July 8, 2013

Privacy and data use — a gap in the theory

This is the first of a two-part series on the theory of information privacy. In the first post, I review the theory to date, and outline what I regard as a huge and crucial gap. In the second post, I try to fill that chasm.

Discussion of information privacy has exploded, spurred by increasing awareness of data’s collection and use. Confusion reigns, however, for reasons such as:

Let’s address the last point. 

Privacy theory before computers

Modern privacy theory is usually dated to an 1890 article by Louis Brandeis and Samuel Warren, which is said to have been a reaction to issues raised by new technology, specifically cameras. In that article, they outlined four different kinds of privacy violation, which may be described as:

But the “right to privacy” was soon widened. In 1928, Brandeis — by then on the Supreme Court — famously summarized privacy as “the right to be let alone”, a right so expansive it was even the basis for the Roe v. Wade decision assuring reproductive freedom in the matter of abortion rights.

I actually agree with a Brandeis-style right to privacy or liberty. I just don’t think it helps much when we’re discussing tough IT-related tradeoffs.

Privacy theory in the computer age

Privacy theory as applied to computers and databases was perhaps first organized in the 1960s, most famously by Alan Westin. In his 1967 book Privacy and Freedom, Westin defined privacy quite narrowly, one of his formulations being:

the claim of an individual to determine what information about himself or herself should be known to others.

A history of social and political views about privacy published by Westin in 2003 gives more insight into how this concept evolved. As for his historical views themselves, those may be perhaps be summarized as:

Recent privacy theory

The secondmost famous book in privacy theory is probably Helen Nissenbaum’s 2009 Privacy in Context. Nissenbaum — in my opinion correctly — observed that:

Unfortunately, Nissenbaum’s focus was descriptive than prescriptive. Even so, her work was the basis for, for example, the Obama Administration’s Consumer Privacy Bill of Rights — but that didn’t work out very well.

What’s wrong with privacy theory to date

Discussions of IT privacy and related issues seem stuck, and I have an idea why. Many laws and regulations are designed to avert measurable harms — death, injury, financial loss, etc. There are complications, of course, which start:

Even so, the rules are rooted in some kind of measurable effect, and at least in principle they can be evaluated on a cost/benefit basis. Other laws focus on benefits — for example, they fund education; but again, in principle a cost/benefit analysis can be done.

When it comes to privacy and information flow, however, the cost/benefit analysis is distressingly one-sided. Reasons for government to impinge on privacy start with anti-terrorism and other law enforcement. Reasons for corporations to impinge on privacy start with profits and customer service. But reasons to preserve privacy — well, those are discussed in terms of “creepiness” and other synonyms for “vague emotional discomfort”. And what’s more important — vague emotional discomfort, or not being blown up by evil Moslem terrorists? When that’s the trade-off, the terrorists win.


4 Responses to “Privacy and data use — a gap in the theory”

  1. Privacy and data use — the problem of chilling effects | DBMS 2 : DataBase Management System Services on July 8th, 2013 2:25 am

    […] The first post in this two-part series: […]

  2. aaron on July 10th, 2013 5:21 pm

    I think the key issue is the premise that information=power, and the government in many countries such as North Korea and USA have enough power to assert totalitarian control over individuals.

    I guess we have assumed in the past (e.g., Hitchcock movie scenarios where a single person is barraged by a cabal) that intense pressure could be asserted against an individual.

    But something happened. Deep data, not odds and ends, is being collected (assume at least 10% of the entire internet nonstreaming data, or enough with lossy compression to store all calls and all web traffic.)

    The difference between the red scare scenarios and now is both scope and breath. The Hitchcock scenarios required senior people driving dozens of agents against the lone outsider. The current data is more intrusive and automation can allow targeting any individuals and any grouping of people.

    The protection in the US has been incompetence of government as institutions, siloing of information and roles, the press, and whistleblowers. This all seems eroded. You no longer need huge teams to target people, perhaps one person is enough to target a large group. Data barriers are broken since some agencies have critical mass. Much of the press in the US and North Korea has been co-opted or changed roles. Whistleblowers seem somehow disrespected.

    A fundamental question here is whether democracy could exist with this type of government capability. It seems unlikely. I think schools should teach more Foucault and less Jefferson to compensate for the new reality.

  3. Marco Ullasci on July 26th, 2013 4:51 pm

    you write:
    […]A fundamental question here is whether democracy could exist with this type of government capability. It seems unlikely.[…]
    I believe that what will die are pluralism and freedom.
    Democracy will survive and will be even stronger than today because every idea that is deviant from the standards will be ostracized (facebook’s filters are already effective at this) and peer group pressure will reach unprecendeted level of effectiveness.

  4. Curt Monash on July 27th, 2013 12:54 am


    You make a good and scary point that democracy can be opposed to freedom, especially democracy that’s toward the “true democracy” end of the democracy-republic spectrum.

Leave a Reply

Feed: DBMS (database management system), DW (data warehousing), BI (business intelligence), and analytics technology Subscribe to the Monash Research feed via RSS or email:


Search our blogs and white papers

Monash Research blogs

User consulting

Building a short list? Refining your strategic plan? We can help.

Vendor advisory

We tell vendors what's happening -- and, more important, what they should do about it.

Monash Research highlights

Learn about white papers, webcasts, and blog highlights, by RSS or email.