Theories of Privacy and

Surveillance

Topic 1
Graham Greenleaf
University of New South Wales
Last revised: September 2008
Questions to start with
What threatens our privacy?
What values justify privacy laws?
What do 'privacy' and 'surveillance
mean?
Why are there sceptics on whether
laws should protect privacy?
See RG - Theories of privacy and
surveillance
Threats to privacy
Embarrassment Intrusive biometrics
Past coming back to Repressive state control
haunt you
Unfair decisions on
Lack of security of wrong/secret info.
information
Unwanted marketing Tracking of movements
/ location
Marketing manipulation
Irrelevant Interception of
considerations communications
Collection of profiles
Values underlying privacy?
Respect for human autonomy
Psychological need for privacy
Conduct free from inhibiting surveillance
Forgiveness of past actions
Avoidance of injustices
Openness as a democratic virtue
Preventing long-term repression
Enabling markets (e-commerce)
Compare
RG The Concept of Privacy - for the origins of the above
suggestions under Threats to privacy
ALRC 108 [1.39] - Roger Clarkes suggestions
HKLRC (2004) Ch 1 functions of privacy
Attempts to define 'privacy'

Most liberal theorists regard privacy as a

value that should be protected by law
Some distinction between public and private
spheres has been essential to liberal thought
Many support legislation, not just tort
But there is no agreement on a definition or
on the justification
Some (eg Wacks) regard privacy as a useless
concept for legal implementation
Others (eg HKLRC) retain it as a key term
Most privacy laws do not define privacy
4 ways of defining privacy
in terms of non-interference
'the right to be let alone (Warren & Brandeis)
In terms of degree of access to a person
Secrecy / solitude / anonymity (Gavison)
In terms of information control (Westin)
as"intimate" and/or "sensitive" details (Innes)
Limits scope of privacy
Bygrave: all 4 are reflected in privacy laws
Bygrave: privacy laws also protect self-realisation
and democracy (see later)
 Deficiences of the definitions
degree of access and information control are too
broad if they apply to all disclosures, and circular if
they do not (Wacks (2000)
"intimate" or "sensitive is too narrow
Soloves bottom up approach
See ALRC [1.62] for discussion
Rejects top down approach of starting with a
definition
Starts with a web of interconnected types of
disruption - but these are not categories
Criticisms (Bruyer): without a common
denominator, remains a piecemeal approach
Defence of bottom up
approaches
Compare data protection and copyright law
see RG 0 IPPs as a legal concept
You cant define the common element in the rights that make
up copyright either, and they have grown up piecemeal
Apply Wittgensteins Family Resemblance thesis
things which may be thought to be connected by one
essential common feature may in fact be connected by a
series of overlapping similarities, where no one feature is
common to all. (Wikipedia)
How useful is privacy as a legal concept?
If it is only shorthand for a bundle of different rights, each of
those rights may have separate justifications
It may have rhetorical value even if it is a composite and
indefinable term (a black box term)
Categories of privacy
ALRC 108 [1.31] (and many others) suggest
4 main related concepts:
Information privacy (or data protection)
Which can be seen as falling into 10 or more UPPs,
which have a family resemblance rather than
Bodily privacy
Privacy of communications
Territorial privacy
These last 3 are less well defined in law or privacy theory
than is information privacy
See the Australian and Asia-Pacific Privacy Charters as
examples of attempts to incorporate them
Privacy and public interests
Bygrave: privacy laws also protect self-
realisation and democracy
Victorian Law Reform Commission Defining
Privacy (Occasional Paper) 2002
Privacy as a group value (public sphere): The
right of privacy exists because democracy must
impose limits on the extent of control and direction
that the state exercises over the day-to-day
conduct of individual lives (Rubenfeld)
Question: why limit this to state control?
Wacks redefinition
`Personal information' includes those facts,
communications or opinions which relate to the individual
and which it would be reasonable to expect him to regard as
intimate or sensitive and therefore to want to withhold, or at
least to restrict their collection, use or circulation.
This attempts to give an objective test of what is
personal information
But it shifts the legal issue (reasonable) to when
other interests will over-ride.
Problem: personal information is only part of what
we mean by privacy
Sceptical views of privacy law
See RG 2.3
Privacy as economic inefficiency
Technological defeatism / dystopianism
Technological counter-surveillance
Technological optimists - 'PET lovers'
Property right / private orderings
Privacy scepticism is often a mix of these
views - it is useful to disentange them
 Privacy as economic
inefficiency
Posner (1978):
Information privacy allows people to misrepresent
their character
It is inefficient and should not be valued
Less sophisticated variants
Business / government should have unfettered
use if this enhances efficiency
the innocent have nothing to fear
Privacy always loses out to other interests, even if
it does have some weight (common view)
Technological defeatism /
dystopianism
Futile to attempt to protect privacy in the face
of surveillance developments
'You have zero privacy. Get over it. (McNealy)
Exemplified in Orwells 1984 (1948)
Technological counter-surveillance
Maximise surveillance of all those who have
control of surveillance (David Brin)
But who will win a surveillance arms race?
Movie Enemy of the State
Q: Can we accept the technique but reject the
defeatism?
Technological optimism -
'PET lovers'
Privacy-enhancing technologies (PETs) - RG11
emphasises technology, not law, as protection
Encryption
Egs PGP (Pretty Good Privacy); browsing anonymisers
Negative - Irrelevant to most privacy problems
Positive - Focus on privacy-friendly system design
Double-edged because of authentication uses
Facilitating privacy markets/consent
P3P - the 'platform for privacy preferences
How effective without legislation or property rights?
Property right approaches
Samuelson (1999) identifies advantages:
Allows alienability of privacy rights, and for
individuals to share in market value
Forces firms to internalise costs of interference
Property right + markets will suffice
Mainly a US view
Reject European bureaucratic approach
US First Amendment forces this approach
Constitutionally easier to establish property rights
than to limit disclosures
Property right approaches (cont)
Private orderings
Leave privacy to contracts and the market
The previous view minus the property rights
Equates to no protection
just freedom of contract in the private sector
Whatever legislation allows in the public sector
The most extreme view
Theorists of surveillance
See RG 2.4 Theorists of surveillance
Panopticism
Foucault's influence
Sociological analysis
James Rule's analysis
The techniques of `Dataveillance'
Roger Clarke's analysis
Michel Foucault - Panopticism
Panopticism - Benthams prison
Foucaults panopticism: the general principle
of a new relationship of power - discipline, a
technology of power.
Spread of the panoptic approach through
other social institutions results in measures
of normality which are largely outside the
legal system
Compare panopticism and data surveillance
James Rule -
Sociology of surveillance
Rule treats as neutral terms:
Surveillance as the systematic collection and monitoring of
personal data, for the purpose of social control
Social control as any means of influence [to] render other
people's behaviour more predictable and more acceptable;
Best early analysis of the techniques information
systems offer for social control
Eg 3 methods of enforcement - (I) exclusion; (ii) adjusting
benefit to risk; (iii) active coercion
Expectations of appropriate treatment based on past history
equates to an internalisation of surveillance
`Efficiency criteria' - do privacy laws control
surveillance?
Eg application to IPPs (Greenleaf)
Roger Clarke - Dataveillance
distinction between Personal v Mass data
surveillance
analysis of techniques of data surveillance
Personal: record integration; front-end verification;
front-end audit; cross-system enforcement
Mass: routine screening; file analysis; profiling
Facilitated by data matching, data concentration
Adds precision to the discussion of data
surveillance law and privacy law responses