Time to emerge from my holiday hibernation. And it seems fitting to start off the new year with some reflections, or at least a re-hash of some reflections, on the subject of social, technological, and legal change. The immediate occasion for doing so is a column by Washington Post’s Robert Samuelson on the widespread outrage provoked by revelations of the NSA’s data-collecting activities.
Mr. Samuelson argues that these revelations are commonly “stripped of their social, technological and historical context.” The context in question is the fact that “millions upon millions of Americans have consciously and, probably in most cases, eagerly surrendered much of their privacy by embracing the Internet and social media.” For people who disclose all sorts of information about their lives to strangers and to the social media companies to complain about the government collecting some limited kinds of information about them, subject to legal constraints, is “hypocritical.” Besides, the NSA’s activities are also not nearly as intrusive as past government programmes for spying on citizens: during the Vietnam War, “the CIA investigated 300,000 anti-war critics.” However questionable the need for or effectiveness of specific NSA programmes, Mr. Samuelson adds, “[i]n a digitized world, spying must be digitized.” In short, our views on privacy need to take the context of 2014 into account. Some of you may recall an early post of mine in which I discussed a paper by Chief Judge Alex Kozinski, of the US Court of Appeals for the 9th Circuit, arguing that privacy is pretty much dead, because courts treat as private the things that citizens expect to be private, and if citizens, through their online behaviour, demonstrate that they do not expect any information about them to be private, then the courts will act accordingly. Chief Judge Kozinski was worried by this possibility. Mr. Samuelson does not seem to be. Should we?
Mr. Samuelson is right to insist on context, both historical and social, before getting outraged. It is easy to forget that new technologies often do no more than give a new form to things which existed long before. As I suggested here, “[n]ew technologies seem not so much to create moral issues as to serve as a new canvass on which to apply our old concerns.” And there may well be something hypocritical in failing to care about disclosing all kinds of personal information to companies that (try to) make money out of it, yet being furious at governments using similar information to (try to) prevent terrorist attacks. What the NSA does is arguably not as big a deal as some of the outraged think. Yet that does not fully justify Mr. Samuelson’s unconcern. Both he and Chief Judge Kozinski forget that the end of privacy as we had known it need not, and arguably does not, mean the end of privacy tout court. Old norms about what is and what is not private are breaking down under the pressure of technological change. But that does not mean that new ones do not emerge.
In particular, the norm that seems to be replacing near-categorical prohibitions on using certain sorts of information is one that makes all sorts of personal information fair game subject to the consent of the person concerned. Attempts to prohibit email providers from “reading” the contents of our messages look silly considering the hundreds of millions of people who use Gmail knowing that Google does just that ― but the point is that they know what is going on. Similarly, people accept to share information on Facebook, so long as they know they are sharing it ― but they are unhappy when Facebook tries to expand the visibility of the things they shared without telling them. This example also hints another important norm in the new privacy universe ― one of differentiated, rather than categorical, privacy. The fact that we accept to share information with some people or organizations does not mean that we are willing to share it with others.
Arguably, these norms aren’t exactly new. For instance, we always shared some things with our friends that we kept from our parents, and told parents things we wouldn’t admit to our friends. Even before Facebook, few things were private in the sense of nobody knowing about them. But new technologies make the choices to tell and not to tell more pervasive, more nuanced, and more explicit than they perhaps had to be before. They also make the relativity of privacy more apparent.
The problem with the NSA data collection, as others have said before, is arguably not so much its substance as the lack of consent and awareness of those affected. That, rather than the collection of personal information as such, is what contravenes the key norms of the new privacy paradigm. And to the extent that the outrage about the NSA’s activities caused by this violation, it is not all hypocritical.
I’m not sure there is much of a point to these ramblings. I’m still trying to write my way into the new year.