Sunday, July 23, 2017

The Boundaries of Privacy Harm

                   This post is a summary of the essay with the title above published in 2011 at http://ilj.law.indiana.edu/articles/86/86_3_Calo.pdf

       Just as a burn is an injury caused by heat, so is privacy harm a unique injury with specific boundaries and characteristics. This essay describes privacy harm into two related categories. The subjective category of privacy harm is the perception of unwanted observation. This category describes unwelcome mental states - anxiety, embarrasment, fear - that stem from the belief that one is being watched or monitored. Examples of subjective privacy harms include everything from a landlord eavesdropping to generalized government surveillance. The objective category of privacy harm is the unanticipated or coerced use of information concerning a person against that person. These are negative, external actions justified by reference to personal information. Examples include identity theft, the leaking of classified informaton that reveals an undercover agent, and the use of a drunk-driving suspect's blood as evidence against him. The subjective and objective categories of privacy harm are distinct but related. Just as assault is the apprehension of battery, so is the perception of unwanted observation largely an apprehension of information-driven injury. The categories represent, respectively, the anticipation and consequence of a loss of control over personal information. This approach offers several advantages. It uncouples privacy harm from privacy violations, demonstrating that no person need commit a privacy violation for privacy harm to occur and vice versa. It creates a "limiting principle" capable of revealing when another value - autonomy or equality, for instance is more directly at stake. It also creates a "rule of recognition" that permits the identification of a privacy harm when no other harm is apparent. Finally, this approach permits the measurement and redress of privacy harm in novel ways. Privacy harm is a crucial but under-theorized aspect of an important issue. We should understand its mechanism and scope if only for the sake of conceptual clarity. But identifying its boundaries will also be of practical use to scholars, courts, and regulators attempting to vindicate and protect privacy and other values. If too many problems come to be included under the rubric of privacy harm, everything from contraception to nuisance, we risk losing sight of what is important and uniquely worrisome about the loss of privacy. Setting boundaries concentrates the notion of privacy harm and bolsters the case for what privacy deserves to be enforced in its own right. A hasty diagnosis may obscure a serious medical problem. But sometimes doctors look at a constellation of symptoms and see no disease. Courts, too, can resist recognition of an unfamiliar harm. Understanding the boundaries and mechanics of privacy harm may also allow for a "rule of recognition", that is, a means to identify and evidence a non-obvious problem. seeing the privacy harm in unsolicited e-mail requires looking closely at how mass spam is generated through a particular lens. As several scholars point out, spam is often targeted on the basis of purchased or misappropriated private information. Spam requires an e-mail address, generally considered personally identifiable information, to reach an inbox. This suggest a novel way to regulate spam or junk mail: directly as "objective privacy harm." at least one leading privacy scholar has questioned both the possibility and usefulness of defininf privacy or privacy harm. In a series of influential articles and books, Daniel Solove rejects the notion that privacy can or should be reduced to any one, or even multiple concepts. In this way, Solove suggest the irrelevance and improvidence of attempting to set boundaries around the concept of privacy or privacy harm. Those boundaries will always fail by including activities that do not deserve the label "privacy, " or leaving out ones that do. Solove specifically disavows the utility of isolating privacy harms from other sorts of harms. He is far more interested in identifying problems than in classifying them. Solove's criteria for inclusion involve recognition by the right sorts of authorities. His taxonomy "accounts for privacy problems that have achieved a significant degree of social recognition. It captures "the kinds of privacy problems that are addressed in various disucssions about privacy, laws, cases, constitution, guidelines, and other sources. Solove specifically turns to the law because "it provide concrete evidence of what problems societies have recognized as warranting attention. But what happens if someone disagrees with these sources? How does one go about denying that a given harm is a privacy harm? To be sure, Solove's approach makes many wise turns. It eschews the elusive search for a concept of privacy in favor of a pragmatic approach that focuses specifically on privacy problems and their resulting harms to individuals and society. Describing boundaries and core properties of privacy harm helps to reveal values, identify and address new problems, and guard against dilution. But exactly what are those boundaries and properties? I maintain that privacy harms in two categories. Subjective privacy harms are those that flow from the perception of unwanted observation. They can be acute or ongoing, and can accrue to one individual or to many. They can range in severity from mild disconfort at the presence of a security camera to mental pain and distress far greater than could be inflicted. Generally, to be considered harmful the observation must be unwanted. But actual observation need not occur to cause harm, perception of observation can be enough. The second category is "objective" in the sense of being external to the person harmed. This set of harms involves the forced or unanticipated use of information about a person against that person. Objective privacy harms can occur when personal information is used to adverse action against a person, as when the government leverage data mining of sensitive personal information to block a citizen from travel, or when there is some negative judgment about another based on gossip. Objective harms can also occur when such information is used to commit a crime, such as identity theft or murder. The subjective and objective categories of privacy harm are distinct but not entirely separate. They have different elements. The two components of privacy harm are related in an analogous way. Objective privacy harm is the actual adverse consequence. Subjective privacy harm is, by and large, the perception of loss of control that results in stress and discomfort. The two categories are distinct but related. They are two sides of the same coin: loss of control over personal autonomy and information. Subjective harms need not occur in the moment; many feelings of privacy violations have a delayed effect. Many subjective privacy harms will be backward looking insofar as the offending observation has already ended at the time of discovery ( or because of it). A different privacy harm occurs where observation is systematic, that is, part of a plan. Pervasive individual monitoring is, for instance, a key component of control of situations. It may also be that the so-called "learned helplessness" experienced by some abuse victims stems  from having internalized the feeling of being monitored. The Supreme Court has recognized the threat systematized governmental surveillance can impose on a citizenry. "The price of lawful public dissent must not be dread of subjection to an unchecked surveillance power," the court noted in a case. "Nor must fear of unauthorized official eavesdropping deter vigorous citizen dissent and discussion of Government action in private conversation." Episodic solitude, in essence, the periodic absence of the perception of observation, is a crucial aspect of daily life. People need solitude for comfort, self-development, even mental health. As Alan Westin argues:"privacy allows for respite from the emotional stimulation of daily life", to be always on surveillance would destroy the human organism." Charles Fried notes that, were our every action public, we might limit what we think and say. Indeed, the lack of any time away from others is a common feature of the modern dystopian novel. George Orwell's Nineteen Eighty-Four continue to haunt the contemporary imagination. In Yevgeny Zamyatin's We, the buildings are completely transparent. The most frequently repeated act of mental conditioning Huxley's Brave New World is the dislike of solitude. Subjective privacy harms are injuries individuals experience from being observed. But why does the belief that one is being observed cause discomfort or apprehension? In some instances, the response seems to be reflexive or physical. The presence of another person, real or imagined, creates a state of "psychological arousal" that can be harmful if excessive. The embarrassment of being seen naked seems similarly ingrained. The two components of privacy harm are testable. Courts and regulators are capable of investigating, particularly with the help of experts, whether a person felt observed. But we do not stop here: we must multiply the degree of aversion by the extent of surveillance. In the case of massive outdoor surveillance by closed-circuit or pervasive aerial photography, especially where the footage is stored and processed, the extent of the surveillance is enormous. Thus, the ultimate harm can be quite large. Nearly every state has a data breach notification law that requires individuals or firms to notify victims or the government in the event of a breach. Data breach do not automatically lead to identity theft, blackmail, or other malfeasance. But, the exposure increases the risk of negative outcomes. As an initial matter, data breaches register as subjective privacy harms. When a consumer receives a notice in the mail telling that her/his personal information has leaked out into the open, she/he experiences the exact sort of apprehension and feeling of vulnerability the first category of privacy harm is concerned about. But what if there is a data breach or other increased risk of adverse consequence and the victim never knows about it? Then there has been neither subjective nor objective privacy harm, unless or until the information is used. We know information about us is being collected, processed, and used, sometimes against our interest. But we have no choice about, or understanding of, the underlying processes. Privacy harm in the contemporary world is less a function  of surveillance by a known entity for a controversial purpose. It is characterized instead by an absence of understanding, a discomfort punctuated by the act of disruption, unfairness, or violence. This privacy harm is not merely individual, but can lead to societal harms that are in a sense "architectural." The absence of privacy creates and reinforces unhealthy power imbalances and interferes with citizen self-actualization. There is no question that such architectural harms are important. They are not, however, best thought of as privacy harms. Rather, this harms are distinct harms, harms to societal cohesion and trust, that happen to be composed of privacy harms. Privacy harm is a distinct injury with particular boundaries and properties. This essay has argued that by delimiting privacy harm, we gain the ability both to rule out privacy harm where appropriate and to identify as they emerge. By looking at privacy harm in the way this essay suggests, we gain practical insight into the nature and range of this unique injury.  Privacy is in many ways on the cusp of a greater science. The hope is that by describing the outer boundaries and core properties of privacy harm, this essay has served to open an additional avenue of investigation.

No comments:

Post a Comment