Favorites from Legal Hacker’s Hackathon

The folks over at the Hacker League have collected all the projects from the multi-city Legal Hackathon from two weekends ago. My view of these hackathons is that while some of the projects may never get beyond this-is-a-great-idea phase–and don’t deserve to– a few should be nourished and chatted about on a specialty blog, like say, this one.

From what I can gather reading the Legal Informatics Blog, the winners are: for the London gathering, Consent Receipt, an app that tells you what you’ve agreed to when you blindly click on a “accept terms” button; for Brooklyn, Ghostdrop, SnapChat for sensitive documents; and for San Francisco, the somewhat self-explanatory Privacy Visualization.

So I have three favorites that deserve more attention, and they are:

Unhosted.org — Yeah, there are commercial apps out their that support private key encryption for cloud-based file locker services. But this experiment provides code to roll your own. And as Bruce Schneier has been yelling recently, don’t make it easy for hackers, intelligence agencies, or your competition to get at your private communications and documents.

Exposing Public Geolocation Data — This is a great idea for raising awareness on consumers ideas about what anonymity means. On another channel, I write about how quasi-identifiers can be used to re-identity data–i.e., map it back to an individual or a small group. Top on that list is geo-locations data– zip codes, street information, or coordinates–coupled with date information. I suspect this will require more than a little CPU horsepower, but by scouring social media and online forums, an app could show the public how their notions of privacy are incomplete.

The ClearButton: Personal Data Notice Registry — This project has the goal of connecting consumers with any companies (including, I suppose, data brokers) that hold their personal information. The intention here, I think, is to create the equivalent of a credit report for privacy. As the project description states, the European Union (through its Data Protection Directive and the new updates to it) requires companies to, on request, provide all the information they have on an individual and allow them to correct errors. There’s really nothing like this here in the US, and it will likely require a new law to make this project into a reality. Anyway, this one comes out of MIT’s Human Dynamics Lab, and you can find more information here.