Algoritmos

right to privacy, particularly in its current conceptualisation, can guarantee the complete protection of both the negative and positive concepts of liberty. In this section I shall explain why I feel the right to privacy as it is currently being conceptualised in both the law and the political discourse is inadequate for the complete protection of privacy and individual liberty. I contribute this in no small measure to the rise of new surveillance technologies such as software agents. Furthermore, I shall argue that a pre-occupation with the current approach towards (informational) privacy is counterproductive and could even be detrimental to the protection of (individual) liberty in the information society. The reason for the possible counter-productivity of the right to privacy lies in several separate but interrelated factors, as I shall explain in this section.

I feel that the difficulties with the interpretation of the right to privacy in the information society are of a fundamental nature. As such the problem with the current conceptualisation of privacy is apparent in both the role of privacy in relationships between private entities (such as individuals and businesses) and in the relationship between public bodies and citizens. Therefore, I shall discuss the difficulties with regard to privacy for both the public and the private sector even though the focus of this thesis is on state surveillance.

6.4.1 Vagueness and context

In my opinion the main problem with the right to privacy in the information society is the high level of abstraction involved in fathoming its meaning and importance. The inherent vagueness of privacy, the different conceptions of the right, and the dimensions to which these conceptions apply, contribute to the fact that many people are unable to appreciate the importance of the right to privacy. The preoccupation with the right to privacy could even distract us from the real issue at hand when it comes to surveillance and control: the protection of (individual) liberty.

The fact that more dimensions and conceptions of privacy are conceived and incorporated into the right to privacy leads to what Blok (2002, p. 319) calls an ‘inflation’ of the private sphere. The inherent vagueness of the right to privacy is amplified by the inclusion of personal data into the private sphere, resulting in a right with such a vague subject matter, that its precise scope and content are unclear to almost everybody in society.

Because of the high level of abstraction, the importance of the right to privacy is oftentimes underestimated. Many people feel they have nothing to hide and are willing to trade an illusive, intangible concept like privacy for clear benefits such as convenience, monetary gain, or increased security.5

Oftentimes, the importance of the right to privacy is only realised when a damaging infringement of privacy becomes apparent. I believe the reason that most people disregard the importance of privacy lays mainly in the fact that though the right to privacy has changed, it is still associated primarily with theinaccessibility of apersonalsphere, the traditional way of understanding privacy that Solove (2004b) has labelled the secrecy paradigm. In this view privacy is invaded when surveillance uncovers hidden facts. Most people want to hide the intimate parts of their life (for instance, sexuality) from outside scrutiny, but most likely not the fact they regularly buy a certain type of mineral water or visit a particular location. If behaviour is not ‘private’ enough to hide, we are more prone to exchanging our right to privacy for other privileges, such as customer benefits or a real or perceived increase in security. In particular, when it comes to serious crime and terrorism people are more prone to give up privacy (Koops and Vedder 2001).

Furthermore, the willingness of individuals to disclose personal information is highly dependent on the context. Personal information that people surrender willingly to a certain party in one context, may be kept a secret in another context. But as Solove (2004b) points out, the secrecy paradigm is unresponsive to life in the information society, where most personal information exists in the record systems of hundreds of entities that make up the surveillant as- semblage. While the disclosure of individual pieces of information in the

5 See for instance: The European Union Research Group,Data Protection,Special Eurobaro- meter no. 196,December 2003, p. 60.

surveillant assemblage might seem trivial when viewed in isolation, a combina- tion of individual pieces of information can lead to the creation of a fairly comprehensive digital dossier. The dangers of information power do not lie primarily in surrendering individual pieces of (personal) data to different parties, but rather in linking different pieces of data from varying sources within the surveillant assemblage. However, when and how data is being linked is unclear and as a result most people in society are unaware of po- tentially damaging infringements on privacy and liberty. They associate the surrendering of personal data mainly with liberal surveillance and often fail to make a connection with the possibilities of disciplinary surveillance.

6.4.2 Public versus private

Technology has a profound impact on the way we structure society. The impact that information and communication technology has on our society is reflected in our ideas about privacy and liberty. Warren and Brandeis, for instance, wrote their seminal article at the end of the 19th century when the develop- ment of mass media and photography took place. Other important instances that shaped the face of privacy were the development of wiretaps to eavesdrop on phone conversations, the use of computers and databases, and the use of closed circuit television cameras.

By definition the right to privacy is based on a distinction between the public and the private. What belongs to the private sphere is eligible for protection by the right to privacy. But we can establish that the distinction between a public sphere and a private sphere becomes increasingly hard to draw in the information society as a result of advancing technology and accompanying societal changes. It follows that the area that is to remain free from outside interference becomes equally hard, if not impossible to dis- tinguish. In the 18th, 19th and the better part of the 20th century, physical borders such as the walls of our home provided a clear boundary between the public and the private. However the advent of information and communi- cation technology is continuously blurring the border, making decisions about what is private and what is public progressively more arbitrary.

The current legal framework for the protection of privacy, which has its basis in the secrecy paradigm and makes a clear distinction between the public and the private, will face increasing difficulties in the future when it comes to protecting liberty. Solove (2001) notes that since privacy law has developed mainly with the secrecy paradigm in mind (especially in the United States), information that is not considered secret or part of the personal sphere is often excluded from the constitutional protection of privacy.

An example to illustrate this point is the automatic surveillance that was conducted during the 2001 Superbowl.CCTVcameras with facial-recognition capabilities scanned all attendees at a Superbowl Match in Tampa in an effort

to find terrorist suspects. The potential for control embodied in such a techno- logy is evident, yet individual liberty was not protected by the right to privacy. The reason was that in the case ofUnited States v. Dionisio,the Supreme Court held that the physical characteristics of a person’s voice, handwriting, or facial characteristics, being continuously exposed to the public view, are not within the protection of the Fourth Amendment.6_{Therefore, the use of facial-recogni-}

tion technology falls outside the scope of the protection provided by the right to privacy in the United States.

Here we see that technology has created a new situation that is difficult to address using classic ideas about privacy. As the example shows, it is possible to identify an individual uniquely using artificial-intelligence techno- logy and closed-circuit television, something that poses a potential threat to individual liberty. The question is whether in order to protect individual liberty we must reinterpret the right to privacy and extend it into the public sphere (which would amount to a blanket right to privacy). If not, do we then have to find other mechanisms to ensure the constitutional protection of liberty? The European Court of Human Rights took a different approach to this problem. In the case ofHalford v. the United Kingdomthe Court acknowledged that while a person might have a subjective expectation of privacy in the public space, it is not necessarily the conclusive factor on determining whether the right to privacy can be invoked:7

“There are a number of elements relevant to a consideration of whether a person’s private life is concerned by measures effected outside a person’s home or private premises. Since there are occasions when people knowingly or intentionally involve themselves in activities which are or may be recorded or reported in a public manner, a person’s reasonable expectations as to privacy may be a significant, although not necessarily conclusive, factor. A person who walks down the street will, inevitably, be visible to any member of the public who is also present. Monitor- ing by technological means of the same public scene (for example, a security guard viewing through closed-circuit television) is of a similar character.”

But the Court also held that:

“Private-life considerations may arise, however, once any systematic or permanent record comes into existence of such material from the public domain. It is for this reason that files gathered by security services on a particular individual fall within the scope of Article 8, even where the information has not been gathered by any intrusive or covert method.”

6 United States v. Dionisio,410 U.S. 1, 41 LW 4180 (1973).

So, we may conclude that in Europe the right to privacy can be extended to the public sphere when data is being recorded, which brings us to the reason- able expectation of privacy.

6.4.3 The reasonable expectation of privacy

When the line between the public and the private becomes harder to draw, it also becomes more difficult to establish what a ‘reasonable expectation of privacy’ is. Both the United States Supreme Court and the European Court of Human Rights use the reasonable expectation of privacy criterion in judging violations of article 8ECHR. The use of the ‘reasonable expectation of privacy’ criterion has been widely criticised as useless, simply because reasonable expectations of privacy in a situation can disappear as soon as someone starts routinely invading privacy in that situation (Agre 2001). Many people already have the idea that due to information and communication technology every- thing about them is known and thus have no reasonable subjective expectation of privacy.

The reasonable expectation of privacy criterion limits the right to privacy to those instances where an individual indeed has a reasonable expectation of privacy. In other words, the individual must demonstrate the wish that his conduct remains private and society must acknowledge the fact that the individuals conduct is indeed private. The reasonable expectation of privacy thus entails two separate elements: (1) an objective element (how does the individual behave?), and (2) a subjective/normative element (on what can the individual rely upon judging from his behaviour?). The answers to these separate questions determine whether there is a reasonable expectation of privacy. An indication that an individual may have a reasonable expectation of privacy can be that his behaviour takes place in an area that is considered ‘private’, examples being a house, car, or dressing room. But as our environ- ment is becoming increasingly networked and transparent, those places that are truly private begin to recede. As a result the area that is considered to be private by both the individual and society is shrinking. The result is not only less privacy, but also less liberty.

Moreover, a judge (at least in the United States) could rule that an indi- vidual has no reasonable expectation of privacy with regard to personal data willingly surrendered to a third party or made publicly available by the individual. So, the protection provided by the reasonable expectation of privacy criterion is fairly limited. Moreover, as ‘privacy sensitive’ technologies continue to develop, how will the reasonable expectation of privacy criterion hold up in the future? For instance: does a person have a reasonable expectation of privacy with regard to the files stored on a computer that is connected to the internet? Or does a person have a reasonable expectation of privacy with regard to theRFID-tags in his house that possibly transmit personal data? These

questions will become increasingly important over the next few years as we move to an increasingly networked environment.

6.4.4 Individual right

Privacy is generally regarded as an individual right. When it comes to the protection of liberty this poses several interrelated problems that I shall summarise in this subsection. I discuss responsibility, control of personal data, power structures, and the individual versus society.

Responsibility

Most legal systems place the responsibility for the protection of privacy -for the greater part- in the hands of the individual.8_{It is up to the individual to}

make the choice when to disclose what to whom. In particular, in data pro- tection law, which is strongly influenced by the concept of informational privacy as conceived by Westin, the individual’s own responsibility is crucial. As we have seen in the previous sections, individuals must often base decisions on the protection of their privacy on abstract, vague, and incomplete information. Apart from this, the fact that each individual bears responsibility for his personal data, can lead to a situation where the right to privacy is turned into a ‘commodity’ that can be traded for other benefits. Prime examples of this are customer-loyalty programmes. Consumers give information about their shopping behaviour in exchange for extra benefits, such as lower prices, free gifts or better service. While tailor-made service is not necessarily a problem and offers clear benefits to consumers, a situation could develop where social and economic autonomy is only available to those who can afford to retain their privacy.

Data protection law does not mitigate this possible negative effect of the right to privacy as individual right. The European Data Protection Directive (95/46/EC), for instance, allows for the processing of personal data if the data subject consents to the processing of his personal data. In my opinion this provision is the Achilles heel of the Data Protection Directive as certain cat- egories of consumers that are less affluent could to some extent be ‘coerced’ to divulge their personal information in exchange for cheaper goods and services. Though in theory a person must always have a free choice, practice shows that a truly free choice is seldom available, as a more ‘privacy friendly’ alternative is almost always more expensive or less convenient.

Information relinquished to private parties could also be used for disciplin- ary surveillance by the government. The most obvious way in which the government can use private-sector databases is for the purpose of a criminal

8 This is somewhat different for criminal law where privacy acts more as a restraint on the conduct of law enforcement.

investigation. A second way in which the government can use private-sector databases is for monitoring compliance with special laws. For instance, in his bookOverseers of the PoorGilliom (2001) gives striking examples of welfare surveillance. Gilliom describes how private-sector databases are used to check whether welfare recipients act in accordance with information given by them to the welfare authorities. His study shows that the use of private-sector databases contributes to a sense of helplessness and panoptic feelings among the welfare recipients that are subjected to the surveillance.

Control of personal data

The concepts of informational privacy and informational self-determination are difficult to implement when individuals are unaware of the things being done with their personal data. The concept of informational self-determination is only feasible when full knowledge about the amount and types of informa- tion being gathered and processed is available to individuals. Without this knowledge, informational self-determination and the accompanying right to informational privacy and are no more than paper tigers.

As surveillance technologies gradually become more pervasive, ubiquitous, and comprehensively networked, knowledge about what is being done with personal data will be increasingly hard to come by. For instance,RFIDenables data collectors to collect (personal) data surreptitiously from data subjects carryingRFID-tags, software agents can collect personal data of data subjects from a variety of sources, andCCTV cameras can identify and follow data subjects over large distances. Gaining knowledge of how, when, and to what end personal data is being gathered will become an increasingly difficult task for data subjects in the future if tools are not provided that help them with this task.

Power structures

The exercise of power and control is not by definition aimed at an individual. As such the right to privacy is often unresponsive to the power structures created through the use of information. Many forms of control do not need a distinction at the personal level. The panoptic sort, for instance, operates (in part due to incomplete information) on classification and assessment of (consumer) categories. Individuals are assigned to a certain category and treated accordingly based on limited information. The fact that an individual has a certain age, gender, or ethnicity can already be sufficient to assign the individual to a certain category. Furthermore, additional information on this category need not be supplied by the individual if others belonging to the same category have already done so. This kind of categorisation based on a general profile can influence both the negative and positive liberty of an individual, but it is unclear how the right to privacy can counter the negative effects of this type of information use.

The individual versus society

The final problem with privacy as an individual right is the fact that is often placed against the interests of society as a whole. As such, the right to privacy often loses in the public debate. In my opinion, this problem with the right to privacy is so profound, that I shall devote a seperate section to it,viz.on bad publicity.

6.4.5 Bad publicity