I’ve been thinking about the nature of privacy a lot lately.

I’ve long been associated with issues of preserving privacy. I helped with anti-Clipper Chip activism in the early 90s and supported various efforts to free cryptography such as PGP and other tools built with RSAREF from export control. However, my efforts in these areas wasn’t really focused on privacy – instead my focus was on issues of trust.

I’ve always tried to be precise here. For instance, one of the uses of the SSL encryption software that I designed and sold at Consensus Development was to preserve privacy; however, I never sold it with privacy as a feature. Instead I clearly stated that SSL offered “message integrity”, “confidentiality” and “authentication”. Part of the reason that I never used the word privacy with SSL was that I felt that the concept of privacy was too overloaded – or possibly orthogonal to issues of cryptographic security. Promising privacy was promising too much.

More recently issues of privacy have been coming up in my study of social software. It got started with my post about privacy issues in Orkut and a general insecurity and discomfort with information made available in various social networking services. Later I wrote about handcrafting my FOAF which required me to re-think how and what information I wished to reveal about myself. More recently I was stung by Zero Degrees which still disturbs me greatly.

All of this has stewed in my head until I arrived at the Computers, Freedom and Privacy Conference this week here in Berkeley, where I met many of my friends and colleagues in the cryptographic security business, as well as advocates on issues of privacy in organizations such as EFF and EPIC. My thoughts have now gelled sufficiently to make some observations about privacy.

When people speak about privacy, they may actually be talking about very different forms of privacy: defensive privacy, human-rights privacy, personal privacy, and contextual privacy.

Defensive privacy is the first form: it’s about protecting information about myself that makes me vulnerable or makes me feel at risk. This type of information can include things like my social security number, my credit report, or non-financial things such as my medical records or my home address. For some of my female friends this includes things like their photographs and email addresses. All of this information can be misused by other individuals or organizations in one way or another to mess up my life – and in fact defensive privacy is usually centered around protecting this critical information from those singular individuals or organizations, be they con men, stalkers, or the Mafia. Most of the current privacy issues on the Internet seem to fall into this category. This form of privacy has also not fared well in the US courts – for instance, in 1974 the Supreme Court decided that your bank records belong to the bank, to do with as they see fit.

Closely intersecting defensive privacy is the category of human-rights privacy. When you are speaking with a European about privacy, this often is the type of privacy they are speaking of. This comes from their history: the Netherlands in the 1930s had a very comprehensive administrative census and registration of their own population, and this information was captured by the Nazis within the first three days of occupation. Thus Dutch Jews had the highest death rate (73 percent) of Jews residing in any occupied western European country – far higher than the death rate among the Jewish population of Belgium (40 percent) and France (25 percent). Even the death rate in Germany was less then the Netherlands because the Jews there had avoided registration. (source: The Dark Side of Numbers). Human-rights privacy differs from defensive privacy in that it is about how governments can abuse information, rather then individuals abusing information. I used to feel safe about human-rights privacy in the US, that there was no way that what happened in Europe could happen here, but now I have lost such confidence because of Bush and Ashcroft.

The third kind of privacy, personal privacy, is more unique to the United States. It is what Supreme Court Justice Brandeis in 1890 called “the right to be left alone”. This form of privacy is often what the more Libertarian-oriented founders of the Internet mean when they talk about privacy. Personal privacy covers things like the “do not call registry”, the various rights to do as we please in our own houses – such as view pornography or play S&M games with our partners – and the general right to not be interrupted or interfered with unnecessarily at home. This form of privacy has more basis in US law; the concept is based on an interpretation of the First, Fourth, and Fifth amendments of the US Constitution, but is not explicitly defined there. However, this form of privacy is guaranteed by the State of California Constitution which assures residents that they may pursue and obtain safety, happiness, and privacy.

Finally, contextual privacy is what Danah Boyd calls the ickiness factor in her blog, and also in her post at Many-To-Many:

Ickiness is the guttural reaction that makes you cringe, scrunch your nose or gasp “ick” simply because there’s something slightly off, something disconcerting, something not socially right about an interaction.

This category is very difficult to define, and is easily confused with other forms of privacy, but I believe it has more to do with an inappropriate level of intimacy. An example of this is when I discovered that my professional colleagues on Orkut could see that I was in a committed relationship, and in turn I could see that some of them were in open marriages. I don’t think there is very much harm that can come from this information being revealed, however, it was “icky” because it was an inappropriate level of intimacy for a professional context.

All four of these forms of privacy can intersect – for instance, Orkut allows you to reveal your sexual orientation, which could be used secretly by an employer to discriminate against you (defensive privacy), or by a future Ashcroftian government to violate your civil rights (human-rights privacy), might lead you to being bothered at home because of people who either agree with or disagree with your orientation (personal privacy), and often is inappropriate for casual professional acquaintances to be told about (contextual privacy).

I don’t think any of this answers the question of how to solve problems of privacy, but I do believe that it can help when you are discussing privacy to be sure that you try to convey and understand each others’ ideas of what privacy means.


Your exploration of types of privacy has been posted on the Linking Integrity Blog.

Carolyn L Burke 2004-05-23T09:03:03-07:00

I came across this post looking for an information taxonomy in general and a taxonomy of identity in particular. I’d like to know if you have any thoughts on the subject - or your readers. As a beginning: Civil identity information Social identity information Role identity information Biometric identity information Transaction identity information Thanks!

ebhdoc 2006-06-01T10:20:36-07:00

Life With Alacrity

© Christopher Allen