The Internet is in the details. At this early stage, ideas provide a framework for privacy and digital rights that is both a legal and technical framework. If we look deeply at the important ideas, the situation is as exciting, and as socially and technologically difficult, as a moon shot. What are these important ideas? This paper attempts to isolate some of the ideas that have amazed me. The ideas pose difficult challenges, but they also illustrate how the very meaning of humanity, society, and government are bound in yet another revolutionary system of progress. Privacy is not the end-game for the Internet, but it is another jolt of acceleration. As with prior revolutions, the ideas driving the revolution also explain it.
People seem to know that Internet technology has caused private things to leak and spurt out in ways that need control. Privacy is, after all, a matter of keeping things secluded from others, The United States has passed laws governing online privacy of children and medical information, and Europe has laws that are sufficient to create the legal advice in the United States that any web site should have a posted privacy policy. But current digital privacy is a symbiosis of technology and law that is a very long way from maturing. Technology that both hides and exposes things so easily and to so many people creates the need for privacy and digital rights laws in the first place. Technology is needed in the process of resolving the problems that have, largely unexpectedly, arisen from these previous technological developments.
It is hard to
decide where the technology solution should end and the law should begin.
Whether your job is to develop technology, write law, or as a citizen
simply to vote confidence in the law, you need an idea about the line between
technology and the law. Amazingly, it was Thomas Jefferson that drew the bright line
that serves as a great beginning. He
argued that once you say or show something to just one other person, the secret
is out. The information is now public and is not owned. You have lost all rights to it.
The only way in which your right to that information or creation can be
preserved is through law. Hence the
line of the United States Constitution that forms the basis for all copyright,
trademark, and patent law in the United States: “The Congress shall have Power .. To promote the
Progress of Science and useful Arts, by securing for limited Times to Authors
and Inventors the exclusive Right to their respective Writings and Discoveries.”
(Section 8, Number 8, U.S. Constitution). For
economic reasons, the law must enforce privacy once the secret is made public.
The great idea of Thomas Jefferson is that once something is exposed in
public, its private protection is only in the law.
If we take Jefferson’s idea and place it in the context of the Internet, his reasoning is clear: Once something can be seen by just one other person on the Internet, then only the law can protect the exclusive Right in that thing. Any technologist will tell you that once something is allowed to go to a computer screen then technology cannot stop its theft. So, there is probably a very clear, bright, line between where technology ends and the law begins. As long as something isn’t completely hidden by the technology, then the law must now step in, at the point of any presentation, if privacy and digital rights are to be protected. If we think about the information that is your name and address, then once you give that name and address to just one other person, or make it available just once on the Internet, the law must step in to protect your name and address from misuse.
The role of technology does not therefore end where the law begins. It’s role shifts from the role of enforcement to the role of assistance. In the same way, locks on doors really just assist the law. They do not enforce law. A lock is easily broken; breaking the hinge on the door or just bypassing the door entirely gains entrance. Nevertheless, no one would say that, since locks don’t really stop a thief, they should not be employed. In fact, many insurers require that unlawful entry be shown to be forced. Similarly, technology plays a central role both before and after the secret is, technically speaking, out. The technology of legal assistance on the Internet is a profoundly deep technology that is yet to be fully discovered and laid out. The symbiosis of law and technology is first established by Jefferson’s bright line, but continues into multifaceted systems for legal assistance that are largely undiscovered, or at least, unpracticed at this time.
Most current discussions of privacy focus on personally identifiable information. This is any information that can identify an individual person either directly or indirectly. But privacy in fact goes well beyond the privacy for your personally identifiable information. Your privacy contains any number of things that you can keep secret by just plain keeping a secret or by asking others to respect your right to seclude. I can write a book and keep it private by not showing it to others. Even if I don’t put my name on the book, I can keep it private. It is a natural violation of my privacy if I show the book to others, and they steal it from me by then giving it to others without my permission. The law protects this privacy in copyright, but this case demonstrates that personally identifiable information is just the beginning of the stuff of privacy. Privacy and digital rights management of content are two sides of the same coin. It is very important to distinguish among all kinds of digital content that a person, or even an organization, may choose to keep secret or make available on the Internet. If they choose to make it available once, then the law should probably protect the privacy rights that held before the presentation was made, and technology should probably assist the law.
Most people
who think about privacy in public policy think about it in a unilateral fashion
and focus on personal identification. But
personal identification is not really what privacy is about. It is just a fear that if you know it is me, that you can
get something else from me that I want to hold secret.
If you find out my credit card number, you will steal my credit.
It isn’t the credit card number, it's my credit.
Privacy is all about those things that I can keep secret and will expose
to you only if I believe you not misuse or employ in a way that means I should
have kept them secret. Personally
identifiable information is information of this kind.
Things I work to create are other things of this kind.
Take the example of bilateral privacy may be between a person and an
online museum. The person naturally
expects the information about his behavior on the online museum to be respected
as private to himself, and the museum may naturally expect its content to be
respected as private to the museum. The
person and the museum have feelings of privacy and hopes, if not expectations,
that the other party will respect their respective privacy.
If you expose something that you could hold secret, the government
should, it seems, protect your
Right to privacy, or to maintain the control you would have had if you had
denied access and never presented it.
Privacy in a digital age goes well beyond personally identifiable
information.
Technology must distinguish among presentations of many kinds of information and must know if the information is something some person or organization really regards as private. This is a very real violation of information theory. It says that the minimum amount of information is not a bit but rather much more than a bit, since the smallest quantum of content also carries with it quanta of rights and obligations in order for the technology to be of uniform assistance to the law. Of course, like locks on doors on an imperfectly locked house, uniform assistance may be difficult to achieve, but this notion of technical uniformity should strongly suggest that Internet technology and Internet law both need a lot of work to be in symbiosis with each other.
There are
great ideas in the relation between law and technology, and in a broad
definition of privacy that encompasses digital rights.
A violation of privacy or a digital right is a use of the information not
intended by the presentation. If I
give you my name and address in order to allow you to mail me the item I
purchased from you, then it is a violation of my privacy if you use my name and
address for another purpose than just this intended purpose.
Rights and obligations in privacy have everything to do with intended
purpose. I present the information
for a purpose I have in mind. You
will violate my privacy if you use the information for another purpose.
If I present a tour of the art in my museum for your enjoyment, but not
for you to copy and sell, then it is a violation of my privacy if you go off and
copy and sell the content. Perhaps
the content is content that is in the public domain, as would be the case with
old paintings. But this is content
that I choose to put on the Internet for a specific purpose.
It seems clear that I could have held this content secret and, if I
could, it is certainly a violation of my privacy if I choose to present it on
the basis that it will only be used for enjoyment and not for commercial resale.
This is
“organizationally identifiable information” since it is stuff the
organization has to itself, that uniquely identifies it.
It seems this is very similar, if not the same, as “personally
identifiable information.” What
makes these the same is the organization or person needs to know that the
purpose to which the information is put is a purpose explicitly allowed by the
organization or person. This needs
to be known even if it is known that the public presentation itself means that
only the law can enforce the protection of intended purpose, the protection of
privacy.
An argument can be made that this museum example is a bad one because all museums should be forced to make the out-of-copyright works publicly viewable without restriction since these works are, in fact, in the public domain even if the canvas or object itself is owned by the museum. But actually this is a very good example because it points out that privacy really does concern personally or organizationally identifiable information. However it isn’t the identification that needs to be protected, it is the use of the digital content that is identifiable. The great idea is that the law protects, and the technology assists, in the seclusion on the use of the content, not the content itself.
Another great
idea on digital privacy comes from positions on privacy taken by the European
community. For now return to
privacy for the individual, not including an organization.
The Europeans assert that your individual privacy is your inalienable
right. You are born with this right
and it dies with you. It is the
same as your right to life itself. Your
right to privacy cannot be separate from you.
Technologically, we can think of a physical person and many digital personae of that person. Each digital persona is a personally identifiable manifestation of that person. The European view is clearly that these digital personae are part of what it means to be that person, to be a human being. This is a profoundly important concept because it suggests an alteration to fundamental human rights. Since these digital personae are presented to others, only the state can protect their uses by passing laws that recognize the right of you, the physical person, to control the uses of your digital personae. In European law, you cannot own personally identifiable information except for a specific use allowed explicitly by the person who has the inalienable right to that personally identifiable information. Presumably a person could allow a “wildcard use” of some personally identifiable information. An author may put an article he writes out for use by anyone for any purpose whatsoever, with the sole provision that he be recognized as the author. Europe, though, gets picky with some personally identifiable information such as your name and address. They create law on some such content that makes it basically impossible to provide a wildcard use. This is because it is assumed that some content, like your name and address, can only be used for specific purposes by specific entities and these uses must be correspondingly restricted.
The
technological problems in providing assistance to the legal system begin to
become particularly obvious as we consider these problems.
Suppose you write a biography, as many consultants and faculty are wont
to do. This naturally contains your
name and address information. Suppose
you are a polymer chemist. Can a
web spidering program go out and collect a list of all polymer chemists it can
find and the results of this posted on the web by the spidering program without
violating the privacy of the consultants and faculty?
Certainly the consultants and faculty made an implied consent to some use
of their resume information, but just as certainly many would consider a result
that put them on a polymer industry newsletter mailing list as a violation of
their privacy.
The person or
organization posting a list of all polymer chemists has their privacy, too: they
would like to know that posting this list does not give permission for someone
else to copy the list and post it too or, probably, to create a polymer industry
newsletter mailing from their list. The
technical infrastructure that can properly assist the legal protections around
this kind of information reuse will need to be discovered.
We already see the sad manifestation of the absence of this technical
infrastructure in organizations, including schools, now withholding directories
of faculty from viewing on the web. If
you put up your resume for an intended use, it should be respected for that use. The law is necessary but not necessarily sufficient.
Without a corresponding technical infrastructure the law may well be too
complicated to be practical.
The example of spidering is only one of many examples where there are difficult technical and legal issues. Another class of issue is “personal identity inference.” There are many examples where a buying pattern can create personally identifiable information where the individual pieces of information are not personally identifiable. The classic examples are in forensics where criminals are identified by characteristic spelling or typing errors in their documents. Forensics in the information age itself is usually violating individual or organizational privacy. When should the law be permitted to inspect the contents of temporary internet files resulting from browsing? There are many instances when the legal system is simply not permitted to gain access to information even if it could in principle get that information technically. One very well known example of this is lawyer-client privilege. Even if a client has disclosed information to his lawyer, and vice versa, the law cannot get to that information unless the parties choose to make a disclosure for that purpose. Ideally a technical infrastructure should exist that permits lawyer-client email to be protected from forensic investigation, even if the law fails to protect other areas of privacy from forensics. It seems that the state can protect privacy even from the state’s intrusion. The symbiosis of law and technology may well need to develop such special privacy provisions when the technology makes for records that the state should respect as private.
Privacy assumes that keeping a secret is acceptable, so the symbiosis of the law and technology should find ways to support secret activities as well. Authorized anonymity will become necessary to any viable system of privacy and digital rights protection. The technical basis for authorized anonymity is a voucher system. A digital persona may not be technically identifiable as you or your organization, but another individual or organization has vouched for your right to make a purchase or the appropriateness of the addressing information for the intended purpose. A simple example is that of a famous person who has a public email address for specific types of inquiries that are then filtered by an intermediary who knows this famous person’s real, direct, email address. A more robust example would be American Express digitally pre-authorizing spending a certain amount of money anonymously. The merchant need only verify the American Express wallet, and, perhaps, that the U.S. Mail knows how to deliver to Customer P.O. 1234. Such anonymous support systems deny access to personally identifiable information and thereby enforce privacy without the aid of the law. However, privacy is, in fact, lost to the authority that grants the power to purchase or to ship. This law is still required to restrict the personally identifiable information to its intended use. Again, the precedence exists for anonymity enforced by the law. Voting is such an example. The vote that you cast at an election is enforced by the law to be secret even though any number of technical means exist that could expose your vote. So, anonymity provided by technology is another case of technology assisting the law, and the law needs to make clear that a violation of the intended anonymity, or use of information, is against the law.
Among the trickier of issues regarding the symbiosis that needs to be established between the law and technology in protecting privacy goes back to Thomas Jefferson again and examines the case that a right to privacy is only for a time. The law can establish different time limits for different things. For example, copyright protection endures at least three times longer than patent protection (75 compared to 22 years). It isn’t clear what time limits there should be on the protection of personally identifiable information. Clearly just protecting it from birth to death may not be enough. What happens if someone keeps genetic records about your family before you are born and later associates these records with you? This is happening in Iceland today. Past death personally identifiable information can still be misused in ways that are clearly not intended. If we extend privacy to an organization’s right to privacy, we can come back to the museum example and ask some interesting questions about its right to control the presentation of the material it holds in perpetuity for the benefit of mankind.
A symbiosis
of law and technology on the Internet is essential to privacy and digital
rights. Just as technology created
the problem by redefining the means of public presentation, it is also essential
in solving the problem. The reason
has to do with making the application of the law practical.
The situation
with anonymous personae is particularly interesting because the technology that
discloses yourself to some while secluding yourself from others is so strong.
It commonly employs cryptographic technology that much stronger than a
lock on a house or even the safe at Fort Knox.
Furthermore, it can authenticate your right to act anonymously with much
more assurance than a photo-ID or a signed letter of authorization.
Such technology greatly enhances the practicality of the law because it
can establish beyond doubt who had the opportunity to violate the law and
thereby who must be responsible for maintaining privacy.
Even with
cryptographic protection and support, privacy and digital rights management can
easily be onerous and impractical. To
appreciate this one need only recognize that an agreement to use information for
a specific purpose is the basis for non-disclosure contracts, and these are
often difficult and arduous to negotiate. A
look at current privacy laws and regulations will quickly also confirm that
these are difficult to interpret and apply.
A grand opportunity exists in discovering technology to automate these
processes.
The World
Wide Web Consortium has a proposal, called P3P
and APPEL, that permits automatic treatment of complicated agreements but the
technology to date is still inchoate. An
example of a clear problem is that a privacy policy for a web site has both a
machine readable form and a form in English or another natural language.
The two forms are supposed to be “consistent” yet everyone is aware
that this will never happen either because the natural language is subject to
interpretation or includes points not covered by the machine readable form.
Frankly, the symbiotic pair of law and technology need to make a choice
here or at least a better decision.
Yet another approach employs the machine-readable semantics developed by the P3P group to create negotiated contracts between the parties, and also uses cryptographic authentication techniques to insure that both parties have digitally signed agreements that cannot be repudiated by either party. Furthermore the authentication of the parties to the agreement can include multiple certifications from multiple authorities that may have jurisdiction in any dispute. This is a case where the legal machinery may later recognize these agreements as binding contracts because the strength of the technology provides a strong level comfort to the legal system. A related approach utilizes a third party, automated, agent to provide the details of the agreements between the parties seeking respect of their respective privacy and digital rights. Current work in this area includes the Privacy Server Protocol and XNS. Such intermediate agent systems could rely on either natural language or machine readable agreements yet practically benefit from automation on the Internet.
Machine
automation, especially in the early years, will never quite be as reliable and
robust as it needs to be. The symbiosis between the law and technology
will yield many imperfect manifestations. For this reason organizations
that are developing the means of auditing and testing privacy systems, such as
the ISTPA, will have an important, if not
essential, role in establishing the details of the symbiosis. Furthermore
wider distribution of cryptographically strong systems such as those
anticipated for the firmware in PCs and other devices are an essential
ingredient in maintaining strong systems of privacy.
In the United
States, people engaged in direct marketing have long thought they had the right
to your personally (or organizationally) identifiable information as well as
you. In Europe, the law is clear.
They do not. The law needs also to be clear in the United States but this
is another area where there is a strong need for new technologies if only to
make compliance and enforcement practical.
As long as the Europeans hold to their law, it will be advisable for just
about all web sites to seek opt-in approval for any specific use of personally
identifiable information. Under
European law, if you wish to use a person’s information for another use, you
must go back to that person and seek an additional opt-in.
A technical infrastructure is practically essential to facilitate such
additional authorizations on behalf of direct marketers and the infrastructure
that ties together the systems of jurisdictions that could process and notarize
particular legal notifications and acceptances.
To accomplish this in an automated and practical fashion requires
considerable cooperation between the legal bodies and the technology developers. The direct marketing people can outreach over the entire
globe if the mechanism exist for practical and legal outreach.
The great idea in this is that now that technology has released the genie from the bottle and the law has to step in, technology can assist the law in providing a practical solution to handling the taming of the genie. No one is confronted with a situation they like. The technologists certainly never wanted the law to enter the Internet, and the law never likes the idea of automation. Direct marketers are unhappy about laws that restrict their use of information they obtain from others, and people are unhappy about laws, or the absence of laws, that permit intrusive activities. Museums and libraries are confronted with abrogating their responsibility to public access on the Internet because they want their privacy respected.
It was technology that released this genie, and technology will work cooperatively with the law to tame it for the benefit of all the parties. The result will be an acceleration of commerce on the Internet, a great expansion in the quality of the content on the Internet, and a great increase in people’s freedom to act and trade. Without legal and technical solutions to privacy and digital rights, the Internet will only be a fraction of what it could be.