7.25.1 Privacy and why the Net changes things

A couple of hundred years ago, if we wanted to have a private conversation with someone, we could walk out into the middle of a field with them, have a look around to see there was no one near, and securely chat away in private. Things have changed a bit since then. We've had the telegraph, the telephone, satellites, wiretapping, James Bond-type audio bugs and video cameras that let us track, hear and see everything the bad guys are plotting and doing; radio and television and Oprah Winfrey broadcasting intimate details of people's personal lives; and the computer and the internet, among other things.

Technology will not necessarily discriminate and it will also let the bad guys monitor the good guys. So, is privacy good or bad? It is very hard to say, because ‘good’ and ‘bad’ are value judgments. ‘Privacy’ is almost as hard to define as ‘good’ and ‘bad’. In his first book, Code and Other Laws of Cyberspace, Lessig talks about privacy as the power to control what others can come to know about us.

Justice Brandeis, in a famous US Supreme Court case Olmstead v US (1928), said privacy is ‘the right to be left alone – the most comprehensive of rights, and the right most valued by a free people.’

On the surface it might seem to be inherently ‘good’ that we should be able to control what others can come to know about us. The notion of privacy as a right or something good is contested, however. There is a long tradition of prohibiting links between certain people. For example, a Catholic priest is not allowed to get married. Would it be alright, therefore, for a priest to get married and keep that information private or secret? Is it OK for people with deviant behavioural tendencies (e.g. criminals) to get together in private and control what others (e.g. the police) can come to know about them? Would it be easier if no one had any privacy, so that the people with something to hide, like criminals, would be exposed and easier to deal with?

What constitutes privacy is itself a value judgement, and whether it is good is also a value judgement and depends on the context. You have to decide for yourself whether it is a value that is important to you.

Why does the Net change things?

Monitoring, recording, processing power, computers, the internet and very powerful database filtering tools make it possible to find out all sorts of things about people. It is relatively difficult to search and correlate paper data. The power of computers to do ‘clever’ things with data is phenomenal, and the internet allows data to be searched remotely and merged with data from other databases. Credit card companies have a huge amount of information about people on their databases – what we buy, where, when and what we eat, our choice of entertainment and holidays. They can use this to predict what we might be likely to spend money on in the future. For example, the online retailer Amazon provides personalised ‘instant recommendations’ based on the items you have previously purchased from them.

There are no easy jurisdictional or centralised constraints because the data flows don't recognise jurisdictional borders. Data can be collected, processed and used on a scale not previously imagined. What's more, it is cheap to do it and getting cheaper.

As mentioned earlier in Section 7.3, Chapter 2 of the Regulation of Investigatory Powers Act 2000 (RIPA), in the UK, makes it possible for a public authority to obtain details of someone's clickstream (the series of links we click on and web pages we go to when using the internet) without a judicial warrant. This facilitates the observation and (possibly limited) control of someone's behaviour when using the Net. If we know we are being observed we are more careful about what we say and do. Technically the security services need a warrant to read the content of specific communications but there is no such restriction on monitoring the pattern of someone's internet travels – a good picture of someone's activities can be built up by tracking who they are corresponding with and when, how long the messages are, what kind of websites they visit, etc. This is one example of law enabling the use of privacy-invading technologies, albeit with the intention of aiding law enforcement agencies with their work.

So the Net changes things because it fundamentally changes the boundaries of what it is possible to do with surveillance – the scale and the speed at which data can be collected and processed, the intelligence behind that processing and the apparent absence of constraints on all this.

We saw on the previous page that there are incentives for businesses to support the development of architectures of identification. Commerce and government would both like to see architectures of identification at the code layer. Such a code layer potentially makes privacy invasion easier. It seems that there are careful policy choices to be made about changes to internet architecture to accommodate business while weighing up the implications for personal privacy.

7.25 The implications for privacy of changes in architecture

7.26 Privacy suits: DoubleClick and Toysmart