That's all very noble and intellectual, but the simple fact is that in the real world, we all value different things to different extents. Money is the concrete, quantified representation of that value that we as a society have chosen to standardise.

You say that we don't want to be raising our children on stories full of sex and violence, and yet as you say yourself, sex and violence sell, so evidently lots of people do value those stories even if you don't or they're not valued as children's entertainment. In any case, I doubt most parents I know are planning to keep their kids safe from the evil that is Harry Potter as they grow up, and there's plenty of violence in those books.

I'm afraid you are imagining an idealised, deeply cultural world that doesn't exist even though you'd like it to, and then you are assigning the blame for its non-existence to the presence of mere economic niceties rather than the more fundamental cause, which is that the human condition just isn't as nice as you'd like it to be.

I couldn't agree more. This is the thing that always winds me up about people who suggest that there is no evidence that copyright is working and the only way we can possibly tell if we'd do better without it is to completely scrap it and see what happens. If there are all these viable alternative models that are so much more promising as incentives to create and share new work, why aren't people already using them?

Your argument all sounds perfectly reasonable until you consider that people have tried choose-your-own-price experiments before, and it turns out that almost no-one pays anything. People have given their stuff away for free and perfectly legally from the original source, and some people still pirate it from elsewhere!

So while I'm not for a moment defending today's absurd extremes of copyright, the one thing the copyright model has in general that your alternative proposal doesn't is that it actually works, which is slightly important.

I'm firmly in the "reform copyright" camp. That is, I think copyright is a useful economic tool for promoting creation and distribution of new work, but the current implementation of copyright law is deeply flawed and no longer fit for purpose in most of the western world.

That said, I want to challenge this statement you made, because I think it's too strong:

I don't think this is a black/white question, but rather a matter of probability, scale, and variety of options. Many people do make a living in creative industries without really relying on copyright all that much.

For example, most of the work I do is subject to copyright protection, and in some of my roles I would normally transfer the copyright to clients/customers at the end of a job. However, often neither I nor my customers much care about that, because if we're talking about software that is running on their web server or embedded in their device, it has much more practical protection against someone ripping it than copyright affords, and in any case the software would have limited value in isolation so there's not much incentive for others to copy it.

Not everyone in software works on projects where that would be the case, so for others copyright offers a better incentive. But in those cases, other models might also work. I have some hope for the crowd-sourcing idea, as the likes of Kickstarter have already shown that even quite substantial projects staffed by solid industry veterans can pull in a decent amount of funding to match. Potentially there's a lot of middleman removal as a pleasant side effect, all the while still allowing the overall cost of developing a moderately large project to be amortised over many customers (and unlike typical copyright-and-sale business models, potentially allowing different customers to contribute more or less according to their means, so perhaps better satisfying your "democratic model" criteria). I think we need a few more of the bigger projects to actually deliver before drawing too many conclusions here, and of course even the biggest are still orders of magnitude smaller than what copyright-backed industry has achieved, but the early signs look positive from here.

So while I'd agree that the scales proven so far and the odds of success are not as good without copyright as with it, at least for those kinds of creative work where copyright is fundamental to the existing business model anyway, I think it's too strong to say that you can't make a living as an artist without it. What we should be concentrating on is whether more people wind up making more and better work that is ultimately enjoyed by more people with different variations of copyright or other IP frameworks. The idea is to maximise creativity and productivity for the benefit of society as a whole, IMHO.

Yeah, but Disney don't really need to pay their artists. There are loads of people in the world who draw and animate just for fun anyway, so it's not like using professionals is adding any real value.

Besides, just being associated with Disney will look great on their resumes when they apply for their next non-paying jobs, and while they're still at Disney they can even use the free PR to promote their live performances and make plenty to live on that way.

It sounds like the hack was only possible because personal data that should never have been anywhere near a public website wasn't properly controlled, so I don't have much sympathy for them on that score.

As far as being hacked compared to continued careless releases, the latter seems to deserve a harsher penalty, and the fines here do seem to reflect that. Isn't this what we want to happen?

It's worth noting that the fine for the charity here relates to disclosing personal data about nearly 10,000 individuals, so it worked out around £20 per victim, even though the nature of the breach is obviously quite serious.

In contrast, the bank released a lot of personal data but only about a much smaller number of individuals (it seems to be only in low double figures looking through the ICO's information more deeply, via a series of careless errors rather than one mass leak) so the fine per individual victim appears to have been much greater here, probably working out to £1,000s per victim.

Why?

Sure they are, at least some of them. As I said, there is a whole industry building up around supporting this specific use case, balancing the degree of access required with the inevitable security implications. There is a whole range of options between having no special access/no control of the device and having the same access you'd have from your company PC that is centrally administered by your IT team.

That's fine, as long as they also provide dedicated, company-owned and -controlled equipment for all company work. A lot of places don't want to pay that expense and encourage employees to use their own devices, at which point the rules aren't so black and white.

In the real world, BYOD isn't always that simple. The moment an employer encourages their employee to do something on their own device rather than provide dedicated company equipment, there are issues of who has what access, who is responsible for what, etc. There are entire businesses making tools and consulting in this field right now, because that is how big a minefield it is becoming.

Also, it's worth noting that the kinds of devices that do this are often used for compliance with rules like HIPAA or PCI DSS. You can't demonstrate that you aren't allowing sensitive data out of a supposedly secured part of your network if you can't actually see what you're allowing out of it...

True up to a point, but the moment anyone mentions the phrase "bring your own device" and anyone from your company touches your employee's private property, a whole bunch of similar issues are going to come up.

It's true that his sort of system needs to be set up carefully, and probably with the aid of both technical and legal advice if the administrator isn't an expert in this area.

Saying that, with a properly configured set of devices, it is possible to pass encrypted traffic through a security device that temporarily decrypts the data to scan it but never logs or discloses the full data set itself, so nothing sensitive is ever recorded or put in front of human eyes. There is also technology available that will cut payloads off packets or mask them out so logging tools only see the packet headers, and this kind of technology is often used for compliance with HIPAA, PCI DSS, and similar sensitive areas.

Of course, if the administrator didn't choose to use those facilities, or if they set them up incorrectly, their systems could be doing all sorts of things that potentially violate various data protection laws depending on jurisdiction.

It's perfectly legitimate practice on a company network to intercept encrypted traffic. Security devices used for things like intrusion protection and data leakage prevention can't work properly if all you need to circumvent them is an encrypted connection, and you really want that kind of security these days if you're using a large company network, whether you're the company management, the company employees, or the company's customers/clients.

Doing it without making anyone using the network fully aware of the possibility, however, is quite a different matter, unless employees clearly aren't allowed to use company systems for personal use at all. If you've been told occasional personal use is OK and they're covertly MITMing your online banking session on your lunch break or similar, that is highly inappropriate.