[cryptography] Define Privacy

Michael Rogers michael at briarproject.org
Fri Oct 24 09:36:17 EDT 2014

Hash: SHA256

Hi Dan,

I always enjoy your writing and the broad scope of thought it reveals,
but I think there's more to privacy than a dichotomy between keeping
things to ourselves and revealing them to the world.

I like David Feldman's conception of privacy, which is based on the
observation that "individuals live their lives in a number of social
spheres, which interlock, and in each of which they have different
responsibilities, and have to work with people in relationships of
varying degrees of intimacy." Privacy in this sense means managing the
various social spheres in which we live, and the sharing of
information between them. "The core of privacy as a civil liberty,
then, is the entitlement to dignity and autonomy within a social circle."

The ability to have not just an inner, private self and an outer,
public self but many selves, or aspects of self, appropriate to
different contexts is indispensable to our understanding of what it
means to be a whole person. When Mark Zuckerberg says that people who
have one self for their friends and another for their colleagues lack
integrity, he's criticising them for possessing exactly the quality we
call integrity in public officials - the ability to maintain
boundaries between their personal and professional lives, for example
by refraining from nepotism.

Helen Nissenbaum's view of privacy as contextual integrity likewise
recognises that not only is privacy dependent on context, but the
definitions of privacy and context are intertwined. "Developed by
social theorists, [contextual integrity] involves a far more complex
domain of social spheres (fields, domains, contexts) than the one that
typically grounds privacy theories, namely, the dichotomous spheres of
public and private."

I wonder if you've chosen the dichotomous view because you believe
that there's no longer a meaningful distinction between revealing
something to a circle of intimate friends and revealing it to all of
humanity. But even if that is, or soon will be, the case, that reality
can be challenged, both normatively and operationally. In order to do
so we must first acknowledge that there's territory between the poles
of private and public that's worth fighting for.



On 23/10/14 17:52, dan at geer.org wrote:
> Sir,
> This is a question for which hard answers seem difficult. 
> Nevertheless, below are a few paragraphs from my current book 
> draft.  The draft does not now include Ayn Rand's pronouncement 
> that "Civilization is the progress toward a society of privacy. The
> savage's whole existence is public, ruled by the laws of his tribe.
> Civilization is the process of setting man free from men."  In any
> case, I concur with you that it would indeed be prudent to nail
> down an answer to your question well before science allows us to
> read the mind externally and without reserve.
> --dan
> -----------------8<------------cut-here------------8<-----------------
> There are two ways to define privacy, and neither involves the
> squishiness that begins "a reasonable expectation of..."  The first
> is what privacy means as a civil construct -- what Brandeis
> described[1] as "[T]he right to be left alone -- the most
> comprehensive of rights, and the right most valued by civilized
> men."  The second is what privacy means at its operational core:
> the effective capacity to misrepresent yourself with de minimus
> side effects.
> As to the first, privacy is something that society, meaning you,
> give the individual, meaning me.  When privacy will not be given
> and is thus not available, secrecy is something I can take for
> myself -- secrecy is a functional backstop for the absence of the
> civil construct.
> If privacy is a gift and secrecy is a taking, then the possibility
> of privacy is inversely proportional to the numbers of those who
> must do that giving for the state of privacy to prevail, hence
> privacy is inversely proportional to interconnectedness.  This is
> consistent with a view of risk as proportional to dependency where
> dependency, in turn, is proportional to non-optional
> interconnectedness. This is where the all-wired world's
> "information wants to be free" is most robustly anti-privacy.
> As to the second, "Privacy is the power to selectively reveal
> oneself to the world."[2] which means that in choosing what to
> reveal, however idiosyncratically we choose, we demonstrate our
> liberty.  As if that were not enough, "Philosophical and legal
> analysis has identified privacy as a precondition for the
> development of a coherent self."[3] which asks the question of
> whether a person whose life experience has been one without privacy
> can even comprehend the desire of those who prefer privacy.  As a 
> matter of prediction, raising the young to not expect privacy
> foreordains that when it is their turn to run society they will be
> as happy despite privacy's absence, and leglislate accordingly.
> It is said that the wonderful thing about a small town is that you
> know everyone, while the terrible thing about a small town is that
> they all know you.  Indeed, a coherent argument for a "transparent
> society"[4] can be made, one where there are no secrets, where
> there is no privacy, where everyone knows everyone else's business,
> where unsolved crime is very nearly impossible, where neither need
> nor triumph is invisible, a place where everything that is not 
> self-incriminating is therefore public and yet, at the same time,
> it is that surveillance which preserves liberty.  Even were you
> able to craft the consensus that we all would each tell each other
> the contents of our hearts while leaving our cameras on at all
> times, I'm afraid that in such a utopian society you would soon
> find some were more equal than others.  In short, I reject the one
> extreme, that of glass houses for us all.
> I have come to the conclusion that in all things it is bigness that
> is the enemy, neither ideology nor biology nor theology but
> bigness.  Big business, big government, big labor, big money, big
> crime, big media, big religion -- their bigness predisposes them to
> predatory behavior.  It is they who own the bulldozers that unlevel
> the playing field.
> The two economists Adam Smith and Ronald Coase described the nature
> of our economic interactions -- Smith with his millenial ideal of
> small producers trading amongst themselves in the mutual
> self-interest of wealth maximization,[5] and Coase with his
> explanation of why the millenium does not arrive.[6] Coase observed
> that economically viable firms expand until intra-firm coordination
> costs exceed inter-firm transaction costs. Putting it in biologic
> analogy, cells grow until their surface to volume ratio crosses a
> survivability threshold. It is unarguably clear that although the
> Internet did spectacularly lower transaction costs, it lowered 
> coordination costs more.  thus enabling the greatest economic
> concentration in world history.
> It is precisely this side effect of the global concentration of the
> control of power that must be the foundation of our thinking about
> privacy.  As the ever prescient Phil Agre put it,[7]
> The global integration of the economy is ... commonly held to
> decentralize political power by preventing governments from taking
> actions that can be reversed through cross-border arbitrage.  But 
> political power is becoming centralized in equally important ways:
> the power of national governments is not so much disappearing as
> shifting to a haphazard collection of undemocratic and
> nontransparent global treaty organizations, and the power to
> influence these organizations is likewise concentrating in the 
> ever-fewer global firms.
> to which I might add the observation that governments everywhere
> are deputizing those global firms as outsourced enforcers of
> government edict.
> If the reason I reject the transparent society is that I
> acknowledge my inability to sufficiently police its stronger
> members, then the most important thing I can do is to protect my
> privacy at all costs.  The loss of privacy is irreversible for
> information is never un-revealed.  Privacy is therefore the paragon
> of Hume's conjecture: "It is seldom that liberty of any kind is
> lost all at once."[8] In the face of the snow-balling bigness of
> the institutions of globalized human life, we must reserve privacy
> rights explicitly so that we may misrepresent ourselves to those 
> against whom we have no other defense, against those for whom our
> name is a label on data collected without our consent.
> Consider your own life.  Perhaps there is indeed no one fact about
> you that you wouldn't good-naturedly share with the world if I
> asked you politely, but by the time I got to twenty questions, few
> of you would still think this an amusing parlor game.  The risk to
> you grows as the product of the number of personal facts times the
> number of potential recipients, but it is hard to fabricate an
> example where the benefit grows as fast even if you are a
> Hollywood- friendly politician.  On purely risk management grounds,
> any finite tolerance for risk absolutely caps the amount of 
> information you will want in play.
> This has nothing whatsoever to do with whether you have anything to
> hide.[9]  If for no other reason, we must make it understood that
> just as "...there is nothing sinister in so arranging one's affairs
> as to [minimize] taxes,"[10] neither is there anything sinister in
> so arranging one's affairs as to minimize observability.  Of course
> the technologic tools of privacy can be misused, but tell me what
> is it that is marvelous that can not also be misapplied?
> A wise man of my acquaintance, after a career in Federal law
> enforcement, told me my arguments were typically naive.  He said
> that my (your) choice is not between Big Brother or no Big Brother,
> rather it is between one Big Brother and lots of Little Brothers.
> He suggested that I think carefully before I choose.
> I've thought about that a lot.  I've thought about the comfort of
> being taken care of against the unease of having to be.  I've
> compared the low cost of "one size fits all" to its correspondingly
> low benefit.  I've thought hard about the proposition that the
> price of freedom is the possibility of crime.  I've accepted that
> there is no such thing as righteousness if there is no possibility
> of sin.  I conclude that privacy is worth its price, that near
> absolute privacy is indeed the worst of all social constructs,
> except for all the others.  To this we will shortly return.
> -------------
> [1] Judge Louis Brandeis, OLMSTEAD V. U.S., 277 U.S. 438 (1928)
> [2] Hughes E, "A Cypherpunk's Manifesto," 9 March 1993
> [3] Agre P, "The Architecture of Identity," Seminar on People,
> Computers, and Design, Stanford, 1 May 1998
> [4] Brin D, _The Transparent Society_, Perseus Books, 1998
> [5] Smith A, _The Wealth of Nations_, W. Strahan, 1776
> [6] Coase R, "The Nature of the Firm," Economica, v4 n16 p386-405,
> November 1937
> [7] Agre PE, "The Market and the Net: Personal Boundaries and the
> Future of Market Institutions," Telecommunications Policy Research
> Conference, 6 October 1998
> [8] Hume D, _Essays Moral, Political and Literary_, 1742
> [9] Solove D, _Nothing to Hide_, Yale Univ. Press, 2011
> [10] "Over and over again, the courts have said there is nothing
> sinister in so arranging one's affairs as to keep taxes as low as
> possible.  Everybody does so, rich and poor, and all do right, for
> nobody owes any duty to pay more tax than the law demands.  Taxes
> are enforced exactions, not voluntary contributions.  To demand
> more in the name of morals is mere cant."  -- Judge Learned Hand,
> COMMISSIONER V. NEWMAN, 159 F.2D 848, 850-851 (CA2 1947)
> _______________________________________________ cryptography
> mailing list cryptography at randombit.net 
> http://lists.randombit.net/mailman/listinfo/cryptography
Version: GnuPG v1.4.12 (GNU/Linux)


More information about the cryptography mailing list