Building and maintaining an enduring, intimate relationship is a process of privacy regulation.
—Irwin Altman, 2014
What is public?
What is private?
When is our private life exposed?
Is privacy possible in a hyperconnected, interdependent, Internet of things world?
19th Century
Recent inventions...call attention to the next step which must be taken for the protection of the person, and for securing to the individual...the right to be let alone.
—Samuel Warren and Louis D. Brandeis, 1890
At the end of the 19th century, an amazing new device emerged that might be considered the first great invention of the digital age (at least beyond the printing press). This invention pushed its way into public life, and suddenly what was once thought private, transitory, or anonymous could be captured and made public.
What was this miracle of modern invention?
Click
Kodak's first commercial camera. Suddenly, your picture could be taken at almost any time! At any place! Without your permission! "Kodak fiends" created a firestorm [http://myfearlessyear.com/2015/03/16/this-year-in-fear-1890-when-people-were-afraid-of-kodak-cameras/] that begat Warren and Brandeis' seminal article about the right to privacy.
Technological innovation intersecting with (and some would say diminishing) the right to privacy had begun.
20th Century
Privacy is the right of individuals to control, edit, manage, and delete information about themselves, and to decide when, how, and to what extent information is communicated to others.
—Alan Westin, 1967
In the late 1960s Alan Westin penned the first computer-age treatise on the conflict between privacy and surveillance in the information age. "Privacy and Freedom" was spurred by the rise of mainframe computing, and the growing use of government and financial databases to make far-reaching observations and decisions about individuals (trends that foretold the rise of big data).
According to Weston, privacy is far more than "the right to be let alone," rather it is an important societal imperative that enables preservation of autonomy, self-evaluation, and protected communications. His belief that individuals should understand which systems collect data about them and have choice and control over their data would later be echoed in the U.S. Department of Health, Education and Welfare's report on Records, Computers and the Rights of Citizens. This report in turn begat a set of Fair Information Practice Principles [http://www.nist.gov/nstic/NSTIC-FIPPs.pdf] that have since been popularly adopted across the world.
In the Internet age, these practices led to the development of privacy policies and practices we are all familiar with that, at least in theory, allow users to think they have the ability to choose how/when/where they connect and provide data to the digital world.
21st Century
People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people—and that social norm [privacy] is just something that has evolved over time.
—Mark Zuckerberg, 2010
Twenty-plus years into the cyber age, we are rapidly transforming into a world where connectedness is the default. Just as we got used to Kodak cameras everywhere, we are growing accustomed to how phones, cars, home appliances, location sensors, biometrics, and other devices enable our everyday lives. Shopping, eating, driving, playing, learning, voting, exercising, receiving medical treatment, sleeping...you name it, it is, or can be, recorded and monitored.
A connected life provides wonderful opportunities for personalized experiences, medical advances, public safety, and more, but there are risks to living in an omniscient world.
As with all IT systems, we need to be concerned about and strive to make the connected world as secure and resilient as possible. After all, the health and welfare of citizens and the world rely on them.
But where does that leave privacy?
What does privacy look like in a hyper-connected world?
How do we define it?
What are the essential aspects of privacy that we need to protect?
Perhaps we first need to understand that the purpose of privacy is not about keeping secrets, or hiding something, or really even about being "let alone." These are merely actions one takes.
Instead, go back to Irwin Altman's quote at the beginning of this piece: "Building and maintaining an enduring, intimate relationship is a process of privacy regulation." His work on privacy regulation theory posits that privacy serves three functions:
- Management of social interaction
- Establishment of plans and strategies for interacting with others
- Development and maintenance of self-identity
Think of how those three functions factor into human growth — one of the main things we in higher education care about. Privacy serves to:
- Promote individuality and respect for individuals (and their differences)
- Provide the ability to grow and change over time
- Enable autonomy and control over self
- Ultimately, diminish the need to explain or justify oneself
Now think about how this plays out in society, particularly a democratic one based on individual and civil liberties. Privacy is imperative in order to have freedom of expression, thought and speech, association, and social and political activities. Consequently, privacy, at some level, limits authority, which is a key component of citizen-led government.
Self vs. Connected Data
Certainly, there is a good deal of truth to Mark Zuckerberg's belief that privacy is evolving. We have the means and tools to share more than ever…and we are doing so; and that sharing shapes our interactions with others and the development and maintenance of our self-identity.
On top of self-sharing, in a ubiquitously connected world, more data about us is collected, shared, analyzed, and acted upon than ever before. In 1977, the U. S. Privacy Study Commission warned that "[i]n American society today records mediate relationships between individuals and organizations and thus affect an individual more easily, more broadly, and often more unfairly...in an information-dependent society."
We have never been more information dependent or interconnected than right now. While the rewards of living in such a world are rich, we need to be mindful that with the treasures come tradeoffs, and privacy should not be simply traded away.
So, is privacy possible in a hyper-connected, interdependent, Internet of Things world?
Are we defined by who we are or by the data the connected world knows about us?
I advocate for the former, with a belief that to preserve "who we are," it is important that privacy continues to be part of our evolution in the connected world.
Sol Bermann (CIPP) is the University of Michigan privacy officer. He previously was director of international privacy for Walmart, and before that was chief privacy officer for the state of Ohio. He also served as associate director of an academic center at the Ohio State University Moritz College of Law and taught as adjunct faculty at OSU. Bermann is co-chair of the EDUCAUSE Higher Education Chief Privacy Officer Working Group and a member of HEISC. He holds a BA from Beloit College, an MA from the University of Virginia, and a JD from the Ohio State University Moritz College of Law.
© 2015 Sol Bermann. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.