Privacy is personal

In the physical world, we govern privacy with clothes and walls, buttons, zippers, windows and doors. (See Clothing as a privacy system.)

We also see privacy as a thing that can be possessed. That’s the framing for statements like, “Give me some privacy, and “Don’t take away my privacy.”

On another hand (there can be many), we also see privacy as a state of being: “This is private.” “Keep this private.”

The American Heritage Dictionary defines privacy as “1. a) The quality or condition of being secluded from the presence or view of others; b) The state of being free from unsanctioned intrusion: a person’s right to privacy”; and  “2. The state of being concealed; secrecy.” The Collins English Dictionary (at that same link) adds one more: “3. (Philosophy) Philosophy the condition of being necessarily restricted to a single person.” The boldface is mine. I like that one. (And not just because I majored in philosophy, back in the decade.)

That’s the noun. To mine the derivational vein, we must also dig the adjective. Here’s American Heritage on private:

  1. a. Secluded from the sight, presence, or intrusion of others: a private hideaway; b. Designed or intended for one’s exclusive use: a private room.
  2. a. Of or confined to the individual; personal: a private joke; private opinions.private road b. Undertaken on an individual basis: private studies; private research. c. Of, relating to, or receiving special hospital services and privileges: a private patient.
  3. Not available for public use, control, or participation: a private club; a private party.
  4. a. Belonging to a particular person or persons, as opposed to the public or the government: private property. b. Of, relating to, or derived from nongovernment sources: private funding. c. Conducted and supported primarily by individuals or groups not affiliated with governmental agencies or corporations: a private college; a private sanatorium. d. Enrolled in or attending a private school: a private student.
  5. Not holding an official or public position: a private citizen.
  6. a. Not for public knowledge or disclosure; secret: private papers; a private communication. b. Not appropriate for use or display in public; intimate: private behavior; a private tragedy. c. Placing a high value on personal privacy: a private person.

Here’s what it says about deep sources for private (and also for privacy): “Middle English privat from Latin privatusnot in public life, past participle of privare, to release, deprive, from privussingle, alone… Indo-European roots.”

Thus, here in the everyday vernacular of the physical world, privacy is well understood, and has been since before we had History. But “here” now also constitutes the virtual world, where you are equally present, and reading this text right now. In the physical “here,” your privacy is provided by what you’re wearing and where you locate yourself. Your choices in the virtual “here” are not so plain and clear. Not yet, anyway. At best we can only hope that the stuff we try to keep private will stay that way. And it is best lately to hope less than you used to, because there is a large and growing business in abusing your privacy in the virtual world. That business is advertising. For that business, your privacy is a problem that can only be solved with a promise: Trust us. We not only respect your privacy, but are in business to help you. Buy stuff, that is.

Credit where due: the Internet Advertising Bureau (IAB) is deeply concerned about privacy, and requires that its members adhere to a raft of privacy principles. Here’s one: “Businesses collecting or using information about individual consumers for interactive advertising purposes should provide choice, where appropriate, to that individual. Consumers also should receive relevant education regarding cross-industry opportunities to opt out of the collection or use of individual information or other methods to exercise choice.”

However well-intended this might be, it’s a window fan blowing against the storm of wealth-creation that the “interactive” advertising business has become. On Friday, Facebook went public with a valuation exceeding $100 billion. Its business is advertising. So is Google’s, with a market cap hovering around $200 billion. The goal for both companies is to “personalize” advertising as much as possible. This requires making their machines learn all they can about you, whether you know it or not. And, for all their talk about providing choices, they’d rather you not shut out their tentacles or cover their prying eyes.

If you want to operate on the Web today, it is almost impossible to avoid either company, or the thousands of other that are in the business of knowing as much as possible about you, so that information can be sold to advertisers and their agencies. Wanting to maximize the sum and quality of information about individuals is at absolute odds with those companies’ stated commitments to privacy — as well as individuals’ own sense, based on experience in the physical world, of what privacy is and how it should work.

Did you know that, when you go to a site that has a Facebook “like” button, Facebook will know you were there, even if you don’t click on the button? Also, says Consumer Reports, “Even if you have restricted your information to be seen by friends only, a friend who is using a Facebook app could allow your data to be transferred to a third party without your knowledge.” And, adds Abine, “You know those Facebook Like and Connect buttons you see on almost every website?  They’re not just for sharing: they’re tracking devices.  Facebook buttons can track both members and non-members of Facebook, even if you never click them.  They transmit your clicks, browsing history, IP address, and more to Facebook.”

Is Facebook going to stop doing that kind of thing on their own, when they believe it’s also the very thing that makes them the most money?

Not surprisingly, Consumer Reports’ parent, Consumers Union, wants a policy solution. That is, new laws that restrict the ability of Facebook and others to, for example, track us without our permission. Meanwhile CU has also put up the HearUsNow site, as a way for individuals to demand better treatment by Facebook. The White House has also issued a Privacy Bill of Rights, which offers guidelines for lawmaking.

In his landmark book, Understanding Privacy, Raymond Solove details the many ways that privacy is nearly impossible to pin down in legal argument, much less in policy. So, while he notes in the first sentence of his first chapter, “Supreme Court Justice Louis Brandeis pronounced it ‘the most comprehensive of rights and the right most valued by civilized men,'” he later adds that “legal scholar Arthur Miller has declared that privacy is ‘difficult to define because it is exasperatingly vague and evanescent.'” Solove’s own case is that “the value of privacy must be determined on the basis of its importance to society, not in terms of individual rights.” He adds, “the value of privacy in a particular context depends on the social importance of the activities it facilitates.” The prescriptive chapters of the book are devoted to laying out a taxonomic framework for understanding privacy problems. Because, sensibly, “A lucid, comprehensive, and concrete understanding of privacy will aid the creation of law and policy to address privacy issues.”

Which is fine, if you think corporations and governments are the only actors in the marketplace with full agency. That is, with the ability to act, and to cause effects. As individuals on the Web, we don’t have that ability today. (Imagine having a website agree to your terms and conditions, rather than the reverse.) One symptom of that is the call for legislative protection, which we wouldn’t have if we had full agency. So, the thinking goes, “We can’t protect ourselves, so the government should step in.”

I’m against that, at least for now, because I don’t believe we’ve done enough to empower individuals on their own. I’d rather we work on equipping individuals to enjoy full agency, as independent and sovereign beings, in the online marketplace as well as in the offline one. Or, in other words, to break out of the calf-cow system (called “client-server”) that we’ve been stuck in since 1995. I believe the personal nature of privacy, as it has been understood plainly since the late Pleistocene, requires that.

Some of the tools are already there. Public key cryptography, for example. Link contracts in XDI. The stuff Alec Muffett starts talking about in Slide 47 of his presentation here. Same goes for much of the work being done by the ProjectVRM development community. As ordinary folk we don’t need to understand the technologies behind all that work, but it helps to know that we’re not starting from zero.

At the very least we need some perspective here, based on the fact that we have hardly begun to explore what it will take to create physical-grade privacy on the Net. And that as we do, we need to keep it personal. That’s where privacy is best understood and measured. There is also cause and effect. If you and I don’t have privacy online, society won’t either.