I am really in two minds about Vint Cerf’s reported comments regarding privacy. There are aspects I agree with, and others I would hotly dispute.
It may well be true that in the small town where Vint grew up, one had little or no expectation of privacy. Ingrid Melve said the same thing about her home village in Norway. If you behaved badly as a child, you could expect everyone to know about it. But, Ingrid went on to say, if you mended your ways, people would forgive and even, possibly, forget. But that’s people, whereas these days, computers find the first impossible and the second extremely hard to do. Yes, technology has changed the way in which we interact, because we’re no longer dealing only with face-to-face human interactions alone: we’re dealing with interactions that are remote and technically-mediated. However, I don’t actually think the “small town” example tells us that there was no expectation of privacy: I think it tells us that people had different assumptions about what constituted the public sphere, and what constituted the private. Not that there was simply no such thing as the private sphere.
But the second point is that, technically mediated or not, privacy is a relationship. Privacy consists in retaining the choice over what you disclose to whom, in what context. If you want to describe or analyse specific privacy use-cases, it only makes sense if you can specify what the context is, and which relationship is in question. If you want to talk about privacy in the abstract, without those specifics, the only way to do it is as a social construct: privacy is a function of co-existence. The scope of our expectation of privacy may vary with time, but it has been around as long as humans have lived with each other. It is not an anomaly.
Nor are today’s technical developments the only ones to have challenged our view of privacy; Louis Brandeis’ seminal paper on privacy was spurred by the advent of portable cameras, and the prospect that pictures taken in public could be quickly and easily published in the popular press. We’re still wrestling with that today; we rely on regulation of the press and paparazzi, not on technical solutions, to protect against this privacy risk, and frequently we fail.
Third – and this is where I find Vint’s reported remarks most problematic – it is not good enough to say that we, collectively, have forfeited our privacy voluntarily through the disclosures we make via networked social sites and other online services. It’s not good enough, because that implies that our disclosures are intentional and made on the basis of informed consent. In most cases, that is not an accurate analysis.
- I have said for some time that the disclosures we make on networked social sites are made on the basis of a fundamentally flawed risk assessment. Any service that fits the description “if you’re not paying, you’re the product” has an overwhelming interest in fooling you into thinking that you are only disclosing information to your circle of friends. This is key to their ability to monetize your personal data, your social graph, and the metadata generated by your online activity.
- The analysis also does not account for passively-disclosed data, or data the individual is unaware of disclosing. In both those cases, if we have forfeited our privacy, it is because of the intentional actions of others – and those actions can be subjected to regulation. It is all very well for Vint to say that we need to modify our behaviour if we want to protect our privacy, but that has only a partial effect on actively-disclosed data, and very little on passive disclosures.
I do agree with Vint that we need to modify our behaviour if we want to protect our privacy better, but that can only make a significant difference where our disclosures are either active, or passive but consensual. And last, asking whether privacy is an anomaly is just not the right question. A need for privacy is a built-in function of human society; the question to resolve is whether it is a fundamental right, and if so, what to do about that.