Text Box: Protecting Privacy:  How Much Are We Willing to Give Up?  

 
Text Box: A COSSA Congressional Briefing  

 

 

 

  

 

 

 

  

 

With the issue of identity theft and privacy coming to the forefront of the Senate agenda this year (see UPDATE, June 30, 2005), COSSA held a congressional briefing on June 23 entitled, “Protecting Privacy: How Much Are We Willing to Give Up?”

 

While the public eye has focused primarily on identity theft, the issue of privacy goes broader and deeper than this problem alone.  Questions about privacy protection have significant implications for public policies such as the Patriot Act, health privacy regulations, conducting the U.S. Census, and database protection legislation.  COSSA invited three distinguished speakers to discuss these impacts from a number of perspectives. 

 

 In his introductory remarks, COSSA Executive Director Howard Silver referred to three recent stories in the Washington Post that addressed not only the issue of privacy, but questioned the idea that our personal data is safe in an age of rapidly advancing technology.  He reminded the audience of congressional staff, organizational representatives, and researchers of Scott McNealy’s (Sun Microsystems) now-famous quote: “you have zero privacy anyway; get over it.”

 

 The Paradox of Privacy

 

The first speaker on the panel was Sandra Petronio, a professor in the department of communication studies at Indiana University-Purdue University in Indianapolis and author of the award-winning book Boundaries of Privacy.  Throughout her years of research, she said, she has focused primarily on the psychology of privacy from an individual standpoint, as opposed to a legal one.  She went on to explain that the major paradox of individual privacy is that “we always need information and we want access to information, but we always want our privacy needs to be protected.” 

 

Petronio explained two major conflicts in the way that people think about privacy.  First, if the larger impacts of compromising their privacy are not salient to them, they are less willing to cooperate.  She gave an example of attempts at methamphetamine (meth) production prevention in Kansas.  In order to keep drug dealers from buying large quantities of cold medicine to make meth, authorities asked consumers to sign a list at the drug store attesting to their need for more than one package of cold medicine.  However, as she explained, people were unwilling to do that.  She contended that  this meant the issue did not have enough salience for them.  Second, Petronio pointed out that while individuals see their personal information as proprietary, agencies and organizations such as the CIA and FBI also see that information as proprietary for them to use and share in order to accomplish larger goals. 

 

People have their own set of privacy rules, whether they know it or not, she explained.  There is a set of circumstances under which you might reveal information, for example, and a larger set of circumstances under which you would not intentionally compromise your sphere of privacy.  When people share their information, Petronio argued, they decide to make others “co-owners” of that information.  The problem comes into play when the co-owners do not have the same privacy sharing rules.  “When you tell physicians your private information, you expect the physician is going to treat that information in the way you think it should be treated, whether or not you talk about it.  And that is a problem because you don’t always negotiate.  So the shareholder-co-owner concept is very important to remember because that means that people have expectations for what is going to happen to their information next,” she explained. 

 

In addition to incongruous information sharing rules between co-owners, there is also the issue of what Petronio calls “boundary turbulence,” or unsuccessful privacy coordination dealing with situations in which information is stolen or coerced.  “What happens…with this is when we have privacy turbulence, we have a negative impact on willingness to grant co-ownership.  People are not going to be willing to give you their private information.  It calls for a revamping of negotiations of coordinated privacy rules,” she explained. 

 

Petronio concluded by saying that often, the “leakiest” information areas happen at the interface of individuals and co-owners whom they trust.  Rules, she argued, must be re-negotiated in order for a compromise to be reached that not only allows the necessary information to pass to others, but also maintains a comfortable level of privacy for individuals. 

                              

The Digital Person:  What We Don’t Know May Be Hurting Us

 

 Daniel J. Solove, an associate professor at The George Washington University Law School and author of the book The Digital Person: Privacy and Technology in the Information Age, began his presentation by explaining that “we are all living with a counterpart of sorts, a digital person who resides in various databases.  The digital person is not made up of flesh and blood like you and I are; instead, the digital person is made up of bits and fragments of our data that are being assembled and aggregated together.”    He went on to point out that in order to “join in” we must “plug in,” or give out personal data in order to get things like Internet service, insurance, cable, etc.  But, as he stated, “every time we establish a relationship with a company, a record about us is created and that creates data about us.  And these records are increasingly being assembled together and traded.”  Solove gave several example of companies who gather information on certain aspects of our lives – our grocery purchases, voting records, health problems, for example – and either use them or sell them to others who use them.  The problem, he said, is not only the collection of this information, but the fact that it is being used without our knowledge.

 

The government, he pointed out, has been interested for some time in collecting individual behavior information and attempting to use it to predict future behavior or to “profile” people.  He illustrated this by talking about the government’s attempt at a “total information awareness” program in 2002, run by the Department of Defense’s John Poindexter: “What it envisioned was creating a database, collecting information from various companies and businesses about our finances, education, travel health and more, and then analyzing the information to detect various patterns or profiles to sort of separate out the ‘naughty’ from the ‘nice.’”  While this particular project died, Solove added that it has been resurrected, in part, within several other agencies, many of whom are outsourcing their data money to companies such as Choicepoint (see UPDATE, June 30, 2005). 

 

 Solove argued that the major flaw in our current approach to protecting privacy has mainly to do with our outmoded conceptions of what privacy is.  He gave the often-cited example of George Orwell’s classic 1984, in which society is constantly under surveillance by “Big Brother.”  However, he argued that while this is often given as an analogy for our current privacy problems, it fails to capture the true essence of the issues at stake.  “Big Brother envisions a centralized authoritarian power that aims for absolute control.  But the digital dossiers are constructed by business that aren’t controlled by central power and their goal isn’t to oppress us.  They just want us to buy stuff…a lot of the information in the databases is not that all intimate and not all that embarrassing,” he argued.  Instead, he offered Franz Kafka’s The Trial as a more accurate analogy, because it captures “the sense of helplessness, frustration, and vulnerability when large bureaucratic organizations have control over a vast dossier of our personal information.”  Another misconception he pointed out is that privacy invasions are generally thought to cause direct, concrete harm to individuals, whereas data privacy invasions may not be so cut-and-dry. 

 

 Overall, Solove explained that when it comes to the issue of privacy invasion and identity theft, “the law responds to the harm when it’s too late.  It tries to pick up the pieces, it tries to focus on the criminal penalties for the thieves and not enough on the preventative part…”  And while he pointed out that we cannot “turn back the clock” on all of this technology, we can take steps to regulate how are information is used by companies. 

 

Public Policy Must Be Informed By Accurate Data

 

Kenneth Prewitt, the Carnegie Professor of Public Affairs at Columbia University’s School of International and Public Affairs and former director of the U.S. Census Bureau, opened his discussion by explaining that there is “no democracy without information.  One of the defining characteristics of democracy is you have to give reasons for your public policies.”  He noted that Congress is “full of people explaining why this, that, or the other public policy is good for this society, and their explanations are data-driven.”  Prewitt argued that without sound information about the population that comes from surveys, neither the economy nor the government can properly function. 

 

Prewitt went on to contend that the major vulnerability of federal statistics and surveys is that they require people to consistently cooperate; filling out the surveys, revealing their information, and sending those surveys back to the government.  During the 2000 decennial census, there was an uproar when then-candidate George W. Bush stated that if he received the long-form census, he was unsure if he would answer it.  Prewitt argued that this statement and the flurry of legislation that followed it (many of which would have effectively canceled every individual’s obligation to provide information), were very damaging to the long-form response rates in 2000.  This led to the conclusion that there is ultimately a very large group of people who would rather not let the government in on the type of information it is seeking in these surveys, he explained.  However, the government has since found out that much of the information that people fail to provide is available in other ways.

 

Prewitt went on to explain that people want to guard their privacy and confidentiality.  But, as he argued, confidentiality and privacy are two different things: “Confidentiality is don’t tell anyone; privacy is don’t even ask me that question.”  While the Census Bureau’s record on confidentiality is very good, he pointed out, people are still often unwilling to reveal this information.  To deal with this problem, the government has to turn more and more to administrative data.  But often, Prewitt argued, that data is not as accurate as survey data.  The irony in the long run, he said, is that “the American public, out of a concern about privacy, withdraws its voluntary cooperation with surveys and censuses and government collection, they’re going to end up with a system over which they have less control and in which you’re going to have less privacy.”  But too often it is difficult to convince people that collecting this information is for the public welfare.  Prewitt left briefing attendees with a closing thought: “We have got to start talking to the American public about the fact that information is a public good; we can’t have democracies without it, we can’t have decent public policies without it, and so forth and so on, and that does mean some voluntary sharing of information.”