As a social good, I think privacy is greatly overrated because privacy basically means concealment. People conceal things in order to fool other people about them. They want to appear healthier than they are, smarter, more honest and so forth.
Richard Posner
A doctor, a lawyer and a priest walk into a bar. The bartender looks up and says “What is this, a joke?”
Joking aside, consider the following scenario.
A doctor, a lawyer and a priest walk into a bar. The bartender recognizes the doctor who had performed tests and diagnosed a fatal illness she had unwittingly contracted from her lover. The lawyer is the bartender’s attorney, who is defending her for the murder of her (former) lover, claiming self-defense. That morning, the priest had heard the bartender’s confession, and, while condemning her actions, had offered her absolution.
If you were to ask any scholar of twenty-first century American jurisprudence – by which we mean any regular viewer of the television series Law and Order – this set of facts poses a number of legal issues that might thwart the successful prosecution of the murderer bartender. The police and the district attorney would no doubt want to solicit the cooperation and testimony of the doctor, the lawyer, and the priest to present the case to the jury and to convict the bartender. However, in each instance, there are societal norms and professional restrictions that might prevent each of them from testifying. These prohibitions are, to one degree or another, instances of privacy protections. These cases illustrate privacy unplugged, that is, privacy outside cyberspace.
The bartender went to the doctor voluntarily and submitted to invasive tests, such as x-rays, blood work, or urinalysis. The bartender had the expectation that the doctor would not share the results with anyone outside the medical team. This presumption of confidentiality is a central tenet of medical ethics known as the doctor-patient relationship. Without this privacy policy, a patient might be reluctant to confide in her doctor. The patient could of course choose not to disclose private information to the doctor, but the patient realizes that she benefits from letting the doctor know the full story, thus allowing the doctor more effectively to diagnose and treat her. The bartender profits from this voluntary loss of privacy, albeit with the understanding that the doctor will not reveal the information.
The bartender went to the lawyer voluntarily and revealed the details of her ostensible crime. Again, the bartender had the expectation that the lawyer would not share her confidential information with others, particularly not with the law enforcement community. As was the case with medical ethics, the concept of attorney-client privilege is at the heart of the legal profession. The intent is to encourage the “full and frank” disclosures of clients to their attorneys. The bartender could of course choose to lie to her attorney, but she might then prevent the attorney from giving her his best professional advice. The bartender profits from this voluntary loss of privacy, albeit with the understanding that the lawyer will not reveal the confidential information.
Finally, the bartender went to confess her sin to the priest of her own accord. The bartender once again had the expectation that the priest would respect her privacy and not reveal any confidential information with others, including the police. This presumption of confidentiality is also enshrined in the professional tenet of priest-penitent privilege. In the United States, this principle is often considered implicit in the First Amendment protection for freedom of religion. The bartender was under no compulsion or obligation to confess her sin to the priest. It was a voluntary admission, presumably with the expectation that the priest could then offer her a path to redemption, that might save her soul, if not her life. In any event, the bartender (and her soul) benefits from this voluntary loss of privacy, albeit with the understanding that the priest will not turn her in to the police.
Thus, long before the Internet or databases or Wikileaks, there were long standing norms and legal protections of privileged communication between clients and professionals. In the cases presented here, the bartender (a) voluntarily revealed confidential information, (b) expected to benefit from divulging the information, and (c) expected the professional who received the information not to reveal it to others.
Privacy Plugged In
The issue of privacy protection in the Internet age is not a mere extension of pre-Internet privacy issues. The difference between unplugged pre-Internet privacy and plugged in Internet privacy is akin to Mark Twain’s observation regarding le mot juste:
The difference between the almost right word & the right word is really a large matter–it’s the difference between the lightning bug and the lightning.
– Letter to George Bainton, 10/15/1888
In the past, a person could keep a diary. Today, she may post her daily thoughts and activities to Facebook or Twitter. In the past, a person might unlock her door or open her windows. Today, she may have a web cam in her bedroom. In the Internet age, many of these actions are voluntary, though it is now easier for unscrupulous people to invade the privacy of others, for example by hacking into cell phones, as the News International phone hacking scandal has revealed. Leaving aside such malicious and larcenous invasions of privacy, the Internet has enabled people to share information – arguably, too much information – to millions of faceless strangers.
Following our unplugged analysis, what benefit accrues to the individual by this voluntary disclosure?
We might speculate that posting to Facebook and Twitter has evolved into an accepted standard of behavior. The social networks are now the social norm. However, we are interested in examining cases in which the individual who reveals private information has a more tangible benefit.
Publication of Private Electronic Mail
Years ago, Ralph Goren was the administrator of the Stanford University undergraduate computing facility. As legend has it, he received a considerable volume of daily emails, which he never bothered to read. However, he chose to make his email file world-readable. Thus, he reasoned that if anything important appeared in his email, the conscientious Stanford undergraduates would tell him about it. Goren was willing to sacrifice his privacy in return for saving the time of reading tons of irrelevant emails.
Publication of Private Medical Data
On a Thursday in March of 2010, Jonathan Zittrain, the Harvard Law professor and co-founder of the Berkman Center for Internet University, found himself in the hospital with severe and puzzling symptoms (fevers that came and went, and abnormal blood results). By that Saturday, since his doctors had thus far been unable to get a diagnosis, he availed himself of an option offered by a colleague: post symptoms and associated data to a medical blog, and see if this community of doctors can come up with a diagnosis. The posting did not include Zittrain’s name, but just his initials, JZ. The assumption was that the readers of the blog did not need to know the identity of the actual patient.
There were several results. First, the crowdsourcing effort quickly revealed a similar case in the literature from South Korea. Zittrain provided his doctors with the information and subsequently received appropriate diagnosis and treatment. Second, a subsequent posting on another blog revealed the fact that Jonathan Zittrain was ill and lead readers to connect the dots and conclude that “JZ” was Jonathan Zittrain. Finally, Zittrain, as a staunch advocate for the benefits of transparency in general and crowdsourcing in particular, saw this episode as a teachable moment, demonstrating the tradeoff between individual privacy and the benefit from collective medical wisdom. He voluntarily permitted his health information to be revealed on the Internet, and reasoned that he stood to benefit by the diagnosis and treatment of a possibly life-threatening disease.
Publication of Comprehensive Private Data (Sousveillance)
Hasan Elahi is a professor media studies who was detained and questioned by the FBI in 2002, after his name was included on the terrorist watch list. The FBI interrogated him extensively and had him submit to a polygraph test. Elahi was able to secure his release. He could provide detailed answers to the questions concerning his exact whereabouts, as he maintained his schedule on a personal digital assistant. In response to this harrowing experience, during which Elahi believed that he faced incarceration, albeit unjustly, Elahi concluded that going forward he would not be able to remove his name from the terrorist watch list, and he would proactively catalog every event in his life. Elahi created a web site to detail his comings and goings every day of his life. He kept a GPS device on his person which would constantly record his location. The FBI had provided him with a contact number which he would call ahead of time whenever he traveled, which was often. Elahi flies over 70,000 miles each year. Rather than be subject to covert surveillance by the authorities, Elahi initiated sousveillance – a voluntary publication of personal information, not only saving himself the annoyance of being taken in for questioning, but also saving the FBI the expense of following him.
As a media artist, Elahi turned this project into a work of art, which has been exhibited widely. He gave a TED talk describing his work. In this case, we have an individual divulging almost every mundane detail of his life, more or less voluntarily. In return, Elahi benefits from both traveling without interference from the authorities, and also achieving an artistic and professional goal through his exhibits.
Publication of Private Passwords
We may view Elahi as the extreme case of transparency and foregoing all pretense of privacy. However, he still retained control over his own systems, files, accounts, and passwords. Only he could update the web site. He still held the keys to open the door.
By contrast, Richard Stallman, the renowned MIT Artificial Intelligence Lab hacker who developed the emacs text editor, and the GNU open software project, is known to leave his personal account unprotected by passwords. Thus, like Goren, he allows anyone to view his personal communication, but he goes a step further. The Stanford undergrads could read Goren’s emails, but could not edit or delete his files. Stallman, as a matter of principle, willingly accepted these possible adverse consequences. It is as if Stallman left the door to his house unlocked, advertised the fact, and did not prosecute the burglars who stole his stereo. Stallman gave up his privacy voluntarily, and benefited by exemplifying the principle of freedom of information. Stallman, like Zittrain but more so, is an advocate of the free and unencumbered flow of information. In his days at the MIT AI Lab, he encouraged his colleagues to remove their passwords. Passwords for computers are akin to locks and keys for apartments. Stallman wants to live in a house or dormitory in which everyone trusts each other and leaves their doors unlocked. No keys are required. Stallman voluntarily sacrifices his privacy in return for the utopian principle of a trusting and just society. The price he pays is replacing his stereo from time to time. Not altogether a bad tradeoff.
Privacy Tradeoffs: Plugged vs Unplugged
Almost any technology has adverse consequences. Miracle drugs cure diseases, while people may die from side-effects. The airplane transforms modern transportation, while thousands die from airplane accidents. The Food and Drug Administration acts to insure that drugs are safe and effective. The Federal Aviation Administration, the Transportation Security Administration and the National Transportation Safety Board act to regulate air travel. Society accepts trade-offs, but creates institutions to mitigate and regulate the adverse effects.
Privacy issues create similar trade-offs. These issues have been with us before the Internet. The long-standing unplugged privacy protocols (doctor-patient, attorney-client, priest-penitent) may help inform the debate for the brave new world of plugged-in privacy. At the least, we should expect the individual to have a choice when revealing private information and to be able to justify that decision with a concomitant benefit.
Obligatory Lame Joke
We feel a duty to fulfill the initial promise of a humorous anecdote. Here goes.
A doctor, a lawyer, a little boy, and a priest were out for a Sunday afternoon flight on a small private plane. Suddenly, the plane developed engine trouble. In spite of the best efforts of the pilot the plane started to go down.
Finally the pilot grabbed a parachute, yelled to the passengers that they had better jump, and bailed out. Unfortunately, there were only three parachutes remaining. The doctor grabbed one, yelling to the others, “I’m a doctor, I save lives, so I must live.” And out of the plane he jumped.
The lawyer then said, “I’m the smartest man in the world, I deserve to live!” He grabbed a parachute and jumped.
The priest looked at the little boy and said, “My son, I’ve lived a long and full life. You are young and have your whole life ahead of you. Take the last parachute and live in peace”.
The little boy handed the parachute back to the priest and said, “Not to worry, Father. The smartest man in the world just took off with my back pack.”
Deriving the story’s relevance to privacy is left as an exercise to the reader.
Yale Law Tech 