.................with apologies to Alistair Cook

Sunday, 13 July 2008

On privacy...

From Ben, AKA "fyngyrz", comes an excellent piece on the meaning of the word privacy:

"What’s the problem?

It has come to my attention that many people feel that privacy is difficult to define. I was quite surprised to encounter this claim, because the nature of privacy seems quite obvious to me. Yet, Professor Daniel Solove of George Washington University Law School says bluntly that the question “What is privacy?” has “long plagued those seeking to develop a theory of privacy and justifications for its legal protection.” Apparently, I’m either quite confused, or I owe it to the world to write down what privacy is. The thing is, I really don’t think I am confused, so I suppose I had best put fingers to keyboard. After all, if I am wrong, I’m sure someone will take a few moments to explain why.


Defining privacy

It is very simple, really: Privacy is defined by the set of social boundaries dealing with access in any one society that we are expected not to cross. How well you respect privacy is essentially whether you elect to cross those boundaries against those expectations.

Such boundaries may be society wide, such as the understanding that we don’t put our hands inside each other’s clothes without permission, or they may be the result of a specific understanding between two individuals, such as a parent’s agreement not to start reading a child’s story until the child is done writing it.

For example, I should not enter your home without your permission; if I do so, I have crossed a well understood social boundary. Doing this is a violation of your privacy. If you lock your home and bar your windows, you are hardening that boundary, but it is still the same boundary. What you have done with it is made the boundary physically more difficult to cross; this does not change either why the boundary exists, or make it socially acceptable for me to enter other people’s homes who have not similarly hardened their domicile. Were you to invite me into your home, you have explicitly dropped that boundary — it does not exist for the duration of the invitation — consequently I am not violating your privacy were I to enter.

If you write a letter, presuming only that it is not addressed to me, I should not read that letter without your explicit permission. Again, this is a well understood social boundary. It is even codified in the 4th amendment of the US constitution:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Think about the wording there. Over two centuries ago, four social boundaries were deemed so fundamentally important to the citizens of this nation that they were used to form the basis of legal boundaries as well — boundaries that were designed to prevent the federal (and later, via the 14th amendment, state) government from having the power to violate these boundaries. There are more boundaries codified in the constitution. For instance, the 3rd amendment prevents the government from forcing a homeowner to give soldiers lodging; there’s that home-entry boundary again.

Digital Privacy

The question has arisen lately as to whether the US government should have the right to read your email and other digital communications. This isn’t so much a question as it is an observation: President George Bush arbitrarily began mining data from telephone conversations, the Internet, financial transaction records and more during his presidency.

Looking at the fourth amendment, it is strikingly clear that the intent of the amendment was to make specific that your communications were private; letters were their form of communications. Looking at the telecommunications laws, it is just as clear that at one time, this was well understood by congress.

I really don’t think you can make an argument that the websites and newsgroups you read, the personal email you send and receive, the instant messages you exchange, are not precisely the type of information the fourth amendment was trying to explicitly codify a boundary to prevent government access barring probable cause and the subsequent issuance of a warrant.

Quite aside from the constitution, the social boundary is obvious: If you write an email, you expect me not to read it unless you wrote it to me. If I do read it, I’ve crossed that boundary, and you will react with a feeling of having been violated. You can harden the boundary any number of ways; you can encrypt, you can use proxy servers to send and receive your communications, you can use steganography to hide your message in an innocuous image; but just like adding locks and bars to homes, this doesn’t in any way say that it is acceptable to violate other people’s communications because they have not done a comparable amount of hardening. The boundary is not in any way different in its nature, only in the degree of effort it will take to cross it. The point is, you’re not supposed to try to cross that boundary. It makes no difference if effort has been extended to harden it, or not.

You can extend the boundary idea to any form of privacy and it will still work. You can also, by comparing the various venues, develop a fine sensibility as to what constitutes a boundary violation. Allow me to demonstrate:

Let us say that a lady elects to wear a skirt. Does this give us the right to look up her skirt? After all, if she didn’t want us looking, she could have hardened the boundary, that is, worn pants, is this not true? But any reasonable person understands the social boundary perfectly well — she is not extending anyone permission to look up her skirt just because she is wearing one.

But what if she is a shoplifter and is hiding merchandise up her skirt? Would this not give us the right to look up her skirt? The answer is, it would if one had knowledge that this was the case.

The constitution calls this “probable cause.” The idea that a lady could hide merchandise under her skirt clearly does not translate into the right to look up all ladies’ skirts — the very idea is ludicrous, is it not?

Yet the US government is telling us that the reason they are justified in looking at everyone’s email and other Internet activity is because these activities could allow illicit activity.

This is precisely the same kind of reasoning we just disposed of with skirts; the only time the government should be looking at any communication is when (a) they have probable cause to think that those communications are of a criminal nature, (b) they have obtained a warrant that (c) specifically describes the communications to be searched. Why? Go read the fourth amendment again — it really couldn’t be any plainer.

So there it is; privacy arises as a consequence of socially understood boundaries relating to access. Such may be a widely understood boundary such as home entry, or a narrow, personal boundary such as you telling your minor child that you will not read their diary without their permission, though you have that right as parent and you have the power and means to do so. It is by understanding what we are expected to do, and how well we subsequently comply with those expectations, that the concept of privacy acquires meaning, and we prevent that disturbing feeling of having had our expectations sundered — our privacy violated." © Ben AKA fyngyrz 2008.