Creating something from nothing is impossible. In the physical world, one must create an entity from what already exists and the same is true on the information level. Creation cannot be an act upon the object created that by definition doesn’t exist before it is created, nor can one request access to an object that does not exist. What does exist before an entity is created is the space that will contain it and so creation is an act upon that space.
Create is an edit of a space. In information terms, creating in a space changes the space by making the created entity part of it. It follows that the right to edit a space implies the right to create in it, giving the access control rule:
Rule 9. The right to create in a space resides inherently with the space owner.
This rule is well defined as the system itself is the first space. It allocates the right to create to every space owner:
Create = (Space Owner, Space, Create Entity)
This right is inherent because to lose it is to lose ownership of the space, defined as the right to edit. Hence one can only create in a space if its owner permits, e.g. to add a forum post always requires the forum owner’s permission. If others could edit the forum at will, the forum owner would no longer own it in the sense of controlling it.In this model, creating an object within a space appends it to the space, which is a type of edit.
Creation agreements. When a space owner gives the right to create and people submit a post, picture or video to a blog, forum or video post, they enter into an agreement with the space owner about the rights to what is created, whether text, picture, sound, video or any combination. They may get money as Listverse gives $100 per post, or access to an audience as for say YouTube. The creation agreement defines what rights apply to what was created, including:
1. Display. Who can view what was created, e.g. forums let all others see a post but conferences do not let others view a submitted paper in the review phase.
2. Edit. Who can change what was created, e.g. YouTube gives authors exclusive edit rights, Wikipedia lets anyone edit any creation, blog comments are not usually editable, and ArXiv lets authors update publications as new versions.
3. Delete. Who can delete what was created, e.g. Twitter lets the author delete a tweet so it is not visible any more but an email once sent cannot be deleted.
4. Meta-right. Who truly owns what was created. A space that takes the meta-right to what people submit becomes their administrator, who may just “rent back” use rights to authors, e.g. Dropbox lets people truly own what they post but Listverse takes full ownership. Currently Facebook is unclear whether what people post belongs to them, or whether it can use their personal data as it wishes.
As can be seen, a creation agreement can take many forms.
Creator ownership. Object creation is a simple technical act but a complex social one. How should the rights to a newly created entity be allocated? What a slave creates by work does not belong to them but in the 17th century the British philosopher John Locke argued that creators owning what they create increases community prosperity by encouraging people to create (Locke, 1690/1963). Locke’s logic applied to a farmer’s crop, a painter’s painting and a hunter’s catch – people produced more if they owned what was produced. After all, why struggle to produce for others to own? If one later chooses to sell or give a creation away, that is another matter. This social requirement gives the access control rule:
Rule 10. The creator of a new entity immediately gains all rights to it in their namespace.
This conveniently resolves the issue of how to allocate rights to a new entity — they go to its creator by default. On a technical level, a program can act in any way; e.g. it could let the system administrator own all created objects, but on social level all creators would then be slaves. Rule 10 encourages people to create things. Since online systems depend on free people contributing, it does not pay to treat them like slaves, by taking all rights to what they create. Indeed online systems that give more rights to creators tend to get more submissions, just as Locke postulated before the Internet.
Balancing creator and space owner rights. How then can people own what they create online when the right to create resides with the space owner? Rules 10 and 11 separate create from submit as follows:
- Create. Different spaces provide different create operations, e.g. a forum allows create text, a video space allows create video, a gallery allows create picture, and so on. For all rights to immediately go to the creator of a new entity it must initially reside in their namespace. This lets them check their work before submitting and even leave and come back to submit later. For example, when YouTube lets authors create a video and save without submitting, they recognize creator ownership of what people chose to create. At this point, others cant see the video.
- Submit. The creator then agrees to give some rights to the space owner, making the video for example visible to others. I am unlikely to post a video of my new baby online if I lose all rights to it, conversely if I give no rights away the space cannot display the video at all. Every online post is a rights agreement between the creator and space owner, e.g. to post on a forum may require one to give up the right to edit or delete the text added.
Social transparency. When people give away rights in society, it is specified in a contract. In such cases, fairness dictates that both parties know in advance what rights are being exchanged. Contract transparency is the right to know what rights are being given away in that choice. That submitting online is a rights exchange gives the access control rule:
Rule 11. People have the right to know in advance what rights they are giving to others.
One has the right to read a contract before signing it, yet few do, as it is often a long document written in complex legal language. This is even more true for online End User License Agreements (EULAs), e.g. the May 2011 iTunes agreement was 56 pages long! To make the point, in 2010 Gamestation added a clause to their EULA that purchasers agreed to give their soul to the company and 7,500 people agreed, see here. The offline method of using complex contracts for lawyers to read doesn’t work online, as companies write EULAs customers cant understand to keep them in the dark. Since code is law online, let the access control system ask permission to transfer rights at submit time, say for a Listverse submit:
Submitting your post will result in the following rights allocations: Do you wish to continue? YES / NO
YOU THEM
View View, Display, Edit, Delete, Move, Copy
Full ownership is transferred Don’t ask me again ⌈⌋
Making clear the results of a submit rights exchange lets people to decide whether to create or not. For those who often post the “Don’t ask again” meta-choice lets the warning only appear the first time. Using the access control system to describe a rights exchange gives an accuracy and brevity that contracts written by sellers don’t have. Legitimate access control lets online social systems gain the social transparency needed to be trusted.
Allocating roles. When a new entity is created, access control assigns these roles:
1. Owner. Has the right to edit it.
2. Administrator. Has the right to re-allocate its rights.
3. Parent. Is the immediate containing space.
4. Ancestors. Any other containing spaces.
For example, when submitting a paper to a conference mini-track, the owner is the author who can update it but the administrator is the mini-track owner who can delete it if it is rejected. The parent is the mini-track chair. The ancestors of a conference paper are its mini-track, track and conference chairs, and its offspring are any reviews attached to the paper.
Co-Author rights state what the co-owners of the paper can do, as it may have several authors, e.g. co-authors may be able to edit a paper but not delete it, or perhaps they can view but only the main author can edit the paper.
Chair rights. On a social level, the mini-track chair is responsible for the papers in their mini-track, the track chair is responsible for the mini-tracks in their track, and the conference chair is responsible for all tracks in the conference, i.e. for every paper in the conference. Since one cannot be responsible for what one cannot see, when a new paper is added the access control system will give view rights to the mini-track, track and conference chairs. So a paper posted on a mini-track is visible to mini-track, track and conference chairs but not to other track or mini-track chairs.
Author rights. A paper created in a mini-track by by an author who can edit it gets the right to enter that space. If the mini-track space bans the owner of a paper in it, they can no longer see it and so cannot be responsible for it. That those who author papers are responsible for them also requires them to be able to enter the track and conference spaces.
An online vote is a group creation. Programs like Survey Monkey let people vote on an issue that affects them. The vote result is essentially created by the voters who produced it, so they as a group should own it. This gives them the right to view it, but many online voting systems ignore this social requirement by allocating the vote result to a controller who has no obligation to display it to its creators. We have all taken part in marketing surveys where we did not see the result. Locke’s principle then applies, that people are less likely to participate in surveys where they do not get to see the result, and indeed it is so. In contrast, a legitimate online vote would automatically advise people of their vote result because they created it. Note that during the vote, the system can restrict viewing to people who have voted to avoid voter bias.