Thursday 8 December 2011

Privacy is not the enemy...

I attended the Oxford Institute event 'Anonymity, Privacy and Open Data' yesterday, notable amongst other things for Professor Ross Anderson's systematic and incredibly powerful destruction of the argument in favour of 'anonymisation' as a protection for privacy. It was a remarkable event, with excellent speakers talking on the most pertinent subjects of the day in terms of data privacy: compelling stuff, and good to see so many interesting people working in the privacy and related fields.

And yet, at one point, one of the audience asked a question about whether a group like this was not too narrow, and that by focussing on privacy we were losing sight of other 'goods' - he was thinking particularly of medical goods, as 'privacy' was seen as threatening the possibility of sharing medical data. I understood his point - and I understood his difficulty, as he was in a room to a great extent full of people interested in privacy (hardly surprising given the title of the event). Privacy advocates are often used to the reverse position - trying to 'shout out' about privacy to a room full of avid data-sharers or supporters of business innovation above all things. A lot of antagonism. A lot of feelings about being 'threatened'. And yet I believe that many of those threatened are missing the point about privacy. Just as Guido Fawkes is wrong to characterise privacy just as a 'euphemism for censorship' (as I've written about before) and Paul McMullan is wrong to suggest that 'privacy is for paedos', the idea that privacy is the 'enemy' of so many things is fundamentally misconceived. To a great extent the opposite is true.

Privacy is not the enemy of free expression - indeed, as Jo Glanville of Index on Censorship has argued, privacy is essential for free expression. Without the protection provided by privacy, people are shackled by the risk that their enemies, those that would censor them, arrest them or worse, can uncover their indentures, find them and do their worst. Without privacy, there is no free expression.

Privacy is not the enemy of 'publicness' - in a similar way, to be truly 'public', people need to be able to protect what is private. They need to be able to have at least some control over what they share, what they put into the public. If they have no privacy, no control at all, how can they know what to share?

Privacy is not the enemy of law enforcement - privacy is sometimes suggested to be a tool for criminals, something behind which they can hide behind. The old argument that 'if you've got nothing to hide, you've got nothing to fear' has been exposed as a fallacy many times - perhaps most notably by Daniel Solove (e.g. here), but there is another side to the argument. Criminals will use whatever tools you present them with. If you provide an internet with privacy and anonymity they'll use that privacy and anonymity - but if you provide an internet without privacy, they'll exploit that lack of privacy. Many scams related to identity theft are based around taking advantage of that lack of privacy. It would perhaps be stretching a point to suggest that privacy is a friend to law enforcement - but it is as much of an enemy to criminals as it is to law enforcement agencies. Properly implemented privacy can protect us from crime.

Privacy is not the enemy of security - in a similar way, terrorists and those behind what's loosely described as cyberwarfare will exploit whatever environment they are provided with. If Western Law enforcement agencies demand that social networks install 'back doors' to allow them to pursue terrorists and criminals, you can be sure that those back doors will be used by their enemies - terrorists, criminals, agents of enemy states and so forth. This last week has seen Privacy International launch their 'Big Brother Inc' database, revealing the extent to which surveillance products developed in the West are being sold to despotic and oppressive regimes. It's systematic, and understandable. Surveillance is a double-edged sword - and privacy is a shield which faces many ways (to stretch a metaphor beyond its limits!). Proper privacy protection works against the 'bad guys' as well as the 'good'. It's a supporter of security, not an enemy.

Privacy is not the enemy of business - though it is the enemy of certain particular business models, just as 'health' is the enemy of the tobacco industry. Ultimately, privacy is a supporter of business, because better privacy increases trust, and trust helps business. Governments need to start to be clear that this is the case - and that by undermining privacy (for example though the oppressive and disproportionate attempts to control copyright infringement) they undermine trust, both in businesses and in themselves as governments. Privacy is certainly a challenge to business - but that's merely reflective of the challenges that all businesses face (and should face) in developing businesses that people want to use and are willing to pay money for.

Privacy is not the enemy of open data - indeed, precisely the opposite. First of all, privacy should make it clear which data should be shared, and how. 'Public' data doesn't infringe privacy - from bus timetables to meteorological records, from public accounts to parliamentary voting records. Personal data is just that - personal - and sharing it should happen with real consent. When is that consent likely to be given? When people trust that their data will be used appropriately. When will they trust? When privacy is generally in place. Better privacy means better data sharing.


All this is without addressing the question of whether (and to what extent) privacy is a fundamental right. I won't get into that here - it's a philosophical question and one of great interest to me, but the arguments in favour of privacy are highly practical as well as philosophical. Privacy shouldn't be the enemy - it should be seen as something positive, something that can assist and support. Privacy builds trust, and trust helps everyone.

4 comments:

  1. Helpful and timely; thanks. In one sense the one word privacy doesnt adequately express the whole set of personal-data issues we're now dealing with (self-determination, choice, value, control) and there's a danger amid all that we dont privacy for its own sake.

    ReplyDelete
  2. Thanks! I agree about the word - but it's the best we've got now, and in a sense I think it has to be a bit hard to pin down. That's its nature, and trying to pin it down too carefully can lose sight of the overall concept.

    ReplyDelete
  3. Well, if you consider the complex environment in which 'privacy' has to operate... dpa lawfulness, tort of confidence, HRA ECHR articles 8 and 10.

    You have helpfully used privacy in the context of an engaging, facilitating mechanism. Refreshing.

    The FOI Dude

    ReplyDelete
  4. Thanks - from my perspective it's important to consider that privacy exists (and arises) first of all from a 'natural' need of people, and that the complex legal things follow from that 'natural right' rather than the other way around. We need to look at what we really want from privacy rather than just the law...

    ReplyDelete