In this module, we’ll take a look at some of the classic definitions of privacy to try and understand what privacy is and how its definition has evolved over time. Interpretations of privacy vary so much that when you discuss privacy with someone else, you may each have very different concepts in mind. But first: why should we even care about privacy at all?
A Cautionary Tale
Imagine you wake up one morning at home to find a stranger watching over you.
You are alarmed. You jump out of bed, demanding the stranger identify himself. But he remains silent, staring at you unblinking. You size him up; he seems to be unarmed. Still half asleep and uncertain what to do, you try to push him away, as if he were a mosquito to swat. To your surprise, there is no resistance. You get him out of the door and bolt it firmly shut. Phew. Sitting down to prepare yourself some breakfast, you wonder who on earth that was.
Except…Soon you need to go to work. And the stranger is still there, waiting patiently by the door. Frightened, you call out for help. Your neighbor will know what to do - he might even know this person. Your neighbor greets you with a smile and strides toward you to say hello. To your horror, he walks straight through the stranger. As if he weren’t even there!
You make distracted conversation with your neighbor, while hoping that maybe you’re still dreaming. Then the stranger follows you onto your bus to work, again seemingly invisible to anyone but you. He snaps photos of you buying food; chatting to a colleague; working at your desk. He seems particularly fascinated by the clickity-clack sound of your fingers typing and your hand on the mouse, drawing near with a microphone to capture the vibrations. Whenever you pause, he takes the opportunity to make measurements with a laser pointer: the distance between you and the book on your shelf, the size of the office, the gap between your cheekbones.
As the days go by, you grow accustomed to the stranger’s presence. He watches you as you play with your family; takes notes on how you brush your teeth. Watching others brush through him like thin air, you conclude he’s either a ghost or a hallucination. Either way, best not to mention it to anyone. And besides, he seems harmless, although it bothers you that he never seems to run out of pages in his notebook.
One day, while out shopping, you jokingly ask him to cast the deciding vote between two mangoes. For the first time, he smiles, and nods his head towards the first.
Why Should You Care About Your Privacy?
Privacy…plays an important role in upholding human dignity and in sustaining a strong and vibrant society…where individuals have autonomy: where their inquiry is free because it is given adequate space for experimentation and their ability to speak and participate in discourse within the academy is possible without intimidation. Privacy is a condition that makes living out these values possible…How privacy is balanced against the many rights, values, and desires of our society is among the most challenging issues of our time.” - UC Privacy and Information Security Steering Committee Report, January 2013 1
Why should you care about your privacy? You’ve got nothing to hide, right? If you agree, I invite you to check out Do Not Track, an interactive documentary series…
- a computer model based on 250 likes is better than your spouse at judging your personality. “Private traits and attributes are predictable from digital records of human behavior” Kosinski
- Check out https://coveryourtracks.eff.org/ then https://ssd.eff.org/module/what-fingerprinting
- website fingerprinting is replacing cookies (due to cookie law and they’re too easy to delete/block)
- if something’s free, you’re the product
- Brave Basic Attention Token
“For this reason, many privacy advocates recommend using as few extensions as possible. Additionally, many privacy advocates recommend using multiple different browsers for different things. As an example, I switch frequently between brave and Firefox depending on what I am currently doing on the internet. Compartmentalization is key”
- your permanent record
- Privacy is power - Carissa Véliz - Aeon
- Open-Source Intelligence (OSINT) in 5 Hours - The Cyber Mentor - Youtube
- Hunting the Hunters: How We Identified Navalny’s FSB Stalkers - Bellingcat - how OSINT + data brokers can be used to identify people - data sources that are hard to escape e.g. passenger records. Of particular concern in Russia
- Intro to OSINT and Geolocation Data - MCH2022 - Youtube
- Facebook pixel, personalized ads, personality profiling, election manipulation: https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2023/03/lurking-beneath-surface-hidden-impacts-pixel-tracking
- https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser - must read, includes defenses for website providers
Warren and Brandeis: The Right to Privacy
“Recent inventions and business methods … have invaded the sacred precincts of private and domestic life; … devices threaten to make good the prediction that “what is whispered in the closet shall be proclaimed from the house-tops” … the question whether our law will recognize and protect the right to privacy in this and in other respects must soon come before our courts for consideration.”
When do you think this was written? Last year? When smartphones became popular?
In fact, this was written in 1890! But the concerns it raised are still just as pressing today. When it was published, Warren and Brandeis’ article ‘The Right to Privacy’ essentially created this right from scratch in US law. There had been discussion beforehand about a “right to be let (left) alone”, but no-one could agree on what the legal basis for this was, or how broadly this right should be interpreted. Warren and Brandeis described “a general right to privacy for thoughts, emotions, and sensations” and “the private life, habits, acts, and relations of an individual”, no matter the format the information was in, and including facial expression, neatly preempting today’s concerns about facial recognition. At the time, key privacy concerns were newspaper gossip and publication of photos and letters without consent.
Warren and Brandeis also discuss the (still contentious) topic of what limitations there should be to this right, if any TODO. (fitness for public office)
Solove’s Taxonomy of Privacy
https://wiki.openrightsgroup.org/wiki/A_Taxonomy_of_Privacy - compare to security concerns
- Information collection
- Surveillance: alters people’s behavior (see Panopticon, chilling effects)
- Information processing:
- Aggregation: gathering together separate pieces of information about a person, e.g. linking datasets
- Secondary use: using data for a different purpose than the purpose the data subject originally agreed to
- Dissemination of information
- Breach of confidentiality:
- Intrusion - an unreasonable intrusion into a person’s solitude, or private affairs and concerns
- Decisional interference - unwanted interference into a person’s personal life decisions. For example, national law or local norms may bar women from higher education, government, or specific job roles, or restrict whom a person may start a family with. Note the overlap here between privacy and other rights or values (such as autonomy and self-determination); many definitions of privacy are far more expansive than you might initially expect. In the modern digital context, decisional interference would also extend to targeted advertising and profiling.
Common Individual Privacy Rights
- The right to anonymity
- The right to access/export your personal data. In some jurisdictions (e.g. EU GDPR) this extends to the right to portability, entitling you to export your data in a format in which it can be imported into a similar application or platform.
- The right to correct/update your personal data (right to rectification)
- The right to delete your personal data (right to be forgotten)
- The right to withdraw consent
- The right to redress
- The right to not be subject to solely automated decision-making, including profiling
Privacy is often considered to be an individual right. Data protection law establishes rights for individual data subjects, not groups or organizations. Yet this narrow definition obscures the potential for collective harms to society.
Imagine, for example, that you decide to have a sample of your DNA analyzed. You don’t mind a company having your genetic data; the results, detailing your ancestry…TODO.
What’s more, as Carissa Véliz explains in “Democracy Depends On It”: Carrisa Véliz On Privacy And Ending Data Surveillance, it’s in the interests of tech companies to make us think that privacy is merely about individuals…TODO.
Another factor in privacy being considered to be an indivdidual, not collective right, is that the debate on privacy has mostly been dominated so far by voices from the US and Europe, which share a highly individualistic worldview. What does the right to privacy look like in a collectivist culture? We’ll discuss this further in the next module.
- “Democracy Depends On It”: Carrisa Véliz On Privacy And Ending Data Surveillance - the case for collective privacy
- The Right to Privacy - Samuel D. Warren and Louis D. Brandeis, Harvard Law Review (1890)
- Understanding Privacy - Daniel J. Solove, Harvard University Press (2008)
- We Are Bellingcat: An Intelligence Agency For the People - Eliot Higgins, Bloomsbury Publishing (2021)
Privacy and Information Security Initiative Steering Committee Report to the President, The University of California (2013) ↩