I am usually frustrated by discussions of privacy, which usually treat it as an end to itself, or only beneficial to people who have “something to hide.” But in discussions about, say, government surveillance programs, privacy isn’t about hiding things—it’s a check on government power. In pithy terms: you don’t get to decide if you have something to hide. The people invading your privacy do, and their decision can have all sorts of negative consequences for you.
This also explains why invasions of privacy are harmful even if they are secret: secret surveillance still represents unchecked government power, making unaccountable secret decisions. Think of Kafka’s The Trial, not Orwell’s 1984.
See also Predictive policing on policing and privacy (in the form of 4th Amendment searches).
Phillip Rogaway’s The Moral Character of Cryptographic Work is a good argument in favor of the defense of privacy against mass surveillance.
There is a divide in conceptions of privacy between America and Europe, explored in a surprisingly lucid (for a law review) article by Whitman:
He points out that in Europe, privacy is largely about dignity: the right to controlling your own public image and being free from insult or disparagement. This means, for example, that nude models have privacy rights in photographs of them, and may refuse their publication, even if the photographer clearly holds the copyright in the photographs. Similarly, credit reporting agencies exist in Europe in very limited form compared to America, since financial matters are nobody else’s business unless you are bankrupt or in default. Americans, on the other hand, largely conceive of privacy as protection against government interference.
(I can see a connection here between American and European views on copyright, particularly with the European notion of “author’s rights”, which extend beyond mere property rights to an inherent right of authors to control their work. See my review of The Public Domain; see also Copyright and intellectual property.)
Daniel Solove took the privacy-as-liberty argument to perfection:
Solove also wrote a book, Nothing to Hide, but I found it disappointingly oversimplified, with minimal discussion of opposing views or in-depth analysis of the issues.
Richard Posner, “Privacy, Surveillance, and Law”, 75 University of Chicago Law Review 245 (2008). http://chicagounbound.uchicago.edu/cgi/viewcontent.cgi?article=5655&context=uclrevA contrary perspective, making an ultimately unconvincing argument that warrantless surveillance is necessary for effective counterterrorism; I think detecting terrorists from mass Internet taps and surveillance is an intractable classification problem, and that terrorism is an overblown threat.
David C. Gray and Danielle Citron, “The Right to Quantitative Privacy”, 98 Minnesota Law Review 62 (2013). http://ssrn.com/abstract=2228919Proposes a different test for Fourth Amendment violations: instead of asking “how much data did you collect about this specific person?”, ask “could this technology facilitate broad and indiscriminate surveillance if left unchecked?” If so, Fourth Amendment protections should apply, even if you only use the technology in a specific case for something very minor.
Kevin Bankston and Ashkan Soltani, “Tiny Constables and the Cost of Surveillance: Making Cents Out of United States v. Jones”, 124 Yale Law Journal Online 335 (2014). http://www.yalelawjournal.org/forum/tiny-constables-and-the-cost-of-surveillance-making-cents-out-of-united-states-v-jones
An interesting practical approach to the “reasonable expectation of privacy” test. New surveillance technologies should be compared to previous technologies by the cost required to acquire information about suspects, and “if the new tracking technique is an order of magnitude less expensive than the previous technique, the technique violates expectations of privacy and runs afoul of the Fourth Amendment.”
Jack M. Balkin, “Information Fiduciaries and the First Amendment”, 49 UC Davis Law Review 1183 (2016). http://ssrn.com/abstract=2675270
Summarized in an article in The Atlantic. Argues that regulating the use and disclosure of private data by companies usually violates the First Amendment – you can’t prevent companies from saying true things about their customers. Suggests instead making companies “information fiduciaries”: just as your doctor, attorney, or accountant have professional obligations to act in your best interest and keep your information private, Facebook could have an obligation to act as a fiduciary with your data. Congress can regulate the speech of fiduciaries because their interaction with you is not part of public discourse, but an unequal relationship where the fiduciary has great knowledge or expertise you do not.
This would apply both when companies represent themselves as being trustworthy, or even just because of the business they’re in. This would also preempt the third-party doctrine, because we do have a reasonable expectation of privacy in an information fiduciary. To motivate businesses to voluntarily become information fiduciaries, the federal government could preempt state privacy laws for fiduciaries, so becoming a fiduciary negates the need to comply with fifty different conflicting state rules.
Kate Crawford and Jason Schulz, “Big data and due process: Toward a framework to redress predictive privacy harms”, 55 Boston College Law Review 93 (2014). http://lawdigitalcommons.bc.edu/bclr/vol55/iss1/4/
Proposes “a right to procedural data due process” while adorably capitalizing “Big Data”. Points out the mismatch between current privacy law and predictive methods: in the famous Target story, where Target guessed a customer was pregnant based on purchasing patterns, sensitive information can be inferred instead of requested from the user. This connects with Solove’s conception of privacy: companies and governments can make decisions using inferred private data, so consumers and citizens should have a right to examine the data and models justifying the decisions and appeal to have them corrected if necessary. For some decisions (credit checks, job offers, etc.) the consumer has an obvious opportunity to seek redress; for others (ad targeting) there’s no obvious moment when a decision has been made about them, and an agency like the FTC would need to exercise oversight instead.
This right would be very interesting to see applied to typical Silicon Valley startups, which are seat-of-the-pants operations unlikely to want to slow down long enough for proper due process.
Bryce Goodman and Seth Flaxman, “European Union regulations on algorithmic decision-making and a ‘right to explanation’”, ICML 2016. https://arxiv.org/abs/1606.08813
Summarizes the EU General Data Protection Regulation, scheduled to become law in 2018, which adds a “right to explanation”: people profiled by data have a right to “meaningful information about the logic involved.” This doesn’t go so far as to create due process rights, but does suggest challenges for users of machine learning techniques in business: how do you explain the output of a random forest to an arbitrary person, who may have no technical knowledge at all? Can you justify its decisions?