Welcome to the blog of the Internet Ethics program at the Markkula Center for Applied Ethics, Santa Clara University. Program Director Irina Raicu will be joined by various guests in discussing the ethical issues that arise continuously on the Internet; we hope to host a robust conversation about them, and we look forward to your comments.
The following postings have been filtered by tag privacy. clear filter
Over the last two weeks, Julia Powles, who is a law and technology researcher at the University of Cambridge, has published two interesting pieces on privacy, free speech, and the “right to be forgotten”: “Swamplands of the Internet: Speech and Privacy,” and “How Google Determined Our Right to Be Forgotten” (the latter co-authored by Enrique Chaparro). They are both very much worth reading, especially for folks whose work impacts the privacy rights (or preferences, if you prefer) of people around the world.
And earlier in February, Google’s Advisory Council issued its much-anticipated report on the issue, which seeks to clarify the outlines of the debate surrounding it and offers suggestions for the implementation of “delisting.”
[And if you would like to be added to our mailing list for the lecture series—which has recently hosted panel presentations on ethical hacking, the ethics of online price discrimination, and privacy by design and software engineering ethics—please email firstname.lastname@example.org.]
In the Los Angeles Review of Books, philosopher Evan Selinger takes issue with many of the conclusions (and built-in assumptions) compiled in Dataclysm—a new book by Christian Rudder, who co-founded the dating site OKCupid and now heads the site’s data analytics team. While Selinger’s whole essay is really interesting, I was particularly struck by his comments on big data and privacy.
“My biggest issue with Dataclysm,” Selinger writes,
lies with Rudder’s treatment of surveillance. Early on in the book he writes: ‘If Big Data’s two running stories have been surveillance and money, for the last three years I’ve been working on a third: the human story.’ This claim about pursuing a third path isn’t true. Dataclysm itself is a work of social surveillance.
It’s tempting to think that different types of surveillance can be distinguished from one another in neat and clear ways. If this were the case, we could say that government surveillance only occurs when organizations like the National Security Agency do their job; corporate surveillance is only conducted by companies like Facebook who want to know what we’re doing so that they effectively monetize our data and devise strategies to make us more deeply engaged with their platform; and social surveillance only takes place in peer-to-peer situations, like parents monitoring their children’s phones, romantic partners scrutinizing each other’s social media feeds….
But in reality, surveillance is defined by fluid categories.
While each category of surveillance might include both ethical and unethical practices, the point is that the boundaries separating the categories are porous, and the harms associated with surveillance might seep across all of them.
Increasingly, when corporations like OKCupid or Facebook analyze their users’ data and communications in order to uncover “social facts,” they claim to be acting in the interest of the common good, rather than pursuing self-serving goals. They claim to give us clear windows into our society. The subtitle of Rudder’s book, for example, is “Who We Are (When We Think No One’s Looking).” As Selinger notes,
Rudder portrays the volume of information… as a gift that can reveal the truth of who we really are. … [W]hen people don’t realize they’re lab rats in Rudder’s social experiments, they reveal habits—‘universals,’ he even alleges… ‘Practically as an accident,’ Rudder claims, digital data can now show us how we fight, how we love, how we age, who we are, and how we’re changing.’
Of course, Rudder should contain his claims to the “we” who use OKCupid (a 2013 study by the Pew Research Trust found that 10% of Americans report having used an online dating service). Facebook has a stronger claim to having a user base that reflects all of “us.” But there are other entities that sit on even vaster data troves than Facebook’s, even more representative of U.S. society overall. What if a governmental organization were to decide to pursue the same selfless goals, after carefully ensuring that the data involved would be carefully anonymized and presented only in the aggregate (akin to what Rudder claims to have done)?
In the interest of better “social facts,” of greater insight into our collective mindsets and behaviors, should we encourage (or indeed demand from) the NSA to publish “Who Americans Are (Whey They Think No One’s Watching)”? To be followed, perhaps, by a series of “Who [Insert Various Other Nationalities] Are (When They Think No One’s Watching)”? Think of all the social insights and common good that would come from that!
In all seriousness, as Selinger rightly points out, the surveillance behind such no-notice-no-consent research comes at great cost to society:
Rudder’s violation of the initial contextual integrity [underpinning the collection of OKCupid user data] puts personal data to questionable secondary, social use. The use is questionable because privacy isn’t only about protecting personal information. People also have privacy interests in being able to communicate with others without feeling anxious about being excessively monitored. … [T]he resulting apprehension inhibits speech, stunts personal growth, and possibly even disinclines people from experimenting with politically relevant ideas.
With every book subtitled “Who We Are (When We Think No One’s Looking),” we, the real we, become more weary, more likely to assume that someone’s always looking. And as many members of societies that have lived with excessive surveillance have attested, that’s not a path to achieving the good life.
Whether you’re reading about the latest data-mining class action lawsuit through your Google Glass or relaxing on your front porch waving at your neighbors, you probably know that there’s a big debate in this country about privacy. Some say privacy is important. Some say it’s dead. Some say kids want it, or not. Some say it’s a relatively recent phenomenon whose time, by the way, has passed—a slightly opaque blip in our history as social animals. Others say it’s a human right without which many other rights would be impossible to maintain.
It’s a much-needed discussion—but one in which the tone is often not conducive to persuasion, and therefore progress. If you think concerns about information privacy are overrated and might become an obstacle to the development of useful tools and services, you may hear yourself described as a [Silicon Valley] sociopath or a heartless profiteer. If you believe that privacy is important and deserves protection, you may be called a “privacy hysteric.”
It’s telling that privacy advocates are so often called “hysterics”—a term associated more commonly with women, and with a surfeit of emotion and lack of reason. (Privacy advocates are also called “fundamentalists” or “paranoid”—again implying belief not based in reason.) And even when such terms are not directly deployed, the tone often suggests them. In a 2012 Cato Institute policy analysis titled “A Reasonable Response to the Privacy ‘Crisis,’” for example, Larry Downes writes about the “emotional baggage” invoked by the term “privacy,” and advises, “For those who naturally leap first to legislative solutions, it would be better just to fume, debate, attend conferences, blog, and then calm down before it’s too late.” (Apparently debate, like fuming and attending conferences, is just a harmless way to let off steam—as long as it doesn’t lead to such hysteria as class-action lawsuits or actual attempts at legislation.)
In the year following Edward Snowden’s revelations, the accusations of privacy “hysteria” or “paranoia” seemed to have died down a bit; unfortunately, they might be making a comeback. The summary of a recent GigaOm article, for example, accuses BuzzFeed of “pumping up the hysteria” in its discussion of ad beacons installed—and quickly removed—in New York.
On the other hand, those who oppose privacy-protecting legislation or who argue that other values or rights might trump privacy sometimes find themselves diagnosed, too–if not as sociopaths, then at least as belonging on the “autism spectrum”: disregardful of social norms, unable to empathize with others.
Too often, the terms thrown about by some on both sides in the privacy debate suggest an abdication of the effort to persuade. You can’t reason with hysterics and sociopaths, so there’s no need to try. You just state your truth to those others who think like you do, and who cheer your vehemence.
But even if you’re a privacy advocate, you probably want the benefits derived from collecting and analyzing at least some data sets, under some circumstances; and even if you think concerns about data disclosures are overblown, you still probably don’t disclose everything about yourself to anyone who will listen.
If information is power, privacy is a defensive shell against that power. It is an effort to modulate vulnerability. (The more vulnerable you feel, the more likely you are to understand the value of privacy.) So privacy is an inherent part of all of our lives; the question is how to deploy it best. In light of new technologies that create new privacy challenges, and new methodologies that seek to maximize benefits while minimizing harms (e.g. “differential privacy”), we need to be able to discuss this complicated balancing act —without charged rhetoric making the debate even more difficult.
If you find yourself calling people privacy-related names (or writing headlines or summaries that do that, even when the headlined articles themselves don’t), please rephrase.
Photo by Tom Tolkien, unmodified, used under a Creative Commons license: https://creativecommons.org/licenses/by/2.0/legalcode
This fall, Internet users have had the opportunity to view naked photographs of celebrities (which were obtained without approval, from private iCloud accounts, and then—again without consent—distributed widely). They were also able to watch journalists and an aid worker being beheaded by a member of a terrorist organization that then uploaded the videos of the killings to various social media channels. And they were also invited to watch a woman being rendered unconscious by a punch from a football player who was her fiancé at the time; the video of that incident was obtained from a surveillance camera inside a hotel elevator.
These cases have been accompanied by heated debates around the issues of journalism ethics and the responsibilities of social media platforms. Increasingly, though, a question is arising about the responsibility of the Internet users themselves—the consumers of online content. The question is, should they watch?
Many commentators have argued that to watch those videos or look at those pictures is a violation of the privacy of the victims depicted in them; that not watching is a sign of respect; or that the act of watching might cause new harm to the victims or to people associated with them (friends, family members, etc.). Others have argued that watching the beheading videos is necessary “if the depravity of war is to be understood and, hopefully, dealt with,” or that watching the videos of Ray Rice hitting his fiancé will help change people’s attitudes toward domestic violence.
What do you think?
Would it be unethical to watch the videos discussed above? Why?
Would it be unethical to look at the photos discussed above? Why?
Are the three cases addressed above so distinct from each other that one can’t give a single answer about them all? If so, which of them would you watch, or refuse to watch, and why?
Media coverage of the implementation of the European Court decision on de-indexing certain search results has been less pervasive than the initial reporting on the decision itself, back in May. At the time, much of the coverage had framed the issue in terms of clashing pairs: E.U. versus U.S; privacy versus free speech. In The Guardian, an excellent overview of the decision described the “right to be forgotten” as a “cultural shibboleth.”
On the other hand, privacy advocates (again on both sides of the Atlantic) have been arguing that the decision is much narrower in scope than has generally been portrayed and that it does not destroy free speech; that Google is not, in fact, the sole and ultimate arbiter of the determinations involved in the implementation of the decision; and that even prior to the court’s decision Google search results were selective, curated, and influenced by various countries’ laws. Recently, FTC Commissioner Julie Brill urged “thought leaders on both sides of the Atlantic to recognize that, just as we both deeply value freedom of expression, we also have shared values concerning relevance in personal information in the digital age.”
Amid this debate, in late June, Google developed and started to use its own process for complying with the decision. But Google has also convened an advisory council that will take several months to consider evidence (including public input from meetings held in seven European capitals--Madrid, Rome, Paris, Warsaw, Berlin, London, and Brussels), before producing a report that would inform the company’s current efforts. Explaining the creation of the council, the company noted that it is now required to balance “on a case-by-case basis, an individual’s right to be forgotten with the public’s right to information,” and added, “We want to strike this balance right. This obligation is a new and difficult challenge for us, and we’re seeking advice on the principles Google ought to apply…. That’s why we’re convening a council of experts.”
In this context, one bit of evidence makes its own public comment: Since May, according to Google, the company has received more than 120,000 de-indexing requests. Tens of thousands of Europeans have gone through the trouble of submitting a form and the related information necessary to request that a search of their name not include certain results.
But this, too, may speak differently to different audiences. Some will see it as evidence of a vast pent-up need that had had no outlet until now. Others will see it as evidence of the tens of thousands of restrictions and “holes” that will soon open up in the Web.
So—should we worry about the impending “memory holes”?
In a talk entitled “The Internet with a Human Face,” American Web developer Maciej Ceglowski argues that “the Internet somehow contrives to remember too much and too little at the same time.” He adds,
in our elementary schools in America, if we did something particularly heinous, they had a special way of threatening you. They would say: “This is going on your permanent record.”
It was pretty scary. I had never seen a permanent record, but I knew exactly what it must look like. It was bright red, thick, tied with twine. Full of official stamps.
The permanent record would follow you through life, and whenever you changed schools, or looked for a job or moved to a new house, people would see the shameful things you had done in fifth grade.
How wonderful it felt when I first realized the permanent record didn’t exist. They were bluffing! Nothing I did was going to matter! We were free!
And then when I grew up, I helped build it for real.
But while a version the “permanent record” is now real, it is also true that much content on the Internet is already ephemeral. The phenomenon of “link rot,” for example, affects even important legal documents. And U.K. law professor Paul Bernal has argued that we should understand the Internet as “organic, growing and changing all the time,” and that it’s a good thing that this is so. “Having ways to delete information [online] isn’t the enemy of the Internet of the people,” Bernal writes, “much as an enemy of the big players of the Internet.”
Will Google, one of the “big players on the internet,” hear such views, too? It remains to be seen; Google’s “European grand tour,” as another UK law professor has dubbed it, will conclude on November 4th.
Photograph by derekb, unmodified, under a Creative Commons license. https://creativecommons.org/licenses/by-nc/2.0/legalcode
It is a truth universally acknowledged, that the amount and kinds of information that people post on Facebook mean that people don’t care about privacy.
Like many other “truths” universally acknowledged, this one is wrong, in a number of ways.
First, not everybody is on Facebook. So to justify, say, privacy-invasive online behavioral advertising directed at everyone on the Internet by pointing to the practices of a subset of Internet users is wrong.
Second, it’s wrong to generalize about “Facebook users,” too. Many Facebook users take advantage of various privacy settings and use the platform to interact only with friends and family members. So it makes sense for them to post on Facebook the kind of personal, private things that people have always shared with friends and family.
Still—most Facebook users have hundreds of “friends”: some are close; some are not; some are relatives barely known; some are friends who have grown distant over time. Does it make sense to share intimate things with all of them?
There are several answers to that, too. The privacy boundaries that people draw around themselves vary. What may seem deeply intimate and private to one person might not seem that way to someone else—and vice versa. That doesn’t mean that people who post certain things “don’t care about privacy”—it means they would define “private” differently than others would. And even when people do post things that they would consider intimate on Facebook, that doesn’t mean they post everything. Some people like singing in choirs; that doesn’t mean they’d be OK with being spied on while singing in the shower.
Third, we need to acknowledge the effects of the medium itself. Take, say, a Facebook user who has 200 “friends.” Were all those friends to be collected in one room (the close and the distant friends, the old and the recently befriended, the co-workers, the relatives, the friends of friends whose “friend requests” were accepted simply to avoid awkwardness, etc.), and were the user to be given a microphone, he or she might refrain from announcing what he ate for dinner, or reciting a song lyric that ran through her mind, or revealing an illness or a heartbreak, or subjecting the entire audience to a slide show of vacation pictures. But for the Facebook user sitting alone in a room, facing a screen, the audience is at least partially concealed. He or she knows that it’s there—is even hoping for some comments in response to posts—or at least some “likes”… But the mind conjures, at best, a subset of the tens or hundreds of those “friended.” If that. Because there is, too, something about the act of typing a “status update” that echoes, for some of us, the act of writing in a journal. (Maybe a diary with a friendly, ever-shifting companion Greek chorus?) The medium misleads.
So no, people who post on Facebook are not being hypocritical when they say (as most people do) that they care about privacy. (It bears noting that in a recent national survey by the Pew Research Center, 86% of internet users said they had “taken steps online to remove or mask their digital footprints.”)
It’s high time to let the misleading cliché about privacy in the age of Facebook go the way of other much-repeated statements that turned out to be neither true nor universally acknowledged. And it’s certainly time to stop using it as a justification for practices that violate privacy. If you haven’t been invited to join the singer in the shower, stay out.
Consumer and business data is increasingly moving to the "cloud," and people are clamoring for protection of that data. However, as Symantec's President, CEO, and Chairman of the Board Steve Bennett points out in this clip, "maximum privacy" is really anonymity, and some people use anonymity as a shield for illegal and unethical behavior. How should cloud service providers deal with this dilemma? What is their responsibility to their customers, and to society at large? How should good corporate citizens respond when they are asked to cooperate with law enforcement?
Providers of cloud services are all faced with this dilemma; as Ars Technica recently reported, for example, Verizon took action when it discovered child pornography in one of its users' accounts.
"Total interconnectedness," very cheap data storage, and powerful search technologies come together to create a new set of ethical questions. Do we have a right to access and correct the data in our profiles? Do we have a right to be "forgotten" by the Internet? In this brief video, Reputation.com co-founder Owen Tripp asks us to consider the impact of the Internet's long memory on those among us who are most vulnerable. Below, Evan Selinger--Associate Professor in the Department of Philosophy at the Rochester Institute of Technology--responds to Tripp's comments:
"Owen Tripp is moved by the ideas driving the "right to be forgotten" movements. For the reasons he gives, we all should be, too. In the age of big data, the permanent record threat we're confronted with as kids takes on a new and more ominous meaning. Our digital dossiers expand all the time, in both obvious and unclear ways, and through processes that are transparent as well as surreptitious. Now that unprecedented amounts of information are readily available about what we've done and what makes us tick, lamentable incidents and statements can follow us everywhere with the crushing weight of Jacob Marley's chains. With the past always present, time--as Shakespeare's Hamlet exclaimed--is out of joint.
When citizens become open books, it becomes awfully tempting to manage heightened publicity with overly cautious and risk-adverse behavior. With enough fear, we'll lose out on more than opportunity. Our character can be diminished, perhaps timorousness shifting from vice to virtue. As David Hoffman, Director of Security Policy and Global Privacy Officer at Intel Corporation, contends, society thus needs solutions that safeguard a limited "right to fail" without encouraging reckless or anti-social behavior, or the problems that come from historical amnesia or revisionism. At stake is nothing less than securing adequate space for social experimentation, the "breathing room" (to borrow a phrase from privacy scholar Julie Cohen) that enables people to learn and grow.
While the right to be forgotten appears to be gaining traction in Europe, there are numerous challenges ahead, not least because the road from privacy interest to privacy right can be long and winding. In the United States concern has been expressed over how legal enforcement of a robust right for individuals to control personal information could run afoul of First Amendment speech protections and squash innovation by subjecting companies like Google and Facebook to bureaucratic procedures that, practically speaking, are unworkable, and further burdened by the prospect of overly punitive sanctions. Furthermore, as numerous scholars suggest, the notion of so-called "personal information" is hard to pin down in an age of networked citizens where lots of data involves or affects other people, implicating what law professor Sonja West aptly calls the "story of us." Finally, while the market can indeed provide helpful services, we shouldn't lose sight of the fact that when privacy protection is commodified, greater burden is placed on lower income people. Freedom and peace of mind become purchasing power privilege."