Privacy, Redefined

See the new issue of Briefings magazine, available at newsstands and online.

Like most people his age, Alex, a 31-year-old academic, is on social media. He used to think that there wasn’t any way he could protect his privacy on those platforms.

“Throughout college I had always just chalked it up as a lost cause that everything I said on Facebook would be part of the public record,” he says. But then he got involved with a woman who changed his mind. Though Facebook tells users they must go by a name that’s on their passport, license or other official ID, his girlfriend used a pseudonym. Now he does too.

It’s a semi-fake name that somewhat resembles his own and one that his friends recognize. But it won’t turn up in web searches of his true name. (Nor will this article help. For obvious reasons, Alex is a pseudonym.)

In the familiar language of private and public, Alex’s strategy doesn’t make much sense. His posts are still out there, stored in perpetuity, and a determined person could figure out who he is. In the 20th century’s notions of privacy, social networks are public places—people choose to enter them or choose not to. But this isn’t the 20th century anymore.

Privacy in 2017 is a different problem than it was when our familiar concepts of it were formed. In a digital world, the line between public and private has blurred, the amount of personal information we generate has exploded, and our ability to manage it (or even know all of it) has shrunk. And the idea that we can just decide to opt out of services that record us has become absurd. Imagine telling a recruiter you don’t use social media. Or search engines.

Facing a new landscape with notions of privacy that don’t fit, people today are struggling for a new definition of the concept, and new strategies to protect it (like Alex’s, which is somewhere between abstaining from social networks and being as transparent as those networks want him to be). People are looking for a concept that fits an information-based, always-on, completely connected world.

“I realized in my research that everybody was talking about privacy but not using the word privacy,” says Kate Raynes-Goldie, a scholar on Internet studies at Curtin University in Australia, whose PhD research focused on how social-network users manage their privacy concerns.

For a generation, companies have been telling us that life will be easier, and governments have been saying it will be safer, if we trade our information away for convenience and security. Millions of us are used to giving away details—our tastes in culture, our hobbies or even our sexual predilections—that people once held close to their vests. And in exchange we get what we want more quickly and more easily—entertainment, consumer products, news, Tinder dates, Spotify playlists, and search phrases written for us, all honed to please the people who, according to that once-private data, we are.

It’s no surprise that many people claim they’re at peace with this. Last fall, in an article about Smart Reply—a feature in mobile Gmail and the messenger app Allo that scans a user’s messages in order to offer suggested replies—the tech writer Michael Nunez noted, “It’s a little creepy to willingly let Google’s AI read your conversations.” But, he added, “I say it’s completely worth it for the level of convenience that it adds.”

All around, total transparency can feel like the new normal. Online services and social media ask for more and more information—Facebook’s Oculus Rift virtual reality service even reserves the right to collect information about your physical movements using the headsets. Governments have expanded their snooping powers. And ordinary people are getting used to reporting on once-private moments (you rate your driver, your driver rates you) and posting photos of others everywhere. In this world, writes Georgetown Law professor Julie Cohen, privacy—which is depicted as expensive, inefficient and maybe even dangerous—“has an image problem.”

Nonetheless, it’s a mistake to think privacy concerns are going away. Even if people are giving away vast amounts of information about themselves and agreeing to changes in surveillance, most aren’t convinced it is all “totally worth it.” A vast majority of US-based Internet users (86 percent) say they have taken some steps to protect their privacy online, and 61 percent say they would like to do more. Similarly, more than 90 percent of surveyed EU citizens want to be sure they have control over who can access their personal information. Many are troubled but unsure how to name their unease and execute a plan to address it.

When Samuel Warren and Louis Brandeis defined privacy as “the right to be let alone” in a hugely influential 1890 Harvard Law Review article, the authors were worried about “intrusion upon the domestic circle” by new tech, in the form of photographers and reporters for mass-circulation tabloids. Today, 127 years later, new technologies have greatly eroded the distinction between public and private spaces.

In 1890, Brandeis could go out and buy a book from a clerk who didn’t know who he was, and no one would know that he’d bought it. Today, ­someone’s interest in the book is practically impossible to keep private, beginning with any online search the buyer may have made that leaves a search-engine trail. A record of buying it online with a credit card is stored in a database, of course, but going to the store and using cash can’t even shield the buyer. If he or she uses a map app, or simply has a smartphone turned on, the buyer’s location is recorded multiple times. Even if the phone is off, this person can be tracked in many ways. For example, in many parts of the United States, he or she is quite likely to pass an automated license-plate reader (a common device whose data, used by law enforcement all over the country, is often sold by brokers to any interested buyer).

The problem isn’t just that we give more data to others than ever before. It is also that the organizations that store and analyze data have powerful tools to generate new information out of the data they have on hand. For example, in a study published in the Proceedings of the National Academy of Sciences in 2013, three researchers used data from 50,000 Facebook volunteers to construct an algorithm that could infer key facts about them just by analyzing their “likes.” The program could tell sexual orientation correctly 88 percent of the time, race, 95 percent, and political preferences, 85 percent. Also, in 2015, four MIT researchers analyzed credit-card data generated by more than a million people over three months and showed that with very little information—specifically, the dates and locations of four purchases per person—they could identify almost all the individuals in the database.

Not surprisingly, with all these privacy losses, there has been an ongoing effort for almost two decades in law, tech and public policy to find new ways to think about the concept.

In her research on how people navigate privacy concerns on a social network, Raynes-Goldie found that users don’t focus on the details of what pieces of information firms have and how they use them. Rather, what counts is people’s control over how others perceive them. For example, as Facebook expanded from a service for college students into a worldwide forum, users had to confront the problem of “context collapse.” When everyone is on the social network, that photo of your wild Friday night is seen not only by friends but also by your mother, your boss and anyone else. Fake names have been one response to context collapse. A more common one, Raynes-Goldie says, has simply been to pretend you’re perfect. “We are all performing our best selves on social media now,” she says.

Context collapse is a problem not because people want their posts and photos to be kept to themselves, or the small “domestic circle” of Warren and Brandeis’ day. After all, for those who post photos on a social network, “likes” and viral circulation are the prize.

When people want control over their information, it isn’t the information itself that matters. It’s the effect that information has on how they are perceived. Much 20th-century thinking about the issue has centered on what Raynes-Goldie calls “institutional privacy”—what organizations have which pieces of information. But what concerns ordinary people, she says, is “social privacy”—in other words, the ability to present oneself differently to different types of audience members, such as the mom at the school bake sale, the boss at the office and the hula-hoop champ at the high school reunion. “What people care most about is not simply restricting the flow of information but ensuring that it flows appropriately,” says Helen Nissenbaum, a professor at New York University School of Law and a leading theorist of 21st-century privacy.

Of course, there is another way of looking at the whole issue—namely, that privacy hasn’t always been part of the human experience. For most of humanity’s time on Earth, people lived in small bands and villages, did almost everything together, and knew each other’s every move. ­Perhaps privacy—essentially the notion that it’s good and right to not be completely observable by everyone—is just a thought that has had its time. “This idea that you used to have absolute privacy before and the Internet has kind of ruined it is not really true,” Raynes-Goldie notes. Still, even pre- historic man could ask friends to keep a secret—and ask them not to reveal it. That’s some control.

(click the image to enlarge)