life in America: the wholesale harvesting of our personal data for corporate ends.

For Richmond Law students in associate professor Rebecca Crootof’s law and technology course, WeSellYourData is one item encountered in the first week of a syllabus that through journal articles, op-eds, cartoons, news items, critical analyses, law review pieces, and more offers — depending on your perspective — either an intellectually engaging examination of “how the legal system responds to technological change” or a nightmarish descent into an Orwellian hellscape of ever-watching drones, autonomous robo-weapons, and a future ruled by faceless algorithms and the relentless scrutiny of our every word and movement.

But is that the inevitable trajectory of our future?

It’s easy to feel these days that technology is consuming us. Our lives are mediated by screens and devices and passwords and portals and apps and platforms. It’s a wonderful world of abundant information, instant communication, and crowdfunded generosity. It’s also a terrible world of vengeful Twitter mobs, massive data security breaches, and rampant disinformation. Gene editing holds the promise of fighting dreaded diseases. Autonomous vehicles will save us from highway carnage. But the robots are coming for our jobs, the phishers are stealing our passwords, the bots are subverting our elections, Google is getting our medical records, and even Jeff Bezos had his phone hacked.

an illustration of a surveillance cameraInnovation, opportunity, and global connection? Or disruption, division, and dystopia? When the answer is definitely both, neither, or who knows, it’s the uncertainty that unnerves us.

“What scares people is that this technology is shifting our foundations in life,” says Jory Denny, an assistant professor of computer science whose research includes artificial intelligence and robotics. “It alters our current existence, and anything that pushes us out of our comfort zone is problematic.”

It’s always about the trolley

But then, that’s probably also how people felt when those terrifying horseless carriages began careering through the streets at breakneck speeds of 20 mph at the dawn of the 20th century.

As Crootof points out, the questions new technologies raise are not themselves new; they are the same kinds of questions we have always wrestled with in the face of technological change, questions that are often, she says, “about larger social goals that we as a society have not resolved.”

Today we worry about invasions of privacy from drones and doorbell cameras, but in the late 19th century, the introduction of the small, affordable camera prompted two law students — Samuel Warren and future Supreme Court Justice Louis Brandeis — to write their famous 1890 argument for Harvard Law Review, “The Right to Privacy,” in which they decried “instantaneous photographs” as having “invaded the sacred precincts of private and domestic life.” We wonder how the rules of the road should apply to driverless autonomous vehicles, but it was problems created by the once-new technology of automobiles that prompted those rules: speed limits, mandatory seatbelts, insurance requirements.

As a scholar, Crootof has focused on the interrelationship between law and technology “and how the two foster the development and evolution of each other,” she says. Her work considers how a society can choose to intervene to achieve social goals — and how, in fact, the law can provide a formal setting for working out larger social questions that technology brings into focus. In particular, she says, tort law — the part of civil law that determines whether one party should be held legally accountable for another’s loss or injury — is “remarkably adaptive and a space for legal innovation in response to new technologies.”

Crootof explains that early tort law focused on strict liability, where the cause of a harm was clearly and directly attributable to a specific defendant, and the parties to a case usually knew each other. But then the industrial revolution led to what Crootof says was the first major revolution in tort law. With factory machines crushing workers, boilers exploding on steamboats, trains colliding, and streetcars running down pedestrians (“almost everything in tort law involves a trolley or a train,” jokes Crootof), the body count mounted even as the relationship between the injured party and the person responsible for the harm became less clear and direct.

“The courts were flooded with cases in a way they had never seen before,” says Crootof.

These changes led to the development of a “negligence” standard, which shifted protection toward industry by requiring plaintiffs to prove that a defendant had acted without due care. “It is harder to prove that someone acted unreasonably than to prove that they caused your harm,” says Crootof.

Innovation, opportunity, and global connection? Or disruption, division, and dystopia? When the answer is definitely both, neither, or who knows, it's the uncertainty that unnerves us.

But a second revolution — products liability — developed during the 20th century as mass manufacturing and distribution further increased the distance between the producer of a product and its consumer. In what Crootof calls the “paradigmatic case” of an overpressurized glass Coca-Cola bottle that exploded in a waitress’s hand, the court ruled “that responsibility be fixed wherever it will most effectively reduce the hazards to life and health inherent in defective products that reach the market,” signaling a shift that placed more liability on companies and offered greater protection to individuals.

Now producers had to show that a product had been manufactured without defect. Products liability has come to include defects in design, manufacture, and information — the last of which you can thank for the exhaustive list of warnings that comes printed in every owner’s manual, because you can’t count on people to understand that it’s a bad idea to stick their hands in whirling blender or clamber up a precariously balanced ladder.

It’s only the outliers

Each of these evolutions in tort law came during periods of significant social change fostered by technological developments, arguably not unlike the time in which we find ourselves now. And in such periods of upheaval — those unnerving shifts in our foundations that Jory Denny describes — it can seem as though technology is racing ahead of our ability to understand it, much less shape it and control its use.

But Crootof cautions against that perception. She points out, first, that most technological innovations are actually relatively small, incremental, and unconcerning: manual can openers became electric can openers; wind-up clocks became electric became digital. Nobody is getting exercised over the advent of programmable coffee makers, and the introduction of automated braking in our cars hasn’t occasioned heated opinion pieces about the coming tech-fostered apocalypse.

But because you don’t see fraught conversations around the large number of technological developments we take comfortably in stride, the small number of exceptions foster what Crootof calls a “false narrative” that the law can’t keep pace with technological change.

“Most technologies are governed by most laws most of the time,” she says. It is only the small number of “outlier cases” that she says “make headlines and perpetuate this mistaken belief.”

What of those outlier cases then? These may well represent a significant challenge to existing law, she agrees, and “expose some latent gaps and ambiguities in the law that need to get resolved.”

How much decision-making power do we want to hand over to algorithms? To what degree should social media platforms be held responsible for false or misleading content on their sites? Who gets to determine how our personal data is used, by whom, and for what purposes? Who is liable if a self-driving car causes an accident? If your home security system is hacked? If a facial-recognition application wrongly flags you?

These are uncertainties, Crootof believes, that the law eventually will evolve to address and resolve. But while they remain uncertain, so does the eventual balance of power between producers and consumers. Which way it tips will be ours to choose.

The interconnected, increasingly invasive Internet of Things

In “The Internet of Torts,” a piece published last year in Duke Law Journal, Crootof illustrates this point in relation to the rapid proliferation of an interconnected web of “smart” devices and technologies, collectively referred to as the “Internet of Things,” or IoT.

The IoT offers all manner of conveniences: You can use your phone to turn up the heat at home before leaving work; your pacemaker can upload data for your physician’s review while you are asleep in your own bed; you can hop a ride on one of those smart scooters that are popping up in communities across the country.

Every transaction adds data to your digital pointillist portrait. ... But it doesn't have to be that way.

But as Crootof points out, aside from the privacy concerns these technologies raise, they also make it possible for businesses to exercise “remote interference” to control or even disable the devices if, for example, you miss a payment or refuse a software update. It’s not a merely theoretical scenario, either. Among other such incidents, a maker of a “smart” garage-door system disabled a user’s access after getting a negative Amazon review, and Google bought out a small company producing smart-home hubs, then announced it would permanently “brick,” or render useless, the devices already in customers’ homes.

As Crootof notes, some of these cases of remote interference are mere annoyances, but others could potentially cause far greater harm.

“The remote deletion of your music file or e-book might frustrate you; the remote disabling of your security alarm, car, or implantable medical device could kill you,” Crootof writes.

If an algorithm incorrectly flags a late payment that triggers the remote disabling of your car, who, exactly, is to blame if you are left stranded? Remote interference falls into that area of uncertainty where it’s not clear how or if existing consumer protection laws apply. In that uncertainty it is possible, Crootof argues, that the balance of responsibility could again move toward the technological producers and away from individual protections.

“We are at a crossroads,” Crootof writes, where either “we will come to accept that using IoT devices entails an assumption of risk,” or “law evolves to incentivize companies to better protect consumers.”

Keep calm and carry on

My data, my self

One of the more alarming points Crootof includes in her Duke Law Journal piece is a brief warning comparison between remote interference and another consumer issue we have thus-far failed to prioritize: data privacy. “Law permitted social media and e-commerce platforms to collect and monetize personal data,” Crootof writes, “creating an environment where many believe personal privacy is endangered, if not already gone.”

Imagine that a company dispatched employees to riffle through your private correspondence, to follow you around minutely documenting your movements, conversations, relationships, interests, and interactions — and then shared that information with other businesses. Imagine if the government passed a law that required everyone to carry a device issuing a constant stream of information to be gathered and exchanged by unknown parties, or installed cameras and listening devices in our homes that could record all our conversations and activities.

We would, of course, be rightly outraged at these invasions of our privacy.

And yet search engines, social media empires, mobile phone makers and service providers, app builders, and other technology companies presumptively arrogated to themselves a data-harvesting and -sharing norm that it is now literally impossible to opt out of, because none of us has any idea at this point who is collecting what data or how it is being shared and with whom. Send an email, order online, use your credit card, make a phone call, search the internet — every transaction adds data to your digital pointillist portrait.

In its recent “Privacy Project” series, The New York Times demonstrated how easy it is to identify and track specific individuals from supposedly anonymized data we surrender constantly from our mobile phones. “The greatest trick technology companies ever played was persuading society to surveil itself,” authors for the series wrote.

There is an opportunity to open up our understanding of the past and the present and to imagine different futures.

But Crootof cautions us not to conclude that this was the only possible outcome, taking issue with “this tech determinist rhetoric that ‘tech happened’ and now society has to scramble to catch up,” she says. “Our culture chooses how to use and how to shape a technology and how we let it affect us.”

Tech companies actively promoted their self-proclaimed status as visionaries, digital wunderkinds, pioneering “disruptors” whose products and services were so uniquely extraordinary and unprecedented that they couldn’t — or shouldn’t — be governed by the old rules and paradigms. So far, in the U.S., we have allowed this narrative to drive a largely hands-off approach to regulating these technologies.

But it doesn’t have to be that way.

Whose “informed consent”?

For proof of that point, we need only look to Europe. “As soon as you step out of America, you realize that there are a lot of different ways of structuring a given technology, and that it is not predetermined,” Crootof notes.

Consider, for example, those ubiquitous “terms of service” and privacy policies you have to click to agree to when accessing apps or web pages. Companies have shielded themselves behind these agreements, arguing that they put consumers in control by allowing them to choose whether to consent to the terms outlined within the documents. But of course, anyone who has ever tried to wade through one of these policies and their dense thicket of fine print knows that “consent” is really more like “surrender.” When Richmond Law professor James Gibson analyzed the terms of service and other “consent” agreements he encountered in the purchase of four different computers, he found they averaged a total of nearly 75,000 words, or “just a tad fewer words than … the first Harry Potter book.”

But in Europe, the General Data Protection Regulation provides extensive consumer privacy protections in all European Union countries, including both regulating how data can be collected, used, stored, or shared, as well as putting the burden on companies to spell out to consumers in a “concise, transparent, intelligible, and easily accessible way, in clear and plain language” just what companies are doing with their data within those parameters.

The difference between the American and European approaches amply illustrates the fallacy of tech determinism. If Facebook and Google can still manage to operate under the conditions of the European Union’s GDPR, there is no reason they couldn’t do the same in the U.S.

“Technologies are designed by humans,” says Crootof. “They can be designed to minimize accountability, and they can be designed to increase accountability.”

A disturbing #selfie for digital natives

Of course, we can’t make any of these choices if we don’t even know they’re ours to make. At the University of Richmond, many of the current undergraduates are part of the first cohort of true digital natives to enter college — a generation that has never known a world without Google, that has grown up on memes and follows and viral stars and Snapchat and hashtags, that is young enough to consider Facebook a fusty relic of their parents’ generation. For most, surveilling themselves is as fundamental and unremarkable a feature of their daily lives as eating or sleeping.

an illustration of lady justice with a data cloud filled with tech icons surrounding herIn assistant professor of statistics Taylor Arnold’s classes, “in general my students are not worried about data privacy,” he says, because they tend to think only in terms of one piece of data at a time — a particular internet search or location check-in. So to raise their awareness, he assigns them to write down, every hour for a week, where they are and what they are doing.

“Almost nobody balks at it as an assignment,” he says. But when they return to class with a week’s record, “they come away realizing that when you have a whole week, it gives a very intimate picture of their lives and is very invasive,” he says, “that the sum is greater than the parts.”

Similarly, assistant professor of digital humanities Lauren Tilton asks her students to “plot every piece of technology they use to sign in to with their Gmail account” and then maps out this web on the classroom board so they can see for themselves what becomes apparent when all that data is merged together.

“That is often the exercise where most of the kids go, ‘Oh, wow,’” says Tilton. “And then we talk about how Google is not the only company doing that.”

Yet while Arnold and Tilton are cautious of the dangers from data-collecting technologies, they are no Luddites; rather, they are among a growing number of scholars actively engaging their work — and their students — with the perils and the possibilities, the ethics and opportunities, the questions posed and the discoveries offered, in a connected 21st-century world awash in data.

The two point out that “data” goes beyond what technology companies have vacuumed up over the past few decades. It is also a vast and rich trove of cultural resources — objects, records, films, photographs, and more — increasingly being digitized and made available to the public, particularly by museums, universities, archives, libraries, and other cultural institutions. How could all these materials be used for the benefit of humanities inquiry rather than simply as a tool for corporate profits? To help answer this question, Tilton and Arnold have created a project called the Distant Viewing Lab, which uses, develops, and shares computational tools and techniques to analyze visual culture and, in Tilton’s words, “get under the hood of these algorithms to understand what data they rely on and how they are built.

“There is an opportunity to open up our understanding of the past and the present and to imagine different futures,” she says.

The if-then statements are up to us

Tilton and Arnold believe it’s vitally important for students in the humanities and technology to be “trained at this intersection” where each field informs the other. For students interested in careers in law and politics, for example, “it is hard to regulate a technology you don’t understand,” points out Tilton, while those pursuing a future in technology would do well to consider the kinds of questions the humanities have always asked.

“What we try to do in our labs and our classes is to think about how our students can walk away with more of a toolkit to be able to think ahead and think across fields,” says Tilton.

As a computer scientist, Jory Denny agrees that “fields like the humanities pair really well with a computer science education.” He believes that fear about technologies arises at least in part from a lack of knowledge and understanding of how they work and what they actually can do.

That is often the exercise where most of the kids go, 'Oh, wow.' And then we talk about how Google is not the only company doing that.

“Computers are not intelligent,” he says. “They are really dumb, actually.” They do a few things very well, he explains, like finding correlations in huge sets of data. But a computer can’t determine whether that data itself is representative and comprehensive or if it is tainted by biases like deeply embedded structural racism. It takes a human perspective to consider those questions.

A broader and more diverse group of people educated both in the humanities and technology will assure that more of those questions get asked and that technological advances can be better harnessed to our benefit. Yes, drones can be used to spy on populations, but they are also flying medical supplies to remote communities. GPS technology can erode our privacy, but it also is proving vital in helping to fight wildfires, deliver disaster relief, and guide search-and-rescue teams. Pressing global issues like poverty, climate change, and health care will increasingly benefit from the power of data.

Crootof says that we are now at what she calls an “inflection point,” a moment when we still have time to choose the paths we want to follow — what technologies we incentivize, which are allowed to proliferate, how much accountability we will demand, and how rights, responsibilities, and protections will be allocated.

“There are moments of bounded opportunity to shape which way the law goes, and those opportunities close over time,” Crootof says. “It is what we as a culture decide to prioritize.”

Caroline Kettlewell is a freelance writer based in Richmond, Virginia.