Privacy in the network society: a juri–normative case for “public privacy”
Isaac Quinn DuPont
April 2007
With the advent of rapid telecommunications, new collection and aggregation technologies, and a hyper–capitalist economy seemingly based on only advertising dollars personal privacy can no longer be understood as being “left alone” or without “intrusion”. These pervasive communication technologies have been coupled with robust databases and push the envelope of privacy into a new realm. This new realm, at its worst, seeks “personal” information in exchange for goods and services—and consumers appear to be only too happy to provide this information. Yet, enabled by the technology and the economy in what Manuel Castells’ called the “network society”, the decentralized space of flows, privacy is being both diminished and invaded at an alarming rate. The mainstream philosophical theories of privacy are unable to deal with the qualitative shift in privacy issues. Normative theories do little to slow or stop these privacy concerns, but as vanguard theories for law they can establish the categories and limits of acceptable privacy policies and laws. The analytical independence of jurisprudence can look to the philosophers who point out the pitfalls in some conceptual thinking, which may help the judges articulate a cogent legal framework for privacy protection. The alternative is a technological fix, but while privacy enhancing technologies (PETs) tend to be effective technologically, they have historically done very little to protect privacy, and conceptually are unable to protect the most valuable category of privacy.
I will survey the mainstream philosophical theories of privacy and show that a) many fail to appreciate the complexities that the network society has brought upon privacy, and that b) all fail to protect public privacy, or public personal information. To many, a notion of public privacy is contradictory, e.g., Canadian case law appears to only recognize privacy as personal, i.e., non–public. The dichotomy of public versus private is a novel modern creation, and assuming it exists in reality (and not just in the heads of philosophers), it likely began with John Locke, and ended in the late 1960s with the start of the network society. The dichotomy is the conceptual blinders of contemporary moral philosophers, legal theorists, and judges; the struggle to understand privacy rarely considers anything anti–liberal. Liberal ideology, born of good Protestant ethos, postulates a sharp separation of public and private. The decentralized and globalized nature of the network society, however, blurs these conceptual lines, but the normative theories have not yet come to appreciate this fact. To the degree that privacy theory is wedded to liberal ideology, public privacy will remain elusive despite rampant contradiction in contemporary society.
People in developed nations live increasingly online and through a connected environment (e.g., radio, telephone, television, computer), and data collection is facilitated through these connections, but even the meatspace succumbs to the collection of personal information. There is no threat of Big Brother, however, since the hallmark of the network society is its decentralized nature. This personal information is offered willingly, and even more surprising, people acquiesce to the collection, aggregation, processing and sale of their information. In the network society, it appears, nobody cares about privacy. Yet, there is increasing outcry about a (descriptive) loss of privacy, and all too frequent (normative) violations of privacy. The powers of hegemony, that spontaneous acquiescence that Antonio Gramsci described in the early twentieth century, are a feature of the network society. So, with hegemony as the power structure, what does this leave the (powerless) people?
PETs, as it will be shown, are effective at keeping secrets secret. Most PETs function through the use of well known and mathematically explainable cryptographic techniques—there is no magic here. But, given that the real problem facing the network society is protecting public privacy, PETs are conceptually incapable of protecting privacy in the network society. PETs enlarge the private sphere, by making more secrets secret, but this approach is empirically and conceptually flawed. In the network society people are willing to offer personal information (usually, but not always, for exchange of goods and services), only to later protest about a privacy violation. Even worse, PETs reenforce the public/private dichotomy by firewalling a private sphere (were privacy exists) from a public sphere (where no privacy exists).
Contemporary case law only recognizes privacy in the private sphere, but I will show that, following from my analysis of the mainstream normative theories of privacy, jurisprudence may have some specific and unique methods to deal with public privacy. Despite the foot–dragging of recent decisions to appreciate the qualitative difference the impact technology has made on privacy, the normative and heuristic approach adopted in s. 2(b) Charter analysis could help to recognize a category of public privacy violation. The heuristic is a two step process: a) establish a privacy violation, and b) balance the rights of the subject against other socially desirable goods. The key to its efficacy in privacy matters is the analytical separation between descriptive categories of privacy and normative rights and duties. If the categories of privacy were first broadened to include public privacy, perhaps by the influence of philosophical theories of privacy, jurisprudence could make sense of the freedoms and rights described in the Charter and establish sensible privacy decisions in light of new technologies and new modes of being in the network society.
1 Philosophical Theories of Privacy
Over the last decade Harman T. Tavani has provided a number of careful assessment of mainstream philosophical theories of privacy. In his most recent work (2007) he organizes privacy theories into four categories: the non–intrusion, seclusion, limitation, and control theories of privacy. Since James Moor’s 1990 paper describing a unified theory of privacy Tavani has joined in an effort to incorporate the insights of each of the four categories of privacy theory and developed a theory now known as Restricted Access / Limited Control (RALC). This theory, aided by being comparatively new, is probably the best philosophical theory of privacy in respect to the new problems created by the network society. In the 2007 version, Tavani explicitly attempts to shore up the theory in light of Helen Nissenbaum’s (1998) concerns regarding the public and private sphere. But, Tavani’s fourfold categorization is a relic of his earlier papers, from before he had protection of public privacy in his sights. As such, the concerns most germane to public privacy cut across categorical lines in Tavani’s analysis, and thus remain somewhat obscured.
Instead of using Tavani’s categorization I have attempted to organize the mainstream philosophical theories into a twofold categorization. With rather loose titles, these are: privacy as descriptive interest or right, and privacy as intentional interest or right. Further, as a subset of the latter category, there exists theories of privacy as property right. I have not attempted to incorporate every privacy theory in my categorization, and nor is there room for the eccentricities of them all. My effort instead has been to capture the content of the theories, rather than the process (as Tavani did). It is also true that some undeserved analytical attention has been paid to theories of privacy that postulate a market solution or locate privacy rights as derivable from property rights (e.g., Thomson, 1975). Because this view is particularly compelling for some holders of power of a certain ideological disposition (i.e., the bourgeoisie and their notions of free–market capitalism), and because it makes unique and telling errors, I have decided to give it a separate billing.
1.1 Privacy as an descriptive interest or right
Descriptive interest or right theories group together two conceptual categories that are normally kept separate; the strict distinction between interest–based and rights–based theories is in my opinion unhelpful. It is often thought that interest–based theories of privacy are descriptive, whereas rights–based theories of privacy are normative. When the interests of people are considered, such as features that are part of human nature (however loosely interpreted that might be), these theories tend to tie privacy to personhood or society (Rachels, 1975). Of the former, privacy could be conceived as a standard universal human right, and of the latter, privacy could be a Rawlesian right abstracted from the rationality or self–interest of all. For either, however, when the interests are generalized to many people they cease to be merely descriptive. If it is the case that all (or most) people have a particular interest, then we ought to assign normative value to the interest. Thus, it is possible to derive normative rights from descriptive interests (Tavani, 2007, 4)—and thus the boundaries have blurred.
Descriptive theories include control and exclusion theories of privacy. What is distinctive about these theories is that the individual is the criterion of the categories of privacy, but does not (necessarily) establish the normative force of the theory. Because the categories are decided in reference to the individual, these theories tend to confuse privacy with liberty. For example, I might have certain liberties given some situation, but I do not (necessarily) establish the norms of inclusion or exclusion. This confusion becomes particularly problematic for privacy issues such as surveillance, since surveillance does not usually impinge on liberty, such as free and rational decision making, yet it may still amount to a privacy violation or a diminished quality of privacy.
The central insight of the descriptive theories is their recognition that privacy categories ought not require intentionality on behalf of the agent; this avoids what I am calling the “mixing in” problem. In the following section I will describe theories which require some intentionality directed towards the situation at the level of privacy categories. The descriptive theories attempt to avoid requiring the subject to make a normative claim about privacy until the context, zone, or situation has been deemed a privacy concern. The attempt is to non–normatively describe (often articulate, as in policies) the sphere of privacy; this usually maintains the public/private dichotomy, but it need not. The “mixing in” problem arises when some intentionality toward privacy is required to describe or articulate the privacy categories. By requiring the subject to have an intention of the “expectation of privacy”, or worse still, having the subject make a declaration of privacy, the prospect of establishing a zone of public privacy is gloomy. What is required on these theories is that the subject “mix in” some of her intentionality to the public sphere, but the effect is not public privacy—-rather, “mixing in” only enlarges the private sphere. PETs, as I will show later, accomplish the same effect, and also do not protect public privacy.
I think there are two reasons why the “mixing in” of intentionality is unable to maintain or protect public privacy. First, it is an empirical fact that people do not take steps to protect their privacy until it is too late. Second, the worst infringements of public privacy occur through context shifting (Nissenbaum, 1998) and profiling, but these categories are not initially privacy impacting—it is only after the fact, once the categories are established, that the qualitative shift of information occurs and creates a privacy concern. The descriptive theories set the context without agent intention; traditional rights–based theories that tie privacy to personhood go the furthest in this respect, but also have other problems.
Since the late 1970s there have been occasional flurries of scholarly activity in attempt to establish a theory of privacy. Much of the work has since been in response to a series of articles published in Philosophy and Public Affairs, most notable are James Rachels’ article “Why Privacy is Important” and Judith Jarvis Thomson’s article “The Right to Privacy”. I have categorized these two influential theories into separate camps: Rachels’ is a descriptive theory and Thomson’s is an intentional theory. More specifically, Thomson’s theory postulates that privacy rights are derivable from (supposedly more fundamental) property rights. Rachels’ theory, however, is based on two factors: who has access to information, and the ability to create or maintain relationships. Rachels argues that the control of who has access to information is necessary for the ability to create and maintain relationships. It is for this reason that Tavani calls Rachels’ theory a “control theory” (Tavani, 2007, 7).
According to Rachels’ theory the control of information is determined by a sort of heuristic in which the subject has a feeling of privacy. It is only by having this feeling of privacy that intimacy can be created. Reiman, who responds to Rachels and Thomson, summarizes the importance of a feeling of intimacy for Rachels’ theory: “different human relationships are marked—indeed, in part, constituted—by our different degrees of sharing personal information” (Reiman, 1976, 30). The feeling of privacy, however, is something that results from the control of information—at the exclusion of offering information to some, privacy is created with others. As social creatures people require relationships, but relationships are meaningless if the partners do not have an investment in sharing information, especially personal information. The relationships we engage in are meaningful only because of exclusion of information to others, and the sharing of personal information with friends and partners. In fact, the information must always remain in control; it is a matter of fact that I am less intimate with a person I thought was my friend if she shared personal information with everyone. Once the personal information is “out there”, the degree of intimacy is lessened; Rachels writes that “what we cannot do is accept such a social role with respect to another person and then expect to retain the same degree of privacy relative to him that we had before [the information became public]” (Rachels, 1975, 331).
Rachels’ theory does not rely on the ability or requirement to articulate a private situation; it may turn out that some situations call for confidentiality, but in principle intimacy is about control of information, not the complete stoppage of the flow of information. Yet, even though confidentiality is not a requirement, it is difficult to imagine the categories of information involving public privacy. We say that it is a matter of delusion when one thinks she is intimate friends with a celebrity because she has read juicy personal information in a tabloid. These do not seem to be the sorts of paradigm cases of intimacy and privacy that Rachels has in mind; thus, the paradigm cases ensure a strict division between public and private. The sort of relationship Rachels has in mind creates problems with the traditional notion of privacy as well (i.e., as non-public privacy).
The most damning criticism of Rachels comes from Reiman, who argues that Rachels adopts a sort of market solution to privacy. Reiman’s worry is that the quality and substance of intimacy is not merely in what information a person might have about a friend, but rather, intimacy is what personal information others do not have (Reiman, 1976, 32). Rachels is deeply committed to the idea that there is a relative scarcity of personal information available for sharing in intimate relationships, and while this is doubtless true to some extent, it has odd implications for privacy. Reiman worries that Rachels’ theory does not go far enough to vest privacy with personhood, for example, does a person on a deserted island not have some right to privacy (Reiman, 1976, 36)? Even more strange, Rachels pictures an exclusive monogamous relationship as his paradigm case of intimacy, but by suggesting that exclusivity is essential to intimacy he makes monogamy logically necessary (Reiman, 1976, 32)—an unsavoury consequence indeed. Reiman further criticizes Rachels for rationalizing intimacy, such that even jealousy (the most passionate of feelings) is rendered rational.
Reiman attempts to fix some of the problems he sees with Rachels theory. Reiman describes his variation as such: “privacy is a social ritual by means of which an individual’s moral title to his existence is conferred” (Reiman, 1976, 39). Where Rachels could not make sense of privacy for the deserted islander Reiman can because the deserted islander has a moral right to his existence. The connection of privacy to personhood is particularly strong, Reiman writes,
if one takes… the symbolic interactionist perspective which teaches that “selves” are created in social interaction rather than flowering innately from inborn seeds, to this claim is added an even stronger one: privacy is necessary to the creation of selves (Reiman, 1976, 39).
Thus, there is a moral sense of ownership, which implies two conditions: 1) right to do with my body what I wish, and 2) right to control when and by whom my body is experienced.
My worry about Reiman’s theory is that it confuses liberty and privacy, possibly worth the price for a richer picture of privacy, but a confusion to be avoided if possible. Further, although Reiman has corrected some of Rachels’ biases and mistakes, he has not brought us any closer to a theory of public privacy. Indeed, the public/private dichotomy is arguably stronger in Rieman than in Rachels.
The Restricted Access/Limited Control (RALC) theory developed by James Moor and Herman T. Tavani attempts to unify the mainstream theories of privacy. As the name indicates, RALC is a control theory like Rachels’ except privacy categories are decided by the criterion of context and not information itself. RALC does not set the privacy categories descriptively, instead they are drawn up normatively (Tavani, 2007, 11). Because the context of control is what is important for privacy RALC is susceptible to the criticism that if physical access is limited due to natural reasons (such as the deserted islander, or people of a distant nation), privacy would always be ensured, even if all personal information was available for anyone to see (i.e., a seemingly non–private situation). However, Tavani addresses this criticism by noting that if the privacy categories are drawn up normatively, a privacy violation would still occur because the context would be one in which we think ought to be protected. A descriptive lessening of privacy may result, if all information is systematically collected and published, but the context will determine if privacy ought to be protected. Thus, Tavani is making a distinction between a descriptive loss of privacy and a normative invasion of privacy (Tavani, 2007, 2).
The most recent iteration of RALC (2007) explicitly attempts to deal with public privacy. Tavani argues that armed with a normative understanding of the privacy categories, a theory of normative control of contexts (not information), and “Moor’s Publicity Principle”, RALC is able to deal with public privacy. As much as Tavani might try, however, I think RALC is still unable to deal with the critical aspects of public privacy. I am generally hostile to the idea that normative privacy categories will be able to deal with public privacy, and I think Tavani attempts to shoe–horn Moor’s Publicity Principle in the analysis as a means of dealing with public privacy. If the categories were drawn descriptively, and given a robust enough normative theory of privacy, the general erosion of privacy could be explained as a normative lessening of privacy (I see no reason to think that normative claims need to be black and white). The RALC theory suggests that if people are made aware of the privacy implications of the systematic collection, processing, and sale of information then the normative categories will be drawn up to include this systemic privacy issue. In this regard, Tavani quotes Moor’s Publicity Principle: “rules and conditions governing private situations should be clear and known to the persons affected by them” and through open rational discourse the categories will be normatively set (Tavani, 2007, 16). In the network society, however, people acquiesce to the systematic collection, processing, and sale of personal information. Tavani and Moor might be inclined to suggest that if, after open discussion about the privacy concerns, it was concluded that the normative categories ought not include this privacy erosion, then there is in fact no privacy concern. But, I think this misses the point—click through licenses, explaining all the privacy implications, will not motivate anyone to think of privacy issues. The qualitative shift in privacy occurs much later. The downstream effects are what need to be guarded against, and Moor’s Publicity Principle will do nothing to prevent the violations because, at the time, there is no privacy violation. The context of control is such that the subject feels like she has control of the context, and in fact, she does have control of the context. It is only after the collection, processing and sale that the context is qualitatively different, and only then do privacy violations occur.
1.2 Privacy as intentional interest or right
The intentional interest or right theories are particularly poorly suited for understanding privacy in the network society because, as I have already mentioned, people rarely think about privacy until it is too late. Further, these theories tend to require some “expectation of privacy” (the negative side of the intentionality to declare the privacy categories). Very briefly, I will describe two such theories, those of Parent and Gavison.
Parent’s theory is described by DeCew as “the condition of not having undocumented personal information about oneself known by others” (DeCew, 1986, 148). Thus, the public sphere is not private, and cannot be private. Parent’s theory is tantamount to secrecy, since “perfect privacy” is the condition of excluding all others from knowing anything about one’s self. Decew criticizes Parent for not leaving room for what ought to be protected, such as those things that are in the public sphere (DeCew, 1986, 152). On this theory privacy is little more than secrecy, and so it is unclear whether it is the acquisition or the dissemination of information that is so troubling to Parent. At any rate, exclusion occurs at the level of the subject, who must take steps to prevent others from discovering personal information. Parent’s theory either includes too much, and does not allow for legitimate violations of privacy, or does not include enough, and can not suitably protect personal information in the public sphere.
Gavison’s theory is difficult to understand because of its novelty. Most privacy theories speak of the flow of personal information, and either take the information or the context to be criterion of privacy. Gavison, on the other hand, argues that one can lose privacy by merely becoming the object of attention (DeCew, 1986, 156). Gavison’s theory appears to be a form of “exclusion theory” that confuses privacy with solitude (often spoken of as the “right to be let alone”). On Gavison’s theory the right to privacy is only as strong as one’s ability to remove himself from society. Supposing that the practical difficulties of societal excision are put aside, Gavison’s theory is able to understand why the effects of profiling and data mining are privacy violating. Gavison’s theory diminishes the role of context or information exchange in the articulation of privacy categories. Gavison’s theory captures the idea that the knowledge created through the processing of collected personal information is something that singles one out and thus impacts privacy. On the other hand, it could always be claimed that in any given privacy situation insufficient steps were taken to seclude one’s self from these downstream effects, since purposive (intentional) exclusion is the positive construal of Gavison’s theory.
1.3 Privacy as property right
As I will show later, it is the traditional view of Canadian jurisprudence that privacy rights are derived from property rights. This view has been somewhat eclipsed in the courts, but still has a impressive hold on privacy theorists. Some suggest that we derive privacy rights from property rights, either in the sense that privacy rights are created out of property rights, or in the deflationary sense that privacy “rights” are nothing more than property rights specially applied. Others go further and suggest that the market model can be used for privacy, with market forces as the normative judge of privacy.
The market view would suggest that the key to privacy is alienability, and that the oppressed and powerless would gain power in their ability to choose to alienate privacy or not. The assumption here is that people would protect privacy if it was important to them, vis–a–vis the market “price” on privacy. Yet, it is an empirical fact that people do not take steps to safeguard privacy, but still feel deeply disturbed when privacy violations occur. It is also unclear what sense of property individuals would have in their body or their person. Jessica Litman argues that a market solution for privacy will not cure the problem, instead it would legitimize the problem (Litman, 2000, 1301). Since the market solution is essentially about an alienable right sold on a marketplace, the power would tend to lie with the collectors of personal information, instead of the subjects.
The classical account of privacy as derived from property rights comes from Judith Jarvis Thomson (1975). Thomson argues that we have a cluster of rights in property, and that property ownership entails a negative right that others do not infringe on your property (Thomson, 1975, 299). Thomson speaks of privacy “rights”, but she must intend it to be applied somewhat metaphorically, since she deflates privacy to such an extent that there is no thing that is privacy or privacy rights; the cluster of property rights do all the work in her theory. The resulting negative (property) right impinges on others’ unauthorized viewing or coming to have some personal information, i.e., others have a duty to refrain from efforts to come to have personal information (when unauthorized). Obviously, it might be that averting your eyes or stopping your ears would only be a duty in rare circumstances, but it would be an obvious and general duty not to crane your neck to see, or listen with special amplifying devices. This duty, however, is not instantly and unequivocally binding; others have to secure their private information and private objects in a private, i.e., exclusionary, way (Thomson, 1975, 300). It is not necessary that every effort possible is made to secure the privacy of personal information, but some diligence is required. Thomson requires a strong sense of intentionality that amounts to positive action or effort to secure privacy—mere intention or expectation is not sufficient on her theory. This creates problems for a notion of public privacy, since the public and private spheres are dichotomous in Thomson’s theory. Thomson might attempt to redress this problem by arguing that there are rights in how information is collected and to what use it is put (Thomson, 1975, 307). These rights, however, do not seem like typical property rights: ‘use rights’ are among the standard list (see e.g., Honoré), but this typically involves rights in property that has not been alienated; we seem to have no property rights whatsoever in “how” anything is done (save impinging on other property rights). It would be atypical that information be sold to a collector who only ‘rented’ it with limited use rights, privacy policies and the like may limit acceptable uses, but these seem to be created independently of any property rights.
The general problem with using Thomson’s theory, as with all the theories so far, is that personal information in the public sphere is incomprehensible. Thomson’s theory cannot make sense of, e.g., a Muslim woman who desires to protect personal information while engaging in public activities. Thomson would only have resort to the suggestion that obscuring clothing is required, a process of enlarging the private sphere rather than properly appreciating the category of public privacy. It does not seem overreaching (or infringing on others’ rights) to suggest that a Muslim woman be given certain conveniences due to her privacy preferences, such as that (at least) non–family male Muslim’s avert their eyes (a norm), or that government agencies provide certain affordances like the option to consult female employees (legislated). Property rights and/or a market solution cannot accommodate these preferences. Since there is no thing called privacy, the preferences of individuals can only be realized if there is a corresponding property right (unlikely) or a market willing to engage in the privacy transaction (likely for some preferences, but very unlikely for others). On this theory property rights cannot extend to privacy violations that occur due to phenomena like profiling or data mining, but Thomson bites the bullet on these sorts of cases and rules that they are not privacy violations.
2 Network society
My concern with establishing ontological room for public privacy stems from a vision of contemporary society that postulates a shift, in qualitative terms, of knowledge derived from the collection, processing, and dissemination (or sale) of personal information. The qualitative shift is not only due to technological advances (although they are important, especially telecommunications technology advances), but also relies on a new form of power and its consequent economy. While the technological advances are new and novel, the form of power and economy are only novel in their crystallized forms, and properly belong to a grander historical tradition of the development of power accumulation in the hands of the bourgeoisie, post–Thatcher, hyper–capitalistic, globalized economy with totalizing effects, and decentralized (yet still accumulated) non–state power structures. This vision of contemporary society has been dubbed the “network society” by Manuel Castells.
Castells’ theory suggests that contemporary social structure is a network composed of decentralized “nodes” which are defined by a “program” that “assigns the network its goals and its rules of performance” (Castells, 2004). The network is competitive with alternative networks and may be ‘re-wired’ to incorporate other networks through the actions of “switchers”. These switchers, as understood by Castells, are typically not the bourgeoisie, although he recognizes that much of the power within a network is still located in the hands of a dominant elite. Rather, Castells suggests that the networks are “self–reconfigurable, complex structures of communication” (Castells, 2004) that communicate internally through programming made possible by (likely middle–class) information workers. “Switchers” appear to be Leviathan–esque out–performing information workers that connect competing networks. The internal logic of the network is “at the heart of social interaction and the production of meaning” (Castells, 2004).
Castells suggests that networks are not new to society, instead, the “hierarchical bureaucracies based on the vertical integration of resources and subjects” have been the dominant ideological view and legitimized by “mythology and religion” (Castells, 2004). Oddly, Castells suggests that one of the virtues of a network society is its “survivability” since it has no centre vulnerable to attack; this claim is made in spite of the overwhelming success of hierarchically–organized society. Agrarian societies are nominally decentralized and networked structures, but post–agrarian societies have without fail been structured hierarchically. The “survivablity” of hierarchal structure is especially evident in capitalism, since beginning with Marx’s call to dismantle the inherent contradictions of capitalism (which I think surely exist) no movement away from capitalism has occurred.
The network society resulted, according to Castells, due to the coincidental occurrence of three factors:
[1] the crisis and restructuring of industrialism and its two associated modes of production, capitalism and statism; [2] the freedom–oriented, cultural social movements of the late 1960s and the early 1970s; [and 3] the revolution in information and communication technologies (Castells, 2004)
Capitalist and statist modes of production were stymied leading up to the 1970s by a lack of new market growth (a requirement for capitalist structural maintenance), but the reification of nascent communication structures (later labelled ‘globalization’) allowed new markets to be incorporated into the capitalist mode of production. The statist economies of, e.g., Russia and China either failed (Russia) or transitioned to capitalism (China). In North America the ‘hippies’ of the 1970s were quickly growing out of youthful (and structurally ineffectual) rebellion and required work (Castells calls them “imagined proletarians”). The communicative technologies made possible through capitalist accumulation (often military development) and a faltering hippy ethos of sharing became the new market battleground. Thus, globalization was born and new markets were ready for exploitation. Globalization was further unencumbered by the unchecked economic policies of Regan and Thatcher—and the transition from “industrial capitalism to informational capitalism” was complete (Castells, 2004). Thus, the new economy is a communication economy, and it sells information for the purpose of creating new meaning. The market for personal information is not straightforwardly privacy infringing; mere collection of information is not sufficient to create any new or virulent forms of privacy violation, and nor is it particularly valuable to the market. The flexible nature of personal information, however, is the key to profit: personal information can be repurposed to create knowledge that was previously unavailable. Nissenbaum argues that the broad collection of information is problematic for privacy (Nissenbaum, 1998, 26), but, taking a closer look at the network society suggests that mere information is ineffectual. Communication is required for networks to switch, destroy, or fail, and communication implies information flow.
Of course, Castells is careful to remind us that industrial capitalism was not replaced by informational capitalism (since the ‘industry’ has predominately been shipped to other nations well under the pressure of the capitalist mode of production), instead industrialism was merely subsumed under informationalism. The false emphasis on information technology as a product of late industrial capitalism needs corrective analysis and Castells suggests that the emphasis should be placed on the real agent of the network society: communication (Castells, 2004). It is in the light of communication, as the flow of information and the creation of meaning, that I would like to suggest is so important to privacy. Technology certainly has a role in the network society, since it allows for the global and instant communication required for contemporary hyper–capitalism, but technology alone is not sufficient. The communication technologies are, in fact, shaped by their own output—the outcome of the communication is constitutive of emerging technologies.
Castells suggests that the network society functions on a double–logic of inclusion and exclusion which creates deep fractures in society. The deep fracturing is not due to technology outpacing previous “social forms” (basically, norms); Castells argues that the reconfigurative capacity of the network is a structural feature resulting from the double–logic of the system. According to Castells, the double–logic of the network dominates the local through incorporation or extermination (inclusion/exclusion). The dominant value is manifested through power in the network according to the network’s programmed goals (which necessarily include its logic of inclusion/exclusion).
The ‘local’ can be seen as a broader category of the ‘private’, which is dominated by network power. Nissenbaum identifies two privacy issues unique to contemporary society: context shifting which involves the re–appropriation of information to new uses, and the collection/collation of information from diverse sources of which the sum is greater than the parts (Nissenbaum, 1998, 27). I think that the moral indignation people feel when they experience either of the above concerns results from the networks “switching” from the local to the global (or ‘other’). The shifting of information is, from the view of the network, a form of network switching. The backbone of the network society’s economy rests on the efficacy of this communication. New meaning is created through the communication of networks, and when this meaning feeds back into the network it re–determines personal meaning. Thus, for as much as personhood is tied to privacy, its repurposing and reconfiguration of the person is due to the network structure and economy.
Protecting public privacy becomes an attempt to shape the inclusion/exclusion logic of the network so that individuals contribute to the configuration of their person. With public privacy the meaning that results from network switches is no longer arbitrary, or controlled by the bourgeoisie, but instead is under the control of the agent who has genuine considerations about her personal information. This view is not so incompatible with Reiman’s view, since privacy is understood as constitutive of personhood. The result comes about through a rather different path, however, since like Tavani I believe the social interactionist view is likely correct. People are not constituted by the information directly, but they are constituted by the meaning that results from the systemic collection, processing, and dissemination of personal information.
3 Technological protections
It has been suggested that technological protections of privacy are a viable alternative to normative theories (Tavani, 2007, 17-18). PETs often involve the use of cryptographic techniques to secure a private channel for the flow of information. Ecommerce, e.g., relies on PETs by ensuring that sensitive financial information is secure, but the adoption of PETs for non–financial personal information is still very rare. The slow adoption appears to have two causes: the extra ‘hassle’ that secure systems involve, and the misunderstanding of PETs’ efficacy for protecting personal information. PETs are a hassle for individuals because they require memorization of passphrases and the like, and often the purchase of extra hardware or software. Since the cryptographic wizardry occurs transparently, consumers (in particular) often under–appreciate the effects of PETs. If the systems are not under–appreciated they are often dismissed as superfluous or even flawed, portraying the contra–wise but popular sentiments that “everything can be hacked”, or that “nobody wants my information”.
These popular sentiments are mostly false. PETs that rely on cryptography are secure, since they use trusted and understood math. Cryptography is no panacea for privacy, however, since when implemented incorrectly the security of the system may fail, and at any rate, PETs only enlarge the private sphere. After a brief debunking of popular conceptions of cryptography and offering a corrective to the popular sentiment, I will show that PETs still will not solve the vexing public privacy problem.
In the very simplest of cases PETs use algorithms known as transposition or substitution ciphers. In a famous example, Julius Caesar is said to have communicated with his generals in the field using a very simple transposition cipher. Caesar had a ring with two concentric rotating circles on it, each having a complete alphabet printed around the circle. Caesar would securely inform his generals of the number of spaces to the left or right that he was turning the inner or outer ring. The transposition of the ring is the key (or ‘passphrase’) information (i.e., the key is the number of spaces the circle was turned). Caesar would then encipher a text by writing the corresponding letter (that lined up) from the other circle. The resulting text would not be understandable, but could be decrypted by reversing the process (looking up the ciphertext letter on the one circle and writing down the corresponding letter on the other circle to create plaintext). Obviously, cryptanalysis (codebreaking) of the ciphertext would be very easy. Since letter frequency is not the same for all letters in any natural language (the letter E, for example, is the most common in English) simple frequency analysis of the ciphertext would reveal associations and statistical anomalies. Once the key is revealed, it is trivial to decrypt the rest of the message and every subsequent message (until the key is changed).
Modern symmetric cryptography used in PETs is essentially the same, except much more complex algorithms diffuse any statistical anomalies (through multiple ‘rounds’ of the algorithm)—this creates data that is indistinguishable from purely random data. Symmetric key cryptography is typically used for ‘bulk’ cryptography because it is computationally fast and very secure. Modern symmetric key algorithms typically use a feature of the computational difficulty of performing multiplication modulo in a finite field (the details are extremely technical, but think of doing long division on very large prime numbers and you will get some image of the process).
The key length is an indication of the length of time it would take to perform an exhaustive keyspace search (‘brute force’ attack), but is not an indication of the quality of the randomness of the ciphertext (i.e., the ease of cryptanalysis is based on the quality of the algorithm, while the computational power required to perform a brute force attack is based on the key length). Currently even the fastest distributed supercomputers are only able to crack a 55 bit version of the AES (standard) algorithm. For each bit of extra key length the computation required doubles so that cracking a 56 bit key would take twice as much computation as cracking the 55 bit key, and cracking a 57 bit key would require four times as much computation. 128 bit keys will be secure from brute force attacks by even the fastest supercomputers for at least 30 years given the current rate of increase in computational power.
Public key cryptography is different because it uses an asymmetric key system, also known as a split–key system. The process of public key cryptography is counterintuitive, but in essence there are two linked keys (a public key and a private key); encrypting data with the public key can only be decrypted with the corresponding private key. For example, when I encrypt email I use the recipient’s public key, which was exchanged previously and is known publicly. Later, the recipient uses her private key (known only to herself) to decrypt the message. Only the private key can decrypt the message, but anyone with the public key can encrypt the message (i.e., anyone can send her an encrypted message that only she can read).
Public key cryptography is the backbone of secure internet commerce, typically implemented through Secure Sockets Layer (SSL) technology. Public key cryptography solves the problem of having to exchange a private key without a secure channel (since the internet is inherently an insecure channel). However, since public key cryptography typically uses the difficulty of computing large prime number factorization, it is much slower than private key cryptography (approximately 1000 times slower). Because of the resource–intensive nature, public key cryptography is typically used to encrypt (and securely exchange) the ‘session key’ used for subsequent private key cryptography. Thus, once the private key has been securely sent through the public key system all data is encrypted using much quicker private key cryptography.
Many controversial technologies use cryptography, and as a neutral technology it can be either privacy enhancing of privacy diminishing. When used for personal encryption, such as email messages or secure internet commerce, privacy can be enhanced. Yet, cryptography is also used in privacy crippling technologies such as Digital Rights Management (DRM) or Radio Frequency Identification Devices (RFIDs). DRM typically has two functions: a surveillance communication (the DRM device ‘calls home’) and a restrictive (or ‘enabling’) cryptographic function (Kerr, 2004, 89). Cryptography in these cases is used to make data unreadable/unusable unless the user has the appropriate rights. The surveillance communication checks that the user has the appropriate rights and sends a key to allow the data to be decrypted.
Trust is central to public key cryptography. There is an authentication requirement to public key cryptography, since if subject B is not who he says he is subject A may (securely) exchange information with B; the information would be secure, but only private in a confused and mistaken sort of way. Yet, this is surely a human and not a technical problem. A properly functioning PET is not one that merely ensures security, because security is not the same as privacy. PETs ensure privacy by establishing trust and maintaining security. According to the RALC theory, trust relies on normative powers such as social norms or ‘legislated’ powers (e.g., a trusted third party), whereas cryptographic security establishes a naturally private sphere. Yet, Moor dismisses PETs as a method of ensuring privacy (Tavani 2001, 6). Tavani and Moor argue that PETs amount to the management of privacy, which is logically distinct from privacy (itself).
4 Legal protections
The right to privacy has historically been protected in s. 8 of the Canadian Charter of Rights and Freedoms. Recently the courts have expressed “considerable sympathy” to understand s. 7 in a way that more fundamentally protects the right to privacy. The most difficult and pressing issues facing individuals in the network society, as I have been articulating them, tend to involve the willing submission of personal information to third parties which are typically commercial entities. I will show that a purposive analysis of s. 8 does not include these sorts of privacy concerns because s. 8 is conceptually about the limits of state powers, and not about non–state entities. A s. 7 analysis of the right to privacy makes significant steps to vest privacy in a notion of personhood (as, e.g., Reiman has), but adopts the s. 8 criteria of only protecting a “reasonable expectation” of privacy. By limiting the protection to contexts where there is a reasonable expectation of privacy the courts have eliminated any conceptual means of dealing with public privacy. Further, privacy has most recently been defined as involving only the private sphere.
If the courts were to enlarge the categories of privacy in a way that addressed these concerns the sort of weighing of interests involved could be fruitfully decided by employing the rights to freedom of expression as enshrined in s. 2(b). The troubling sort of public privacy situations typically require a weighing of the individual right to privacy against the rights to free expression. The dissemination of personal information is one of the more troubling aspects of privacy in the network society, and this dissemination enjoys Charter protection as the right of free expression, which has been shown to include commercial speech. In Oakes it was established that s. 2(b) is limited by s. 1; once a prima facie s. 2(b) violation has been determined the matter is balanced for proportionality using the Dagenais/Mentuck test. I am suggesting that if s. 7 enshrined a robust (and broad) right to privacy it too should be limited by s. 1, and then with a prima facie privacy violation established, proportionality testing could occur on a suitable test. The advantage of this procedure is that the category of public privacy can be established on a broader interpretation of s. 7 (with some difficulties, however), and then balancing can occur so that the rights to freedom of expression are not unnecessarily trammelled by privacy rights.
Section 8 of the Charter states that “everyone has the right to be secure against unreasonable search and seizure.” As identified in Hunter v. Southam Inc. the crux of the case is in the meaning of “unreasonable”. Justice Dickson stated that the Canadian Constitution is drafted “with an eye to the future” and should be interpreted in a broad and purposive way (Hunter v. Southam Inc., III). The purposive analysis offered by Justice Dickson links s. 8 historically to common law protections based on the right to “enjoy property” and be free from trespass. This was considered a very important right, since “the great end, for which men entered society, was to preserve their property” (Lord Camden, p.1066 19 St. Tr. 1029 quoted in Hunter v. Southam Inc., III). Justice Dickson follows the the Alberta Court of Appeals to establish an enlarged understanding of s. 8; it was argued that “what has been referred to as the right to privacy,… is the right to be secure against encroachment upon the citizens’ reasonable expectation of privacy in a free and democratic society” (Hunter v. Southam Inc., III). The protection provided by s. 8 must be understood purposively again, thus these rights protect privacy before violations occur, and so a regime of prior authorization is required (Hunter v. Southam Inc., III). Finally, Justice Dickson states that the onus is on the infringing party to demonstrate a superiority of interests, otherwise authorization should not be granted (Hunter v. Southam Inc., III A).
It is clear that Hunter v. Southam Inc. is only concerned with limiting state powers of search and seizure. The notion of authorization for warrant is entirely irrelevant in privacy cases that do not include state powers. The primacy of property rights is reiterated, but unless a robust theory of privacy can be derived from this foundation, and it appears that it cannot given my analysis of Thomson, these rights appear incapable of protecting the relevant conceptual spheres. What we do get from Hunter v. Southam Inc., however, is a notion of “reasonable expectation of privacy”. This criteria is later picked up in s. 7 analyses that attempt to articulate a more robust and fundamental framework for privacy. As I demonstrated in my analysis of the philosophical theories of privacy, an expectation of privacy is reasonable criteria for privacy in the private sphere, but will conceptually blind any application to the public sphere. The worry of the courts, obviously, is that without the criteria of reasonable expectation of privacy there would be insufficient limits on the right to privacy, such that the broad right would have no meaning. By avoiding untenable protection of activities conducted in the ‘light of day’ for all to see, the courts have also avoided protecting the mundane and ordinary situations where personal information is collected surreptitiously or not through the use of telecommunications devices (often in the home).
In CBC v. Lessard many of the same principles are articulated. The important advances are that privacy is stated to include individuals and corporations (¶45), and that the interests of individuals are weighed against those of the state (¶46). It is also noted that the right is stronger in the home (¶46), which makes the telecommunications cases (such as internet and telephone) particularly disturbing since these activities often occur in the home.
The attempt to locate privacy rights in s. 7 completely confuses liberty and privacy (which I have already noted is a problem), but privacy rights in a s. 7 framework are considerably more robust than those of s. 8. Section 7 states that “the right to life, liberty and security of the person and the right not to be deprived thereof except in accordance with the principles of fundamental justice.” The privacy rights found in s. 7 have yet to be properly challenged, but the courts have expressed “considerable sympathy” that the rights articulated in s. 7 include a right to privacy.
Privacy rights in s. 7 tie notions of privacy to personhood, Justice Sopinka writes, “there is no question, then, that personal autonomy, at least with respect to make choices concerning one’s own body, control over one’s physical and psychological integrity, and basic human dignity are encompassed within security of the person…” (Rodriguez v. British Columbia (Attorney General) ¶136). Justice L’Hereux–Dubé agrees and reiterates that the security of persons “has an element of personal autonomy, protecting the dignity and privacy of individuals” (Rodriguez v. British Columbia (Attorney General) ¶200). Further, this right to privacy extends to include personal information contained in third–party records (R. v. O’Connor, and M. (A.) v. Ryan).
These steps taken by the courts get us at least as far as Reiman or Rachels took us toward a framework for public privacy. Further, protection of personal information in documents is important, since increasingly this is the form of transfer that personal information takes. Vesting privacy so centrally in personhood recalls Reiman’s theory, which I will repeat in summary: “privacy is a social ritual by means of which an individual’s moral title to his existence is conferred” (Reiman, 1976, 39). My worry with Reiman’s theory was twofold: privacy and liberty are at risk of being confused, and the tight connection to personhood is likely to make it more difficult to protect public privacy. Liberty and privacy are certainly confused in the s. 7 privacy framework, Justice L’Hereux–Dubé writes, “Respect for individual privacy is an essential component of what it means to be ‘free’” (R. v. O’Connor). It is unclear what Justice L’Hereux–Dubé intended by the meaning of “essential”, but without tracing the Aristotelian roots, I think it is safe to assume that both ‘necessary’ and ‘sufficient’ was intended. I think this is an error, privacy may be necessary for freedom, but it is certainly not sufficient. The implications of this confusion of liberty and privacy are not merely academic, unpopular revolutionary activities may require privacy for discussion and planning (i.e., are necessary) , but privacy alone is not sufficient for this type of discussion or planning. The revolutionaries must also be at liberty to conduct certain activities, meet in certain places, perhaps even purchase certain goods—none of this should be confused with privacy. The s. 7 framework for privacy rights completely eliminates any notion of public privacy, Justice LaForest writes in Beare “that the right to liberty enshrined in s.7 of the Charter protects within its ambit the right to an irreducible sphere of personal autonomy wherein individuals may make inherently private choices free from state interference” (¶66, my emphasis). This is how the courts understand privacy, but as I pointed out above the requirement of an “expectation of privacy” from s. 8 is conceptually binding on the categories of privacy. The challenging cases are understanding the privacy implications of downstream affects; subjects have no expectation of privacy initially because there is no need to, but later when the violation occurs that opportunity to have the “expectation” has long passed.
My suggestion (obviously of analytical importance only) is that the courts ought to enlarge the categories of privacy to include the public sphere. This would require re–thinking the expectation of privacy requirement and de–tangling privacy from liberty. If this could be accomplished the concerns might be fruitfully addressed in much the same way that freedom of expression cases are decided. The difficult privacy cases found so frequently in the network society typically pit the (presently non–existent) rights of privacy against the rights to free expression. Then, the analysis might proceed similar to Hunter v. Southam Inc., in which the Oakes framework establishes the onus on the infringing party, and then balances the interests using the proportionality test from Dagenais v. CBC and R. v. Mentuck.
My analysis of the network society concluded that the collected, processed, and disseminated information that results from the structure and activity of the network society is latent with meaning; the process is actually knowledge creating. In Irwin v. Toy it was decided that an “activity is expressive if it attempts to convey meaning”; thus, the effects of the network society are, in a very broad but important way, expressive. Due to the tight interconnection of the logic of the networks and the economies it also happens that personal information tends to adopt a commercial varnish. In Ford. v. AG Quebec the courts maintained that commercial speech is not excluded from the protections offered by s. 2(b) since the effective operations of a market require consumers having access to abundant and diverse information (¶17).
Hunter v. Southam Inc. used a purposive analysis. First, it must be determined whether the objective of the restriction was to limit free speech. If there is a prima facie case of limiting free speech then the Oakes “effect” test must be used. Determining the effects asks 1) whether the activity was expressive, 2) whether the restriction is protected by s. 1, and then 3) a purposive test. The purposive test must show that there is a “pressing and substantial” claim, which is determined by 1) rational connection between means and objective, 2) minimal impairment of freedom of expression, and 3) the deleterious effects can not be “so serious as to outweigh.. the pressing and substantial objective” (¶82). In Mentuck the deleterious effects step is broadened: “the salutary effects of the publication ban outweigh the deleterious effects on the rights and interest of the parties and the public…” (¶32).
My suggestion is to follow the procedure articulated Hunter v. Southam Inc. for the application to privacy. The same advantage is conferred to privacy: the effects of the restriction to freedom of expression are not counted until the restriction has already been established. In freedom of expression cases the worry is that s. 1 limitations will narrow the category of expression such that only those forms of expression not in opposition to state powers (as articulated by s. 1) will be considered for judicial action. My worry with privacy cases is that the balancing of interests occurs far too soon in the analytical procedure. Public privacy is not considered part of a privacy right because the effects are counted when the categories of infringement are established. The courts want to avoid the sort of situations where public actions in the ‘light of day’, so to speak, are deemed by jurisprudence as privacy violating, but this balancing should occur after the categories of privacy have been established. If the s. 7 framework is broadened to include public privacy and the balancing occurs after the violation has been established, many of the sort of pervasive privacy violations that the network society creates would be deemed privacy violating. As it stands, individuals have no Charter rights to the collection, processing and dissemination of personal information. Some forms of dissemination, such as media coverage, may enjoy Charter protection, but the mundane and everyday cases that we all experience have no such protection.
I have surveyed the mainstream philosophical theories of privacy and shown that a) many fail to appreciate the complexities that the network society has brought upon privacy, and that b) all fail to protect public privacy. I showed through an analysis of contemporary society that the network has a double logic of inclusion/exclusion in which information flow becomes central to its operation, both structurally and economically. The outcome of the network society is pervasive creation of meaning, which often occurs through the collection, processing, and dissemination of personal information. I suggested that there are two means of protection against this assault on our personal privacy. I showed that privacy enhancing technologies are effective at maintaining privacy within the private sphere but are conceptually unable to protect public privacy. Legal protections for privacy are found in s. 8 and s. 7 of the Charter. The s. 7 framework builds on s. 8 and offers a robust theory of privacy that vests privacy rights in personhood. The courts are still establishing a proper framework for privacy but I suggested that by borrowing the conceptual apparatus of the freedom of expression cases there is a procedural path that can ensure public privacy is protected.
References
Canadian Broadcasting Corp v. Lessard [1991] 3 S.C.R. 421.
Castells, M. (2004). Informationalism, networks, and the network society: A theoretical blueprint, in the network society: A cross–cultural perspective. Northhampton, MA: Edward Elgar.
Dagenais v. Canadian Broadcasting Corp., [1994] 3 S.C.R. 835.
DeCew, J. W. (1986, August). The scope of privacy in law and ethics. Law and Philosophy, 5 (2), 145–173.
Ford v. AG Québec, [1998] 2 S.C.R. 712.
Honore, A. M. (1961). Oxford essays in jurisprudence. In A. G. Guest (Ed.), (pp. 107–47). Oxford: Oxford University Press.
Hunter v. Southam Inc., [1984] 2 S.C.R. 145.
Irwin Toy Ltd. v. Québec (Attorney General) [1989] 1 S.C.R. 927.
Kerr, I., & Bailey, J. (2004). The implications of digital rights management for privacy and freedom of expression. Information Communications and Ethics in Society, 2 (1), 87–97.
Litman, J. (2000, May). Information privacy / information property. Stanford Law Review, 52 (5), 1283–1313.
M. (A.) v. Ryan [1997] 1 S.C.R. 157.
Nissenbaum, H. (1998). Protecting privacy in an information age: The problem of privacy in public. Law and Philosophy, 17, 559–596.
Rachels, J. (1975, Summer). Why privacy is important. Philosophy and Public Affairs, 4 (4), 323–333.
Reiman, J. H. (1976, Autumn). Privacy, intimacy, and personhood. Philosophy and Public Affairs, 6 (1), 26–44.
Rodriguez v. British Columbia (Attorney General) [1993] 3 S.C.R. 519.
R. v. Mentuck [2001] 3 S.C.R. 442.
R. v. O'Connor [1995] 4 S.C.R. 411.
Tavani, H. T. (2007, January). Philosophical theories of privacy: Implications for an adequate online privacy policy. Metaphilosophy, 38 (1), 1–22.
Tavani, H. T., & Moor, J. H. (2001, March). Privacy protection, control of information and privacy–enhancing technologies. Computers and Society, 6 (11).
Thomson, J. J. (1975, Summer). The right to privacy. Philosophy and Public Affairs, 4 (4), 295–314.