Talk at the Oxford Libertarian Society

Christchurch college, Oxford

Thursday 3rd June 2010

Fed up with people claiming privacy is dead? Privacy is to identity what freedom
is to morality - one can't exist without the other. Adriana Lukas describes how
recent developments on the Internet have destroyed our ability to maintain
private information and how we can get it back.

Privacy - why is it good?

It's been said for a long time that sharing is good for humans as we are social
animals. And online sharing is the activity de jour with benefits often described
with complicated neologisms - synchronicity, ambient intimacy, in other
words 'speculative' or 'broadcast sharing' - giving us ability to connect with
people beyond the usual physical social boundaries.

Apart from the human nature, this explosion of sharing is based on the ability to
publish, which I argue is one of the most powerful social functionalities to date
available to an individual.

Despite that I believe the current online web 'architecture' is heading for a
disaster, where privacy has become a binary choice, often regarded as a more or
less acceptable trade-off that 'consumers' are only too willing to make in return
for some benefits to them.

I tend to think it is an issue of choice. If there is no meaningful choice and

people understand this, they might just as well forgo a bit of privacy in exchange
for what appears tangible benefit to them - a discount, a better deal etc, but
as tools arise to help people to take charge of their own data, their mindset will
shift too.

So on the practical level - online privacy is about creating tools that help the
individual to control access to data to the point where he/she decides directly
who gets to see what - without reliance upon a third party or an intermediary.

But let's first look at why privacy is good or necessary. As Mr Zuckerberg argues
when defending Facebook's latest encroachment on users' privacy: the social
norms are changing, people are sharing openly, and more than they'd admit
to if asked beforehand, and Facebook is merely following the social norm.

Apart from its utter unwholesomeness - most people are interested in bread
and games so let's make that the norm and yes, I am aware I just compared
Facebook users to a mob - this defence undermines any choice in the matter.
Facebook likes to describe itself as a social utility, which is a dangerous
comparison. It is claiming the place of an infrastructure in an environment
where the infrastructure is based on autonomy and peerage - the internet.

But I digress. Let's swap Mr Zuckerberg for Mr Jeremy Bentham, another

architect of an environment where privacy was used for social engineering
experimentation. Panopticon1 was designed to change behaviour, though this
was seen as a feature not a bug, a part of a social reform of prisoners. In
Bentham's time, privacy was inherent in human dignity and identity, at least for
some people. It wasn't even defined as a right - at least for some people! "You
watched convicted criminals, not free citizens. You ruled your own home. It's
intrinsic to the concept of liberty."

Let's look at another privacy-eliminating dystopia, the Big Brother in Orwell's

1984. Lack of privacy on the political level amounts to greater control over
individuals by the state. It makes us open to abuses of power, compounding the
political power with the "information is power" dictum.

During communism, privacy was non-existent or seen as undesirable. Anyone

was allowed and encouraged to report on you. Sometimes they wanted you to
know - the Panopticon approach. But often not, especially once they realised
people will look for new ways of communicating and gathering. There was a
way of recognising a certain click on the phone, which meant it was tapped.
Various coded ways of communicating to confuse the enemy were devised,
but ultimately, lack of privacy and constant surveillance made the dissident
movement pretty ineffectual.

On the social level, loss of privacy leads to being open to judgement by others,
misinterpretations and ostracism by the group. It deprives one of the ability to
share discriminately or not share at all. It also leads to self-censorship, which is
another way of saying loss of freedom of expression.

It's at this level I argue that privacy is to identity, what free will (or at least
illusion of it) is to morality. Without going into intricacies of moral theory, it is
fair to say that without the ability to choose right and wrong action, morality
wouldn't have much meaning. Similarly, without the ability to keep things to
oneself, share them with some people and not others, present oneself to the
world, there is no meaningful identity. Perhaps I should preface all of these with
the word 'autonomous'…

A few words from others on privacy. Mark Pesce in his recent blog post explains
why he deleted his Facebook account:

"Privacy is the foundation of freedom. Without private space to think, to

reflect, and yes, to share, we can have no private action, no individual agency.
Privacy is dangerous, but privacy is not criminal. It is necessary for the healthy
functioning of a democracy. We should resist anyone who proclaims 'the death
of privacy', because they are a proxy for interests who would seek to control us,
to corral us by our needs, or separate us by whom we choose to conspire with.

The Panopticon is a type of prison building designed by English philosopher and

social theorist Jeremy Bentham in 1785. The concept of the design is to allow
an observer to observe (-opticon) all (pan-) prisoners without the incarcerated
being able to tell whether they are being watched, thereby conveying what one
architect has called the "sentiment of an invisible omniscience."

Bentham himself described the Panopticon as "a new mode of obtaining power of
mind over mind, in a quantity hitherto without example."
https://secure.wikimedia.org/wikipedia/en/wiki/Panopticon
I don't expect many of you will leave today. There's almost nowhere else to go.
But a few of you will do the sums, and understand, as I do, that no website, no
matter how useful, is worth this. We need to start over, with some important
lessons learned about privacy and the intrinsic value of human connections. I
take heart in the fact that every one of the Internet's 'walled gardens' - of which
Facebook is merely the latest incarnation - have eventually collapsed. Facebook
is having its day, but memento mori."

Bruce Schneier's post on Value of Privacy from 2006 still stands:

"If you aren't doing anything wrong, what do you have to hide?"

Some clever answers: "If I'm not doing anything wrong, then you have no cause
to watch me." "Because the government gets to define what's wrong, and they
keep changing the definition." "Because you might do something wrong with my
information." My problem with quips like these -- as right as they are -- is that
they accept the premise that privacy is about hiding a wrong. It's not. Privacy
is an inherent human right, and a requirement for maintaining the human
condition with dignity and respect.

Two proverbs say it best: Quis custodiet custodes ipsos? ("Who watches the
watchers?") and "Absolute power corrupts absolutely."

Cardinal Richelieu understood the value of surveillance when he famously

said, "If one would give me six lines written by the hand of the most honest
man, I would find something in them to have him hanged." Watch someone long
enough, and you'll find something to arrest -- or just blackmail -- with. Privacy
is important because without it, surveillance information will be abused: to peep,
to sell to marketers and to spy on political enemies -- whoever they happen to
be at the time.

So, privacy is good. I am pretty sure most of you came here with that view but
it doesn't hurt to run through the reason why this is so.

In fact, last week I had a dinner with a friend who is a well known name in the
field of cryptography (he is credited with coming up with the concepts for public
key cryptography that together with others’ contributions made it possible for us
to communicate privately online today). I asked him about his views on privacy
and his answer surprised me a bit until I realised that his reaction was based on
his experience with authorities and institutions hiding behind 'privacy' at times
when disclosure was needed. His view is that institutions and public figures
shouldn't hide behind a veil of privacy. Also, his experience online is rather
different to mine. He doesn't generate or share any 'social data', at least not to
my knowledge, and I am not sure about his view or awareness of the explosion
of private data online shared by individuals.

I re-calibrated my question and we most vehemently agreed that privacy is

essential to individual's autonomy…

Here it may be relevant to talk about personal data. In short, personal data ain't
what it used to be. There are now at least two types of data that could be called
personal.
- There is the static data about you (name, address, date of birth, phone
number, credit card number, social security number etc). These are data ABOUT
you, usually for identification within some system. Most of it cannot be changed
by you at will or perhaps at all.
- There is the dynamic data (blog posts, twitters, photos online, emails, IM,
and other digital detritus). These are data created by you, for social or other
purpose, which is also chosen by you.

The value of this personal "social" data is considerable as it potentially contains

information that's valuable to you and to anyone who might want to influence
your behaviour.

How does the internet come into this?

The internet is a peer to peer network, as you well know. It consists of

autonomous nodes that have no centre and need no intermediaries for their
connections. It is the only non-hierarchical human institution of this size and
scale and possibly the only one at all.

In the early days, the evolution of the internet followed the principle of peerage.
(Let's ignore DNS for now, which is hierarchical). IRC, usenet and even personal
websites all were based on the existence of interconnected nodes, not of closed
platforms. Then the era of super-platforms arrived - we could trace it all the
way back to dot-com era, e-commerce sites amount to a closed places on the
web you visit to do whatever they'd like you to do. Amazon and eBay was
born. Google pre-dates them as a search engine but it didn't start behaving
like a platform - gmail, google docs etc until much later around 2005 onwards.

Then there was blogging, which started with blogger.com, then movable type
and typepad and perfected by wordpress (of course development continues but
wordpress got it right early).

After that it's platforms all the way, from friendster to myspace to facebook -
the default for any web service is to build a silo for its users. But that's a rant
for another time. For the purposes of this talk, the fact your data resides on
someone else's platform is the most important point here. It doesn't matter
how 'trustworthy' they may be or how wonderful the functionality or convenience
they offer is, the truth is your data is no longer yours. And the privacy of what
you create and build there is always at the mercy of the platform provider or
owner.

There is the technological evolution

The other one is social and relates to the lack of granular relationships.

Data portability and various other 'fixes' such as google Open Social or Facebook
connect are not addressing the big black hole in the middle of all this. The user
is not an autonomous node and is no longer on the course to become one. There
is a technological and a cultural story behind this, but again that's a discussion
for another time.

To address the issue of the user not being autonomous, we started the Mine!
project. The objective is to give people control over their data. This should be
done in such a way that nobody else has access to the data and its management
- analysis, pattern recognition, retrieval - is solely under the individual’s
control. There is also nuanced and granular sharing that is based on existing
relationships with others. If you’d like to know more about the project or
perhaps help the effort, see www.themineproject.org or contact me at adriana
dot lukas at gmail dot com.

As expected, I do not have a ready-made solution to save our privacy online.

Nobody but the individuals themselves can ultimately do that. But to answer
the question of how to protect your privacy - at the moment, if you cannot be
without what Facebook (and many other web services/apps) provide and are
not a tech geek, there is not very much you can do. However, if you want to
help projects like Diaspora or the Mine! project, that's where you can make a
difference, either as someone with the right skills or as one of the first users
who then make these tools better for the next lot that may not be so interested
in the principles behind them....