Ever since the Edward Snowden revelations began last spring, the problem of privacy has become big business, possibly eclipsing Big Data for space in the technology feeds. Almost daily, one or more articles opining on the issue crosses my inbox. Some of these are thoughtful and relevant while others are irrational and useless. The point is that Privacy is on everyone’s mind these days. The concern is global and may well become the top moral and ethical question of this century.
Part of the problem of privacy is the definition of the word. Let us consult my trusty unabridged English dictionary (Copyright © 1987 by Random House, Inc.). Privacy: noun 1. the state of being private. 2. the state of being free from intrusions or disturbance in one’s private life or affairs. This does not help much, does it? Even as a public understanding of the word, the meaning is pretty vague. (NOTE: See Dialectic for my definitions of public and guild meanings.) Looking up the base word adds little. Private: adjective 1. belonging to some particular person 2. pertaining to or affecting a particular person or a small group of persons 3. confined to or intended only for the persons immediately concerned 4. personal and not publically expressed 5. not holding public office or employment 6. not of an official or public character 7. removed from or out of public view or knowledge 8. etc. Even the derivation is unhelpful. L privatus private.
But even though the official definition of the English word is fraught with vagueness, we all have some shared understanding and belief about what it means. For purposes of this essay, I will take the following definition as our axiom.
I cobbled this definition together from ideas in several recent articles on the topic. However, in order to be able to use it as an axiom, we should first examine some of the key assumptions it contains. These include:
- Generally understood: This assumes that most cultures recognize some form of human rights for all people. This definition does not stand where such is not the case.
- Some data: This assumes that there are data about us that we cannot reasonably expect to be private by this definition.
- Data: By data I mean raw facts without context, as well as contextualized facts (information).
- Personal lives: It is not reasonable to assume that any aspect of our lives outside of our immediate sphere of influence (essentially, anything that touches another human being directly) can be totally private.
- Accessed forcibly: We can realistically expect these data not to be forcibly accessed in a reasonably free and/or democratic society.
- Or surreptitiously: In theory this should be the same as the last point, right?
- Just cause: This depends on the laws, customs, and social mores of the specific society involved.
As you can see, in highlighting a few assumptions, we have taken a definition with indistinct edges and blurred them further just by looking more closely. If we were to poke at the word “surreptitiously” a bit further, things would go even more out of focus. It is a slippery word in and of itself, and how businesses and governments collect information about us without our tangible awareness (and explicit consent) is almost infinite in its variation.
So given that we are working with an unclear and nearly indefinable concept from the start, how does one go about proposing reasonable public policy to govern privacy in the age of electronic information? My thesis is that we cannot, at least in the short term. For purposes of this essay, let us consider this question purely from the standpoint of the United States of America since it was revelations of that country’s espionage that reshaped this debate. Surprisingly, using the Constitution of the United States as a starting point is little help. It is challenging not only because all relevant language in both that document and the twenty-seven amendments was written before the inception of the Internet, but also because the language is contradictory. The Constitution specifically makes provision to provide for the common defense in the form of “calling forth the Militia to execute the Laws of the Union, suppress Insurrections and repel Invasions.” These are words written more than two hundred years ago and consequently bring us back to creating contemporary definitions of words such as Militia and Invasions.
In direct conflict with this provision stands the Fourth Amendment. This states: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Again, the language is archaic and does not address electronic information directly. Clearly, though, the US Government (through the NSA) believes that its present-day interpretation of the common defense provision trumps the Fourth Amendment, and has surreptitiously equipped itself to support that position (e.g., the United States Foreign Intelligence Surveillance Court, established by the Foreign Intelligence Surveillance Act of 1978 or FISA).
Therein lies the paradox of privacy. In order for the U.S. Government to protect its citizens from the forces that putatively would take away those rights to privacy, it must itself violate those rights – or so it would seem. On the surface, that violation is reasonably benign insofar as the information being collected is considered meta data (data about data) rather than content. Or is it? First of all, the government justifies its right to collect telephone metadata with impunity because of a controversial 1979 Supreme Court ruling (Smith v. Maryland) invoking the “third party doctrine,” meaning that when we dial the telephone, we are willingly giving up these data to the phone company which, in effect, revokes any reasonable right to privacy. The ruling implies that the Fourth Amendment protects only the content of the phone call. But because the Federal Government has collected the call metadata in bulk, call patterns can reveal scenarios that may or may not be what they seem.
Bear in mind, though, that the same principal (and paradox) applies to Internet service providers and online retailers. We willingly allow them to store metadata about our browsing habits, shopping habits, and social networking habits. And it is abundantly clear that these businesses are using them to enhance the efficiency of their sales and advertising revenues as much as to enhance our Internet or online shopping experiences. In fact, the average U.S. citizen has given up much more personal information to these online businesses than the Government has collected thus far. Nevertheless, we are truly in the infancy of this world and we have no idea yet where this will lead us. Can we trust these online concerns to be guardians of our data? What happens when these data are stolen (e.g., Target during December 2013)? What happens when the Government subpoenas these data? Is personal privacy dead?
These are not questions that I can answer here, nor are they likely to be answered anytime soon. I do not think that there will ever be a nice, crisp syllogism capable of logically expressing a solution to the privacy paradox. It is the natural dissonance between the individual and society that has in one form or another always existed, but that has now been exacerbated by our wired existence. The good news is that as human beings, most of us are able to reason beyond paradoxes. This is often accomplished by changing the semantic concept of a statement or situation. In the case of a linguistic paradox, that is fairly simple. For instance, the statement “Everything I say is a lie” is clearly a linguistic construct and easy to diffuse. A real world paradox such as the dissonance between “the common defense” and “the right of the people to be secure in their persons, houses, papers, and effects…” is more difficult but not impossible to manage. I think it requires a combination of individual and societal integrity.
- Question everything. Individuals and societies alike must continue to ask and re-ask these fundamental questions about privacy in the electronic information age.
- Act with savvy. In the age of electronic information, there is no excuse for ignorance about the medium. The Internet is the most self-instructive institution in human history. Consequently, it is the responsibility of every person engaged in using the Internet to understand it as well as the consequences of divulging personal information to a third party. As soon as you hit Enter, it is no longer within your control.
- Demand integrity. Never have so many people known so much about each other. Individuals as well as companies and governments have access to troves of data about each other not even thinkable a mere thirty years ago. We have an obligation to act with integrity and to demand the same integrity of the individuals and institutions with which we share our data.
I am convinced that personal privacy will be the defining issue of the 21st Century. Most of our notions of privacy have changed forever. Our easy electronic access to information, content, goods and services comes with a price. That price is that a significant portion of our personal information is now a commodity to be used, abused, or exploited by people and organizations outside our knowledge or control. During the course of the next ninety years, I expect this dissonance between the individual and organizations to come to a point of crisis. The genie has been out of the bottle for some time; Edward Snowden has merely pointed a light on the abandoned bottle along with some footprints in the sand. I do not have the answer, but I know that the solution to the privacy paradox will require more than public policy.
Do you agree that personal privacy is one of the defining issues of the age? Short of eschewing our online lives, what can we do to protect our personal data?
Here are some links to interesting and important articles on the topic.