Interestingly, the integration of the European countries and the creation of the European Union have underscored the clear establishment of privacy as legal claim. The European Union Data Directive resulted from the need to carry forward certain legal rights even as the legal and economic arrangement among the European governments was undergoing a substantial transformation. The effort in Europe to extend legal frameworks for privacy protection has encouraged similar efforts in East Asia, North America, and Latin America. That privacy protection remains a central concern for governments on the eve of the twenty-first century is a significant indication of the importance of this fundamental human right.
Fair Information Practices
Privacy principles are often articulated as "Fair Information Practices." Fair Information Practices set out the rights of those who provide their own personally identifiable information and the responsibilities of those who collect this information. Although there is not fixed agreement on what specific principles constitute Fair Information Practices, there is general agreement about the types of principles that are likely to be included in a set of Fair Information Practices. These include the right of an individual to limit the collection and use of personal information, to obtain access to the information when it is collected, to inspect it and to correct it if necessary, transparency, and to have some means of accountability or enforcement to ensure that the practices will be enforced. The responsibilities of data collectors include the obligation o maintain security of the information, to ensure that the data is accurate, complete and reliable so that inappropriate determinations about an individual are not made. Some commentators have recently proposed that Fair Information Practices also include such principles as the right to anonymity and minimization of data collection.
Fair Information Practices provide the basic structure of most privacy laws and polices found around the world. They can be seen in such general agreements as the OECD Privacy Guidelines of 1980 as well as more detailed legal code as the Subscriber Privacy provision contained in the US Cable Act of 1984. Current efforts to establish privacy protection for the Internet typically focus on the application of Fair Information Practices to Internet-based transactions.
What We Know About Threats to Privacy
The threats to privacy came from multiple sources. They can be broadly classified as technologic threats, threats from actions of government, and threats from the private sector and commercial services.
Corporations threaten privacy in a variety of means. In the workplace, corporations seek to exert greater control over workers through a variety of monitoring and surveillance practices. Such practices include the monitoring of telephone calls and computer use, the video surveillance of change rooms and bathrooms, drug testing, and polygraphs.
- Technology Threatens Privacy
In the modern era, technology has long been viewed as the source of many privacy concerns. But the relationship between technology and surveillance is not a simple one. Technology takes on certain forms and may lead to the adoption of new systems for surveillance by a process that might almost be understood as a dialectic between the purposeful creation of particular system for surveillance, the subsequent development of a means for surveillance not previously considered, and then the resulting creation of a new purposeful system for surveillance. It would be tempting to view this process as almost autonomous, but human accountability should not be ignored in any system of surveillance.
Among the key characteristics of technology in the surveillance realm are amplification, routininazation, and sublimation. Amplification refers to the ability of technology to extend the ability to gather information and intrude into private life. Examples of amplification are linked directly to the sensory abilities. A zoom lens on a camera allows a reporter to see further and record events that might not otherwise be observed. A listening device permits a police agent to intercept and overhear a private communication. New techniques for the detection of heat behind walls make it possible for police to determine whether grow lamps are in use inside a home, possibly indicating the presence of marijuana.
Techniques for amplification invariably also capture information even beyond that the may be justified by the initial inquiry. A papparazzi's lens turned on a celebrity may capture a private or personal moment. A listening device installed by a police officer to monitor the activities of criminals may also record the conversations of innocents. The device to detect heat behind walls may detect two people making love upstairs as well as the marijuana grow lamps located downstairs
There is considerable debate about whether it is appropriate to regulate techniques of amplification. While it is true that some of these methods intrude into private life, it is also clearly the case that such technologies have beneficial applications. Regulating the technique rather than the activity inevitably raises the danger of criminalizing behavior that might otherwise be considered permissible. Thus one of the first lessons of legislating to protect privacy is the need to focus on the underlying activity and not the technology itself.
Routinization is the process of making intrusion into private life an ongoing process Here technology is used to establish a pattern or practice of surveillance. Again it is possible to conceive of both appropriate an inappropriate forms of routinized surveillance. A camera turned of a bank cashier's desk is probably an appropriate use of surveillance technology as it provides protection to both the bank and the customer in the case of a robbery or simple dispute. However, a camera placed in the changing room of a department store would be more problematic. While it could be argued that the purpose of the camera is to deter shoplifting and lessen the unnecessary costs to the merchants, customers are likely to find a camera in a changing room is simply too intrusive.
Techniques for routinization are increasingly joined with methods for recording so that a camera trained on a street corner now routinely records all activities that are viewed and a phone line for a service representative routinely records all conversations with customers. We are still in the early stages of incorporating new techniques in the realm of routinized surveillance, but it should be anticipated that the next stage in theses systems will be the adoption of methods for processing information so that it would be possible for the camera in a airport to view the facial profiles of passengers in a terminal, compare these images with a massive database of facial profiles, and determine in virtually real-time the actual identity of individuals in the terminal.
Sublimation is the means by which a technique for privacy invasion becomes increasingly difficult to detect. Hidden cameras, listening devices and similar data gathering techniques are particularly problematic because there is little opportunity for the data subject to escape detection and frequently little opportunity in the political realm to challenge the desirability of such techniques. Illegal wire surveillance by law enforcement agencies is a long-standing privacy concern in part because it is so difficult to detect, to assess, and to challenge. One legislative approach that has been adopted to address this problem
While technology is not required for an invasion of privacy, the ability of techniques to amplify, routinize and sublimate surveillance has traditionally raised some of the greatest privacy concerns.
- Governments Threaten Privacy
Many of the most serious threats to privacy come from government. In the most extreme form, when a government arrests and imprisons a person it has denied the individual the dignity of privacy almost absolutely. Government can also diminish privacy through schemes for compelled identification, drug testing, physical searches of one's home or person, database profiling, genetic testing, and polygraph examinations to name just a few.
Government threats to privacy are particularly problematic because once established, citizens have little choice but to comply. There are no alternatives to a requirement for national identity, or drug testing as a condition for public employment.
Those actions by government that have provoked the most outrage oftentimes involve proposals for national identity, census enumeration, and recently proposals to regulate the use of privacy enhancing techniques such as encryption.
Transparency, which is a laudable goal for the functioning of democratic society, takes on a different meaning in the context of government surveillance. Governments often seek a "transparent citizenry," a populis whose actions are readily identifiable and easily monitored.
- Corporations Threaten Privacy
More generally, corporations threaten privacy in the marketplace through the extraction of commercial value from consumers in their personally identified transactions. It is no longer sufficient for customers to offer payment for goods and services. They must now also provide personal details that can then be used by companies for subsequent purposes. Some requests are necessary and appropriate for a particular transaction. For example, a person who wishes an item to be shipped to his or her home should expect to provide a home mailing address. In many more data collections are unrelated to a particular purpose.
This process of extracting commercial value in the marketplace might be called the "commodification of identity." Efforts to limit this process focus on either regulatory restrictions on the collection of information or technical means to promote commercial transactions that do not require the disclosure of personally identifiable information.
In summary, the danger with corporation is the emergent of the "transparent worker" or the "transparent consumer," individuals who because of their economic relations with private corporations are compelled to disclose aspects of their personal lives they might otherwise choose to keep private. Transparency in this relation, as in the relation with government in the context of surveillance, is one-sided. It is not the transparency of a window, but that of a one-way mirror.
What We Do Not Know
While the right of privacy and the threats to privacy are fairy well understood, there is much we do not know.
The limitations of law have renewed the focus on technical methods to protect privacy. But it remains unclear whether technology to provide a comprehensive solution. It is necessary in the first instance to distinguish between genuine technical means to protect privacy and those technical means that in fact promote collection of personally identifiable information. Privacy Enhancing Technologies (PET) are generally understood as those that limit or eliminate the collection of personally identifiable information. Such methods include techniques for anonymous and pseudo-anonymous payment, communication, and web access. By limiting the collection of personal information, these approaches enable transactions avoid the creation of personal information. By analogy to the environmental context, this would be much like the design of an engine that generated no pollutants
- Whether the Internet will provide greater privacy or less
It remains an open question at this point whether the Internet will see a significant increase or decrease in privacy. There is certainly a strong case that the Internet will usher a new era of massive, routinized surveillance. It is possible with the current protocols for Internet communication to record virtually every activity of an Internet user, the information he receives, the people he communicates with, his preferences and his predilections. Such extensive data collection is far more instrusive than was possible in the previous era of broadcast communication or in typical commercial relations. In the broadcast era, recipients of information were largely anonymous. In typical commercial relations, information is typically obtained only once a purchase occurs.
There are also strong commercial incentives on the Internet to reduce privacy. Many of the current business models are based on concept of "personalization" and "one-to-one marketing" that require far more knowledge about individual preferences and buying habits than was previously available in a mass market commercial environment. Many web sites today offer to "personalize" their display for users or ask extensive questions about a users interest before any commercial relationship has been established.
The technical methods of Internet come together with the personalization marketing goals in the implementation of such protocols as "cookies," which allow the tracking of users across various web sites and the targeting of commercial advertising. Elaborate "ad servers" crate customized advertising on a web site for a particular user based on what is known about the user from other web sites he or she has visited. These techniques threaten to make real that what is viewed on a computer screen in one's home could be known to almost anyone around the world.
Still, it can not be ignored that the Internet provides a platform for new forms of communication and interaction that can literally builds in privacy safeguards. The use of encryption techniques in browser software, for example, permits the transfer of credit card numbers and other personally identifiable information in a secure manner. Anonymous payment techniques would allow commerce without the disclosure of personally identifiable information. Anonymous remailers make possible the sending of messages without requiring the disclosure of the sender's identity.
Whether these new techniques for privacy will get the upper hand in the on-line world remains to be seen. There are government objections to these techniques as well as strong commercial incentives to minimize anonymous activity. But for the first time it is possible to conceive of a technological environment that properly designed could provide new levels of privacy protection
- Whether legal safeguards will survive globalization
One of the great challenges to privacy protection is only partially technical in nature. The growth of the Internet has coincided with the increased globalization of world trade, the rise of the European Union, the diminished ability of central banks to control currency markets, and even the question of whether individual nation states can effectively exercise their sovereign authority.
In this environment, it has become a commonplace to simply assert that national governments will be unable to exercise any legal control over the Internet and also that current law is unlikely to have much of an impact in this digital world. But this view is wrong in at least two respects. First, governments do in fact exercise a great deal of control regardless of what the "cyber-intelligentsia" claim. Internet disputes are resolved in real courts and computer criminals are thrown in real jails. Second, as the Internet has become more commercial and more mainstream, the reliance on traditional legal institutions has increased not diminished. There are no formal methods for adjudication in cyberspace and thus governments and private parties have turned naturally to traditional means for dispute resolution and the prosecution of harmful acts.
Third, and perhaps most significantly, governments have found that where there are interests that should be protected, collective action can be taken at the supra-national level to protect these interests. Thus, for example, national governments particularly the United States, have moved aggressively to establish international agreement to protect copyright in the digital environment. The World Intellectual Property Organization, the World Trade Organization, the Berne Convention all reflect the ability of national governments to act collectively to protect interests that may be impaired by the emergence of digital networks or the increase in global trade.
In many respects, privacy protection anticipates the problem of protection across national borders. Indeed, the OECD Privacy Guidelines were a direct response to questions about privacy and transborder dataflows. Further, the Data Directive of the European Union is a clear attempt to harmonize protection across national borders. While it is not clear if national legal norms will survive this process of globalization, it is clear that a good foundation has already been put in place.
- Whether law is a sufficient instrument to protect privacy
For much of the history of privacy law, the relationship between law and technology was understood as a simple equation: technology creates the risk to privacy, it is the role of law to protect privacy against this incursion of technology. Thus privacy law has been established to control the use of personal information collected by means of computerized databases, private conversations overhead though telephone networks.
Although it has sometimes been said that technology outpaces the law, raising the question of whether law can operate effectively in a technological environment, it should be noted that legal standards based on fair information practices, rather than the regulation of particular technique, have actually withstood the test of time fairly well. Thus the US Privacy Act of 1974 is still operational a quarter of a century later and he OECD Guidelines of 1980 continue to exert enormous influence on the shaping of privacy practices almost two decades after their adoption. Thus the current discussion regarding concerning the OECD Guidelines is not about updating or revising the principles, but rather applying the principles in the new information environment.
Still, given the opportunity that the Internet provides for new technical solutions for privacy protections, it is worth considering how such methods might be developed and adopted.
- Whether new technology can protect privacy
Privacy Extracting Techniques (~PET) typically create a technological framework that facilitates the disclosure of personal information, often without any assurance of protection or legal safeguards. These techniques which are often confused with true PETs are put forward by commercial firms and others as a "technical solution" to privacy when in fact they are designed to make it easier to obtain personal data.
Whether new technology can protect privacy will thus depend on several factors, including the progress in the development of these techniques, their acceptance by consumers and others, and the ability to discern actual methods for privacy protection from those that are likely to further erode privacy protection.
What We Are Asked to Consider
A variety of arguments are put forward about how to address these new privacy challenges. Here I summarize the main characteristics of these claims.
Citizen groups argue that our primary concern should be to extend fundamental legal norms to the new digital world.
- Private sector
The private sector argues that market systems and new technology provide new opportunities to protect privacy that do not require regulation or the rule of law. They believe that it is possible to use contract-based interactions to negotiate privacy preferences. These preferences, they believe, will vary from individual to individual and circumstance to circumstance.
Techniques to implement this approach include P3P, the Platform for Privacy Preferences. P3P is a technical standard that allows a web client or user to articulate a privacy preference and a web server to specify the level of privacy that will be respected. When a client contact a servers a negotiation takes place between the two rule sets. If the clients privacy preferences will be accommodates by the server, then the session will begin. If the client's privacy preferences will not be accommodated by the server, then the client can decide whether to continue.
There are many problems with the so-called "self-regulatory " approach to privacy protection. Fundamentally the initiatives eliminate any baseline requirement for privacy protection and eviscerate currently establish privacy rights and norms. One of the consequences of the contract approach is to exclude from certain activities individuals who express high or even moderate privacy preferences. Thus the problem of discrimination against those who wish to exercise a privacy right emerges. Privacy laws, which generally recognize a principle of fair or lawful obtaining of personal information, would generally not permit such an open-ended negotiation.
There is also the interesting question of whether negotiating privacy relations is actually efficient as the economic argument presumes. Consider the application of a negotiated privacy protection to the current regime of telephone communication. Such an approach would require individuals to consider at the time of each call how much privacy they desire and then determine whether the recipient of the communication, or for that matter, the communication carrier, will respect the individual's privacy preference. On first pass, a call to a doctor may require a high privacy preference. A conversation with a friend may require a moderate privacy, while a call to a merchant may be only a low privacy need. What if the call to the doctor is only to confirm the time of a previously schedule appointment, while the call to a merchant is to purchase a surprised gift for a family member.
Such a negotiation over privacy preferences in routine telephone communications would certainly introduce new transaction costs. Moreover, it would tend to squeeze out the high level of protection that all telephone users currently enjoy for telephone calls of all purposes.
Serious doubts remain about the Private Sector claim that privacy can be adequately protected by self-regulatory means. Moreover, the self-regulatory approach is likely to result in a substantial reduction in the protection of privacy.
The government often emphasizes the benefits of new technology to protect public safety and to promote efficient administration. One of the most problematic recent debates concerns the use of CCTV. The government argument is that these cameras placed on street corners reduce the incidence of crime by subjecting individuals to ongoing surveillance.
Governments have also proposed means of national identity to promote the efficient administration of services
In the development of these new means for monitoring the activity of citizens, government might acknowledge a privacy concern but are unlikely to allow a privacy to substantially change or preempt the development of such systems. Privacy is sometimes accommodated so as to legitimate a new system for social surveillance.
- Citizen Groups
The Global Internet Liberty Campaign, a coalition of more than 50 NGOS in 20 countries, took action on the question of the citizens right to use cryptography and other technical methods to protect personal privacy when the subect was under consideration by the Organization for Economic Cooperation and Development in 1996.
The matter of government efforts to regulate the use of encryption was already a controversial matter, particularly among users of the Internet. A noted cryptographer Phil Zimmerman faced prosecution in the United States for the alleged distribution of cryptographic techniques, that were then considered by US export regulation to be a munition requiring license. Internet organizations had organized campaigns against the prosecution of Zimmerman and the restrictions on the use of encryption. These campaigns invariably emphasized the excesses of government control in this area.
But it was the GILC that first clearly articulated the basis for this claim as a matter of international legal norms. The organization issued a Resolution in Support of the Freedom to Use Cryptography in Paris that stated at the outset that "the use of cryptography implicates human rights and matters of personal liberty that affect individuals around the world," and further that "the privacy of communication is explicitly protected by Article 12 of the Universal Declaration of Human Rights, Article 17 of the International Covenant on Civil and Political Rights, and national law."
On the basis of these norms, the GILC urged the Organization for Economic Cooperation and Development base its cryptography policies "on the fundamental right of citizens to engage in private communication
The Cryptography Guidelines of the OECD included a principle on Protection of Privacy and Personal Data that stated "The fundamental rights of individual to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and the implementation and use of cryptographic methods."
What Should Guide Our Actions
Faced with theses new challenges to privacy, and these competing views of how best to protect privacy, how should we proceed? If we were primarily concerned with the economic benefits of our actions, we might ask which course would provide the most short-term commercial gain. But as our focus is principles of human rights and the realization of the citizen in the Information Society as full participant with meaningful claims in the political world, we should take a different approach.
First, we should accept the premise that law has a fundamental role in the protection of human rights and democratic institutions. While is an imperfect instrument, it also establishes the principle that all people in all countries of the world, regardless of wealth or social status, are entitled to certain essential freedoms and one of these freedoms is the protection of private life. Law not only imbues citizens with the rights that are necessary for self-governance it also provides the legitimacy that allow others to rely on a legal system for redress.
Second, we should not adopt a view of technology that it is autonomous or stands apart from the actions of specific individuals or institutions. As Thomas Edison said, "What man creates with his hand, he should control with his head." We should call for accountability for those who develop systems of surveillance while at the same exercising our own responsibility to engage the political process to seek technical methods that advance the aims of privacy protection.
In the end, we must side with the interests of the citizen. Neither governments nor corporations are in much need of political assistance these days. Both can take care of their interests with great efficiency. But citizens and citizen organization must continue to engage the political process if the rights of the individual are to be preserved in the online world.
What We Should Do
We have learned in recent years that privacy is more than a subject for debate among academics. It is a matter of personal concern that has often resulted in direct political action. Citizens in Australia have taken to the streets to protest a national identity card. In Germany, the population objected to a national census. In the United States, users of the Internet expressed their opposition to efforts by the government to limit the availability of strong techniques to protect personal privacy. Currently, the members of the Global Internet Liberty Campaign are organizing in more than thirty countries to end the treatment of encryption as a munition so that it could be more widely available to protect the privacy of citizens.
The protection of privacy is increasingly a call for political action
Finally, it important to emphasize the procedural consideration that should guide the development of all law and policy concerning the development of the Information Society and that is the active and meaningful participation of citizens in the decision-making process. Such interests are invariably underrepresented in decisions taken by national and international governing borders.
- Reaffirm support for fundamental legal instruments
There is a tendency in all discussions of cyberspace to imagine that our society has gone directly from the era of the horse-drawn cart to the age of space exploration with hardly a step in between. But of course, the history of communications technology is filled with many stages at which time issues such as technological change, internationalization, the role of law and technical standards are considered
The protection of privacy is one of the issues that has been previously considered in the development of new technology, and it would be wise to recognize and understand the previous efforts to address this issue.
Article 12 of the Universal Declaration of Human Rights, the OECD Guidelines, the UN Convention, and other similar documents are all still relevant to the current effort to preserve privacy in the information society. Indeed, these documents may provide the best, most well informed consideration to date of how best to protect this fundamental human right in light of technological change.
Thus the starting point for an international effort to protect privacy in our new online world should be to reaffirm support for international instruments on privacy protection.
- Assert the applicability of legal norms across national borders
A second effort to be to assert the applicability of legal norms across national borders. Although it may be fashionable to speak about the Internet as a "regulation-free zone," in fact there is plenty of regulation for the Internet, except not enough to protect the privacy of its inhabitants. Users of the Internet have at least as much right to claim a legal right to protect their personality as authors and holders of copyright have to claim a legal right in their artistic works. The creation of the borderless cyberspace has not slowed the call for the adoption of new laws to protect digital works; it should not slow the effort to adopt new safeguards for the digital persona.
The protection of privacy across national borders benefits in particular from the establishment of international legal norms, such as Article 12 of the Universal Declaration of Human Rights, as well as previous efforts to promote the transborder flow of information while respecting the privacy of the individual as was the aim of the OECD Guidelines of 1980.
It would be a grave mistake for UNESCO and the human rights community generally to turn its back on these well established legal norms and leave the protection of privacy to the cold logic of the marketplace and the technical methods that are intended to promote the disclosure of greater amounts of personal data.
- Promote the development of technology to protect privacy
While we should not lessen our efforts to ensure the effective application of privacy rights across national borders, we should also not ignore the possibility that technology may provide some solutions to the protection of privacy. But here we should be careful to distinguish between means that in fact protect privacy and those that merely appear to.
In the first instance, the best form of privacy protection by technological means is that which ensures anonymous transactions. Anonymity is the ideal privacy technology because it avoids the creation and collection of personally identifiable information. Anonymity exists by custom and practice in many contexts today. Travel, communication, commerce, as well as the receipt of information typically occur with a high degree of anonymity, at least to the extent to the actual identify is rarely known for the person on the sidewalk, the fellow at the payphone, the woman who purchases lunch, the reader of a magazine or the viewer of a television program.
Techniques for anonymity should be robust, trust-worthy, and simple to implement in routine commercial transactions. All reasonable efforts should be made to promote the development and adoption of techniques for anonymity and related approaches for the protection of actual identity.
This defense of anonymity is not intended to promote the life of the hermit or to discourage social relations. Quite the opposite. A strong right of anonymity gives individuals the opportunity to freely choose with whom to share aspects of personality and to form bonds of trust. Anonymity is not a description of a static state. It is a rather the starting point for a dynamic, evolving series of social relations that derive their authenticity and value from the opportunity for each individual to choose his or her friends, colleagues, neighbors and lovers.
In the second instance, the next best form of privacy protection by technological means is that which ensures the application and enforcement of Fair Information Practices. For example, techniques that allow individuals to limit the use of data, to gain access to their own data, and to make corrections where appropriate should be encouraged as they seek to establish by technical means those rights and responsibilities that would otherwise be accomplished in law.
The least desirable means to protect privacy by technology are those proposals that encourage individuals to enter into negotiation with the purpose of obtaining consent for the collection and use of personal data. Such techniques have no independent privacy component and simply offer a framework for market-based transaction over privacy claims. Such techniques may be appropriate for the purchase of soap or shoes but they are hardly compatible with the protection of fundamental human rights that are well established in law.
- Encourage citizen participation in decision-making
No group has a greater stake in the protection of privacy than the new inhabitants of cyberspace. Let us enjoy the benefits of the future while preserving the freedoms of our past. That is the promise and the challenge of the Information Society.
Texts published in 'Points of View' may not reflect UNESCO's position.