Saturday, November 17, 2007

Privacy and anonymity

As you may have read, Donald Kerr, a deputy director of national intelligence, said last week Americans need to re-think their conception of privacy. He said privacy will no longer mean anonymity but will, instead, mean that government and the private sector will have to take appropriate steps to “safeguard people’s private communications and financial information.”

I’m not sure if I agree with him or not, so I thought I’d use this post to sort through my reactions to Kerr’s comments.

On the one hand, I don’t know that privacy has ever been synonymous with anonymity. My neighbors know who I am and where I live, as do the local police in my small Ohio suburb. I’m far from being anonymous to those around me. That, though, doesn’t mean I’ve lost my privacy. What I do in my home is still private, at least to the extent I pull the drapes and otherwise take some basic steps to shield what I’m doing from public view.

Maybe that’s what he means by equating privacy and anonymity . . . the notion that what I do in public areas is not private, at least not unless I take steps to conceal my identity and my activities. But that’s not a new notion – it’s common sense. As far as I know, no one has ever tried to argue that what they do in public (walk, drive, shop, go to a movie, rollerblade, whatever) is private under our Constitution . . . because they believed it was private or under some other theory.

Anonymity is not really an aspect of privacy under our Fourth Amendment law, except insofar as remaining anonymous makes it difficult or impossible for someone to tell what you’ve been doing in an area where you can readily be observed by others. Our Fourth Amendment law has traditionally been about the privacy of enclaves – your home, your office, your car, phone booths (when they still existed), and other physical (and perhaps intangible) places. One court, at least, has assumed that a password-protected website is a private enclave, analogous to these real-world enclaves. The Fourth Amendment also protects the containers (luggage, safes, lockers, sealed mail, DVD’s and other storage media) we use to store and to transport things. It is intended to prevent the police from intruding into real and conceptual spaces as to which we have manifested a reasonable expectation of privacy.

I don’t see where anonymity comes in to the traditional Fourth Amendment conception of privacy. The police can see John Doe walking down the street carrying a bag and really want to open that bag because they think he’s transporting drugs, but they can’t open it, or make him open it, just because they know who he is (John Doe). His lack of anonymity has no impact on the legitimate Fourth Amendment expectation of privacy he has in the contents of that bag. The fact that he’s carrying a bag is not private because anyone can see him carrying it. The contents of the bag, though, are private unless and to the extent that the bag is transparent; as long as it’s opaque, its contents are and will remain private.

Anonymity, as such, is actually the focus of a different constitutional provision: the First Amendment. The Supreme Court has interpreted the First Amendment as establishing the rights both to speak anonymously and to be able to preserve the anonymity of one’s associations. The Court has found that protecting anonymity in this context furthers free speech, political advocacy and other important values.

I think what Mr. Kerr is really talking about is an issue I’ve written on before: whether we have a Fourth Amendment expectation of privacy in the information we share with third-parties, such as businesses, Internet and telephone service providers and financial institutions. I think what he’s referring to is what I believe to be a widespread, implicit assumption among Americans, anyway: the notion that what we do online stays safely and obscurely online. I may be wrong, but I think we unconsciously tend to assume that the data we generate while online – the traffic data our ISP collects while we’re surfing the web and the transactional data companies collect from us when we make purchases or otherwise conduct business online – is entre nous . . . is just between me and my ISP or me and my bank or me and Amazon.

We know at some level that we are sharing that data with an uncertain number of anonymous individuals -- the employees of ISPs, banks, businesses, etc. – but we don’t tend to correlate sharing information with them with sharing that information with law enforcement. We essentially assume we are making a limited disclosure of information: I inevitably share data with my ISP as an aspect of my surfing the web or putting this post on my blog. I know I’m sharing information with the ISP, but I don’t assume that by doing that I’m also sharing information with law enforcement.

The problem with that assumption is, as I’ve noted before, that the Supreme Court has held that data I share with third-parties like banks or ISPs is completely outside the protections of the Fourth Amendment. According to the Court, I cannot reasonably expect that information I share with others, even with legitimate entities, is private. This means that under the Fourth Amendment, law enforcement officers do not have to obtain a search warrant to get that information.

(There are statutory requirements, but these both requirements go beyond the current interpretation of the Fourth Amendment and often provide less protection than that Amendment. They often allow officers to obtain third-party data without obtaining a search warrant; a subpoena or court order may suffice.)

So how does all of this relate to Mr. Kerr’s comments about anonymity and privacy? Well, at one point he said that we have historically equated privacy with anonymity but “in our interconnected and wireless world, anonymity - or the appearance of anonymity - is quickly becoming a thing of the past”. Actually, I’d tend to argue the opposite: I think cyberspace actually gives us more opportunities to remain anonymous than we’ve ever had.

Think about a pre-wired world. Think about the America of a hundred or a hundred and fifty years ago. Most Americans in this era, like most people throughout the millennia preceding that era, lived in small towns or villages. They pretty much knew everyone in the town or village where they lived. They traveled very little, both in terms of frequency and distance, so they lived their lives almost exclusively in that town or village. One consequence of this is that everyone in the town or village tended to know pretty much everything about everyone else. They knew who was having an affair with whom. They knew who was buying opium-based products at the general store and getting high. They knew who the drunks were and who the wife- and child-beaters were. They might not know everything that went on in each other’s homes behind closed doors, but they knew pretty much everything else.

The lives of those who lived in cities were probably not subject to quite so much scrutiny from their neighbors. My impression, though, is that city-dwellers during this and earlier eras tended to reside in a specific neighborhood, do their shopping in that neighborhood and generally socialize with people in that neighborhood. So much of what I said about town and village dwellers also applied to those who lived in cities. City dwellers probably had the possibility of going into other parts of the city to carry out their affairs, buy their opium products or otherwise engage in conduct they’d prefer not be widely known in the neighborhood where they resided.

My point is that there wasn’t much anonymity back then, or in all the years before then.

In modern America, we have much more control over the information we share with others. Our neighbors may still be able to pick up a lot of information about our habits and predilections, good and bad, but if we’re concerned about that we have alternatives: We can seclude ourselves in a remote area and commute to work, live in a high-rise and ignore our neighbors or take other means to reduce the amount of information that leaks out to those with whom we share living space. We may still buy our groceries and medications and clothing and other necessities from a face-to-face clerk (or not, as I’ll note below), but we can conceal our identity from the clerk by paying with case. We can try to obscure patterns in our purchases of necessities by patronizing various stores, in the hopes of interacting with different clerks. We can also rely on the fact that in today’s increasingly-urbanized, increasingly-jaded world clerks may not pay attention to use and our purchases because they don’t care who we are. We’re no longer joint components in a small, geographically-circumscribed social unit.

We can also take information about our purchasing habits and financial transactions out of local circulation by making purchases and conducting financial and other transactions online. This brings us back to Mr. Kerr’s comments. I may be wrong, but I don’t think we assume we’re anonymous when we conduct our affairs online. I do think we believe we are enhancing the privacy of our activities by removing them from the geographical context in which we conduct our lives. Online, I deal with strangers, with people who do not know Susan Brenner and, by inference, do not care what Susan Brenner is buying or selling or otherwise doing online.

Empirically, that’s a very reasonable assumption. The problem is that it founders on a legal and practical Catch-22: We conduct our online transactions with strangers who don’t know us and, by extension, don’t care about what we do. We therefore assume we have overcome the memory problem, the fact that historically those with whom we dealt face-to-face could, and would, remember us and our transactions. This brings us to the first, practical component of the Catch-22. Although we overcome the memory problem, we confront another problem: the technology we use to conduct our online transactions records every aspect of those transactions. We replace the uncertain memory of nosy clerks with disinterested but the irresistibly accurate transcription of machines.

The second, legal component of the Catch-22 is the issue I noted above – the recorded data we share with these third parties is not private under the Fourth Amendment and can, therefore, be shared with law enforcement. So in one sense we have more privacy as we move our activities online, and in another sense we have less.

I’m not sure what Mr. Kerr meant when he said that privacy now means that government and the private sector will have to take appropriate steps to “safeguard people’s private communications and financial information.” Does he mean we should revise our view of the Fourth Amendment to bring this information within its protections? Or does he mean we should enact statutes designed to accord a measure of privacy to this data by setting limits on how it can be shared with law enforcement?

No comments:

Post a Comment