understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

The Original Privacy Position

posted by:David Matheson // 11:50 PM // July 12, 2006 // Core Concepts: language and labels | Digital Democracy: law, policy and politics | Surveillance and social sorting

Thomas Nagel has pointed out that there is an analogy to be drawn between (what I’ll call) the problem of liberalism and the problem of privacy. The problem of liberalism concerns “how to join together individuals with conflicting interests and a plurality of values, under a common system of law that serves their collective interests equitably without destroying their autonomy.” (Nagel 1998, 4-5) The problem of privacy is that of “defining conventions of reticence and privacy that allow people to interact peacefully in public without exposing themselves in ways that would be emotionally traumatic or would inhibit the free operation of personal feeling, fantasy, imagination, and thought.” (Nagel 1998, 5)

One well-known attempt to deal with the problem of liberalism comes from John Rawls (1971). He asked us to imagine individuals in what he called the Original Position. Inhabitants of the Original Position are behind a “veil of ignorance” that cuts them off from any significant knowledge of their position in society: they don’t know whether they are rich or poor, powerful or disadvantaged, members of a social majority or minority, etc. Under such conditions of ignorance, they are faced with the task of determining the basic structures and rules whereby society is to be ordered. Whatever structures and rules they would agree upon, Rawls claimed, are the basic principles of justice (as fairness).

So what would the inhabitants of the Original Position agree upon? Rawls pointed to two fundamental principles. First, the liberty principle:

Liberty. Each individual is to have a maximal amount of basic liberty (including such things as the freedom to vote, the freedom to be considered for public office, freedom of speech, freedom of conscience, freedom of assembly, and freedom from arbitrary arrest and seizure) consistent with a similar liberty for everyone else.

Second, the difference principle:

Difference. Socio-economic inequalities are to be such that they bring the greatest benefit to least advantaged members of society.

By thus using the decision procedure that consists of thinking about what inhabitants of the Original Position would agree upon, Rawls suggested, we can get clear about the basic principles of justice. These principles provide the general framework for understanding “how to join together individuals with conflicting interests and a plurality of values, under a common system of law that serves their collective interests equitably without destroying their autonomy.” Hence the use of the Original Position gives us one way of dealing with the problem of liberalism.

I wonder if there isn’t an analogous solution to the analogous problem, i.e. to the problem of privacy. Perhaps we can make use of a privacy version of the Original Position; call it the “Original Privacy Position.” Thus, as before, imagine a group of individuals behind a metaphorical veil of ignorance. Now, however, the veil only precludes them from knowing anything significant about their privacy position in society. Inhabitants of the Original Privacy Position, in other words, don’t know such things as whether their privacy is generally at serious risk, whether they attach a great deal of value to their privacy, whether they are in a position to make a lot of money through the diminishment of others’ privacy (or whether others are in such a position with respect to them), etc. And behind this veil of privacy ignorance they are given the task of deciding upon the basic norms of “reticence and privacy,” to use Nagel’s phrase, or norms of the “contextual integrity” of personal information, to use Helen Nissenbaum (1998, 2002)’ s equally apt one. The idea would be that whatever basic norms inhabitants of the Original Privacy Position would agree upon, those are the basic privacy norms that any just society should respect.

Maybe they would agree upon norms quite analogous to Rawls’s two general principles of justice. First, there would be the privacy norm:

Privacy. Each member of society is to have a maximal amount of basic privacy consistent with a similar privacy for everyone else.

Then there would be something like the difference of privacy means norm:

Difference of privacy means. Inequalities with respect to individuals’ means of controlling their privacy (e.g. inequalities concerning access to technologies designed to protect their privacy, or to diminish that of others) are to be such that they bring the greatest benefit to the least privacy privileged members of society (i.e. to those members of society who are the least advantaged with respect to controlling their privacy).

Although I haven’t yet chatted with him about this, it seems to me that this Rawlsian approach to the problem of privacy might serve as a basis for justifying Steve Mann’s program of equiveillance. After all, a good case can be made that many of the surveillance structures in our actual society violate one of both of the just mentioned privacy norms. (Compare Lucas Introna (2000)’s claim that workplace surveillance practices sit ill at ease with the Rawlsian approach to justice as fairness.)

Consider, for example, the surveillance structures built into digital rights management technologies. Those structures certainly yield inequalities when it comes to individuals’ means of controlling their privacy. And they arguably bring no (let alone the greatest) benefit to the least privacy privileged members of society. Steve’s insistence that we aim for equiveillance through sousveillance could perhaps be cast as the point that sousveillance is needed to bring us back to an appropriate respect for such privacy norms as Privacy and Difference of privacy means.


Introna, Lucas. (2000). “Workplace Surveillance, Privacy, and Distributive Justice.” Computers and Society 33: 33-9

Nagel, Thomas. (1998). “Concealment and Exposure.” Philosophy & Public Affairs 27: 3-30

Nissenbaum, Helen. (2004). “Privacy as Contextual Integrity.” Washington Law Review 79: 119-58

Nissenbaum, Helen. (1998). “Protecting Privacy in an Information Age: The Problem of Privacy in Public.” Law and Philosophy 17: 559-96

Rawls, John. (1971). A Theory of Justice. Cambridge, MA: Harvard University Press.

| Comments (2) |

A Dignity Worry about Automated Identity Management

posted by:David Matheson // 12:05 PM // May 28, 2006 // Core Concepts: language and labels | Digital Identity Management | Surveillance and social sorting

Consider an extreme proponent of the ancient Greek practical philosophy known as Cynicism. I’ll call him Diogenes, without implying anything about how closely he resembles the historical Cynic of the same name (who, you might recall, once suggested to a fawning Alexander the Great that the greatest honor the king could bestow on him was that of moving a little to the side so that he could continue to soak up the sun’s rays). Our fictitious Diogenes takes the Cynical doctrine of following the lead of nature, and of flouting any inhibitive social conventions, to a shocking level. In a way that might remind a dog-owner of her lovable companion (“Cynic,” after all, comes from kunikos in Greek, meaning “like a dog,” cf. Piering 2006), Diogenes makes no attempt to hide whatever inclinations and desires he happens to find coming his way naturally, and is quite happy to satisfy them whenever and wherever he can. Bodily functions that we would normally consider to be deeply private he carries out in full view of whoever happens to be in his presence. He says whatever comes to mind, regardless of who it might happen to offend or of how it might make him appear to others. Simply put, Diogenes lets it all hang out, always. And he’s convinced that doing so is the true road to happiness.

We might say that Diogenes believes that shame-avoidance -- at least as we commonly think of shame -- stands in the way of human happiness. Or we might say that he presents a formidable challenge to our convictions about the negative value of shame. But it seems to me that, whatever we say on those matters, Diogenes can at least properly be said to be living a shameful life. Even if he couldn’t care less about avoiding shame, and regardless of whether he thinks it’s something to be quite pleased about, Diogenes is in the business of performing one shameful act after another.

It’s interesting to note that this intuitive (to me, at any rate) verdict about Diogenes’s behavior -- it’s shameful -- sits ill at ease with philosophical accounts of shame that render it essentially a matter of sensitivity to the disapproval of others. Consider, for example, the view that an individual’s behavior is an occasion for shame just in case she feels bad about engaging in it when she considers that others disapprove. In this view, Diogenes is not living a life of shame. He knows that others disapprove of his startling behavior, but he doesn’t feel bad in the light of this knowledge, for he thinks that sensitivity to the disapproval is inimical to the prime directive of happiness.

Recently, New York University philosopher J. David Velleman (2001) has presented an alternative account of shame that is more accommodating to the intuitive verdict about Diogenes. According to this account, shame is at its core about failures of selective self-presentation: to say that an individual’s behavior is an occasion for shame, in other words, is to say that she has failed to take adequate care -- failed to manifest appropriate concern -- when it comes to selectively revealing (or, on the flip side, concealing) different aspects of herself in different contexts. Despite the fancy name, the concern for selective self-presentation is a pretty familiar feature of our lives. Indeed, according to some, it’s “among the most important attributes of our humanity.” (Nagel 1998: 4) It’s manifested in everything from such mundane activities as the wearing of clothes in public, retiring to designated rooms for intimate engagements, and taking care not to say everything we think to be true of individuals in their presence, to more elaborate attempts to respect what another NYU philosopher, Helen Nissenbaum (1998) has called “norms of contextual integrity” of personal information, whether in online environments or elsewhere.

If we accept this alternative account of shame, with its focus on failures of selective self-presentation, I think we’re in a good position to explain why Diogenes is living a life of shame. Diogenes can’t be said to be taking adequate care when it comes to selectively revealing different aspects of himself in different contexts, because he really takes no care at all. His starling behavior, given that lack of care, amounts to a radical failure of selective self-presentation, and is thus an occasion for shame.

Of course, occasions for shame need not be as radical as what’s involved in Diogenes’s case. He manifests a general, pervasive, and ongoing lack of concern for selective self-presentation. In more realistic cases, failures of selective self-presentation are considerably more acute, stemming from particular bits of behavior that manifest a temporary lack of care for selective self-presentation against the background of a more general care for it. To illustrate, consider the individual who make an ill-considered, out of character remark that exposes his feelings about another individual to a much larger audience than he intends. His remark can be said to be an occasion for shame because, despite the fact that he generally makes an active effort to reveal such attitudes only to a limited circle of close friends -- thus manifesting a general, ongoing concern for selective self-presentation -- this particular remark has undermined the general effort and thus manifests a temporary carelessness about self-presentation, one that amounts to a relatively small-scale instance of shame.

Notice that the avoidance of shame seems to be centrally tied to human dignity: an individual’s behavior can hardly be dignified if it is an occasion for shame, and dignified behavior seems to preclude shameful behavior. If we accept it, then, the failure of selective self-presentation account of shame would seem to translate into an important insight about human dignity, viz. that manifesting an adequate concern for selective self-presentation, through the active avoidance of failures of selective self-presentation, is a central condition on our dignity.

It seems to me that this insight about human dignity may well ground a worry about certain kinds of identity management technologies that are becoming increasingly prevalent on the contemporary scene. What I have in mind are those technologies that tend to automate the management of users’ identities to a very high degree, by significantly diminishing the users’ active participation in processes of their own identification. Consider, for example, implanted RFID microchips. One of the primary benefits of these technologies is identification convenience: if you’ve got the chip in your arm, the process of being identified in various ways is easier for you than processes involving old-fashioned counterparts. You don’t have to bother with finding the right card, producing the right documentation, providing the right answers to relevant questions, and so on. You just walk on through, and let the chip do your identifying for you. Brin (2004) makes the point in connection with biometric identification systems: “When your car recognizes your face, and all the stores can verify your fingerprints, what need will you have for keys or a credit card?”

Perhaps, however, the convenience of these technologies comes at too high a price on the dignity scale -- at least for those of us who, unlike our fictitious Diogenes, care about human dignity in the relevant sense. For it seems to me that there’s a case to be made that the more we subscribe to automated identity management technologies, the less likely we are to maintain a robust concern for selective self-presentation, because we are more likely to leave the presentation of aspects of ourselves up to the technologies and the systems of which they are a part. And if the insight about human dignity mentioned above is on the right track, this carries as a consequence an increased likelihood of diminishing our dignity as humans.

Diogenes in effect gives up on selective self-presentation by leaving his self-presentation to the hand of nature. Perhaps we should be careful about giving up on our selective self-presentation by leaving our self-presentation to the hand of technology. Our dignity may well be what hangs in the balance.


Brin, David. (2004). “Three Cheers for the Surveillance Society!” Salon, http://dir.salon.com/story/tech/feature/2004/08/04/mortal_gods/index_np.html. Retrieved 26 May 2006

Nagel, Thomas. (1998). “Concealment and Exposure.” Philosophy & Public Affairs 27: 3-30

Nissenbaum, Helen. (1998). “Protecting Privacy in an Information Age: The Problem of Privacy in Public.” Law & Philosophy 17: 559-96

Piering, Julie. (2006). “Cynics.” The Internet Encyclopedia of Philosophy, http://www.iep.utm.edu/c/cynics.htm. Retrieved 25 May 2006

Velleman, J. David. (2001). “The Genesis of Shame.” Philosophy & Public Affairs 30: 27-52

| Comments (0) |

Spread the Word -- Ottawa now hosts a "Copynight"

posted by:Ambrese Montagu // 10:14 AM // May 19, 2006 // Core Concepts: language and labels | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | TechLife | Walking On the Identity Trail

Ottawa's first ever Copynight will be held at 6pm Tuesday May 23rd at The Royal Oak Pub (161 Laurier Avenue Eas, which is located on the north edge of the Ottawa University campus).

CopyNight is a monthly social gathering of people interested in restoring balance in copyright law. We meet over drinks once a month in many cities to discuss new developments and build social ties between artists, engineers, filmmakers, academics, lawyers, and many others. Everyone is welcome.

In future, Copynight's will be held on the 4th Tuesday of every month. To learn more or get on the mailing list, please email ottawa (at) copynight.org.

| Comments (0) |

Jargon Watch

posted by:Jeremy Hessing-Lewis // 03:05 PM // May 16, 2006 // Commentary &/or random thoughts | Core Concepts: language and labels | Walking On the Identity Trail

New words to keep in mind.

"Techade"(noun): Technology emerging over the next ten years.

"Co-operation Superhighway"(noun): Ongoing private-public international partnerships. eg. FTC attorneys being helped by law enforcement and/or ISPs in the country where the problem originates.

"Best-of-breed Anti-fishing Security Vendor" (noun): Depends on which anti-phishing vendor you ask.

"Evasive Malware"(noun): see Sony Rootkit.

"Tricklers"(noun): Automatic download software. See Windows Update.

"Potentially Unwanted Technologies"(noun): Something you may not want on your computer. See also spyware.

| Comments (0) |

The Personal and the Empirical

posted by:David Matheson // 04:13 PM // August 17, 2005 // Core Concepts: language and labels

Sometimes when we describe information as "personal" we mean to cordon it off as information that others have no business knowing. This is often what's going on when one declines to answer a question on the grounds that "that's personal!" But here I want to talk about personal information in a broader sense. I'm interested in understanding the nature of personal information in the sense of the sort of information with respect to which one can, at least potentially, have privacy. I can have privacy with respect to information about what medications I might happen to be on, because that's personal information about me; but I can't have privacy with respect to information about the average annual rainfall in Ottawa, because that's obviously not personal information about me. This even though the information about my medications might quite properly be the business of others to know (e.g. my physician).

What is personal information in this broader sense? An adequate answer to that question is important for any robust theory of the individual's right to (informational) privacy, since if we want to understand what that right amounts to we'll also want to understand what the thing is – privacy -- to which the right entitles the individual. And since privacy is presumably a relation that holds between the individual's personal information and other people, we'll in turn want some understanding of what we're talking about when we speak of the individual's personal information.

Elsewhere I've argued that personal information is not necessarily sensitive information about the individual, on the grounds that even if the individual could care less about whether others know a bit of information about her (or even if most members of the society in which she lives could care less whether others know that sort of information about them) that's not enough to render the information in question non-personal; all it might show is that the individual could care less about whether personal information about her is known by others. I'm still inclined to say this. But this, of course, is not really to say anything about what personal information is; it's only to say what personal information isn't.

Once the personal and the sensitive are drawn apart in this way, it becomes tempting to suggest that personal information is just information specifically about an individual: personal information about me, for example, is just facts about me as opposed to other people (or no people at all). But there are serious problems with this liberal account of personal information. Consider the following fact (i.e. bit of information):

(1) David Matheson is David Matheson.

As Steven Davis has pointed out in a recent paper (see footnote 17 of his "The Epistemology and Normativity of Identifying and Identification"), this sort of trivial identity fact is, for all its triviality, a bit of information specifically about an individual, viz. me. No one else, after all, is identical to me except me! And so on the liberal account, (1) would count as a bit of personal information about me. But that's absurd: (1) is information specifically about me, to be sure, but not personal information about me.

Other counterexamples to the liberal account of personal information abound. Consider, for example, the following two facts about me:

(2) If David Matheson is a resident of Ottawa, Ontario, then he is a resident of Canada.

(3) David Matheson is not both married and a bachelor.

Again, (2) and (3) are both bits of information specifically about me. But it is quite implausible to say that they are bits of personal information about me.

So we're still in a fog. If personal information is to be equated neither with sensitive information about an individual, nor with just information specifically about an individual, what is it? My suggestion is this: personal information is empirical information specifically about an individual. To flesh this new account out a bit, I'm going to have to say something about the meaning of its key term, "empirical." And to do that, I have to say something about knowledge sources.

A knowledge source can be thought of, generally, as a cognitive process that begins with certain characteristic mental states (the source's "input") and -- provided all goes well -- results in knowledge (the source's "output"). Philosophers have distinguished six putative knowledge sources, so understood, distinguished from each other in terms of their distinct inputs and/or outputs:

Perception. This takes sensory appearances of things in the world (e.g. its seeming to me visually as if there is a dog in front of me) as input, and generates knowledge of things in the world (e.g. my knowing that there is a dog in front of me) as output.

Introspection. This takes appearances of one's own mental life (e.g. its seeming to me, when I direct my attention to my own mind, that I am annoyed with someone) as input, and generates knowledge of one's own mental life (e.g. my knowing that I am annoyed with that person) as output.

Inference ("Reason" in one sense). This takes knowledge of certain information (e.g. my knowing that Socrates is a man and that all men are mortal) as input, and yields knowledge of new information (e.g. my knowing that Socrates is mortal) as output.

Rational Intuition ("Reason" in another sense). This takes appearances of necessity (e.g. its seeming to me necessary that 2+2=4) as input, and generates knowledge of necessary truths (e.g. my knowing that 2+2=4) as output.

Memory. This takes past knowledge of information (e.g. my knowing yesterday that I had a latte in the morning) as input, and yields present knowledge of the very same information (e.g. my knowing today that I had a latte yesterday morning) as output.

Testimony. This takes knowledge that another person has claimed something (e.g. my knowing that the departmental chair has claimed that philosophy enrollments are up this year) as input, and yields knowledge of what she has claimed (e.g. my knowing that philosophy enrollments are up this year) as output.

Among these general sources, only Perception, Introspection and Rational Intuition seem to be basic knowledge sources, since only they generate knowledge from something other than knowledge. The other sources -- Inference, Memory, and Testimony -- only work if they've already got knowledge ultimately derived from the basic sources.

We can understand the notion of empirical information, however, just in terms of the basic sources. To say that a bit of information is empirical is to say that it can only ultimately be known through the operation of Perception and Introspection (through "experience", as philosophers are often wont to say). The contrast is with (as philosophers also often put it) "a priori" information. A priori information is information that can ultimately be known through the operation of Rational Intuition. (A little aside: you've probably heard about great debates in the history of Western philosophy between the "Rationalists" and the "Empiricists." The Rationalists think we can know a lot of significant a priori information, i.e. a lot ultimately just through Rational Intuition; that's why they're big on Reason. The Empiricists, by contrast, think that pretty much any significant information to be known is empirical, i.e. to be known only through Perception and Introspection; that's why they're big on Experience, or the Senses.)

So, in a nutshell, the claim that personal information is empirical information specifically about an individual amounts to this: personal information is information specifically about an individual that can ultimately only be known through the operation of Perception and Introspection. Rational intuition ("reason" in one historically important sense of the term) alone won't do the trick.

This account of personal information allows us to understand why the likes of (1)-(3) don't count as bits of personal information. Although they are bits of information specifically about an individual, they are not empirical bits of information specifically about that individual, since they can (I suggest) be known ultimately though Rational Intuition. They are bits of a priori information about me.

This account also makes it clear why personal information does not necessarily go hand in hand with sensitive information about individuals. For it's pretty obvious that not all empirical information specifically about an individual is sensitive information about the individual.

| Comments (6) |

Interests of Personality in 1915

posted by:Catherine Thompson // 11:42 AM // August 09, 2005 // Core Concepts: language and labels

Read an article called “Interests of Personality” by Roscoe Pound, published in the 1915 edition of the Harvard Law Review. It’s philosophical and mentions privacy, so I thought I would share my summary of the article.


The legal system recognizes interests. It does not create them. Interests rise through the competition of individuals and societies. The legal system does not recognize all interests. It must choose which interests it will give legal effect.

The scope and subject matter of the law can be quite wide because, in determining which interests should be given legal effect, the following must be considered:
1. Interests the law ought to recognize
2. The principles that will determine which interests will be recognized
3. The principles that will inform decisions to limit legal interests
4. The means that the law can secure legal interests
5. The limitations to effectively securing legal interests

The first legal interests were the social interests of prevention of self-redress and prevention of private wars. General security, as a social interest, was the first to be recognized by the legal system. This interest is responsible for the beginning of law. The social sciences and legal jurists should cooperate to recast historical jurisprudence in a light that recognizes this fact.

Individual Interests

Natural rights are interests that the law ought to recognize. When a natural right is given legal effect, it is called a legal right. The deduction of natural rights was achieved in either of three methods of critical evaluation. The first method, discarded after Kant, saw natural rights deduced “from a supposed social compact.” The second method saw natural rights deduced “from the qualities of man in the abstract.” However, ‘man in the abstract’ has never technically existed. The third method saw natural rights deduced “from some formula of right or justice.” The formula relied on was that of the nineteenth century system of fundamental individual rights. It is the starting point for many of the individual legal rights we have today.

The law does not exist primarily to recognize individual interests. Neither does the law primarily exist because of the pressure of competing interests. The law exists for social ends. Individual interests are only secured as a means to that end. The law’s overall goals include:

• making individual capacities available for the development of general happiness or the common good
• promoting the general, public, organization and order to equalize opportunity for all

Individual interests have gradually been disentangled from group interests. Now the law is disentangling social interests from individual interests.

Drawing from Kant, individual interests may be classified in three ways:
1. Interests of personality (physical and spiritual existence)
2. Domestic interests (individual life)
3. Interests of substance (economic life)

Hegel argues that all interests are personality interests because “all natural rights flow from the principle of respect for the free will of others.” This view was generally accepted in the nineteenth century.

The law has generally developed to begin compensating for the interest infringed rather than for the unlawful act.


How do you determine which interests the law ought to secure? “How shall we construct a scheme of natural rights of personality?” As mentioned already, the third method of deduction is the best starting point. A good example of this method is Spencer’s Justice. Spencer draws from Kant’s formula of right, as well as from metaphysical and historical methods, to deduce seven natural rights:
1. Physical integrity
2. Free motion
3. Use of natural media (res communes, res publicae)
4. Property
5. Freedom of contract
6. Freedom of industry
7. Freedom of belief and opinion

Physical integrity, honour and reputation, and belief and opinion will be examined.

The Physical Person

This interest includes the concepts of:
• immunity from direct / indirect injury
• bodily health
• freedom from coercion
• freedom of choice
• immunity of the mind and nervous system
• preservation and furtherance of mental health
• freedom from annoyance interfering with mental comfort

Some of these interests are group interests in the prevention of private wars, the debt to be paid back to the group (the state). The individual interest of integrity of the physical person is, in addition, an interest in one’s honour. In ancient Roman and Greek laws, this was viewed as relevant to gauge the amount of vengeance that might be aroused. The social interest is ensuring peace.

The three steps to recognizing personality interests are: 1) recognition of physical harm as a wrong, 2) recognition of coercion as a wrong (free will interfered), 3) recognition of mental injuries and even “infringement of another’s sensibilities.”

The biggest hurdle is to demonstrate the harm objectively, because the individual interest in receiving redress for a subjective emotional harm must be balanced against the societal interest of preventing false claims of harm. Additionally, there are the complicating factors of individuals who may be “unduly sensitive or abnormally nervous.” Hope lies in the advancement of psychological expert evidence.

The difficulties posed in proving merely mental discomfort is greater. The law has dealt with these difficulties by 1) judging the infringement according to an objective standard (meaning that damages are gauged as if the harm occurred to a fictional person who is NOT the complainant and who, for example, is NOT unduly sensitive), and 2) the damages flowing from the harm are only awarded if some other more tangible harm has occurred (such as physical injury or trespass to property).

Therefore, one reason why personality interests are rarely recognized is because of the practical problem of proof. Another reason is that the law is too hesitant to move forward and recognize such a right. A case in point is the lack of recognition of a tort of privacy despite Warren and Brandeis’ arguments [note to non-lawyers: the tort of privacy is alive and well in the U.S. now (2005)].

Honour: Reputation

Interest in honour (personality) must be separation from reputation interests that are asset interests (substance). For example, a fictional book is published using real names and life details of individuals known to the author. The named individuals may have an interest in the use of their name (substance interest of property). They also may have an interest in not having the intimate details of their lives made public (personality).

How has the law recognized the interest in honour? In the context of property, Roman law made injury to slaves by other than the slave’s owner illegal on the basis that it was an affront to the slave owner. In German law, there must be intent to injure another’s feelings.

In American defamation law, quantification of compensation injuries to asset are easily done. However, injury to honour, which can not be compensated in theory, must receive one of the only quantum available: money. Awards vary widely, in part due to the decision being entrusted to juries.

Belief and Opinion

This is a well engrained right in American law. Often, it is only seen as an individual right. As a societal interest, it serves political efficiency and social progress. Individuals who are restrained in the expression of belief and opinion can not be said to lead a “full moral and social life.” A limit to the right is expression of beliefs that may overthrow the state or vital institutions. This social interest limit is sometimes overemphasized. The threshold is when those beliefs are manifested externally.

| Comments (0) | | TrackBack

Security and Privacy

posted by:Marc Rotenberg // 11:30 PM // July 20, 2005 // Core Concepts: language and labels

Following on Ian's comments below about CCTV and London, it might be worth considering the relationship between two key concepts - security and privacy. Daniel Solove and I coauthor a textbook on privacy law which we revised this year. We had an exchange about a section of the book that discusses the relationship between privacy and security. Dan was of the opinion that there is a trade-off between the two, but I believe that security is a form of privacy. To support my position, I went back to the text of the Fourth Amendment which says:

The right of the people to be *secure* in their persons, houses,
papers, and effects, against unreasonable searches and seizures,
shall not be violated, and no Warrants shall issue, but upon
probable cause, supported by Oath or affirmation, and particularly
describing the place to be searched, and the persons or things to be

Notice the use of the word "secure" in the opening clause. (Section 8 of the Canadian Charter of Rights and Freedoms follows a similar formula: "Everyone has the right to be *secure* against unreasonable search or seizure."). Now here is the interesting point: the key clauses in the US Bill of Rights and the Canadian Charter of Rights and Freedoms view "security" as the right to be protected against unreasonable searches or seizures *by one's own government.* Returning to the cameras in London (or in Washington or in Ottawa), it is at least worth considering whether we advance "security" by allowing the government to engage in routine surveillance of the public.

| Comments (4) | | TrackBack

Why Does Privacy Matter for Friendship?

posted by:David Matheson // 03:09 PM // July 15, 2005 // Core Concepts: language and labels

I have for some time been convinced that privacy is important for friendship. But exactly how it is important -- why privacy matters for friendship -- is far from clear to me.

In the eighth book of his Nicomachean Ethics, Aristotle suggests that friendship involves both intimacy and a corresponding mutual affection. Affection for Aristotle amounts to desiring the well-being of another. And intimacy in his view seems merely to be epistemic closeness -- having personal knowledge of each other, or knowing certain personal facts about each other. Thus, we might capture Aristotle's account of friendship along the following lines:

The Aristotelian Account of Friendship

A and B are friends just in case
(1) A and B have personal knowledge of each other [=Intimacy as Epistemic Closeness], and
(2) A and B desire each other's well-being at least partly in virtue of this knowledge [=Mutual Affection Based on Intimacy].

This account allows for different specific varieties of friendship, depending on the different sorts of intimacy and corresponding mutual affection involved. Thus, for example, what we might call "fun friendship" occurs when A and B desire each other's well being because each knows that the other is pleasant to be around in various ways (e.g. witty, amusing), and each naturally wants to be around pleasant people. "Practical friendship" involves A and B desiring each other's well being because each knows that the other is useful for the advancement of certain practical goals. (Think here of the sort of friendship involved in business partnerships.) "Deep friendship" occurs when A and B desire each other's well being because they each know the other to be a good (virtuous, noble, etc.) person, and prefers the society of such people.

There's a lot to be said for this account of friendship, but what I'd like to draw attention to is that fact that the possession of privacy nowhere enters into it. More particularly, even if A and B had virtually no privacy -- not just with respect to each other, but with respect to everyone else in their society -- they could still meet conditions (1) and (2), and hence still be friends on the Aristotelian account.

Yet, against this, it's common in the privacy literature to find claims to the effect that the reason why privacy is important for friendship is that it is required for -- a necessary condition on -- friendship. Without privacy, so the thought goes, there simply could be no friendship. Here's a representative passage from Charles Fried:

...friendship...involve[s] the voluntary and spontaneous relinquishment of something between friend and friend.... The title to information about oneself conferred by privacy provides the necessary something. To be friends...persons must be intimate to some degree with each other. Intimacy is the sharing of information about one's actions, beliefs or emotions, which one does not share with all.... (Fried, An Anatomy of Values, Harvard University Press, 1970, p. 142)

I take it that someone like Fried would agree that friendship involves both intimacy and a corresponding mutual affection. Where he would disagree with Aristotle, it would seem, is over what the intimacy involved in friendship amounts to. Fried, like other advocates of the friendship-requires-privacy thesis, seems to think that intimacy amounts not merely to epistemic closeness --not merely to (1) above-- but further to epistemic exclusivity. There must not merely be a sharing of personal information between friends, but the personal information shared between friends must not be shared with others, as Fried puts it. So, in place of the Aristotelian account of friendship, defenders of the friendship-requires-privacy thesis would seem to be endorsing something like the following view:

The Friendship-Requires-Privacy Account of Friendship

A and B are friends just in case
(1*) A and B have personal knowledge of each other that other people do not have [=Intimacy as Epistemic Exclusivity], and
(2) A and B desire each other's well-being at least partly in virtue of this personal knowledge [=Mutual Affection Based on Intimacy].

It's pretty easy to see how this account of friendship, where the intimacy involved in friendship requires not just epistemic closeness but further epistemic exclusivity, makes privacy a necessary condition on friendship. After all, if friendship requires the likes of (1*), then A and B cannot be friends unless they have privacy about their personal information relative to other individuals (even though they lack it relative to each other).

I'd like it if this second account of friendship were the right one, simply because it would make clear to me why privacy seems to matter for friendship. But the more I think about it, the less convinced I am that this second account is right; it seems to me that Aristotle was right to suppose that friendship merely requires intimacy in the sense of epistemic closeness, not epistemic exclusivity, and hence that friendship does not require privacy.

To illustrate, suppose that A and B are children growing up in a community that affords them very little privacy. It's a religious community, say, that believes very strongly in the importance of supervising children so as to inculcate in them exemplary moral dispositions. A and B play with each other on a regular basis, but never away from the watchful, attentive eye of supervising parents. Over time, A and B get to know a lot about each other, and come to like each other very much as a result. Doesn't it seem quite right to say that A and B are friends? I think so. But notice that although A and B meet condition (1), they fail condition (1*). Any personal knowledge they have of each other is not exclusive to themselves -- it's always shared by some supervising parent.

It seems to me, accordingly, that the Aristotelian account of friendship is preferable to the Friendship-Requires-Privacy account. So, while I still have the suspicion that privacy matters for friendship, I'm no longer inclined to think that it matters because it is a necessary condition on friendship.

| Comments (4) |

Privacy interest in my (domain) name?

posted by:Hilary Young // 02:32 PM // June 29, 2005 // Core Concepts: language and labels

A couple weeks ago, Michael Geist's Toronto Star column discussed the domain name dispute that was sparked when the Defend Marriage Coalition created websites with domain names of MPs (donboudria.ca, davidmcguinty.ca) which it used to denounce the Liberals' same sex legislation. It isn't clear whether the MPs have any recourse through CIRA but Geist doesn't believe so, and it is clear that the content itself is protected free speech.

It seems counterintuitive to me that someone could create a hilaryyoung.ca site with my e-mail address and phone number claiming I have free Live8 tickets to give away, and I would have no recourse (at least not to CIRA). The problem is that I don't own or have a trademark in my name. A simple Google search reveals dozens of other Hilary Youngs (one is an expert in Victorian porcelain, another is in the chorus of The Mikado in Austin, Tx) and if they wanted their own hilaryyoung.com sites, they'd be welcome to them. The privacy invasion happens when someone creates a web site with my name AND information about me. Is this any different than an unauthorized biography - "The Life and Times of Hilary Young" (zzzz...)? In most respects, no, but I think there is an expectation when a website's domain name includes a person/company's name and the site contains information about that person/company, that the website originated with that entity and has some legitimacy. Whether this expectation is enough to provide any legal protection is another matter...

To read Michael Geist's column on the domain name dispute, click here.

| Comments (0) | | TrackBack

Harmony in privacy advocacy and technological development?

posted by:Marty // 04:35 PM // June 19, 2005 // Core Concepts: language and labels

In a stark commentary by David M. Rabb, the privacy community can be seen to be taken to task.

Perhaps it's appropriate that the privacy community seems comprised mostly of people talking to themselves.
In one corner are public policy advocates who examine every new technology for privacy risks and inevitably find some. Their usual recommendation is to regulate or prohibit the new technology's use. Another corner holds academic and industry researchers working to build a detailed conceptual foundation for comprehensive privacy management. Yet another corner is reserved for software vendors offering standalone products with specific privacy-related functions. In a final corner, or maybe another room altogether, are corporate technology professionals whose only real goal is to satisfy their compliance departments. The corporate managers rarely interact with the other groups except when searching for vendors to help solve an immediate problem.
Still, the disjointed nature of the privacy discussion has a cost. The policy advocates often seem unconcerned with the practical implications of their suggestions, even though some advocates are themselves quite knowledgeable about business and technology. The researchers' conceptual frameworks could be very helpful to corporate systems designers, but only if they relate to infrastructures that actually come to exist. The value of the software point solutions is limited when there is no larger standardized framework for them to fit into.

The thesis of this article is that there is a point to the study of privacy implications resulting from new technologies. The disjointed nature of the various players in the privacy/technology nexus, however, does not allow the harmony necessary for full privacy concerns to enter into technology products, for better or worse (depending on one’s perspective). I would argue that, universally, this is not the case. Our project, On the Identity Trail, is just one avenue of research seeking to narrow this divide. Perhaps those who side with privacy advocacy should take a look at Raab's commentary, and those on the technology side, should explore our project and seek out other like minded research, for only through awareness and dialogue will harmony be achieved.

| Comments (1) | | TrackBack

Inscription: using panoptic surveillance technologies to improve our memories, health and lives

posted by:Marty // 04:07 PM // // Core Concepts: language and labels

The ever predictive Howard Rheingold, in a recent article at TheFeature informs us that Microsoft Research’s new manager of the social computing, Marc Smith, is pushing panoptic surveillance technologies to a new kind of authorship. Smith has dubbed this “Inscription”.

Since we're going to be snooped, sensed and surveilled by sensors in the environment, why not use sensors attached to our mobile devices to augment our memories, track our health and otherwise enhance our lives? Smith says, "The state is going to be recording everything we do, why shouldn't we make our own recordings -- if only to challenge the accuracy of what others capture?"

See the full article here: http://www.thefeature.com/article?articleid=101694&ref=7818328

Note that this is something that On the Identity Trail's Steve Mann has been advocated and working towards for years.

| Comments (2) | | TrackBack

Privacy about the Future?

posted by:David Matheson // 11:48 AM // June 09, 2005 // Core Concepts: language and labels

I'm partial to a fairly minimalist conception of informational privacy. Informational privacy, I'm inclined to think, is not essentially a matter of control over, or limited access to, personal information (though protecting one's [right to] privacy -- something of huge importance -- surely is); it is rather simply ignorance of personal information.

Much of my recent work has consisted of exploring the plausibility of this conception of privacy, and that in turn has involved addressing a number of putative objections to it. Many of these objections I'm comfortable with, simply because I've come across them before and have had time to sort out why I think they're not as compelling as it might seem on first pass. But every once in a while I'm hit with an objection that seems to come from nowhere, and about which I'm not really sure just what to say.

Recently, while presenting a paper on privacy at the Social Sciences and Humanities Congress in London, an audience member delivered up an objection of this sort. It went something like this. On my account, an individual has privacy relative to a personal fact (bit of personal information) about her and to another individual just in case that other individual does not know the personal fact. But now consider future personal facts: personal facts about what an individual will do, or about what will happen to her. (Note that we're not talking here about facts about what an individual intends to do in the future, for these are present facts about an individual's intentions.) Does another's ignorance of these facts about an individual mean that the individual has privacy with respect to them? It seems not, went the objection; it is odd to claim that individuals can have privacy about future personal facts. Yet my account implies that the individual does in fact have privacy with respect to them. After all, on my account, others' ignorance of personal facts is all that is required for privacy with respect to them.

To illustrate, suppose that it is a future personal fact about Fleeta that she will kiss Alva at 9:42 pm tomorrow evening. It's a fact, but no one knows it yet -- not Alva, not even Fleeta herself. Does it make sense to say that Fleeta has privacy relative to Alva and to the fact that she will kiss Alva at 9:42 tomorrow evening? My account of privacy says that it does, in effect. But that's counterintuitive, says the objection. It doesn't make sense to say that Fleeta has privacy relative to Alva and that future personal fact about her.

Now one way I could respond to this objection is to deny that there are any such things as future personal facts: the future is in some sense open for individuals in a way that the past and present is not, and this is best explained by the idea that whereas there are past and present personal facts, there aren't any future personal facts. And, of course, if there are no future personal facts, then there are no future personal facts for others to be ignorant of, and hence no privacy to be had relative to others and such facts.

But that's not the way I want to respond to the objection. I'm enough of a determinist to agree with the objector's assumption that there are future personal facts. Even so, it seems to me to make perfect sense to say that one can have privacy with respect to future personal facts about oneself.

Consider the movie Minority Report. Here we have a situation in which, due to the powers of the "precognitives", plenty of future personal facts about individuals are known -- e.g. that if so-and-so is not arrested, then he will most certainly commit murder. One can't help as a viewer feel that there is some injustice going on here with respect to those individuals who get arrested for their future crimes. (Leaving aside the obvious injustice done to the precognitives through their exploitation.) But what is the injustice? Well, there's the point that, at the time of their arrest, they haven't actually committed the crime yet. But I'm not sure that this point alone is a compelling ground for complaint. If we know that, unless arrested now, so-and-so will most certainly commit murder in the near future, then it might be quite in accord with justice to go ahead arrest so-and-so.

I suspect that what does ground the feeling that these "future criminals" are being treated unjustly is the sense that they have had their right to privacy violated. Agents of the state who make use of the precognitives to find out future personal facts about individuals are acting as unjustly as they would be if they went on unwarranted fishing expeditions to find out past personal facts about individuals. In both situations, the individuals have their right to privacy violated. And how do they have their right to privacy violated? By having their privacy unwarrantedly taken away with respect to the relevant personal facts. But then it follows that in the case of the "future criminals" depicted in this movie, it makes sense to talk of them having and losing privacy with respect to future personal facts about them. By the state's use of the precognitives, these individuals lose privacy with respect to future personal facts about them. Were the state's use of the precognitives abolished, their privacy with respect to those facts would be regained.

Perhaps this provides a new perspective on Minority Report: the next time you see it, try doing so through the lens of privacy issues. But more to the purpose of this post, I think reflection on what's going on in the movie helps deal with the above-mentioned objection to the minimalist conception of privacy I favor. Assuming there really are such things as personal future facts, the movie nicely illustrates how one can -- contrary to that objection -- possess or lack privacy with respect to them.

| Comments (2) |

Skepticism about Anonymous Sources

posted by:David Matheson // 11:33 AM // June 07, 2005 // Core Concepts: language and labels

In a very interesting ID Trail Mix post last week (which I would encourage everyone to read), Marsha Hanen concludes with the suggestion that readers manifest a "healthy and even heightened skepticism" about the reports of anonymous sources. Properly understood -- as a call, essentially, to avoid gullibility -- the advice is entirely sound. But I worry that the advice might be misunderstood and taken to an unsound extreme. We don't want to be so skeptical of anonymous sources that we refuse to accept their reports unless or until they either shed their anonymity or we have gathered for ourselves compelling independent confirmation of what they have reported.

Nevertheless, such extreme skepticism is tempting, and one might attempt to justify it along the following lines:

Premise 1. If a source S is anonymous to you, then you don't know who S is.
Premise 2. If you don't know who S is, then you ought not to trust what S says.
Conclusion. Therefore, if a source S is anonymous to you, then you ought not to trust what S says.

Premise 1 here just seems to follow trivially from a standard conception of anonymity. And, combined with Premise 2, it yields the Conclusion with all the force of deductive logic. But what about Premise 2?

I don't think we should buy Premise 2, for it seems to me that are considerations that might indicate the trustworthiness of an anonymous source S while falling short of revealing who S is. (For the purposes of the present discussion, I'm going to assume that in order properly to trust what a source says you must have some (positive) reason to think that the source is trustworthy. Some would say -- and I think not entirely implausibly -- that in order properly to trust what a source says, all that is required is that you have no (negative) reason to think that the source is untrustworthy; but leave that issue aside for now.)

What considerations do I have in mind? Well, consider the following suggestions:

1. S has her trustworthiness vouched for by others whom you properly trust. You might not know who S is, but others presumably do; and among those others might well be people you know and trust who can assure you that you should accept what S says. In that sort of situation, it might very well be proper of you to trust what S says. And the vouching can be construed quite liberally. For example, if you don't know who S is but do know that the good folks at Princeton University have awarded her a PhD in a field directly related to that of which she speaks, this might count: S's trustworthiness is in effect being vouched for by folks at Princeton whom you have good reason to trust (expect faculty members on dissertation committees, etc.).

2. S has a good track-record when it comes to her past reports. Suppose that S is a Jane Doe involved in very lengthy legal trial, and that, during the early stages of the trial, she makes a number of substantial claims under oath that prove to be correct and independently verifiable. During a later stage S makes another such claim. Despite your having no knowledge of who S really is (she is a Jane Doe to you, after all), you might nonetheless have good reason to accept this later claim of hers in the absence of independent confirmation.

3. There is a high-degree of coherence in what S says. What S says might in fact be a rather long report, containing a number of putatively factual claims. The chances are good that if S is lying or otherwise speaking falsely, these claims won't all fit together in a logically and explanatorily coherent manner. Similarly, the chances are pretty good that if they do fit together in this way, S is speaking the truth.

These are of course only a few considerations that might be relevant. And it would be silly to suggest that such considerations can serve as an airtight guarantee against being mistaken or mislead. Still, they are considerations that might pull in favor of the trustworthiness of a source S, even when you don't know who S is. If you have enough considerations of this sort in hand, accordingly, it may very well be the case -- contrary to Premise 2 above -- that you ought to trust S despite not knowing who she is. This allows us to avoid the extreme skepticism suggested by the Conclusion above. Plausibly, you can properly trust what a source says even if the source is anonymous to you.

| Comments (6) |

Sensitivity and Personal Information

posted by:David Matheson // 05:01 PM // May 30, 2005 // Core Concepts: language and labels

The sensitivity of personal information

Is personal information necessarily sensitive? That is, from the fact that a given bit of information about an individual is personal does it follow that the information is sensitive?

The question is relevant to privacy concerns, since informational privacy is usually understood in terms of personal information: one can have privacy with respect to personal information about oneself, but never with respect to non-personal information. (That's why, for example, it makes sense to talk about my privacy with respect to information about my sexual or drinking habits, whereas it doesn't make sense to talk about my privacy with respect to information about the physical properties of quarks. The latter is not personal information about me.) And the general consensus in the privacy literature is that, yes, personal information is indeed necessarily sensitive. I think that's a mistake, however, so let me explain why.

There are two main ways in which one might try to maintain that personal information is necessarily sensitive. First, one might claim that (1) in order for information about an individual to be personal, that individual herself must not want the information widely known. Second, one might claim that (2) in order for information about an individual to be personal, the information must be of such a sort that most members of the individual's society would not want information of that sort widely known about themselves, regardless of whether that individual herself wants it. (This second account comes originally from William A. Parent, and various others in the privacy literature have followed his lead here.)

The trouble is that neither of these accounts escapes refutation by clear counterexample. Consider the following counterexample to (1). Jack is a guy who simply doesn't care at all who knows what about him. As far as he's concerned, every fact about him from the details of his fantasy life to how often he clips his toenails is open season to anyone who cares to ask. (The existence of people like Jack is not so bizarre as one might think, given the increasing popularity of highly personal blogs on the Web.) What should we say of Jack? According to (1), there is no such thing as personal information about him, since he's happy to have anyone at all know anything at all about him. But that's clearly wrong. There mere fact that Jack doesn't care who knows what about him -- that he's not sensitive about any of his information -- doesn't mean that none of his information is personal. The right thing to say is rather that he simply couldn't care less about whether anyone knows his personal information.

Consider now the following counterexample to (2). Suppose there is a society in which, as it happens, the majority of individuals don't care whether anyone else knows facts about the intimacies of their (say) sexual lives. Due to the propaganda and brainwashing of state officials, say, almost every individual in this society has become conditioned not to care about this sort of exposure. Does it follow that for any individual in such a society, details about the intimacies of her sexual life fail are non-personal? Clearly not, yet that is precisely what (2) implies. The mere fact that most people in this society don't care who knows what about their sexual lives doesn't mean that information about their sexual lives is not personal. Contrary to (2), the natural thing to say is that, sadly, most people in this society have been conditioned not to care about whether personal information -- about their sexual lives -- is widely known.

So, both (1) and (2) turn out to be false. Granted, there may be some other way of trying to establish the supposedly inherent sensitivity of personal information, but for my part I can't see how it would go. I think we have to recognize that personal information, whatever it turns out to be, is not necessarily (even if typically) sensitive.

The relativity of privacy

Here's one reason why this is important. If personal information is not necessarily sensitive, then one common argument for the relativity of privacy (which relies on the opposite claim) goes by the wayside. The argument goes like this:

Premise 1. Privacy entails personal information.
Premise 2. Personal information entails sensitive information.
Conclusion 1. Therefore, privacy entails sensitive information.
Premise 3. Sensitive information is relative to individuals or societies.
Conclusion 2. Therefore, privacy is relative to individuals or societies.

Premise 1 here is just another way of putting the point raised in the second paragraph above. Premise 2 captures the idea that personal information is necessarily sensitive. Premise 3 says, in effect, that whether a bit of information about an individual is sensitive depends either on (a) whether that individual wants the information widely known or on (b) whether most members of that individual's society want information of that sort widely known about themselves; and (a) and (b) vary from person to person, and society to society, respectively.) And the final step of the reasoning, Conclusion 2, says that whether an individual has privacy with respect to information about her depends either on either (a) or (b). Privacy is relative, in other words, in the sense that whatever privacy you have right now could be increased or diminished simply by either changing your mind about whether you want the relevant information widely known, or by people in your society changing their mind in a similar way -- even if nothing else changes.

One we see that personal information is not necessarily sensitive, however, we see that Premise 2 of this line of reasoning won't do. So, to the extent that we do think privacy is relative in the way that Conclusion 2 suggests, we'll need some other argument. This one fails.

For the record, I don't think privacy is relative in the way that Conclusion 2 suggests: I think you've got to do more to increase or diminish my privacy than merely bring about those changes of mind. I do think privacy is relative in another way, but that's a story for another time.

| Comments (2) |

Nothing to Hide

posted by:David Matheson // 12:52 PM // May 20, 2005 // Core Concepts: language and labels

To be apathetic about protecting one's privacy typically involves the belief that one has no reason to protect one's privacy. And, as Teresa Scassa points out in her recent ID Trail Mix post, one common ground of this belief comes out in expressions of the "nothing to hide" attitude. But what is the idea behind this attitude, exactly, and how is it supposed to warrant the apathetic belief?

It seems to me that when someone says "I'm not concerned about my privacy; I've got nothing to hide" they are typically offering up one or the other of two basic arguments. I'll call the first the "Licit Behavior Argument" and the second the "No Desire Argument". My aim here is to explain why I think that neither argument is very good, and hence why I think that the "nothing to hide" attitude fails to serve as a decent basis for apathy about privacy protection.

1. The Licit Behavior Argument

The Licit Behavior Argument is pretty straightforward, and can be captured be the following simple syllogism:

Premise 1: My behavior is licit (i.e. not illegal or immoral in any serious way).
Premise 2: If my behavior is licit, then I have no reason to protect my privacy.
Conclusion: Therefore, I have no reason to protect my privacy.

I'm not myself inclined to challenge those who claim the likes of Premise 1 about themselves. In any case, trying to convince someone that she ought to be more concerned about protecting her privacy by trying to convince her that she's more wicked that she realizes strikes me as a strategy that's unlikely to succeed.

The real problem with the Licit Behavior Argument comes with Premise 2. It assumes that reasons to protect one's privacy are all disreputable, for it assumes that if one does have a reason for protection, then there must be some illicit activity that one would like to keep others from knowing about. But if the literature on privacy has brought anything clearly to light over the last 30 years or so, it's that there is a wealth of reasons for an individual to protect her privacy that have nothing to do with her engaging in illicit behavior. If --as is plausible-- the possession of privacy is a necessary condition on (or at any rate a very useful means to securing) differential social relations such as friendship and intimacy, on individual autonomy, and on excellence in the political arena, then there are plenty of reasons to protect one's privacy (not to mention that of others) that are motivated by nothing but the most noble of goals.

2. The No Desire Argument

The other argument that may be offered in expressions of the "nothing to hide" attitude is unconcerned with (il)licit behavior. It simply points to the absence of desire on the part of the speaker when it comes to protecting her privacy. This No Desire Argument can also be captured quite simply:

Premise 1: I have no desire to protect my privacy.
Premise 2: If I have no desire to protect my privacy, then I have no reason to protect my privacy.
Conclusion: Therefore, I have no reason to protect my privacy.

I suspect that most people who reason in this way are quite right when it comes to the first step, Premise 1: they simply don't have a burning desire to protect their privacy, and could care less about the whole business. And even if we admit (as I think we should) that people can occasionally be quite wrong about what they really desire, I think in most cases these individuals will nonetheless be a better position than I to say whether they have the relevant desire.

But that still leaves Premise 2. On the face of things, it looks like this second step of the No Desire Argument is trivially true. Doesn't it just make the obvious point that if someone doesn't care about her privacy, then (no surprise!) she doesn't care about her privacy?

Well, no, it doesn't. And far from being trivially true, I think Premise 2 of the No Desire Argument is false for most people. Here's why. The consequent of that premise -- the bit that comes after the 'then' -- talks about having no reason to protect one's privacy. The antecedent of the premise -- the bit that comes after the 'if' -- talks about having no desire to protect one's privacy. So what Premise 2 of the Absent Desire Argument in effect says is this: No one can have a reason to protect her privacy unless she desires to protect it. (Others might have reasons for protecting their, or even her privacy, but she herself doesn't if she has no desire to.) But now consider the more general principle that underwrites this idea: No one can have a reason to perform an action unless she desires to perform that action. The falsity of this general principle is easily seen by thinking about the following case (modified from the original case discussed by the late British philosopher Bernard Williams in a famous paper entitled "Internal and External Reasons"). Suppose I love gin, and presently have a strong hankering for a taste of the stuff. There is, in fact, a full bottle of it right in front of me. Sadly, however, I don't take a sip, because I'm under the mistaken impression that the bottle contains lighter fluid. What should we say of this situation? I have no desire to drink from the bottle, due to my false belief about what it contains. That explains why I don't actually drink from the bottle. Nevertheless, I have a reason to drink from it, even if the reason is unknown to me: it would satisfy a desire for gin that I happen to have. (True enough, I would desire to drink from it if I were properly informed about its contents; but since I'm not in fact so informed, I don't in fact desire to drink from it.) So, generally, one can have a reason to perform an action despite having no desire to.

A similar point can now be made about Premise 2 of the No Desire Argument. Due to ignorance about the nature or consequences of protecting one's privacy -- e.g. a failure to understand how important privacy, and hence its protection, is for securing such goods as friendship, intimacy, autonomy, political excellence, etc. -- one can in fact have a reason to protect one's privacy despite having no desire to protect if. If one's ignorance were removed, one would have the desire, given that one desires these other goods; and that suffices to give one a reason for protecting one's privacy in the absence of any actual desire to do so.

| Comments (0) |

Softening Semantics

posted by:Marty // 07:50 PM // March 30, 2005 // Core Concepts: language and labels

“Language is a virus”, William S. Burroughs

The U.S. Department of Homeland Security is taking a page from a long history of the Military’s softening of language. Wired has published this article describing the spin that’s been done to RFID tags and their upcoming use in U.S. Passports.

Conspiracy theorists and civil libertarians, fear not. The U.S. government will not use radio-frequency identification tags in the passports it issues to millions of Americans in the coming years.
Instead, the government will use "contactless chips."
The distinction is part of an effort by the Department of Homeland Security and one of its RFID suppliers, Philips Semiconductors, to brand RFID tags in identification documents as "proximity chips," "contactless chips" or "contactless integrated circuits" -- anything but "RFID."

See the article here http://www.wired.com/news/privacy/0,1848,67025,00.html

From my perspective, language and culture have been fused into a symbiotic relationship. North American culture is very much a military culture. The Military, as the trigger of the government, is a big user of euphemistic language. The practice of using euphemisms has been parachuted into the public domain; the epitome of which is political correctness. Military language has been pressed upon North America thanks to Hollywood’s idolization of the Military. Hollywood has taken this ideal, Saving Private Ryan-like, image and sexed up in movies like The Rock. The byproduct of Hollywood and the culture industry putting this iconography into the public is that certain elements are picked up by popular culture. They become carried by a society to the point where they become ubiquitous in its language and symbols.

While this may not be an intentional effort on the Military’s part, they do get something out of it. By having citizens use the words, metaphors, expressions, acronyms and slang of the rank and file, it puts the public more at ease to the Military, and now in a post 9-11 Homeland Security reality this will further extend into the 'home'. Subconsciously they become a step closer to a military mindset, absorbing words. Words become “images of words repeated in the mind and not of the image of the thing itself”*. The semantics become softcore.

*“We must find out what words are and how they function. They become images when written down, but images of words repeated in the mind and not of the image of the thing itself."
- W.S. Burroughs

| Comments (3) | | TrackBack

Informational Privacy: Is There Another Kind?

posted by:David Matheson // 11:15 AM // February 08, 2005 // Core Concepts: language and labels

In A Few Good Men, Jack Nicholson’s character responds this way to a question about whether the danger he had in mind was grave: “Is there another kind?”

Sometimes, when asked about whether the privacy I have in mind is informational, I want to respond in like fashion: “Is there another kind?” Because, you see, I suspect that all privacy is ultimately informational.

Nevertheless, the view that there are non-informational forms of privacy has almost achieved the status of orthodoxy in the privacy literature. (See, for example, Ruth Gavison, “Privacy and the Limits of Law,” Yale Law Journal 89 (1980): 432-36; Anita L. Allen, Uneasy Access: Privacy for Women in a Free Society (Rowman & Littlefield, 1988), pp. 18-25; and Judith W. DeCew, In Pursuit of Privacy: Law, Ethics, and the Rise of Technology (Ithaca: Cornell University Press, 1997), pp. 33-34.) Support for this view usually proceeds along the following lines: there are ways of invading an individual’s privacy that do not involve acquiring any new information about her; the forms of privacy that can be thus invaded must be non-informational; therefore, there are non-informational forms of privacy.

What are the supposed ways in which an individual’s privacy can be invaded without acquiring any new information about her? Three are commonly pointed to: (1) privacy invasions caused by others directing unwanted attention toward an individual, (2) privacy invasions caused by others intruding into an individual’s personal space (e.g. her private residence), and (3) privacy invasions caused by others getting too close, physically, to an individual. In each of these cases, so the claim goes, there need be no acquisition of new information about the individual.

But needn’t there be? I’m not convinced. In the case of (1), we’re talking about a cognitive activity – attention – and it seems to me that this is precisely a way of acquiring new information about an individual. Take, for example, visual attention. If you were to look at me right now, you would thereby acquire visual information about such things as my present appearance and behavior. This may (or may not) be particularly interesting information about me, but it is still information about me. And the reason I would feel uncomfortable about your looking at me, in situations in which I would, is that wouldn’t like you getting that information.

Now consider (2). Once, while a graduate student in Providence, RI, I had my apartment broken into. I had gone out for an hour or so, and returned to find all the lights on in my apartment, the doors wide open, and those of my belongings not stolen strewn all over the place. I certainly felt that my privacy had been invaded by this intrusion into my personal space, even though I happened not to be in it at the time. But why did I feel this? Just because I felt that the intruders had unwarrantedly acquired new information about me that they had no right to acquire. They found out, for example, what sort of music I liked to listen to (which they treated with apparent disdain: none of my CDs were stolen :)), what sort of furniture I could afford, whether or not I was a smoker, what kind of paper I was currently composing (still open on my laptop, which was stolen), etc. Their crime against me was not merely one of trespass and theft; it was cognitive as well: they found out things about me that they had no right to know.

When it comes to (3), it can hardly be denied that the overly close physical proximity of others can elicit warranted claims about an individual’s invasion of privacy. But, once again, it seems to me that what grounds the claims has to do with the unwanted acquisition of information about the individual. For by putting themselves in such close physical proximity to the individual, others thereby put themselves in a position to direct their attention toward her, and so to acquire new sensory information about her. At least, typically. In cases where others get to close but do not thereby put themselves in a position to acquire any new information, there’s been no invasion of privacy.

To underscore this last point, imagine the following scenario. One individual, A, walks right up to another, B, coming within inches of her nose. But because A is severely impaired along visual, auditory, and olfactory lines, she has no effective observational powers. So, A is unable to acquire any new information about B, even though she’s way too close to B physically. (She is even, we might further suppose, quite unaware of her proximity to B.) It seems all too obvious that while B might be disturbed by her own knowledge of A’s proximity, she could not reasonably complain that A has violated or diminished her privacy.

So I don’t buy the first step in the above reasoning intended to support the view that there are non-informational forms of privacy, viz. the premise that there are ways of invading an individual’s privacy that do not involve acquiring any new information about her. Every case I can think of in which an individual has her privacy invaded is also one in which others acquire new information about her. And every form of privacy, I’m willing to bet, ultimately turns out to be a kind of informational privacy.

| Comments (0) |

Three Privacy Cheers for Etiquette?

posted by:David Matheson // 10:34 PM // February 06, 2005 // Core Concepts: language and labels

The case against old-fashioned rules of etiquette is well-known: they’re repressive, elitist, and more often than not reinforce offensive sexist attitudes. But maybe they had their positive side just the same, particularly when viewed from a pro-privacy perspective. Consider, for example, the following rules drawn from a chapter entitled “The Art of Conversation” in G.R.M. Devereux’s little 1929 book, Etiquette for Men: A Book of Modern Manners and Customs:

“To speak about yourself to any extent, or to discuss your personal affairs in general conversation, are two other things that must be avoided.”

“Nor is it good form to discuss the personal affairs of anyone else.”

“It is inadvisable to discuss mutual friends with anyone. Even if your remarks were kindly, they may go back to the person concerned in a distorted manner, and so cause ill-feeling. Apart from that, another person’s affairs are purely their concern, and not a fit subject for conversation.”

Pretty obviously, the more such rules were followed nowadays, the more privacy we’d all enjoy.

A similar point is made by NYU philosopher Thomas Nagel in connection with etiquette proscriptions against discussing the personal lives of public figures:

“Sexual taboos in the fairly recent past were also taboos against saying much about sex in public, and this had the salutary side-effect of protecting persons in the public eye from invasions of privacy by the mainstream media. It meant that the sex lives of politicians were rightly treated as irrelevant to the assessment of their qualifications, and that one learned only in rough outline, if at all, about the sexual conduct of prominent creative thinkers and artists of the past. Now, instead, there is open season on all this material. The public, followed sanctimoniously by the media, feels entitled to know the most intimate details of the life of any public figure, as if it were part of the price of fame that you exposed everything about yourself to view, and not just the achievement or performance that has brought you to public attention. Because of the way life is, this results in real damage to the condition of the public sphere: Many people cannot take that kind of expose, and many are discredited or tarnished in ways that have nothing to do with their real qualifications or achievements.” (“Concealment and Exposure,” Philosophy and Public Affairs (1998) 27: 3)

So, what do you think: three privacy cheers for a return to etiquette? At least where the rules of which it consists are stripped of their sexist, elitist and unduly repressive aspects?

| Comments (0) |

Metaphors of Privacy and Security

posted by:Hilary Young // 11:54 AM // January 24, 2005 // Core Concepts: language and labels

I stumbled upon a paper by Colin Potts of the Georgia Institute of Technology on metaphors of intent which (briefly) discusses metaphors related to privacy and security. Given my background in linguistics, this piqued my interest and I thought some of you might enjoy thinking about how these metaphors can lead to assumptions about the nature of security and/or privacy. For example, Potts points out that the term 'identity theft' "suggests not just that one's identifier may be misused but that in a real sense it may be stolen and therefore no longer be yours".

Potts observations are just teasers (he says almost nothing more about the metaphor of theft in identity theft), but are interesting nonetheless.

(See section 3.3 [page 6])

| Comments (0) |

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada