theories of privacy and surveillance topic 1 graham greenleaf university of new south wales last...
TRANSCRIPT
Theories of Privacy and Surveillance
Topic 1Graham Greenleaf
University of New South Wales
Last revised: September 2008
Questions to start with What threatens our privacy? What values justify privacy laws? What do 'privacy' and 'surveillance’
mean? Why are there sceptics on whether
laws should protect privacy? See
RG - Theories of privacy and surveillance
Threats to privacy Embarrassment ‘Past coming back to
haunt you’ Lack of security of
information Unwanted marketing Marketing manipulation Irrelevant
considerations Collection of profiles
Intrusive biometrics Repressive state control Unfair decisions on
wrong/secret info. Tracking of
movements / location Interception of
communications
Values underlying privacy? Respect for human autonomy Psychological need for privacy Conduct free from inhibiting surveillance ‘Forgiveness’ of past actions Avoidance of injustices ‘Openness’ as a democratic virtue Preventing long-term repression Enabling markets (e-commerce)
Compare RG ‘The Concept of Privacy’ - for the origins of the above
suggestions under ‘Threats to privacy’ ALRC 108 [1.39] - Roger Clarke’s suggestions HKLRC (2004) Ch 1 ‘functions of privacy’
Attempts to define 'privacy' Most liberal theorists regard privacy as a value
that should be protected by law Some distinction between public and private spheres
has been essential to liberal thought Many support legislation, not just tort But there is no agreement on a definition or on
the justification Some (eg Wacks) regard ‘privacy’ as a useless
concept for legal implementation Others (eg HKLRC) retain it as a key term
Most privacy laws do not define ‘privacy’
4 ways of defining ‘privacy’ in terms of non-interference
'the right to be let alone’ (Warren & Brandeis) In terms of degree of access to a person
Secrecy / solitude / anonymity (Gavison) In terms of information control (Westin) as"intimate" and/or "sensitive" details (Innes)
Limits scope of privacy Bygrave: all 4 are reflected in privacy laws
Bygrave: privacy laws also protect self-realisation and democracy (see later)
Deficiences of the definitions
‘degree of access’ and ‘information control’ are too broad if they apply to all disclosures, and circular if they do not (Wacks (2000)
"intimate" or "sensitive” is too narrow
Solove’s ‘bottom up’ approach See ALRC [1.62] for discussion Rejects ‘top down’ approach of starting with a
definition Starts with ‘a web of interconnected types of
disruption’ - but these are not categories Criticisms (Bruyer): without a common
denominator, remains a piecemeal approach
Defence of ‘bottom up’ approaches Compare data protection and copyright law
see RG 0 ‘IPPs as a legal concept’ You can’t define the common element in the rights that make up
copyright either, and they have grown up piecemeal Apply Wittgenstein’s Family Resemblance thesis
“… things which may be thought to be connected by one essential common feature may in fact be connected by a series of overlapping similarities, where no one feature is common to all.” (Wikipedia)
How useful is ‘privacy’ as a legal concept? If it is only shorthand for a bundle of different rights, each of those
rights may have separate justifications It may have rhetorical value even if it is a composite and
indefinable term (a ‘black box’ term)
Categories of privacy ALRC 108 [1.31] (and many others) suggest 4
main ‘related concepts’: Information privacy (or ‘data protection’)
Which can be seen as falling into 10 or more ‘UPPs’, which have a ‘family resemblance’ rather than
Bodily privacy Privacy of communications Territorial privacy
These last 3 are less well defined in law or privacy theory than is information privacy
See the Australian and Asia-Pacific Privacy Charters as examples of attempts to incorporate them
Privacy and public interests Bygrave: privacy laws also protect self-
realisation and democracy Victorian Law Reform Commission Defining
Privacy (Occasional Paper) 2002 Privacy as a group value (public sphere): ‘The
right of privacy exists because democracy must impose limits on the extent of control and direction that the state exercises over the day-to-day conduct of individual lives’ (Rubenfeld)
Question: why limit this to state control?
Wacks’ redefinition “ `Personal information' includes those facts,
communications or opinions which relate to the individual and which it would be reasonable to expect him to regard as intimate or sensitive and therefore to want to withhold, or at least to restrict their collection, use or circulation.”
This attempts to give an objective test of what is personal information
But it shifts the legal issue (‘reasonable’) to when other interests will over-ride.
Problem: ‘personal information’ is only part of what we mean by ‘privacy’
Sceptical views of privacy law See RG 2.3
Privacy as economic inefficiency Technological defeatism / dystopianism Technological counter-surveillance Technological optimists - 'PET lovers' Property right / ‘private orderings’
‘Privacy scepticism’ is often a mix of these views - it is useful to disentange them
Privacy as economic inefficiency Posner (1978):
Information privacy allows people to misrepresent their character
It is inefficient and should not be valued Less sophisticated variants
Business / government should have unfettered use if this enhances efficiency
‘the innocent have nothing to fear’ Privacy always loses out to other interests, even if
it does have some weight (common view)
Technological defeatism / dystopianism Futile to attempt to protect privacy in the face
of surveillance developments 'You have zero privacy. Get over it.’ (McNealy) Exemplified in Orwell’s 1984 (1948)
Technological counter-surveillance Maximise surveillance of all those who have control
of surveillance (David Brin) But who will win a surveillance arms race?
Movie ‘Enemy of the State’ Q: Can we accept the technique but reject the
defeatism?
Technological optimism - 'PET lovers'
Privacy-enhancing technologies (PETs) - RG11 emphasises technology, not law, as protection Encryption
Egs PGP (Pretty Good Privacy); browsing anonymisers Negative - Irrelevant to most privacy problems Positive - Focus on privacy-friendly system design Double-edged because of authentication uses
Facilitating ‘privacy markets’/consent P3P - the 'platform for privacy preferences’ How effective without legislation or property rights?
Property right approaches Samuelson (1999) identifies advantages:
Allows alienability of privacy rights, and for individuals to share in market value
Forces firms to internalise costs of interference Property right + markets will suffice Mainly a US view
Reject European ‘bureaucratic’ approach US First Amendment forces this approach Constitutionally easier to establish property rights
than to limit disclosures
Property right approaches (cont)
‘Private orderings’ Leave privacy to contracts and the market
The previous view minus the property rights Equates to no protection
just freedom of contract in the private sector Whatever legislation allows in the public sector
The most extreme view
Theorists of surveillance See RG 2.4 ‘Theorists of surveillance’
Panopticism Foucault's influence
Sociological analysis James Rule's analysis
The techniques of `Dataveillance' Roger Clarke's analysis
Michel Foucault - Panopticism Panopticism - Bentham’s prison Foucault’s ‘panopticism’: the general principle
of a new relationship of power - ‘discipline’, a ‘technology of power’.
Spread of the panoptic approach through other social institutions results in ‘measures of normality’ which are largely outside the legal system
Compare panopticism and data surveillance
James Rule - Sociology of surveillance Rule treats as neutral terms:
‘Surveillance’ as ‘the systematic collection and monitoring of personal data, for the purpose of social control’
‘Social control’ as ‘any means of influence [to] render other people's behaviour more predictable and more acceptable;
Best early analysis of the techniques information systems offer for social control
Eg 3 methods of enforcement - (I) exclusion; (ii) adjusting benefit to risk; (iii) active coercion
Expectations of ‘appropriate’ treatment based on past history equates to an internalisation of surveillance
`Efficiency criteria' - do privacy laws control surveillance? Eg application to IPPs (Greenleaf)
Roger Clarke - Dataveillance distinction between Personal v Mass data
surveillance analysis of techniques of data surveillance
Personal: record integration; front-end verification; front-end audit; cross-system enforcement
Mass: routine screening; file analysis; profiling Facilitated by data matching, data concentration
Adds precision to the discussion of data surveillance law and privacy law responses