09 April 2011

Databuse

'Databuse: Digital Privacy and the Mosaic', a 24 page paper [PDF] by Benjamin Wittes of the Brookings Insitution, suggests that the proliferation of personal data in the hands of third parties has resulted in "a conceptually outmoded debate" founded on a concept of privacy that is no longer useful. He proposes "a different vocabulary for that debate", offering an ostensibly new concept characterised as "databuse". Neither the dismissal of traditional debate nor the new vocuabulary strike me as particularly persuasive.

Wittes notes that -
The question of privacy lies at, or just beneath, the surface of a huge range of contemporary policy disputes. It binds together the American debates over such disparate issues as counter-terrorism and surveillance, online pornography, abortion, and targeted advertising. It captures something deep that a free society necessarily values in our individual relations with the state, with companies, and with one another. And yet we see a strange frustration emerging in our debates over privacy, one in which we fret simultaneously that we have too much of it and too little. This tendency is most pronounced in the counter-terrorism arena, where we routinely both demand — with no apparent irony — both that authorities do a better job of “connecting the dots” and worry about the privacy impact of data-mining and collection programs designed to connect those dots. The New Republic on its cover recently declared 2010 'The Year We Were Exposed' and published an article by Jeffrey Rosen subtitled 'Why Privacy Always Loses'. By contrast, in a book published earlier in 2010, former Department of Homeland Security policy chief Stewart Baker described privacy concerns as debilitating counter-terrorism efforts across a range of areas:
even after 9/11, privacy campaigners tried to rebuild the wall [between intelligence and law enforcement] and to keep DHS from using [airline] reservation data effectively. They failed; too much blood had been spilled. But in the fields where disaster has not yet struck — computer security and biotechnology — privacy groups have blocked the government from taking even modest steps to head off danger.
Both of these theses cannot be true. Privacy cannot at once be always losing — a value so at risk that it requires, for so Rosen contends, "a genuinely independent [government] institution" dedicated to its protection — and be simultaneously impeding the government from taking even "modest steps" to prevent catastrophes.

Unless, that is, our concept of privacy is so muddled, so situational, and so in flux, that we are not quite sure any more what it is or how much of it we really want.

In this paper, I explore the possibility that technology’s advance and the proliferation of personal data in the hands of third parties has left us with a conceptually outmoded debate, whose reliance on the concept of privacy does not usefully guide the public policy questions we face. And I propose a different vocabulary for that debate — a concept I call "databuse". When I say here that privacy has become obsolete, to be clear, I do not mean this in the crude sense that we have as a society abandoned privacy in the way that, say, we have abandoned once-held moral anxieties about lending money for interest. Nor do I mean that we have moved beyond privacy in the sense that we moved beyond the need for a constitutional protection against the peacetime quartering of soldiers in private houses without the owner’s consent. Privacy still represents a deep value in our society and in any society committed to liberalism.

Rather, I mean to propose something more precise, and more subtle: that the concept of privacy as we have traditionally understood it in law no longer describes well or completely the actual value at stake in the set of issues we continue to argue in privacy’s name. The notion of privacy was always vague and hard to pin down as an operational matter in law. But this problem has grown dramatically worse as a result of the proliferation of data about all of us and the ability to analyze and cross-reference that data systematically and instantly. To put the matter bluntly, the concept of privacy will no longer bear the weight we are placing upon it. And because the term covers such a huge range of ground, its imprecision with respect to these new problems creates great indeterminacy as to what the value we are trying to protect really is, whether it is gaining or losing ground, and whether that is a good thing or a bad.
Wittes concludes that -
We debate mosaic issues in the language of privacy because privacy is the only word we've got. It is not, however, the value we are implementing in fact as a society or the value that we really expect as individuals from the companies and governments with which we interact. That value is something else — something that lacks a name in common parlance but amounts to an expectation against hostile, deceptive, or negligent use and handling of data we entrust to third parties. It is an expectation that our data will work for us, not against us, and that while our interests won't always be congruent with those who hold the tiles of our mosaics, the custodians of our tiles owe us consideration—at least to do us no harm.

This is not privacy. It is something else. The sooner we accept that in discussing these issues, we are not operating inside of Brandeis's privacy framework but, rather, engaging in the very project he undertook — that is, imagining new legal categories for new surveillance challenges wrought by technology — the sooner we will confront them effectively and in a fashion that satisfies the many competing interests at stake in the mosaic.