Privacy in Context
eBook - ePub

Privacy in Context

Technology, Policy, and the Integrity of Social Life

Helen Nissenbaum

Share book
  1. 304 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Privacy in Context

Technology, Policy, and the Integrity of Social Life

Helen Nissenbaum

Book details
Book preview
Table of contents
Citations

About This Book

Privacy is one of the most urgent issues associated with information technology and digital media. This book claims that what people really care about when they complain and protest that privacy has been violated is not the act of sharing information itself—most people understand that this is crucial to social life —but the inappropriate, improper sharing of information. Arguing that privacy concerns should not be limited solely to concern about control over personal information, Helen Nissenbaum counters that information ought to be distributed and protected according to norms governing distinct social contexts—whether it be workplace, health care, schools, or among family and friends. She warns that basic distinctions between public and private, informing many current privacy policies, in fact obscure more than they clarify. In truth, contemporary information systems should alarm us only when they function without regard for social norms and values, and thereby weaken the fabric of social life.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Privacy in Context an online PDF/ePUB?
Yes, you can access Privacy in Context by Helen Nissenbaum in PDF and/or ePUB format, as well as other popular books in Law & Science & Technology Law. We have over one million books available in our catalogue for you to explore.

Information

Year
2009
ISBN
9780804772891
Topic
Law
Edition
1

PART I

INFORMATION TECHNOLOGY’S POWER AND THREAT

OVER A CENTURY AGO, SAMUEL WARREN AND LOUIS Brandeis started a conversation in the United States about the need for a comprehensive legal right to privacy. They warned, “Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of the private and domestic life; and numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops’” (1890, 195). Although the discussion they provoked in the legal community was and continues to be important, their warning resounds here not so much for its legal ramifications as for its acute insight into the ways new technologies can so disrupt social life and practices as to threaten moral and political values. In Warren and Brandeis’s day, the disruptive technical advances were in photography, which enabled the capture of people’s images at a distance and without their permission. Combined with efficient printing machinery, this allowed for cheap publication and wide dissemination of these images.
In the past few decades, privacy has been the rallying cry against another family of technologies: computer-based, digital electronic technologies that have hugely magnified the power of human beings over information. We are able, individually and in groups (organizations, institutions, societies), to gather, store, communicate, analyze, play with, and use information in historically unprecedented ways. These novel actions and practices have aroused a range of reactions from wonder to fear, from hope to indignation, and from resignation to outrage, giving rise to predictable and recurring cycles of public controversy. This book offers a way to understand and evaluate this newfound power.
In predictable and recurring cycles, newly introduced systems and practices stimulate public controversy. Amid swirling disagreement and confusion, opposing sides with differing viewpoints jockey for public support and, ultimately, victory in the relevant venues—marketplace, court, media, or legislature. Part I provides readers a snapshot of the technological landscape, a contemporary sample of socio-technical systems that have raised hackles and often served as spurs for public debate.
To help structure what otherwise is a long and bewildering list, I have found it useful to organize relevant technology-based systems and practices into three rough categories organized around key functional characteristics or capacities.1 The first is the capacity to monitor and track: to watch over people, to capture information about them, and to follow them through time and space. There is great variability in such devices and systems, not only in how they are embedded in society and the purposes they serve but also in how they function—for example, whether monitoring and tracking is conducted visually, through the recording of sound and touch, or accumulations of biographical information; whether it occurs for a mere instant or for an extended period of time; whether it is in full view or surreptitious.
A second category, labeled “aggregation and analysis,” covers the general capacity to store and analyze information. When hashed out in detail, this ability extends across a prodigious array of functions, such as the capacity to store massive amounts of information indefinitely; to merge information from diverse sources; and to search, find, retrieve, organize, scrutinize, and analyze information both from diverse sources and those amassed in a single unit. A third general capacity, which I have labeled “dissemination and publication,” includes the highly touted, remarkably effective capacities to distribute information in endlessly varied configurations, engulfing prior forms such as mail, telephone, paper-based publication, and all forms of broadcast media. The dominant and best-known embodiment of these capacities is, of course, the Internet, with the World Wide Web as the most familiar contemporary application.

1 Keeping Track and Watching over Us

THE WORLD IS FILLED WITH DEVICES, SYSTEMS, AND DEVICES embedded in systems that have been designed to notice, watch over, and follow people; to track their actions, take in their attributes, and sometimes simply be aware of their presence. The frequency with which we are monitored and tracked by any given system can vary enormously, from one time only to episodically or continuously, as long as we are in the scope of its sensorium. Although increasingly enabled by technology, monitoring and tracking is not a new addition to the range of human social activities. Nor is it necessarily mediated, as there are countless mundane ways in which people are tracked and monitored: teachers take attendance, parents watch toddlers in a park, and coaches keep track of athletes’ performance. Further, although privacy concerns accompany many contemporary monitoring and tracking practices, this does not necessarily need to be a factor, as when physicians monitor the heart rates of their patients or Olympic judges scrutinize and evaluate athletes’ routines.
Yet with advances in digital media we have witnessed a dramatic rise in technically mediated monitoring, often emerging as a first-round solution to a wide range of social needs and problems. Not only is there an increase in sheer frequency of technology-mediated monitoring and tracking but a resulting shift in its nature—automated, undiscriminating, and accommodating new subjects, monitors, and motives. Following at the heels of these changes, there is growing discomfort, suspicion, and perplexity. In this chapter a variety of devices and systems, currently in play or under consideration, that have surfaced in the general consternation over information technology and its threats to privacy are surveyed.
A word on terminology: the term surveillance is frequently used to cover much of what I discuss in this chapter. The reason I opt for monitoring and tracking instead is that surveillance is usually associated with a set of political assumptions; namely, that monitoring is performed “from above” as subjects of surveillance are monitored by those in authority or more powerful than them for purposes of behavior modification or social control as sought or determined by those conducting the surveillance. Although surveillance studies are an important neighboring field, my initial goal here is to describe a range of technology-based systems and practices (“socio-technical” systems) without simultaneously theorizing about the uses to which they are put.

Direct and Indirect Monitoring and Tracking

In some cases, monitoring is an explicit and intended feature of a system. In one familiar example, video surveillance (commonly called closed-circuit television, or CCTV in the United Kingdom), video-recording cameras are placed in strategic locations such as the workplace, airports, train and subway stations, public streets, squares and parks, shopping malls and stores, parking garages, and schools (Duong 2005).1 The CCTV cameras capture visual images, which may be viewed in real time on closed-circuit monitors, recorded and stored for later viewing, or communicated off-site via electronic networks. Cheaper equipment and advances in performance, combined with social and political drivers such as fear of crime and terror, have resulted in the proliferation of video surveillance to the extent that people going about their daily business in urban settings can expect to have their images monitored and recorded an average of 300 times a day by thirty separate CCTV systems (Rosen 2004). In the United Kingdom, an enthusiastic proponent of these systems, estimates suggest that close to one-fifth of the world’s CCTV cameras are housed there, with more than 4.3 million installed as of 2004 (Frith 2004). Ongoing improvements in this technology offer higher-resolution images (2048 × 1536, or 3 megapixels) (Bodell 2007), more comprehensive coverage through greater range of camera motion and wider-angled lenses, digital encoding and compression techniques to enhance storage, ease of communication, and data processing.2
Other modalities besides the visual serve as the basis for monitoring. Sound recording and wiretapping, with its long and controversial history, continue to make front-page news and to inspire court cases and legislation (Lichtblau and Risen 2005; “Spying on Americans” 2007; Lichtblau 2008). Less salient, although as much a part of the landscape, are computerized tracking systems that integrate motion, touch, light, and heat detection; chemical sensors primarily advanced for monitoring environmental conditions—which add another sensory dimension to the field (Estrin 2007); and systems based on the transmission of radio frequency signals that facilitate point-to-point communication between receivers and embedded transmitters. (The case of radio frequency identification [RFID] is discussed at length below.) In some cases, the trend is toward systems of networked sensors that are so small as to be imperceptible by humans, some even on the nanoscale (Wolfe 2003).
Although many existing and envisaged uses of sensor networks may hold no relevance for privacy, it takes no great leap of imagination to extrapolate from these to ones that do raise questions. One application, already a step beyond the laboratory, involves integrated monitoring systems incorporating a variety of sensing devices installed in homes. The positive potential of these systems in monitoring the elderly living on their own carries with it a worrying potential of intrusive surveillance in all homes. (Technologies advertised for in-home use for the elderly include ADT Security’s QuietCare, SeniorSafe@Home, and iCare Health Monitoring [Larson 2007]; Intel, among other companies, is substantially investing in research in this area [Intel 2007].) Although constructed with benevolent, if paternalistic ends, the potential application to fine-grained multi-modal surveillance with more sinister, less legitimate ends is clear.
Information itself constitutes a modality for monitoring. Aptly captured by Roger Clarke’s term dataveillance (1988), innumerable interactions and transactions can be monitored and tracked through the exchange, extraction, or capture of information. Border crossings; meticulously kept phone records; swipe-card entry points (e.g., subway turnstiles, proximity or “prox” cards ubiquitous at most U.S. college campuses and places of work); airport check-in counters; and purchases made with credit, debit, and frequent shopper cards capture a dynamic record of people’s activities. Because doors, turnstiles, and store checkout registers are already points of restriction, seeping dataveillance has not radically altered how people experience these junctures. The difference is that in the move from lock-and-key and case to magnetic strip, these spaces have become points of information capture and passage; commercial transactions and travel are newly enriched with information.
In many instances, however, monitoring and tracking, particularly the mode we call dataveillance, is not the direct aim but an inadvertent consequence of some other goal for which a given system was originally designed.3 To give a few mundane examples, the convenience of paying with credit cards can provide evidence of a person’s whereabouts; telephone bills primarily intended to extract payment provide information about a person’s conversations; prox cards intended to provide security for student dorms enable tracking of their comings and goings; and fine-grain monitoring of usage patterns that provide utility companies with valuable information about load can also indicate the presence, absence, and general activities of building occupants. 4 Manufacturers of consumer devices advertise “smart,” networked appliances—refrigerators, toasters, and coffee machines—that can communicate with their owners, and presumably with third parties as well.
Mobile telephony is another instance of a system from which a secondary surveillance capacity has emerged. In order to function, cellular phones must connect with nearby communications towers. It followed from this technical imperative that phone companies would be able to comply readily with the 1996 mandate of the U.S. Federal Communications Commission requiring that a caller’s location be determinable to within a radius of 50 to 300 meters for purposes of the “enhanced 9-1-1 emergency call system.” This capacity, in turn, enables tracking of telephones (as long as they are on) and their owners to a fairly accurate degree, which raises a complicated set of issues regarding who ought to be allowed access to this information.5 The urgency of these matters is sure to escalate as new generations of cellular phones come equipped with Global Positioning Systems (GPS), allowing for far more accurate pinpointing of location by GPS service providers, not in an obvious way regulated under the policy rubric governing traditional telecommunications providers.
Although this scenario suggests a classic surveillance relationship in which individual phone subscribers are monitored by powerful, centralized, institutional actors—private and government—mobile telephony has provided a platform for “democratizing” tracking capabilities and, in some instances, even turning the tables. For example, worried parents can subscribe to a service Verizon calls “Chaperone” to keep track of their children’s whereabouts. Further, as an inadvertent consequence of equipping the devices themselves with video and still cameras (“cameraphones”), individuals are equipped to monitor and track one another as well as authorities, offering a glimmer of hope at a more level playing field while fueling the worry that watchful eyes are now inescapable.6

Public Roadways

Public roadways constitute a telling case of the gradual transformation—still under way—of a venue from one in which monitoring and tracking were largely absent to one in which these processes seem increasingly transparent. This state of affairs follows from the incursion of a diverse range of technical devices and systems either designed explicitly for monitoring and tracking or that allow for monitoring and tracking as an indirect consequence of their primary functionalities.
Public roadways have not been entirely free of social control through monitoring, as driving has required operators’ licenses and vehicle ownership has demanded registration with state authorities as well as insurance coverage. Over time, however, incremental changes made and under way imply even closer scrutiny of driving and drivers not only at critical junctures, such as when obtaining and renewing a driver’s license, but continuously as one drives. Roadway and bridge tolls, for example, previously paid in cash, are increasingly extracted via automated credit or debit payments. Toll plazas, equipped with RFID systems, log the passage of registered vehicles and deduct payment from an account, typically replenished via credit card payment, which in turn constitutes a point of tracking.7 Surprised drivers share anecdotes about speeding citations arriving in the mail, based on driving times clocked between plazas A and B, uncertain over the rules, if any, governing information accrued at these toll points.
Other systems that monitor drivers include so-called black boxes. Many people know about black boxes in aircraft, often discussed in the context of air crash investigations, but most of us are unaware of their presence in cars. Originally installed in 1974 to help with the deployment of airbags, these boxes, called event-data recorders or electronic data recorders (EDRs), record general telemetry data such as engine speed, safety belt status, status of brakes during a crash, and acceleration. The precise number of EDRs is not known because while the National Highway Traffic Safety Administration (NHTSA) and the United States Department of Transportation (DOT) ruled in 2006 that automakers must inform consumers that EDRs are installed in vehicles, this ruling applies only to cars manufactured after September 2010 (DOT and NHTSA 2007). While the use of EDR data as evidence in court has been controversial because its accuracy has been questioned, there also has been debate about its admissibility on the grounds that it constitutes an unacceptable invasion of privacy, particularly because drivers are currently not usually informed that EDRs are installed in their automobiles (DOT and NHTSA 2004; Zetter 2005).
The use of GPS navigation systems installed in private vehicles, whose primary function is to direct drivers to their desired destinations, may allow cars and drivers to be tracked, depending on their design. Some systems have allowed police departments to trace stolen vehicles and rental companies to track vehicles and ensure that drivers have complied with company rules (Ramasastry 2005).
On the roads, networked cameras supplement video surveillance systems located in more typical sites, such as public parks and shopping malls. In the United States, cameras are commonly installed at traffic lights to detect and identify red light offenders. In the United Kingdom, automatic number plate recognition (ANPR) systems operating along national roadways, on roadside posts, in police cars, or at gas stations capture and identify number plate images on camera. At least 50 million number plate images per day are centrally processed by the National ANPR Data Center within the Police National Computer in London (Ballard 2006). The ANPR system not only instantly recognizes number plates, enabling interception of targeted vehicles (such as those known to have been involved in a crime), but is capable of tracking the progress of single vehicles along an entire journey by means of date/time stamps and linked GPS data (Evans-Pugh 2006).
Looking into the future, a planning initiative launched under the aegis of the DOT’s Vehicle Infrastructure Integration program aims to harness wireless communication technology to promote safety and efficiency in traffic flow rather than aiding law enforcement. One project proposed by this initiative is the construction of a vehicle safety communication (VSC) system, which could also result in comprehensive monitoring of cars on the roadways. Still in planning, the VSC system would equip every motor vehicle with devices capable of transmitting and receiving data to and from roadside units and to other vehicles equipped with similar devices.8 Vehicles and roadside units would form autonomous, self-organizing, point-tomultipoint, ad hoc, peer-to-peer communications networks able to transmit time- and date-stamped data at a rate of ten messages per second to one another about their respective location, sudden stops or swerves, vehicle speed, and other telemetry data. Drivers (and their cars) could be warned about hazardous road conditions, imminent collisions, upcoming traffic lights, sharp curves, onco...

Table of contents