I’ve just returned from a week at the Schloss Dagstuhl Leibniz Center for Informatics, where I attended a “Perspectives Workshop” on “Online Privacy: Towards Informational Self-Determination on the Internet”. Schloss Dagstuhl (Dagstuhl Castle) is a historic country house located 150 miles from Frankfurt, which hosts a computer science research center as well as workshops and seminars for world-class scientists, young researchers and practitioners. Dagstuhl Perspectives Workshops explore cutting-edge topics in business informatics and produce “manifestos”, which set a research agenda and are sent to academics, policymakers and industry.
Last week’s session included industry leaders such as Caspar Bowden from Microsoft, Jan Camenisch from IBM, Claire Vishik from Intel, and Alma Whitten from Google as well as numerous leading academics. It discussed the current state of the art of online privacy, industry and engineering options to improve it, recommendations for improving regulation and of course a research agenda. I found it refreshing to participate in a conference dominated by computer scientists, who have quite a different view of privacy than us lawyers. I’ll blog about the manifesto later, but wanted to share a couple of interesting “nuggets”:
Jacques Bus, formerly Head of Unit ICT Trust and Security in the European Commission and currently a consultant, quoted Paul de Hert who said that “privacy is about what is not covered by other civil liberties”. I like this “residual” definition, which actually has an impressive pedigree – drawing on Warren and Brandeis’ delineation of privacy around lacunae in then-existing legal protections.
Jacques also quoted Seda Gürses who said that “privacy cannot and should not be precisely defined; a definition would kill it”. This is a great line for lawyers who've been laboring for over a century on a definition of privacy. I like the resemblance to quantum physics – by closely observing the object of research you affect the results.
A German cryptologist who participated in the event told me that he sees similarities between privacy professionals today and Communist student leaders in Germany in the 1960s! Those student leaders had very strong convictions about the rights of the proletariat, yet got a cold shoulder from factory workers when they tried to spread the word to the masses. Think about it next time you try to persuade your friends or students to hesitate before posting information on Facebook.
The cryptologist, who sees something of a religious fervor in privacy professionals, also suggested the problem with privacy enhancing technologies (PETs) (e.g., failure of P3P to pick up) may be the fact that users are involved. He thinks data security tools, such as Public Key Infrastructure (PKI), work rather well precisely because they do not require user engagement.