The Useful Sanctuary of Privacy

I once was in a two day debate with my college roommate where we knew that we were probably close to agreement, but mentally, we couldn’t establish what our points of departure and agreements were with any precision.

We finally sat down and defined our terms and realized that we were arguing with the same set of terms, but with different definitions attached to those terms.  No wonder we couldn’t reach any agreement.  The lesson learned was to define your terms at the beginning of the debate, and you can probably save some time and anguish in the process.

It just recently dawned on me that I have been designing, advocating, and discussing privacy issues in preparation for GDPR with no real working definitions of what privacy is.  With that lesson learned, what do we really mean by the right to privacy?

The Current State of Understanding Privacy

It is tough to respect privacy if you only have a vague notion of what it is.  I think that this lack of a common working definition contributes to an approach to GDPR and privacy that only sees privacy as a compliance box to be checked instead of something to be valued and protected.

Many of us who live in countries with a history of respecting personal privacy have forgotten its importance.  What was once self-evident has been clouded by the immediate benefits of relative freedoms we now enjoy.  Compound this forgetfulness with social media’s constant blurring between private and public, the paparazzi press, and the politics of personal destruction, and it is no wonder we are unclear about what privacy is and the value of it.

It would be beneficial to step back and define some basics of privacy.  If we don’t, we may again be facing some self-evident truths about privacy with painful reminders of Nazi Germany and the Stasi.  Those who lived through those oppressions understand the value and self-evident nature of the need for privacy.

The Essence of Privacy

Allen Westin, the modern pioneer of electronic privacy, wrote

“The essence of solitude, and all privacy, is a sense of choice and control. You control who watches or learns about you. You choose to leave and return.”

Your right to privacy is about controlling the boundaries you set in different relationships to know you.  We do this every day in the physical world as we relate differently to different people and organizations in different settings and contexts.

Anne Wolfe, a global privacy consultant, defines privacy in an article ‘What is Privacy and Why Should I Care About it’.  In translating this concept of privacy to the digital world, she says

“Privacy is the right of the individual to maintain control over their personal information.”

Instead of thinking that we are merely processing data, we should look at our data for what it really is – the digital representation of ourselves.  The data that you and your devices produce create this Digital You.   If we looked at how we treat Digital You instead of just data processing, a lot of the ambiguity in the GDPR would resolve itself, and the appropriate use of data would be closer to self-evident than it currently is.

With the definitions of privacy given by Westin and Wolfe, we need to look at some false equivalencies that exist in the public conversation about privacy.

Confusing Privacy with Secrecy

One common sentiment that is often voiced is “I don’t worry about privacy because I have nothing to hide”.  A similar expression was captured in 2009 by the now famous statement of then Google CEO Eric Schmidt who said “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

Both of these statements on the surface seem to carry a tone of moral righteousness which sounds like a reasonable approach to digital privacy.  Yet, on the other hand, there is something in these statements that provokes our intuitive sense of what privacy is.

Again, the poignant thoughts of Allen Westin clarify what is happening in this seemingly Zen tension.  He states in his book Privacy and Freedom

“Don’t destroy privacy. Terrorists of all sorts destroy privacy both by corrupting it into secrecy and by using hostile surveillance to undo its useful sanctuary.”

Both of the prior statements in reality destroy privacy by corrupting it into secrecy and undo privacy’s useful sanctuary.  They both bait and switch the word privacy with the definition of secrecy.  The former is an unalienable right while the latter is a cover for wrong doing.  In so doing, these prior statements devalue privacy and confuse any discussion about the need and preservation of privacy in the digital realm.

Dave Krueger quipped appropriately “The Fourth Amendment wasn’t written for people with nothing to hide any more than the First Amendment was written for people with nothing to say.” John Adams observed that it was this right to privacy that the crown trespassed on that sparked the American Revolution.  The Colonists were ready to die for rights of privacy.  What are some of these useful sanctuaries of privacy?

The Usefulness of Intimate Relationships

Thoughts and relationships are intertwined in privacy.  We all have blind spots, prejudices, wrong assumptions and even mixed motives and wrong inclinations.

The privacy of thoughts have to be allowed to be shared in private conversation with others in our intimate circles without fear of exposure. These relationships allow for our foibles to be corrected, our thoughts to be refined, and weaknesses to be exposed without personal injury or public harm.

Everyone needs the feedback of honest and good friends to be done in private so that we grow and bring forth better ideas.  This is one useful sanctuary of privacy that Allen Westin speaks of that is of benefit to both the individual and society as a whole.

Privacy Protects Against Hostile Surveillance

Mark Rotenberg, the Executive Director of the Electronic Privacy Information Center, commented on Westin’s seminal book saying “Part of ‘Privacy and Freedom’ is the argument that privacy enables freedom.”

Privacy enables the First Amendment rights of freedom of speech and freedom of religion as it protects the individual from hostile surveillance.

John W. Whitehead writes “… encroachments on individual privacy undermine democratic institutions by chilling free speech. When citizens–especially those espousing unpopular viewpoints–are aware that the intimate details of their personal lives are pervasively monitored by government, or even that they could be singled out for discriminatory treatment by government officials as a result of their First Amendment expressive activities, they are less likely to freely express their dissident views.”

This chilling effect occurs because privacy is an unalienable right and an essential component of our humanity.  It is tied up with our personality and freedom so much so that it takes priority over free speech.  We reflexively retreat from public expression to maintain this freedom of thought, personhood, and the big three pursuits of life, liberty, and happiness.

Privacy Protects Our Psychological Wellbeing

It is self-evident when natural privacy boundaries are crossed in social media that psychological well-being is impacted.  Look at our kids and the damage social media can cause in the case of bullying or over sharing.

Allen Westin wrote on the importance of privacy to individuals saying

“Safe privacy is an important component of autonomy, freedom, and thus psychological well-being, in any society that values individuals.”

It is not without reason that the Germans have the most strict data privacy laws after the Nazi and Communist rule.  Sloan and Warner write in the Minnesota Journal of Law, Science & Technology  “The 1950 to 1990 East German Stasi illustrates the threat to self-realization. The hidden, but for every citizen tangible omni-presence of the Stasi, damaged the very basic conditions for individual and societal creativity and development:  Sense of oneself, Trust, Spontaneity.”  The importance and value of privacy are still self-evident to the Germans and their privacy laws reflect their awareness of its value.

Westin and Wolfe have provided good working definitions of what privacy is, and it has been distinguished from secrecy.  Privacy enables intimacy, freedom of speech and religion, and self-realization.   These definitions and usage should provide a baseline to guide future discussions on data usage with more clarity.  I hope they will lead us to the right use of our data, we could all use some  sanctuary.

Comments are disabled here to consolidate replies here on Linkedin

The Battle for Digital You

It’s About Rights

The creation of the internet and the Digital Revolution is producing a representation of you based on the data that you and your devices produce.  This revolution needs to acknowledge the creation of a virtual Digital You and yield to it the same privacy rights that the real physical you has.

The American Revolution and the subsequent founding of The United States crystalized the social contract of the new country.  The protections of life, liberty, and the pursuit of happiness were laid down, and boundaries of the federal government and unalienable rights of the individual were codified.  These unalienable rights in the physical world were legally protected by the government, and individuals had the right to protection against unlawful searches and seizures.

This foundation is the basis for our privacy laws today specifically looking at the Fourth Amendment which gave people the right to be secure in their persons, houses, papers, and effects.  The Fourth Amendment was later expanded by court interpretations and applied to electronic intrusions such as wiretapping, and the FCC extended applications to commercial intrusions.

We are now several years into the Digital Revolution, but our ethics and rights have not kept pace with the technology.  There is a battle being fought over Digital You, and without a translation of privacy rights protection to the digital realm, we will lose this war.

The Current State

I will leave out the discussion of how Government handles our data here and focus on Technology and Commerce who are waging war on Digital You’s privacy rights.

How did we arrive at this point in time that effectively has allowed Technology and Commerce to violate Digital You’s privacy with no real recourse to date?  The following quotes should have been a warning sign:

1999 – “You already have zero privacy.  Get over it.” –  Scott McNealy CEO of Sun Microsystems Inc.

2009- “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” – Eric Schmidt CEO of Google

Unsurprisingly with these views, Digital You is being built without your consent, control, and in most cases without your knowledge by Technology and Commerce.  How do we take back our unalienable rights that were never consented to be removed in the digital world?

“No Harm, No Foul” vs. Rights

Today, the United States handles the oversight between Commerce and Consumers via the FTC.  The FTC was commissioned to ensure adequate competition among businesses and that consumers were treated fairly by businesses.  This mandate worked in the physical world prior to Technology’s communications advances because invasions of privacy had little to do with commerce.  If someone violated your physical privacy, the trespass was seen.  There was a clear boundary between the areas of commerce and private property.  The Bill of Rights addressed private property and the FTC governed commerce.

The Commerce driven Digital Revolution now bleeds into privacy issues, and the FTC is not equipped with adequate legislation to enforce privacy based on rights.  In order to seek redress by the FTC, courts require proof that you have been harmed by a commerce practice.  This plan works in the physical world where an aggressive salesman might receive a warning shot if he trespassed on private property.  Violations were seen by the individual and they were allowed to protect their private property.

This agreement doesn’t translate into the digital realm where tech companies routinely peer into our private lives uninvited and undetected.  We have no way of defending Digital You from privacy violations where we are unarmed and unaware.  The FTC is of zero use in this case because they are not equipped to enforce rights.

Rights vs. “No Harm, No Foul” Illustrated

Let’s look at a physical example of a privacy issue to illustrate how something is approached based on either a rights issue or fair play.  You have a home and are away for the day.  During that time while you and your family are out, someone wanders into your home, opens the door, walks inside and looks around your house.  From this view, the intruder surmises that you are of moderate wealth, married, and have 2.5 kids.  They understand that you like a variety of music styles, what political party you belong to, and your religious preference.  This person then walks out of the house and records his insights into your lives.  Then you come home and discover that someone has entered into your house and looked around at all of your pictures and rooms.  You learn from your neighbor who it was and you are upset that your privacy has been violated by someone trespassing on their private property and private effects.

The question is has a crime occurred in this illustration?  In real life, the answer is yes, there is a crime of trespassing without consent or unlawful entry.  The basis of this charge is the Fourth Amendment and other clarifying laws.  Now let’s say that the person who improperly walked on to your property was a businessman who was conducting his own research to see what kind of goods you would really need and want so that he could bring them to you to buy.  Would this change your verdict? In the eyes of the law, this would not change the verdict, the man entered the property without consent or permission and was trespassing regardless of intent or harm.  It is a rights issue and a law issue.

If the FTC was in charge of enforcing the privacy of this home, there would be no way to bring a charge against the trespasser unless the property owner could prove that they were harmed by this unconsented act.  This would be ridiculous, but this is exactly the state of how Technology and Commerce are being regulated in areas of Digital You.  Fair play says that as long as tech companies don’t cause demonstrable harm, they can look at whatever they want wherever they can.  If privacy is a right however, you shouldn’t have to prove that harm was done to Digital You, it is enough that there was a trespass without consent to bring charges against the trespasser.

Taking Back Our Rights

Letting the FTC determine what can be done and what can’t be done via lawsuits will not ensure our rights.  Enforcement by fair play lawsuits are inadequate to protect rights which in the physical world are constitutional guarantees.  We need real legislation defining the rights of Digital You so that it is not left in the hands of commerce regulators who do not deal with enforcing and defining unalienable rights.

Privacy Rights are one of the few truly non-partisan issues, and yet, the public perception and debate is hobbled by half informed rhetoric to score points over the opposing party rather than the debate of statesmen.  Due to this inappropriate polarization and the modern habit of passing lengthy bills with inadequate public review, our best course would be to review the EU’s GDPR as a starting point, and Americanize it.  Legislation needs to transfer physical Constitutional privacy rights to our data rights and set up a framework that will establish privacy by design as a guiding principle.   Tech/Commerce will have to get consent to use our data and be held accountable to secure that data.

Americans should be allowed to choose how Digital You is created and used in a way that is informed, gives them control over Digital You, and with transparency into when and how Tech/Commerce uses our digital footprints.   These rights have to be protected by legislation with clear outcome guidelines backed up with significant penalties to ensure adequate data security and privacy by design are baked into all digital handling of our data.

Recent high profile data breaches continue to highlight the need.  Tech/Commerce giants like AppleAT&T, and even Facebook are suggesting we need thoughtful legislation.  The time to translate physical rights to digital rights is now.  The next decade’s quote should read:

2019 – “We no longer settle for choosing between privacy and technology.  Our technology can and will complement our privacy.”

Comments are disabled here to consolidate replies on Linkedin.  You can email your comments to battle4digitalyou@dataeden.blahdeeyada.com