Arguments Against Privacy and What's Wrong With Them

Philip E. Agre
Department of Information Studies
University of California, Los Angeles
Los Angeles, California 90095-1520

November 1996

11000 words.


For the past couple of years, I have been collecting arguments against privacy. Periodically I have gathered these arguments in a newsletter I edit, The Network Observer, together with rebuttals.

I have been doing this for two reasons. The first, obvious reason is that I want to help people who are working to protect privacy. The second, not-so-obvious reason derives from my personal theory of political debate in the public sphere. The standard theories of the public sphere are basically individualistic; they presuppose that people have opinions and arguments, and they ask about the conditions under which those opinions and arguments get included or excluded in the decision- making processes of society. But this theory does not correspond to my experience, which is that every issue movement -- whether organized by an industry association, an activist organization, a social movement, a political party, or whatever -- needs channels through which it can distribute arguments to its supporters. An issue movement is effective only when these channels exist and operate effectively, reaching the movement's supporters in a timely way with arguments that are likely to sway the people that the movement needs in its coalition.

This fact is usually suppressed because everybody has an interest in maintaining the individualistic myth. Everybody will say something like: "our opponents certainly distribute propaganda to their sheep-like supporters, but our supporters think perfectly well for themselves and don't just need anyone feeding them a predigested party line". Both halves of this opposition, however, are nonsense. Of course people think for themselves. The problem, rather, is cognitive: nobody in the world has infinite rhetorical capacities. Just because someone supports a given position (protecting the environment, increasing the status of women in society, returning to traditional moral values, etc), it doesn't follow that they can spontaneously invent suitable counterarguments to all of the arguments of their opponents.

Everyone, therefore, needs a source of arguments that support their position. When an argument is offered, individuals can determine whether they agree with it or not, and they can just ignore the arguments that don't make sense. Having filed away the arguments that do make sense, they no longer have to be caught flat-footed when one of their opponents says something that sounds false but whose underlying fallacy is not obvious right away.

This collection of responses to bad arguments against privacy, then, exemplifies a method of using the Internet to support democratic values. This method has two parts: first, broadcast a call to the supporters of a position asking for arguments that they have encountered against that position; then, assemble those arguments and suitable responses and broadcast those as well. Lobbyists and other professional advocates have always done this sort of thing. With the Internet, everyone can do it.

I would like to express sincere thanks to the numerous Internet users who submitted arguments for this project. I have used almost all of them, collapsing some variants and omitting a few that seemed too weak to bother with. Some of the arguments originated in public discussions that I have conducted with others on privacy issues, for example in the question periods of talks, and if anybody recognizes themselves in this list, I hope they aren't offended. My point is not that the people who offer these arguments are doing so in bad faith, much less that they would agree with any of the other arguments. I do disagree with these arguments, but in most cases I respect and learn from the people who make them.

Also, note that the arguments that I've put in quotation marks are usually composites and paraphrases, not direct quotations. Someone might suggest that another phrasing of these arguments might be stronger than the ones I've provided. That is indeed possible. If anyone has actual examples in mind, they are most welcome to tell me about them.

Here, then, are the arguments and responses:

"If you have nothing to hide then you should have no concern for your privacy."
The word "hide" presupposes that nobody can have a good motive for wishing to protect information about their lives. This is obviously false. People have a legitimate interest in avoiding disclosure of a wide variety of personal circumstances that are none of anyone's business. If you are raped, will you want the full details published in the newspapers the next day? I don't think so. People also have a broader (though obviously not unbounded) interest in regulating how they are represented in public. If someone doesn't like you, they will dredge up all sorts of facts and portray them in a bad light. If only for this reason, it is reasonable to avoid giving everyone unlimited access to your life.
"Privacy advocates oppose national ID cards, but they don't talk about the benefits of such cards. In a country with a foolproof, unambiguous means of determining identity, nobody has to suffer cases of mistaken identity, for example from arrest warrants issued for people with similar names and dates of birth."
When someone points to a benefit of a privacy-invasive policy, the first question to ask is whether other policies could provide the same benefit. Cases of mistaken identity, including identity theft, could be greatly reduced by cleaning up the information- handling practices of a remarkably small number of organizations, particularly departments of motor vehicles. National ID cards carry definite risks, not the least of which is the proliferation of privacy-invasive technologies that will occur as it becomes easier to identify and track individuals in a wide variety of contexts.
"Privacy must be balanced with many other considerations."
Privacy rights are not absolute. In particular concrete cases, privacy interests will naturally be found to conflict with other interests. For example, I personally have no problem with compulsive sex criminals being sentenced to long-term use of electronic tracking mechanisms. But many arguments against privacy are bad because they weigh down the scales, exaggerating the case aginst privacy rights, and we should be alert for these arguments.
"Attempts to prevent companies from distributing personal information are censorship, and that sort of censorship is no more likely to succeed than any other sort in the new world of the Internet."
If laws regulating the sale of personal information constitute censorship, then so do copyright, trademark, and trade secret laws, to name a few. Selling someone's personal information without their permission is stealing, and decent societies still try their best to outlaw stealing, even when technology makes it difficult. Besides, companies that sell information are unlikely to put that information on the Internet until they feel certain that others cannot take that information without paying for it. Companies that traffic in personal information therefore cannot reasonably complain about being censored, given their need to "censor" others who would grab their own illicit copies of the information.
"We hear a lot of hoopla against companies that place existing databases of personal information on the Internet or publish them on CD-ROM's. But all those companies are doing is making access to information available to everybody, not just to the powerful. This is a force for equality and democracy, and it's ironic to hear supposed civil liberties advocates opposing it."
Civil liberties advocates do not favor a world in which the powerful get illicit access to personal information and the common people do not. They favor a world in which nobody gets illicit access to personal information. If someone takes a previously expensive database of personal information and publishes it on a cheap CD-ROM, an existing harm is multiplied, and that multiplies the argument for getting that data off the market altogether. And if it is politically impractical to force the powerful to cease their misbehavior, that is no argument for allowing the lowly to misbehave in the same way.
"People who collect welfare and other government benefits have no grounds for complaint about fingerprinting and other measures intended to suppress fraud. They need to learn that rights come with responsibilities, and in particular the right to free handouts comes with the responsibility to cooperate with fraud prevention. Surely it's not too much to ask that people should identify themselves before getting free money."
People who are experiencing hard times deserve the same dignity that everyone else enjoys. The whole process of getting welfare has already been designed to be as difficult and demeaning as possible, and it's really not reasonable to kick these people gratuitously while they are down. Of course it is reasonable to identify people who want to receive welfare payments. But the welfare system should be analyzed in the same way as any other organizational system to determine which technology enables people to be identified with the least indignity while reducing fraud and other identification-related problems to reasonably low levels. Objective evidence that fingerprinting significantly reduces fraud is very hard to come by, and we shouldn't let stereotypes of welfare recipients get in the way of rational analysis.
"Privacy prevents the marketplace from functioning efficiently. When a company knows more about you, it can tailor its offerings more specifically to your needs."
This is a non sequitur. Few proposals for privacy protection involve preventing people from voluntarily handing information about themselves to companies with which they wish to do business. The problem arises when information is transferred without the individual's knowledge, and in ways that might well cause upset and alarm if they became known.
"We don't need more laws about privacy. Our operations are already governed by dozens and dozens of laws, each creating its own layer of red tape."
This argument works by shifting attention away from the specific issues of right and wrong to the abstract category of "laws". In most industrial sectors in the United States anyway, it is totally misleading to suggest that privacy is regulated by numerous laws. In most cases it is not regulated by anything beyond the notoriously weak privacy torts. Some industries, such as credit reporting, are government by weak laws that basically legitimize the practices of the largest players while protecting them against competition from smaller firms who do not have the resources necessary to comply with the laws. Indeed, part of the problem is that, whereas most of the industrial world has a coherent and unified system of data protection regulation, the United States has a ragged patchwork of laws, all of which could be repealed or rewritten in a more rational fashion if the United States conformed to the system employed everywhere else.
"The constant insistence on privacy encourages incivility".
This argument is commonly heard from people with an interest in defending bothersome invasions of privacy such as spam, junk phone calls, and the like. These people often encounter irate objections from the individuals they bother, and naturally the least civil of these objections stick in their minds. Thus, when privacy advocates agitate for privacy protection, it sounds to these people like advocacy of incivility, vigilantism, and other bad things. But the argument is a non sequitur. It's like saying that opposition to any other form of obnoxious behavior encourages incivility. People sometimes shoot burglars, but that doesn't make burglary okay. Likewise, even if some people get irate when their privacy is invaded, that doesn't make it okay to invade anyone's privacy. It is equally arguable that what causes incivility is obnoxious behavior that has not yet been outlawed. Lacking formal recourse, someone who has been wronged by an invader of privacy can only choose between complaining and remaining silent. Most, in fact, remain silent, and the illogical nature of the argument is proven when other invaders of privacy turn around and say that this preponderance of silence proves that people don't really mind having their privacy invaded, and that the complaints represent only a small faction of hysterics.
"The closing of voter registration lists, drivers' license records, and the like in the name of privacy is part of a dangerous trend away from our tradition of openness, toward making it more difficult for the public to access public information."
This is an example of a common, insidious PR tactic. The tactic has two steps: classifying an obnoxious practice under a broad, vague, positive-sounding category, then painting opponents of the practice as opponents of that broader category. The category here is "openness": those who oppose the sale of drivers' license records are made into enemies of that broader value. It is like arguing that someone who opposes bullfighting is against sports, or that someone who opposes abortion is against medicine. Those who support a "tradition of openness" should not feel obliged to make common cause with people who abuse it. The purpose of open government is to permit citizens to participate in the processes of a democracy, and to know whether the government is doing what the people want it to do. Reselling voter registration lists and drivers' license records do nothing to promote the effective workings of a democratic government. Reasonable, civic-minded people have a right to be offended when self-interested parties attempt to drain the meaning from a word like "openness", given the significant role that word plays in civic discourse.
"The information is already public because it concerns things that happened in a public place."
This argument is commonly used to suggest that people do not have a privacy interest in information about things they have done in public places, for example their use of public roads and sidewalks. It depends on two fallacies. The first fallacy concerns the word "information". If someone happens to see me walking down Main Street on Sunday, I should not be able to prevent that person from telling others what they have seen. That's "information" in one sense of the term -- someone's personal knowledge about me. But if someone creates a database of information about where various people have been walking, then they have created "information" in a different sense -- data that is stored on a computer. That data may represent something that happened in a public space, but it does not automatically follow that the resulting data should be regarded as "public". If that were really true then anybody at all would have a right of access to such databases -- they would be "public data". Nor does it follow that I -- as a person whose activities are represented in the database -- have no moral interest in that data. The second fallacy is the automatic conclusion that people have no privacy interest in things that happen in a public place. If two people have a whispered conversation on a park bench, having looked around to make sure that nobody is close enough to overhear them by accident, then most people will probably agree that they have a reasonable expectation of privacy, and that it would be wrong to set up a sophisticated recording device to pick up their conversation at a distance, or to install a hidden microphone on the park bench. The question, then, is precisely what privacy interests people do have in activities that occur in public places. Consider the case of a database that records my travels over several months, using data collected from sensors that have been installed along highways in several states. Even if we agree that each individual observation constitutes public information -- we could hardly prevent someone from standing along a roadway and happening to notice me driving along -- it does not follow that it is acceptable behavior to set out deliberately to gather such information systematically, much less to use the information in ways that affect individuals' lives. The word "public" needs to be treated with more respect.
"We are just selling access to information from public sources. If we can gather this information, so can anybody else."
Just because certain information is available from a public source, it doesn't follow that it's right for that information to be available in that way. Nor does it follow that it is okay to further propagate the information in any particular way. Maybe it is right, but that conclusion requires a separate argument beyond simply saying that the information came from a public source.
"The right to privacy is an elitist concept because it provides an excuse for the powerful to keep their secrets while they go ahead and invade the rest of our lives."
If the law protects people unequally, it does not follow that it should not protect anyone. If the elites are invading the rest of our lives, then they should be stopped. Furthermore, even if it is impractical to prevent the elites from invading our lives, it does not follow that the concept of privacy is elitist. The concept might be perfectly egalitarian, even if the structures of society prevent it from being implemented in an egalitarian way.
"If you think you're being persecuted then you're probably just flattering yourself. Big organizations don't really care about you as an individual, just about their own narrow goals."
It is true that some people with privacy concerns are paranoid schizophrenics with delusions of reference -- people who interpret every rustling leaf as a sign of a vast conspiracy aimed specifically at them. But most people with privacy concerns do not understand them in that way. Most of the harm done to personal privacy by big organizations does not depend on them singling anybody out. Quite the contrary, it depends on the organizations' capacity to gather, process, and act on personal information on a mass-manufacturing basis. The danger derives precisely from the organization's focus on its own narrow goals, to the exclusion of the goals, rights, and interests of everyone else. At the same time, big organizations do in fact sometimes persecute individuals. Whistle-blowers, for example, have often been subjected to investigation and smear campaigns. Perhaps the classic case was General Motors' campaign against Ralph Nader, which resulted in one of few civil actions for private surveillance that have led to significant damages in the United States. The United States government, for its part, has run huge, well-documented campaigns of surveillance and sabotage against nonviolent dissidents for most of this century, and there is little reason to believe that it has stopped.
"New technologies will make it possible to protect privacy."
This doesn't sound like an argument against privacy protection on the surface, and often it is not. It is sometimes used that way, however. The context is usually that someone is proposing a new technical arrangement that seems to invade privacy; when you object to the privacy invasion, they will observe that new technologies will make it possible to protect privacy, leaving it unclear whether they actually plan to use those technologies. An analogy would be the use of double-hulled oil tankers. When it was first proposed to open Alaska to oil-drilling, people concerned about the environment objected that a giant oil spill could easily happen as a tanker hits a rock in the complex waters near the Alaskan coast. Not to worry, the lobbyists said, double-hulled oil tankers will make it unlikely that much oil would be spilled in an accident. But no laws were passed requiring that double-hulled tankers be used, and they were in fact used rarely if at all. Never let anybody get away with presenting any technological advance as inevitable -- particularly when it would not be in their interest to use it.
"You're right, we do have privacy problems. People are understandably upset when they assume that they have certain privacy rights and then later find out that they do not. We must communicate with people so that they understand the actual situation in advance."
This is a something that managers often say. On a policy level, the problem is that it pretends that notification of information handling procedures constitutes an adequate privacy policy all by itself. On a rhetorical level, it attempts to redefine the nature of "privacy problems". For most of us, the phrase "privacy problems" refers to invasions of privacy. For people with a manipulative orientation, however, "privacy problems" refers to situations where people object to having their privacy invaded. These people would prefer to make those situations go away by making complaints illegitimate ahead of time. Note the pretense of empathy for the distressing experience of having your privacy violated without having been told ahead of time that your privacy would be violated. What's missing is any empathy for the distressing experience of having your privacy violated period.
"If you ask people in a poll whether they're concerned about privacy then of course they'll say yes. But if people really cared about their privacy then we would see them flocking to debit cards, which are much more similar to cash than credit cards. The fact is that they get a benefit from credit cards, namely the float on their money, and they are evidently willing to surrender some control over their personal information in exchange for that benefit."
This is a fairly sophisticated argument, but it doesn't work. The basic idea is that privacy can be understood as a commodity that is bought and sold in the market. Just as people who want cheese on their hamburger pay more for it, likewise people who want privacy with their business transactions should expect to pay more for it. Some people will object that it is simply immoral to turn rights into commodities. But even if that premise is accepted, the argument only works if privacy markets operate correctly. One can demonstrate that a market in privacy protection exists, but that is not the same as demonstrating that this market does what markets are supposed to do: allocate scarce goods according to the relative values that various people put on them. Markets in privacy protection are in fact quite seriously dysfunctional, not least because in most cases it is just about impossible for any normal consumer to assess the value of a given increment of privacy protection. It is possible in principle that such markets can be made to function halfways correctly, but a substantial burden of proof should be placed on the promoters of such strange market mechanisms to demonstrate how. In the particular case of debit cards, the contrast is greater than just a matter of float. Many people in the United States do not use debit cards because their liability is unlimited when the card is stolen.
"We have to weigh the interests of the individual against the interests of society as a whole."
This is one of those arguments that proceeds by constructing huge abstractions and positing a conflict between them. When framed in such an abstract way, this argument sure does seem to caution us against letting privacy rights get out of control. But when actual specific issues are raised, this sort of argument is most often meaningless or irrelevant. Once the actually available options are rationally assessed, it almost invariably turns out that privacy protection does not have to conflict with much of anything. And when conflicts do occur, they can be weighed and judged on much more concrete grounds, without being reduced to huge abstractions.
"Fear of extensive merger of databases is misplaced because in actually practice it is extremely difficult to merge databases. Two databases that arose in different organizations, or for different purposes, will probably be incompatible in many ways, for example through the different meanings they assign to data fields that sound superficially the same. Organizations that maintain personal data have their hands full just maintaining the accuracy of the databases they have, without trying to create the one gigantic Big Brother hyperdatabase that privacy advocates are always warning us against."
This argument asks us to doubt the power of technical progress. Merging databases is a huge research topic right now, not least because of the significant business opportunities that would arise if the problem were to be solved. Markets have always grown through standardization, and standardization of data is no different -- a hard problem but no harder than a thousand others that have gone before. In many industries, merged databases may arise through industry standard data models, for example the standard categorizations being developed in medicine. If the databases are created in a standardized way in the first place, then merging them will be easy. Also, it is true that companies that own large databases of personal information must invest large sums in maintaining them. But these companies are hardly zero-sum deals. Investment capital flows easily to wherever it can turn the best profit, and if extra profit can be gained by both maintaining existing databases and merging them with other databases, the necessary funds will be available to do both.
"Privacy advocates are crying wolf. We have been hearing these predictions of some kind of privacy disaster scenario for 20+ years and its hasn't happened yet."
This argument gets its force from the stereotype of Big Brother. Our society does not yet resemble George Orwell's dystopia, the argument goes, so the warnings are all hype. Big Brother is a convenient metaphorical handle, but like all metaphors it is only intended to apply in certain aspects. Also, the word "disaster" suggests that nothing really bad is happening unless there occurs some single, well-defined, horrible event by analogy to a nuclear power plant meltdown. But few problems work like this, and it is more accurate to see privacy as being eroded from a thousand directions at a steady pace. Privacy has been very significantly eroded over those 20 years. Privacy advocates have, if anything, underestimated the number and variety of threats to privacy, for the simple reason that privacy advocates are few in number and the threats are much more numerous than those few individuals can keep track of.
"AVI toll-collection systems don't really identify the person who is driving the car, just the car itself. It's not clear what weight that kind of circumstantial evidence would have in court, and if it's no good in court then it's not clear to me what we're supposed to be worrying about."
Note the transition from "it's not clear" to "it's no good", from raising doubt about a problem to asserting that the problem does not exist. Circumstantial evidence carries weight in court all the time. And if you live alone and have no obvious reason to be lending your car, any rational jury will regard your car being spotted somewhere as strong evidence that you were there.
"Attacks on direct mail under the guise of privacy concerns are really attacks on free speech. Mail is a democratic medium, available to all. When newspapers and television stations publicize attacks on mail from the tiny handful of self-styled privacy activists, their real agenda is to suppress competition to their centralized control of communication in our society."
This is an actual argument; I am not making it up. It employs a standard PR move, redefining attacks on unsolicited commercial mail as attacks on mail as such. When attention is focused on the specific category of unsolicited commercial mail, this argument only carries weight in the context of mail that is demonstrated to have political value for a democratic society. That is surely a small proportion of the total. Given the increasingly common practice of mailing negative attack ads to voters on the eve of an election, making it impossible for an opponent to reply, the proportion of defensible mail is even smaller. But forget all that. Nobody is proposing to outlaw unsolicited commercial mail, not least because of the free speech issue. The problem is not unsolicited commercial mail as such; it is the use of personal information to generate commercial mail without the permission of the person targeted. No reasonable person has a problem with direct mail that is solicited by its recipient.
"These issues about computers and privacy aren't really new and aren't really about computers. Everything you can do with a computer could be done before with paper files."
This is false. With paper files, it is literally impossible to perform data mining with terabyte databases. Now, mathematicians recognize various abstract senses of words according to which things are possible even though it would take millions of years to do them. But in normal language, things like data mining are only possible if large organizations can do them in a lifetime. Besides, the argument turns on a more elementary fallacy. Every problem can be portrayed as "not new" if it is characterized in a vague enough way. And problems frequently become qualitatively worse with a large enough quantitative increase in one or more of their contributing factors. This is a simple point.
"Computer technology isn't bringing us into some scary new era that we can't understand. Quite the contrary, it is returning us to the old-time village where everybody knew everybody else's business. That's the normal state of people's lives -- the state that was lost as modern society and technology caused us all to be separated into cubicles. Privacy is thus a distinctly modern obsession, and an unhealthy one too."
Large organizations knowing everybody's business is not the same as "everybody" knowing everybody's business. The village metaphor suggests a degree of equality and reciprocity that does not describe individuals' relationships to the organizations that maintain databases of personal information about them. Now, some people imagine science fiction worlds in which ordinary people know as much about Equifax as Equifax knows about them. I'm not placing my bets on the emergence of such a world. And even if it existed, it would differ from an old-time village in ways too numerous to count.
"The problem isn't privacy per se. The problem is the invention of a fictional "right to privacy" by American courts. This supposed "right", found nowhere in the Constitution, has been running amok, providing the courts with excuses for inventing artificial rights, such as the right to abortion, and interfering in people's lives in other ways, for example by restricting the questions that employers can ask potential employees in interviews. Ironic but true, the real agenda behind this supposed "right to be let alone" is actually a power-grab by which courts extend their control over society. The best guarantee of privacy is freedom -- the freedom of people to negotiate their relationships among themselves by themselves, without government interference."
Starting with the last point, if the efficacy of regulation is understood as an empirical issue and not a matter of dogma, then it is empirically false that lack of regulation causes privacy to be protected. The cases of systematic abuse of privacy in unregulated markets are innumerable. Returning to the first point, it is true that the word "privacy" does not appear in the Constitution. The Constitution was written by people who had never heard of corporations or computers, and so it necessarily takes intellectual work to understand how it should be applied to a world that has been profoundly reorganized through the use of such novelties. Reasonable people can disagree about how this should be done, but simply observing that a given word does not appear in the document is not very helpful. It is not as though the argument is unfamiliar: the Constitution is supposed to be interpreted and applied as a coherent whole, not as a disaggregated series of unrelated phrases, and the First, Fourth, Fifth, and Fourteenth Amendments, among other passages, together aim very clearly at a strong protection for individual autonomy. Such a principle is always found at the center of any liberal theory of society, such as that held by the framers, and the Constitution makes no sense as a normative political theory unless it includes such protections. Of course this principle can conflict in particular cases with other, equally important principles, but weighing such conflicts is what the law is for. If legal decisions are to be made simply by observing which words appear in the text, it would be impossible to achieve rational and consistent outcomes -- much less outcomes that are just and supportive of democratic values.
"It is too costly to implement such elaborate safeguards."
This assertion is usually just false. Even when it is true, the reason is usually that it is difficult to change systems once they have been implemented. The system could most likely have been designed originally with a whole variety of inexpensive but effective privacy safeguards. Privacy concerns are not exactly new, and hardly any systems today were designed before these concerns were first articulated in detail. An organization should not be absolved of its responsibility to protect privacy just because it fell down on that responsibility in the original design of its systems. What is more, any organization whose information systems are so outdated that they do not incorporate privacy safeguards could almost certainly profit from a thorough review and reengineering of its information handling practices. Any number of highly experienced consultants could help them with this, and the benefits would probably go far beyond privacy protection.
"Technology has changed the very ontological category of the person, who is no longer just a flesh-and-blood organism but also a far-flung digital entity as well. In this context, when people's identities are distributed across cyberspace, concepts of privacy don't even make sense any more. In that sense we should accept that we have entered the post-privacy age."
This argument depends on a simple fallacy: just because your identity is "distributed", it doesn't follow that anybody needs to have any access to it outside your control. Note that the fallacy depends on the "space" part of cyberspace. Normally we expect to have little control over objects and events that exist far away from us in space, and so if our identities are distributed across cyberspace, it would seem to follow that parts of our identities are far away from us, and that therefore we can expect to have little control over them. But the premise is false. The whole point of cyberspace is that it collapses distance and makes it possible to maintain relationships with people and information across vast geographic distances in real time. It is technically quite feasible to provide individuals with control over the use of numerous geographically distributed components of their electronic identity. In that way, concepts of privacy make even more sense than they used to, not less.
"I don't care about privacy."
You are not obliged to care about your own privacy. The point is that other people have a right to care about their privacy. Their concerns are legitimate, and it is reasonable for society to make some provision for addressing them.
"Those same technologies that cause privacy concerns also provide positive social benefits."
While true as a simple assertion, interpreted as an argument this statement is a non sequitur. Even if some particular technology produces both benefits and privacy invasions, it is altogether likely that some other technology provides the same benefits while posing less danger to privacy. The rapid emergence of privacy-enhancing technologies will make this even more likely in the future.
"All this talk of Panopticons is ridiculously overblown. We are not living in any sort of totalitarian prison society just because we get too many magazine subscription offers in the mail. Let's be sensible grown-ups and weigh the costs and benefits of the technology, rather than exaggerating with dramatic but misleading metaphors from trendy philosophers."
Magazine subscriptions make people angry because they are invasive and visible. The most serious threats to privacy are the least visible, and sensible grown-ups evaluate arguments based on the strongest case, not the weakest. It may be that some people are misled by the metaphors, but sensible grown-ups understand that metaphors are metaphors, and that only certain of their implications are intended. The pervasiveness of surveillance in industrial societies has been well documented.
"Privacy advocates claim that Caller ID is an invasion of privacy. The other point of view is that nuisance phone call are an invasion of privacy, which Caller ID allows people to take some control over."
Most privacy advocates are not opposed to Caller ID as such. Caller ID, if it is implemented correctly, provides a mechanism by which people can negotiate their privacy. It ought to be easy for callers to decide whether to send their phone numbers, and it ought to be easy for call recipients to decide whether to answer calls for which phone numbers have not been sent. The switch manufacturers who want to sell Caller ID services to marketing firms, however, have fought tooth and nail to make it difficult for callers to choose whether to send their phone numbers with their calls. And this is what privacy advocates objected to.
"Credit reporting agencies provide a service that people want. Indeed, people regularly go to great lengths to cause a record of their credit history to be created in a credit reporting agency's database, precisely because they want to enjoy the benefits of having a credit record."
This is all true but it is not relevant to debates about privacy. Credit reporting serves a useful social function, and it is possible that no other means of serving that function exists now. That's not the issue. The issue is ensuring that consumers are able to know and control what happens to information about them. Among other things, they need effective rights of access and correction (copies of their report that are easy to get, corrections that actually get made); they need effective controls over secondary use of their information (not just obscure opt- outs); and they need an effective means of redress when they are harmed by the spread of false or incomplete information.
"If you look hard enough at who is really agitating about privacy, you start finding a lot of tax resisters, cult members, and other marginal characters with something to hide. It really makes you wonder about the motives of the high-minded people who get quoted in the newspaper issuing Chicken Little predictions about Big Brother."
It is true that some lowlifes have been vocal about protecting their privacy. But in a rational society, things are decided based on whether the arguments work, not on who is making them. And to lump the honest privacy advocates with the lowlifes is the lowest type of smear. The fact is that ordinary citizens, who presumably include only a small percentage of lowlifes, consistently express high levels of privacy concern in polls and levels of outrage when told about real information handling procedures in focus groups, and that they consistently express very high levels of support for specific privacy-protection proposals that have nonetheless been rendered unthinkable by our distorted political system.
"The technology to create electronic healthcare networks is here, but its spread has been slowed by court rulings on the privacy of medical records. This is clearly an area where Congressional action is needed. If the issues are looked upon as providing modern healthcare rather than an invasion of privacy, such an act will probably fly."
This argument calls for privacy issues to be simply ignored. It is more a statement of political strategy than a real argument.
"We provide these access tools for our customers' convenience. When we set up cumbersome barriers between our customers and the information they need, we get complaints."
This argument often arises in situations where organizations make information on their customers available in some public way, for example over the phone, without adequate security. The complaints of people who are made to identify themselves adequately are held out as arguments against adequate privacy protection. But the argument is a non sequitur. Just because some category of people dislikes the mechanisms that are necessary to protect privacy, it does not follow that all other categories of people should have their privacy placed at risk. Your privacy has a higher moral status than my convenience.
"Organized crime poses a more serious threat to society than do government and corporate snooping. Privacy protection disables a key weapon that law enforcement presently uses to keep organized crime under control."
This argument routinely arises in contexts where law enforcement is asking for extremely broad powers that have little rational connection to organized crime, or whose likely application is vastly greater than just organized crime. The argument should not be accepted in its abstract form, but only concretely, in application to specific proposals.
"Epidemiologists need broad access to medical records in order to detect patterns of disease. Without these patterns, the disease might go uncured, even undiagnosed."
Epidemiologists rarely need to know the individuals' identities. For almost all purposes, they can work just fine with anonymized databases. Yes, occasionally epidemiologists do need access to specific identified individuals. But these powers can easily be abused, and they should not be granted in a general way. Individual identities should only be disclosed to epidemiologists on a case-by-case basis when a very high standard of necessity is established and appropriate due process protections are observed.
"When people talk about the need to protect privacy, it usually turns out that they are only talking about individual privacy. But we need to balance individual privacy with organizational privacy."
Organizations do not have privacy rights. The argument that they do always depends, so far as I am aware, on an overly broad application of the legal idea that corporations resemble persons. The ascription of human status to corporations has always been limited. It is useful to distinguish two senses of the word "rights". Human individuals have natural rights. Individuals and other entities also have rights that are created by statute. There exist expedient political and economic reasons for society to recognize other kinds of organizational interests, but these are not matters of natural right. They have a strictly lower moral status than the rights of natural individuals, and their exact scope will vary historically as technological and economic conditions change. It does sometimes happen that individuals' privacy rights conflict in specific cases with the legitimate interests of other entities, and it may sometimes happen that particular privacy rights are outweighed by particular interests of organizations. But this is not because the organizations possess rights that outweigh those of individuals, but because the existence of certain organizational interests serves certain societal values that happen, in particular cases, to outweigh certain personal privacy rights. These conflicts are real, but they can be discussed rationally without being misrepresented as a clash of conflicting privacy rights.
"Most people are privacy pragmatists who can be trusted to make intelligent trade-offs between functionality and privacy."
This argument, a favorite of public relations counselors, employs a common PR technique: burying its principal thesis as a hidden premise of an outwardly commonsensical proposition. The fact is, the emerging technologies of privacy protection based on strong cryptography, temporary identifiers, and the like can frequently ensure that functionality does not trade off against privacy in any important way. The problem, of course, is that most people don't know this. If they are told they can have functionality or privacy but not both then they will engage in an exercise of weighing them against one another. Moreover, the scales of this weighing process can easily be tipped by drawing attention to cases where the functionality in question is particularly needed by children or poor people or emergency medical patients etc. The outcome of such exercises is virtually preordained -- some privacy protections, but none that affect the interests of the largest and most organized privacy invaders in any material way. The "trust" business tries to shift the issue from lack of information to lack of intelligence, as if privacy activists were paternalistically trying to prevent people from making their own choices. Usually, in fact, the issue at hand concerns a proposed or actual system in which people are technologically prevented from making the choice they probably most want: functionality and privacy together.
"Our lives will inevitably become visible to others, so the real issue is mutual visibility, achieving a balance of power by enabling us to watch the people who are watching us."
If the institutions that watch us are so powerful that we cannot possibly stop them from watching us, why in the world should we be able to do something considerably harder, namely forcing them to submit to surveillance by us? The underlying problem, in my opinion, is a quasi-millenarian vision of computer technology in which computers are a kind of global mirror, passively and accurately reflecting more and more of reality in their stored representations; it follows that any incompleteness of these representations is simply a temporary glitch that progress will surely overcome. Such proposals never come with any credible political strategy for actually achieving this reciprocity of surveillance, and I think their proponents tacitly believe that power relations between people will automatically be swept away by the inherent logic of the technology.
"Once you really analyze it, the concept of privacy is so nebulous that it provides no useful guidance for action."
Many people have observed that the term "privacy" has been used to name a wide variety of interests and concerns which are hard to subsume under any single definition. It seems to me that many institutions would find it convenient if all discussion of privacy issues were to grind to a halt at that point, unable to proceed for lack of clarity, and that they sometimes even encourage this muddled outcome by good-naturedly pointing at one conceptual difficulty after another. This smoke-spreading tactic should be recognized for what it is. When any particular privacy issue arises, or when any particular technological proposal or desired technical functionality is presented, it is usually easy enough to indicate the places where average intuition detects a privacy concern once the potential for concern is point out. It can take real work to conceptualize these concerns in a way that provides a useful basis for action, but doing so does not require that we define privacy-as-such-in-general. The difficulty of general definition, after all, is not limited to the concept of privacy; it is shared by most abstract concepts of any importance -- for example, truth, property, rights, tradition, and so on.
"People want these systems, as indicated by the percentage of them who sign up for them once they become available."
This argument turns on an important ambiguity in words such as "want". In the case of automatic toll collection, we can imagine two scenarios. In the first scenario, a proposal for automatic toll collection is put before the citizenry at an early stage, before any decisions have been made about highway services should be funded, with experts and lay citizens given space and time to present arguments pro and con. In the second scenario, decisions are made quietly, with minimal public awareness and input, after which systems are implemented and presented to the public as faits accomplis, and individuals are presented with the decision of whether to sign up for them or not. In each scenario, people have been asked whether they "want" a particular proposition, but it's probably not surprising that the answers they give in each case are often radically different. To my knowledge in every case when the first scenario has been enacted, people have answered unambiguously that they do not want automated toll collection. But when faced with the second scenario, people with busy lives and virtually no prospect of changing the rules of the game will simply make an economic decision from among the options that are practically available to them. The result will then be reported as "what people want", thereby feeding another round of fatalism and cynicism about pervasive surveillance and regulation of people's lives.
"Concern for privacy is anti-social and obstructs the building of a democratic society."
I have rarely heard this argument in the United States, but it is a common argument in social democratic countries such as Norway and Sweden. In such countries most people feel a relatively strong identification with the state. They have highly effective data protection laws, they presuppose a high degree of social consensus about the values that should guide government policies, and they feel that the government is under the effective control of the citizens through the mediation of coherent, well-organized political parties. In such countries I think it actually is somewhat reasonable to regard excessive concern for privacy as anti-social. But only somewhat. Even in a highly functional social democracy, it is still wrong to stigmatize concern for personal privacy except in cases where good evidence exists of organized conspiracies such as tax evasion. Moreover, concern for the smooth functioning of the state, even a state with strong civil liberties protections, is no reason to gather more information on people's lives than is necessary for the delimited ends toward which a given policy is directed. New technology greatly reduces the amount of information that must be gathered to collect taxes, distribute social welfare benefits, regulate traffic, and perform other legitimate state functions, and any state that wishes to regard itself as responsible and modern should be actively shifting its procedures toward these minimally invasive methods as fast as it reasonably can.
"Privacy regulation is just one more category of government interference in the market, which after all is much better at weighing individuals' relative preferences for privacy and everything else than bureaucratic rules could ever be."
Although we should certainly pay attention if anybody can prove empirically that the market actually does function to protect privacy in accord with people's actual wishes, nonetheless when taken in the abstract this argument involves several fallacies. First of all, "government regulation" and "the market" are not mutually exclusive categories. Only hard-core libertarians deny that it is one purpose of government to define and enforce property rights, and one large category of proposed privacy policies involves the creation of property rights in personal information. I happen to think that these proposals would be both impracticable and ineffectual, but they are nonetheless serious proposals that count as both "regulation" and "market". It has become common to imagine the government as something that swoops down out of nowhere and interferes with an already functioning market, but this picture bears no relationship to either the historical or legal reality of the market. Even if it did, the argument that the market will weigh preferences for privacy presupposes that the market is "perfect" in the sense defined in neoclassical economics -- so that, among other things, each individual knows, and can weigh, the full consequences of every transaction. But this is rarely true, and it is a million miles from being true in the case of the personal information that large commercial organizations capture in their dealings with individual customers. Most people do not understand the consequences of participating in the creation of transaction- generated information. In particular it is extremely difficult for individual consumers to place a value on the surrender of this information, because the consequences are generally opaque, mediated through far-away computer databases whose connections to subsequent sales calls and other involuntary costs are actively hidden. Many privacy policies are aimed precisely at forcing the market back toward "perfection" by supplying consumers with the information they need to make rational economic decisions about whether and when to surrender information about themselves. But these measures, too, are "government regulation". A further fallacy involves the broad categories of externalities that lead to path-dependencies in markets. Infrastructures tend to be highly path-dependent, since once they are created and lots of uncoordinated economic actors make commitments to them, they are very hard to change. And so an information infrastructure -- Internet payment systems, for example -- that does not protect privacy might well get entrenched in the market before any large number of actual or potential customers becomes fully aware of the privacy issues that are at stake. It does not automatically follow that government regulation should steer the direction of these systems, but it does follow that the unfettered market is not leading to privacy protection.
"There's no privacy in public."
Many emerging privacy issues involve surveillance of activities that occur in public places such as roads. Some people have the intuition that activities that occur in public places are, by definition, not private. The US Supreme Court, for example, ruled in a case involving police tracking an individual's car that individuals have no reasonable expectation of privacy on public roads. And I have heard a prominent representative of US law enforcement argue that law enforcement should have unrestricted access to records of individuals' road travels maintained by private organizations, on the grounds that road travel occurs in a public place, so that the resulting records are therefore public records! But the law is clearly failing to respond to ordinary people's intuitions about the nature of privacy here. First of all, people very frequently take steps to protect their privacy in public places, for example by conducting their conversations at a safe distance from others, by lowering their voices, by rolling up the windows, and so on. People develop their expectations about privacy in public places, furthermore, against the background of their experience, which includes their experience of the means that reasonable others have to listen or watch. No reasonable person feels that their rights have been violated if someone sees them entering a shop on a certain date, or if someone working in a neighboring location happens to notice them entering that shop every morning, but they do feel a violation if someone has taken unusual measures to record every shop they have entered across a great distance over a month's time. In the past, these kinds of records have only arisen in cases where someone has been laboriously followed, usually by the police acting with some kind of probable cause. New information technologies, though, make it entirely feasible to track large populations on a routine basis, probable cause or no. This is clearly a new situation, or at worst a qualitative magnification of an existing situation, and it should be treated as novel and thought through without the pretense that it is covered by past precedents.
"We favor limited access."
This one isn't even an argument but more of a verbal trick. It has become common for would-be privacy invaders to express "support for limited access" or accuse their opponents of being "opposed to limited access". These lines can be confusing, as well they should be. The trick is to make it sound as though privacy advocates are wacky extremists who want absolutely all data to be sealed off from everyone for all purposes; this is opposed to the reasonable-sounding proposition of "limited access". But the whole question is what "limited" is to mean. Few organized interests actually need literally unlimited access to information; they just need the particular very broad access that serves their own purposes, and they are happy to affirm that other kinds of access (by smaller competitors, for example) might need to be restricted.
"Privacy in these systems has not emerged as a national issue."
One hears this line in the context of automated toll collection as a justification for neglect of privacy issues. It's hard to know exactly what it means, since I have heard it uttered even after privacy has been raised as an issue in numerous large newspapers, analyzed in prominent law reviews, discussed on the Internet, and so forth. What it comes down to in practice, I think, is the assertion that privacy advocates have not mobilized enough of a movement behind automated toll collection privacy issues to force any large organizations to address them in a serious way. This amoral attitude should be recognized for what it is: an abdication of the individual's personal responsibility to reflect on issues of right and wrong, even in situations when nobody has exerted the force necessary to give the issue high prominence in the esoteric circuitry of the policy-formation process. This approach is often rationalized with appeals to professional specialization: we just do technology here; the policy department is down the hall. But of course, nobody over in the policy department gets any points for raising obstacles that nobody is forcing them to raise. The bottom line here is elementary: everyone is obliged to take responsibility for their actions, even when nobody is making them to do so, and this goes double when systematic threats to the very foundation of a free society are plausibly at stake.
"We've lost so much of our privacy anyway."
This line plays upon the dire rhetoric of privacy campaigners and somehow turns it on its head: we've already lost our privacy, so further steps to protect it are futile. I hear this a lot from technical people when I recommend that they employ privacy protections in their newly designed systems. It's important to spread the word about the routine invasions of our privacy, but it's also important to remind everyone of how much privacy we have left to lose. You can still drive pretty much anywhere you like without leaving records behind. You can still pay for most things in cash. Hardly anyone has to report their sexual activities to anyone else -- or whether you eat fattening foods, or who your friends are, or your religion. You don't need an internal passport to travel in most countries, and so you don't have to register your movements. If you live in the United States then you enjoy a fair amount of protection under the legislation such as the Fair Credit Reporting Act and the Electronic Communications Privacy Act. We can lose these things, and we will lose them, unless we ensure that each new generation of technology has the privacy protections it needs.
"Privacy is an obsolete Victorian hang-up."
The basic idea is that we'll soon lose all control over our personal information, and after some hand-wringing we'll just get used to it. Protecting our personal information is equated with prudishness, obsessional modesty, cultural embarrassment, and unliberated secrecy. People who believe such things are, in my experience, invariably either ignorant of or in denial about the realities of social oppression. Let's send them to live in a place where everybody knows everything about you for a while. There's a world of difference about being voluntarily "open", on one's own terms, about one's liberated sexuality and experiencing mandatory invasion and publicity of the less happy details of one's sexual life. The same thing goes for your phone records, where you've been driving, what you ate for dinner, and a great deal else.
"Ideas about privacy are culturally specific and it is thus impossible to define privacy in the law without bias."
This argument is found often in the American legal literature, principally among people whose political commitments would not otherwise dispose them to heights of cultural sensitivity. It is true that certain ideas about privacy are culturally specific -- Oscar Gandy, for example, reports that African-Americans find unsolicited telemarketing calls to be less invasive than do their fellow citizens of European descent. But this sort of argument quickly turns obnoxious as the issues become more serious. Amnesty International is not based on any sort of relativism about torture, and neither should Privacy International be overly impressed by governments claiming that their culture is compatible with the universal tracking of citizens, or that objections to such things represent cultural bias. The argument is especially specious with relation to tort law, the area where it is most commonly made, since tort law arises in large part through the rational reconstruction of the decisions of juries in particular cases. If you throw out concepts of privacy on such grounds then you must also throw out concepts like contract as well.
"We have strong security on our data."
In my experience, this argument is common even among people who regard themselves as privacy activists. It arises through a widespread confusion between privacy and security. Privacy and security are very different things. Informational privacy means that I get to control my personal information. Data security means that someone else in an organization somewhere gets to control my personal information by, among other things, withholding access from those outside the organization. Of course, this organization may have my best interests in mind, and may even seek my approval before doing anything unusual with my information. The problem arises when the organization itself wants to invade my privacy, for example by making secondary uses of information about its transactions with me. Those secondary uses of the data can be as secure as you like, but they are still invasions of my privacy.
"National identity cards protect privacy by improving authentication and data security."
It might indeed be argued that my privacy is not protected if individuals in a society don't have enough of a standardized institutional identity to authenticate themselves when they make claims on organizations (for example, when buying on credit). But the holes in current mechanisms for officially conferring identity can be patched to a major extent without resorting to universal identification cards. State Departments of Motor Vehicles in the United States, for example, need to institute much better policies at one of the notorious weak points in the system, namely the issuance of replacement drivers' licenses. It would accomplish a lot, I think, simply to mail out a letter about the new license to all known addresses of the legitimate license holder.
"Informational privacy can be protected by converting it into a property right."
This one has suddenly become extremely common, as articulated for example by Anne Branscomb in her book "Who Owns Information?". Additionally, many people have begun to spin elaborate scenarios about the future market in personal information, in which I can withhold my personal information unless the price is right. These scenarios might hold some value for certain purposes, but they have little to do with protecting informational privacy. The crucial issue is bargaining power. The organizations that gobble your personal information today have computer systems that, by their very design, profoundly presuppose that the organization will capture information about you and store it under a unique identifier. They mostly capture this information with impunity because you can do little to stop them. If your personal information were suddenly redefined by the law as personal property tomorrow, assuming that the lawyers figured out what this idea even means, then I predict that, the day after tomorrow, every adherence contract (that's legalese for "take it or leave it", the prototype being those preprinted contracts for credit cards and rental cars and mortgages that are covered with fine print that the firm's local representative has no authority to modify or delete) in the affected jurisdiction would suddenly sprout a new clause issuing to the organization an unrestricted license (or some such legal entity) over the use of your personal information. You can refuse, of course, but you'll be in precisely the same position that you are today: take it or leave it. The widespread belief to the contrary reflects a downright magical belief in the efficacy of property rights. Establishing property rights in your personal information might actually be a good idea, but it's not nearly sufficient. What's really needed is machinery that establishes parity of bargaining power between individuals and organizations -- the informational equivalent of unions or cooperatives that can bargain as a unit for better terms with large organizations. That machinery most likely doesn't need property rights to be defined over personal information, but maybe it would make things clearer. That's the only real argument I can find for the idea, and it's not a very strong one.
"We have to balance privacy against industry concerns."
This is probably the weakest of these arguments. It is also probably the most common in administrative hearings at the Federal Communications Commission and the like. It reflects a situation in which a bureaucrat is faced with privacy activists on one side and industry lobbyists on the other side, and so they are forced to construct the notion of a "balance" between the two sides' arguments. The bureaucrats will profess themselves impressed by the economic benefits of the large new industry said to be in the offing. These benefits are often framed in terms of "wealth creation", without much consideration of whether this wealth will be delivered to the people from whom it was extracted. But the arguments just don't compare. Privacy is an individual right, not an abstract social good. Balancing privacy against profit is like balancing the admitted evils of murder against the creation of wealth through the trade in body parts for transplants. It simply does not work that way.
"Privacy paranoids want to turn back the technological clock."
Beware any attempt to identify privacy invasion with technical progress. It is true and important that routine and rapidly expanding privacy invasion is implicit in traditional methods of computer system design, but plenty of technical design methods exist to protect privacy, especially using cryptography. This kind of argument has been used with particular force in the case of Caller Number ID (aka Caller ID, or CNID). It is well known by now that CNID promises a thousand applications at the intersection between the world of telephones and the world of computers. Privacy advocates are upset about CNID because industry keeps promoting rules that make it difficult for people to "block" their lines, thus preventing their phone number from being sent out digitally except when they explicitly ask for it to be sent. Proponents of industry's view have gone to great lengths, though, to define things in terms of "pro-CNID" versus "anti-CNID" camps, and I have found myself that it takes great determination to stay away from this terminology. As soon as any kind of technological debate get defined as "pro-" versus "anti-", whole layers of rhetoric start cutting in: they're Luddites! But it doesn't work that way. Most technologies worth having can be designed to provide inherent privacy protections -- not just data security (see above), but convenient, iron-clad mechanisms for opting out or for participating without having one's information captured and cross-indexed by a universal identifier. I'm not normally inclined to advocate technical fixes, but when it comes to information technology and privacy, I actually do think that they're the only answer that can stick.