Privacy and quantum physics; privacy as religion

I’ve just returned from a week at the Schloss Dagstuhl Leibniz Center for Informatics, where I attended a “Perspectives Workshop” on “Online Privacy: Towards Informational Self-Determination on the Internet”. Schloss Dagstuhl (Dagstuhl Castle) is a historic country house located 150 miles from Frankfurt, which hosts a computer science research center as well as workshops and seminars for world-class scientists, young researchers and practitioners. Dagstuhl Perspectives Workshops explore cutting-edge topics in business informatics and produce “manifestos”, which set a research agenda and are sent to academics, policymakers and industry.

Last week’s session included industry leaders such as Caspar Bowden from Microsoft, Jan Camenisch from IBM, Claire Vishik from Intel, and Alma Whitten from Google as well as numerous leading academics. It discussed the current state of the art of online privacy, industry and engineering options to improve it, recommendations for improving regulation and of course a research agenda. I found it refreshing to participate in a conference dominated by computer scientists, who have quite a different view of privacy than us lawyers. I’ll blog about the manifesto later, but wanted to share a couple of interesting “nuggets”:

Jacques Bus, formerly Head of Unit ICT Trust and Security in the European Commission and currently a consultant, quoted Paul de Hert who said that “privacy is about what is not covered by other civil liberties”. I like this “residual” definition, which actually has an impressive pedigree – drawing on Warren and Brandeis’ delineation of privacy around lacunae in then-existing legal protections.

Jacques also quoted Seda Gürses who said that “privacy cannot and should not be precisely defined; a definition would kill it”. This is a great line for lawyers who've been laboring for over a century on a definition of privacy. I like the resemblance to quantum physics – by closely observing the object of research you affect the results.

A German cryptologist who participated in the event told me that he sees similarities between privacy professionals today and Communist student leaders in Germany in the 1960s! Those student leaders had very strong convictions about the rights of the proletariat, yet got a cold shoulder from factory workers when they tried to spread the word to the masses. Think about it next time you try to persuade your friends or students to hesitate before posting information on Facebook.

The cryptologist, who sees something of a religious fervor in privacy professionals, also suggested the problem with privacy enhancing technologies (PETs) (e.g., failure of P3P to pick up) may be the fact that users are involved. He thinks data security tools, such as Public Key Infrastructure (PKI), work rather well precisely because they do not require user engagement.


Privacy is indeed a difficult, multi-facetted and intellectually exciting field. It's interesting to liken privacy to quantum effects, for their common slipperiness. But I do hope these curios don't distract anyone from practical privacy.
While academics continue to quite properly debate what privacy means, let's remember that practical Information Privacy Law neatly sidesteps the complexities, to provide a useful framework for analysing most of today's pressing issues. Information Privacy Principles don't care about challenging questions like the "ownership" of information, or moral rights, or even the dichotomies between public domain and private space. Rather, they set out pretty clear rules about what reasonable use can be made of personally identifiable information (PII). IPPs generally forbid the collection (including creation) of PII by organsiations and governments unless there is a justifiable need to do so. PII once collected cannot be arbitrarily re-used for unrelated purposes, nor disclosed. Individuals generally have a right to be told what PII is being collected about them, and why.
Long may the philosophical inquiry continue but in the meantime, let's remember that Information Privacy Law around the world provides the means to understand and prosecute matters like the collection of wifi data from open home networks, and the exploitation by Online Social Networks of network information and metadata generated about their members for surreptitious commercial gain.

Thanks Stephen. I agree - we've certainly developed very elaborate regulatory structures for the protection of PII, and most practitioners do not need to ask themselves these questions. But when reviewing the framework, as is happening these days in the US (DoC Green Paper and FTC DNT Report) and EU (Consultation on reform of DPD), we should keep in mind the fundamental values. This has practical implications, for example when trying to re-define PII ("personal data") in light of robust de-anonymization attacks (e.g., AOL privacy debacle; Netflix prize). Given that even anonymized data could be traced to specific individuals, should the framework expand to cover ALL data (personally identifiable in the traditional sense or not)? What does it take for data to have privacy implications? What is privacy anyway? Just one example where the basics still matter.

Omer, I agree with you right up to the point where you ask "What is privacy anyway?". We don't need to get bogged down in that question to tackle the issue of anonymization and re-identification. You're right that powerful re-identification techniques challenge the categorization of information as personal or not. So I advise my clients to err on the side of caution; if there is doubt about the degree of anonymization, then they should still treat a dataset as personal, and protect it in accordance with Information Privacy Law.
Anonymity is very difficult to achieve. Given this fact, I believe you can tell when big informopolies are being disingenuous about privacy when they over-state anonymity. For example, when wifi SSIDs are collected to support geolocation services, some claim that the data is not personal. But that's clearly an untruth, because we know that geospatial information combined with public directories allow a householder's name to be linked to the street address from where the SSID was collected.
Conventional Information Privacy Law can be used to deal with SSID collection, and other complex cases like Social Networking, if we take a cautious approach. Yes, in some cases we should probably assume that most data is personally identifiable. Remember the proft motive: the value of information to informopolies is proportional to its identifiability. We should expect OSN operators and search companies to retain as much identification as possible. We shouldn't automatically trust them to not be interested in re-identification.

Add new comment