I was recently listening to an interview with Ann Cavoukian on Singularity 1 on 1, in which she began by claiming that privacy and freedom are fundamentally aligned. This may have been true historically. But looking forward, I suspect privacy and freedom are actually opposed. I know that may seem counterintuitive, so let me explain.
Second, privacy as an abstract concept is best represented by the image of a wall. Privacy is boundaries, borders, and lines of demarcation that say you can’t look here, listen here, or go here. Privacy tells us what we can’t do. Privacy is in many ways the opposite of freedom. As the tools of surveillance get democratized, one response that we might have is to institute what Ann Cavoukian calls “privacy by design.” This implies embedding privacy controls into the information infrastructure itself. This means presumably, including lots of rules about what individuals are not allowed to do. To me, such a program represents a potential threat to freedom. Because the question one has to ask is, who writes these rules and enforces them? Who therefore reserves the power to evade them? The likely answer to all of these questions is: the large tech companies who build the privacy controls, and the governments that coerce those companies into cooperating. Thus “privacy by design” is the surest way to preserve the status quo. Today we already have a large asymmetry when it comes to surveillance technologies. If we want to further institutionalize this asymmetry, then by all means we should get to work on centralized privacy controls. However if we want a maximally free and equal society, we may need to abandon the idea of privacy controls entirely and push for a “sousveillance” scenario where everyone has equal ability to surveil everyone else.
Let’s make this more concrete with an example. Consider your face. Your face is a dead giveaway as to who you are. You carry it with you everywhere you go. If you are a fan of privacy, you probably don’t want people to know all of the places you go. But if you go anywhere where there are other people, it is quite possible that those people will record your face. Now here’s the question. It’s your face. Do other people have a right to record it, copy it, and share it without your permission? By default, they certainly have that ability. But maybe they shouldn’t. Maybe we all should have special veto power over those who might record our faces. Maybe we all should be able to go into a special preferences window and set “facial privacy” to “on” and thereby automatically scramble any recordings taken of us by other people. Maybe this would be a nice example of “privacy by design.”
But how on earth would one enforce such a scheme? How does another person’s camera recognize the privacy settings you’ve chosen for your own face? We would need the other person’s camera and your face to somehow communicate with each other. Which means we need some kind of unified privacy standard. But that’s not good enough, because what if the other person doesn’t want to adopt that standard? Well then we have to make him adopt that standard. Essentially we’d have to mandate that all devices honor certain privacy features. And as a corollary, we’d have to make it illegal to alter your own device’s factory settings, since we can’t have people using hacks to get around the privacy controls. Protecting privacy rapidly introduces all the same thorny issues that we run into in the intellectual property debates. And at the end of it all, what have we accomplished? Sure, we’ve made it a bit easier for one person to hide his face. But what about the other person’s rights? What about the right to record what you see with your own eyes in an unscrambled fashion? And what about the fact that governments and hackers are just going to breeze right past these controls anyway? We haven’t really protected anyone’s privacy, so much as just made it a bit more bureaucratic and complicated to take a picture of someone else.
Now I’m not saying we necessarily have to completely abandon all privacy. But we do have to realize that protecting privacy is a balancing act. Every privacy control we enact is a new wall we’ve built. And when it comes to the information infrastructure, we should build walls with great care.