CS 291 - Week 9 Presentation

Week 9 Presentation

Carolyn Gratzer

What is privacy? Should we protect it with laws, social conventions, or both? How much privacy is enough? When does the protection of privacy begin to interfere with other peoples' rights to gather information and express it freely? Public discourse on these topics started more than a century ago, yet many questions remain - and new questions evolve every day. Recently, rapid advances in information technology have added a new dimension to the "privacy issue".

Thanks to computers and their networking capabilities, enormous quantities of information can now be stored and transferred quickly and easily, enabling much buildup and sharing of information. Using only information collected "innocently," or at least legally, governments, companies, and organizations can compile a nearly complete dossier of a citizen with very little time or effort. How should this ability change the way we discuss privacy? Do old laws and conventions apply to new technologies, or do we need to formulate a whole new set of regulations? If so, who should direct these procedures, and whose best-interest should be considered first?

Scholars of privacy have answered each of these questions in numerous ways; but to facilitate a clear discussion we must choose between these answers (or combine them) to form a single point of view. For simplicity, let's assume Gavison's definition of privacy as a condition of life rather than a form of control. As Barlow says, any healthy community, including cyberspace, must posses certain qualities: tolerance; treatment of individuals as ends, not means; and respect for the privacy of others. Let's assume the following functions of privacy: fostering autonomy, liberty, mental health and personal development, creativity, and the capacity for relationships, on an individual level, and fostering democracy and a willingness to participate in public life (commerce, religion, and politics) on a societal level. Finally, let's assume that privacy carries some moral value.

Once we establish these definitions, we may ask how technology has changed the nature of privacy. Nissenbaum described a Litmus test of the power balance between individuals and their government. One major change sparked by technology is the disruption of this power balance in favor of the government. As the gathering and sharing of personal information among once-segmented departments becomes easier, each government agency will know more about individuals and thus have more power over them. The same is true in the private sector: companies now have more control over their employees, and direct marketing firms (and other independent organizations) know more about private individuals.

TWO TAKES ON THE POWER IMBALANCE

Barlow provides one take on how to amend this power imbalance. He cautions citizens against giving the government too much power to protect privacy, arguing that this power entails the privilege to restrict information. This privilege, if abused, presents extreme danger to democracy. Instead, Barlow suggests two alternative methods of privacy protection. We should find identities - names and personalities, not just numbers - in cyberspace. In this habitable environment, which mimics a small town atmosphere, people will be less likely to use information about others to their disadvantage. On a more practical note, Barlow suggests encryption of messages. Consistent with his earlier argument, he states that the government should not have access to private keys.

Chaum's answer to the power imbalance is concrete and specific. He suggests the use of pseudonyms, where an individual has a separate, untraceable identity for each organization with which she interacts. In this situation, Chaum outlines the necessary precautions so that both society and the organization would be protected from the individual, and vice versa. He suggests that we restructure the major systems that rely on detailed personal information (such as taxation, credit, and welfare) so that they require fewer specifics. This would necessitate a change in society's expectations of exactly what services these systems provide. Finally, Chaum argues that societal forces, such as policy making, significantly influence the development and adoption of new technologies. If scholars of privacy and cutting-edge scientists work together, we should be able to shape the future of technology into a societally-beneficial form.

THE CORPORATE EMAIL DILEMMA

A current example of technology questioning the definition and enforcement of privacy, corporate email systems raise many privacy-related dilemmas. Because technology tends to move faster than policy, as the number of users, applications, and interconnections, and the overall capability of the system increases, corporate managers fall continually further behind in policy making. Thus a "policy vacuum" evolves.

The email dilemma has two sides: the employers and their employees. From the former perspective, employers own the system. That makes their monitoring of the system not only a necessity, but also a right. However, a great disparity soon develops between the ethical nature of the justifications they give and that of their actual conduct. Employers argue that they must monitor in order to:

prevent personal use and abuse of company resources
prevent and investigate corporate espionage
cooperate with law enforcement in investigations and
resolve technical problems.

An extremely controversial motive for monitoring involves tracking worker performance.

Employees argue that:

the content or mere existence of email messages should inherently be private.

Employees may assume that email is private because of its misguiding appearance and dissimilar precedents. When one logs into her account using a supposedly-secret password, she plays a game of illusions. The fact of privacy in the U.S. Postal Service, the only logical precedent to electronic mail, only adds to the illusion.

POLICY

From a legal perspective, very little policy directly relates to email. The Fourth Amendment of the U.S. Constitution protects only the privacy of public-sector employees. The degree to which state constitutions address email issues varies widely. State common law has done little in this respect.

The Electronic Communications Privacy Act of 1986 (ECPA) comes closest to addressing email privacy. It describes email without legal protection as very vulnerable to privacy violation because it can be intercepted in so many ways. Even so, it is not clear to what extent this act protects employees' email; businesses may exempt themselves from legal problems by claiming the right to monitor accounts to ensure they are used for business only, and by claiming prior consent of employees to have their accounts monitored.

Due to the virtual policy vacuum surrounding corporate email systems (both in government and within individual corporations), employees are left with unclear expectations of:

how much privacy they can reasonably expect and
morally speaking, how much privacy they should have.

In further efforts to define and clarify employees' rights to email privacy, we must ask:

Should email be treated as private communication?
Should corporate email systems be used only for business?
If there is no reasonable expectation of privacy, how can employees accept that fact without losing their incentive to use the system?

These and many other questions will shape the public discussion of privacy now and in the future.

***************************                         **************************
Carolyn Gratzer
A147 Forbes College
Princeton University
Princeton NJ 08544-4000
(609) 258-8723