July 26, 2005

I still don't understand privacy, but maybe it's a language barrier

Yesterday I posted why I thought junk paper inside bank statements addressed to me could hardly be a breach of my privacy. That in response to the Canadian Privacy Commissioner's finding to that effect. This morning, a colleague dropped the following quotation on my desk:

Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men.

Ayn Rand

[Admission: I haven't read Ayn Rand's work firsthand, but what I've ingested through others' interpretations and preaching of her philosophy of self-interest -- particularly since Reagan's administration -- has troubled me.]

First things first. This is exactly what I was saying in the second paragraph of my post: "It is a wickedly individualistic imperative that in many instances allows for and encourages an individual to extricate herself from the group (the market, the customer base, the social network, etc.)." Good to know the thought comes with philosophical pedigree. Am I the only one, though, that finds the statement ironical -- if not entirely self-contradictory -- in the highest order? Is "civilization" in Rand's world the imperative toward anti-socialism? What's the ultimate end? Not very encouraging for what is by all accounts a social species.

The quotation was merely the catalyst for this post. Without it I would never have returned to make the following (laboured) point: some of the intractable challenges of identity (especially the non-technical notions of information "ownership," privacy, and so forth) are the direct result of having the wrong language for dealing with digital identity. Let me elaborate using this privacy issue as the example.

Let's start with "private." According to the OED there are several definitions, the ones most relevant for us being:

1 belonging to an individual; one's own; personal (private property).
2 confidential; not to be disclosed to others (private talks).
3 kept or removed from public knowledge or observation.
4 a not open to the public. b for an individual's exclusive use (private room).
These are operative definitions for most things, but tend to be most applicable to tangible, observable things. Each definition presumes exclusive right to the thing being held private. Things that can be made private have another commonality: readily definable limits if not "owners." Where it gets dicey is with less tangible things, like ideas and information, or -- more pointedly -- to knowledge where ownership is uncertain.

Information, regardless of type, is essentially data within a meaningful context. The providence of data analytics and databases and directory structures is to aggregate, store, parse, and make data into meaningful information. Personal information -- or the more specific personally identifying information -- is contextual data about a person: name, perhaps address and locators, maybe certain other identifiers such as assigned numbers (e.g., social security number, etc.). It can manifest itself in various media but is in its essence intangible. Information in its purest form is hard to put a rope on.

Of course there are ways to lasso information and tie it down: patents; copyrights; locked rooms, closets, cabinets, and folders; encryption and ciphers; and I'm sure there are countless other ways to take data and information (in tangible form of some sort) and hide it away. But information is not what appears in tangible form -- such as on a plastic card or in a report. It is the knowledge of that data in its proper and meaningful context. To briefly digress, the value of information is in what knowledge of it lets one do. If nothing can or is done with the knowledge derived from the information created out of the data, there is no point in having it: it is worthless. It becomes trivia (which has its own value at parties with a lot of nerds and wonks). In short, I think it is hard to apply mechanics, in this case the definitions of "private," that work for tangible things to intangibles such as information.

The OED's definition for "privacy" is at first blush more specific about why "secondary marketing" would justifiably be considered an invasion of privacy. It reads:

1 a the state of being private and undisturbed. b a person's right to this.
2 freedom from intrusion or public attention.
3 avoidance of publicity.
Even I can see how this alone could have directed the Privacy Commissioner: especially definition 2. My question is whether it's reasonable. Deconstructing:
  • Let's assume that marketing and other communications that cause apoplexies among the citizenry (privacy zealots) have precious little to do with publicity making definition 3 irrelevant.
  • The second definition appears to derive from the first and, in my view, speaks more to issues of trespass than to communication. This is a little hard to abstract, but think of the difference between someone looking across your open yard at what you are doing on your property as opposed to someone who has opened the fence gate and intruded to have a gander. There are nuances in this distinction that limited space (and my lack of desire) makes hard to explore much further: our "private" space should be sacred to the extent that others ought not to be able to intrude on it to observe and gain knowledge about us.
  • The first definition is quite clear on privacy being the right to a state of being private and undisturbed. "Undisturbed" is effectively equivalent to "intrusion" in the 2nd definition, which is to say that it refers to not being actively intruded upon when in one's "private" state. I'm going to ignore it, having dealt with it above. This leads us back to "private." ("Ahh, now it makes sense why you chose the underlying word first, Mr. Moto.")
    As this notion of privacy relates to information privacy (personal or otherwise), it implies that information is a tangible "thing" to which the mechanics of removal and seclusion from others' prying eyes can be applied. And, I think we've dealt with that to a pretty fair extent as well.
    Did anyone else notice that although "private" appears to be applicable to "objects" like information, "privacy" seems only to refer to the concept of a person being left alone? For there to be "information privacy," that information must be a subject or actor in its own right to be left alone. Otherwise, I think it has to revert to the concept of "private information protection." Interesting . . .

Now, to round out the discussion, what about this notion of a "right" to information or, in shallower terms, "ownership" of information? I raise this because it is explicit in the idea of private and implicit in that of privacy that the "thing" is "belonging to an individual; oneís own." Iíve written about it before, as have many others. There is little consensus on who "owns" information and much philosophical hand-wringing. Suffice it to say that unless you own something it's hard to justify it being private (Highly applicable to your shopping habit information in the hands of the retail store: is it yours or theirs?). I'm copping out now by leaving this thought hanging without further support: I'm tired and want to get to the climax.

The point of this entire pedantic diatribe is that I think the language -- the vocabulary --we're using to create and discuss digital identity is a holdover from a different time and place. While it is valid and necessary to some degree during this transitional period because it creates a shorthand for getting to ideas and provides essential continuity with the past, the baggage that this vocabulary brings with it is weighing down and impeding effective discussion about what is and where it's going. In this case, we're applying 17th or 18th-century definitions of private and privacy in a 21st-century world.

Some people like the old vocabularies: they're comfortable and easy. New vocabularies are hard work and cause tremors of their own accord. Some would suggest it is more important to focus on the practical issue at hand than with the pissy notion of the vocabulary by which we discuss these issues. Others -- like the Cluetrainers and Kim Cameron, even Dick Hardt -- are busy dealing with changing the language. Is "identity meta-system" an appropriate word or description? Maybe, maybe not. Doesn't really matter. What matters is that the word is (sort of) new and the opportunities for it are endless.

Posted by Grayson at July 26, 2005 12:32 PM