[cryptography] Define Privacy

dan at geer.org dan at geer.org
Thu Oct 23 12:52:26 EDT 2014


This is a question for which hard answers seem difficult.
Nevertheless, below are a few paragraphs from my current book
draft.  The draft does not now include Ayn Rand's pronouncement
that "Civilization is the progress toward a society of privacy.
The savage's whole existence is public, ruled by the laws of
his tribe.  Civilization is the process of setting man free
from men."  In any case, I concur with you that it would indeed
be prudent to nail down an answer to your question well before
science allows us to read the mind externally and without reserve.



              There are two ways to define privacy, and neither
         involves the squishiness that begins "a reasonable
         expectation of..."  The first is what privacy means as a
         civil construct -- what Brandeis described[1] as "[T]he
         right to be left alone -- the most comprehensive of rights,
         and the right most valued by civilized men."  The second is
         what privacy means at its operational core: the effective
         capacity to misrepresent yourself with de minimus side

              As to the first, privacy is something that society,
         meaning you, give the individual, meaning me.  When privacy
         will not be given and is thus not available, secrecy is
         something I can take for myself -- secrecy is a functional
         backstop for the absence of the civil construct.

              If privacy is a gift and secrecy is a taking, then the
         possibility of privacy is inversely proportional to the
         numbers of those who must do that giving for the state of
         privacy to prevail, hence privacy is inversely proportional
         to interconnectedness.  This is consistent with a view of
         risk as proportional to dependency where dependency, in
         turn, is proportional to non-optional interconnectedness.
         This is where the all-wired world's "information wants to be
         free" is most robustly anti-privacy.

              As to the second, "Privacy is the power to selectively
         reveal oneself to the world."[2] which means that in
         choosing what to reveal, however idiosyncratically we
         choose, we demonstrate our liberty.  As if that were not
         enough, "Philosophical and legal analysis has identified
         privacy as a precondition for the development of a coherent
         self."[3] which asks the question of whether a person whose
         life experience has been one without privacy can even
         comprehend the desire of those who prefer privacy.  As a
         matter of prediction, raising the young to not expect
         privacy foreordains that when it is their turn to run
         society they will be as happy despite privacy's absence, and
         leglislate accordingly.

              It is said that the wonderful thing about a small town
         is that you know everyone, while the terrible thing about a
         small town is that they all know you.  Indeed, a coherent
         argument for a "transparent society"[4] can be made, one
         where there are no secrets, where there is no privacy, where
         everyone knows everyone else's business, where unsolved
         crime is very nearly impossible, where neither need nor
         triumph is invisible, a place where everything that is not
         self-incriminating is therefore public and yet, at the same
         time, it is that surveillance which preserves liberty.  Even
         were you able to craft the consensus that we all would each
         tell each other the contents of our hearts while leaving our
         cameras on at all times, I'm afraid that in such a utopian
         society you would soon find some were more equal than
         others.  In short, I reject the one extreme, that of glass
         houses for us all.

              I have come to the conclusion that in all things it is
         bigness that is the enemy, neither ideology nor biology nor
         theology but bigness.  Big business, big government, big
         labor, big money, big crime, big media, big religion --
         their bigness predisposes them to predatory behavior.  It is
         they who own the bulldozers that unlevel the playing field.

              The two economists Adam Smith and Ronald Coase
         described the nature of our economic interactions -- Smith
         with his millenial ideal of small producers trading amongst
         themselves in the mutual self-interest of wealth
         maximization,[5] and Coase with his explanation of why the
         millenium does not arrive.[6] Coase observed that
         economically viable firms expand until intra-firm
         coordination costs exceed inter-firm transaction costs.
         Putting it in biologic analogy, cells grow until their
         surface to volume ratio crosses a survivability threshold.
         It is unarguably clear that although the Internet did
         spectacularly lower transaction costs, it lowered
         coordination costs more.  thus enabling the greatest
         economic concentration in world history.

              It is precisely this side effect of the global
         concentration of the control of power that must be the
         foundation of our thinking about privacy.  As the ever
         prescient Phil Agre put it,[7]

             The global integration of the economy is ...
             commonly held to decentralize political power by
             preventing governments from taking actions that can
             be reversed through cross-border arbitrage.  But
             political power is becoming centralized in equally
             important ways: the power of national governments is
             not so much disappearing as shifting to a haphazard
             collection of undemocratic and nontransparent global
             treaty organizations, and the power to influence
             these organizations is likewise concentrating in the
             ever-fewer global firms.

         to which I might add the observation that governments
         everywhere are deputizing those global firms as outsourced
         enforcers of government edict.

              If the reason I reject the transparent society is that
         I acknowledge my inability to sufficiently police its
         stronger members, then the most important thing I can do is
         to protect my privacy at all costs.  The loss of privacy is
         irreversible for information is never un-revealed.  Privacy
         is therefore the paragon of Hume's conjecture: "It is seldom
         that liberty of any kind is lost all at once."[8] In the
         face of the snow-balling bigness of the institutions of
         globalized human life, we must reserve privacy rights
         explicitly so that we may misrepresent ourselves to those
         against whom we have no other defense, against those for
         whom our name is a label on data collected without our

              Consider your own life.  Perhaps there is indeed no one
         fact about you that you wouldn't good-naturedly share with
         the world if I asked you politely, but by the time I got to
         twenty questions, few of you would still think this an
         amusing parlor game.  The risk to you grows as the product
         of the number of personal facts times the number of
         potential recipients, but it is hard to fabricate an example
         where the benefit grows as fast even if you are a Hollywood-
         friendly politician.  On purely risk management grounds, any
         finite tolerance for risk absolutely caps the amount of
         information you will want in play.

              This has nothing whatsoever to do with whether you have
         anything to hide.[9]  If for no other reason, we must make it
         understood that just as "...there is nothing sinister in so
         arranging one's affairs as to [minimize] taxes,"[10] neither
         is there anything sinister in so arranging one's affairs as
         to minimize observability.  Of course the technologic tools
         of privacy can be misused, but tell me what is it that is
         marvelous that can not also be misapplied?

              A wise man of my acquaintance, after a career in
         Federal law enforcement, told me my arguments were typically
         naive.  He said that my (your) choice is not between Big
         Brother or no Big Brother, rather it is between one Big
         Brother and lots of Little Brothers.  He suggested that I
         think carefully before I choose.

              I've thought about that a lot.  I've thought about the
         comfort of being taken care of against the unease of having
         to be.  I've compared the low cost of "one size fits all" to
         its correspondingly low benefit.  I've thought hard about
         the proposition that the price of freedom is the possibility
         of crime.  I've accepted that there is no such thing as
         righteousness if there is no possibility of sin.  I conclude
         that privacy is worth its price, that near absolute privacy
         is indeed the worst of all social constructs, except for all
         the others.  To this we will shortly return.


         [1] Judge Louis Brandeis, OLMSTEAD V. U.S., 277 U.S. 438

         [2] Hughes E, "A Cypherpunk's Manifesto," 9 March 1993

         [3] Agre P, "The Architecture of Identity," Seminar on
         People, Computers, and Design, Stanford, 1 May 1998

         [4] Brin D, _The Transparent Society_, Perseus Books, 1998

         [5] Smith A, _The Wealth of Nations_, W. Strahan, 1776

         [6] Coase R, "The Nature of the Firm," Economica, v4 n16
         p386-405, November 1937

         [7] Agre PE, "The Market and the Net: Personal Boundaries
         and the Future of Market Institutions," Telecommunications
         Policy Research Conference, 6 October 1998

         [8] Hume D, _Essays Moral, Political and Literary_, 1742

         [9] Solove D, _Nothing to Hide_, Yale Univ. Press, 2011

         [10] "Over and over again, the courts have said there is
         nothing sinister in so arranging one's affairs as to keep
         taxes as low as possible.  Everybody does so, rich and poor,
         and all do right, for nobody owes any duty to pay more tax
         than the law demands.  Taxes are enforced exactions, not
         voluntary contributions.  To demand more in the name of
         morals is mere cant."  -- Judge Learned Hand, COMMISSIONER
         V. NEWMAN, 159 F.2D 848, 850-851 (CA2 1947)

More information about the cryptography mailing list