Knowledge comes in two massively different categories – data, which is the collective name for “facts” and then there’s information, which is data when it has been put into context. We have been told that we are living in a “information economy” and this is a lot more literal for some people than others – information has become a marketable good in itself. This is not a new phenomenon – there are reports of employees selling books of customer details to competitors for hundreds of years. If information is so valuable should we be concerned about information about us?
Antonin Scalia, the US Supreme Court Justice, doesn’t appear to think so. In fact, he’s gone so far to state that he believes it is “silly” to think that “every datum” about you online is private. I think he’s perfectly right in that statement but I would dearly like to be able to say that some information about me is private, Scalia agrees. I think it’s too far to say that data that I didn’t publish should be private but it’s probably really quite close for private individuals. If I actively choose not to fill in an item on a social networking profile that’s because I chose not to say. If someone circumvents me in my desire to not reveal personal details that’s obviously a move that impacts upon my privacy. Is it legally actionable or indeed malicious or even harmful? That varies on the detail that’s been revealed but I would have less privacy now than I did before.
The danger of data?
Data is pretty harmless without context and there are few facts about people that are “dangerous”(1) in isolation. The real “danger” is aggregation – collecting and putting that data into context. I say danger but it’s actually a very valuable part of the world and always has been. Every student and researcher does this every day they work, it’s the very basis of academia and it’s their collecting and analysing of information that is the added value that they’re rewarded for. The collecting of data is not an inherently bad act, it’s not always a bad thing. Some data collecting activities are illegal because of what the data is but the action of collecting images is not bad unless the images portray something illegal.
The role of data in academics
The academic world has long believed that knowledge is more useful when it is put together in context. This leads to people creating periodicals, textbooks, journals, papers, everything that is produced by the academic world relies on the collection and analysis of data in one way or another. This type of data collection is generally beneficial to society unless the mode of collecting the data itself is flawed or unethical and generally it’s not been a problem. We have ethics committees for that.
Data collection as a business
It’s equally useful in other places than just dusty universities – the marketing world has long believed that people can be sold to more effectively if you have a very detailed picture of them. To this end millions of pounds are expended annually on creating accurate surveys and market research and it’s often a very worthwhile investment to target marketing budgets very carefully.
Data collection in the public sector
The public sector intimately relies on the collection and management of data. The census is probably the largest data collection process currently undertaken and it is used to assess the level of funding for many public services (if the census says we have more children that means we need more capacity in schools). The compilation of the census is a hugely important job and it’s crucial for efficiency that it’s done accurately. A welfare state needs to know where it should be sending the services that it provides and in what proportions. It would be lovely to think that in the great British transaction taxpayers (obviously I’m a student, so Ken Dodd and I are taking a moral stance) merely swap taxes for services and that’s all but it seems increasingly we don’t.
The intelligence community is equally interested in collating information and it has been manifested, quite disturbingly, in the idea that you can identify “terrorist behaviour” and then, by using “data mining” thresh out the people exhibiting this terrorist behaviour so you can question them. This leads to the Home Secretary’s apparently inexorable plot to collect every piece of information about the electorate she can possibly lay her hands on. I think it leads to a crippling amount of false positives once you put the whole country on it and leads to a horribly high amount of people coming under vaguely McCarthyist levels of suspicion (and remember national security is area that the courts are often wary of overruling the executive on) for merely behaving in a way that is out of the average, which is especially hard because the authorities obviously can’t tell anyone what “average behaviour” is because then the people you’re trying to find could use it to hide. This is a massive issue in today’s Britain and one which appears to not be going away, especially with the deliberate human rights incompatibilities which are starting to really mount up with the UK DNA database.
The response to Scalia
Scalia’s comments have attracted a lot of attention, his use of the word “silly” has been considered by some people to be particularly offensive. The topic is very important to a great number of people and it deserves to be taken seriously. It is taken so seriously, in fact, that Information Privacy Law is taught as a class at Fordham Law in the US. The professor in charge – Joel Reidenberg – sets a piece of coursework which is to compile as much information as possible from publicly accessible sources on a particular person, generally himself. This year, however, the setting of the task happened to coincide quite neatly with Scalia’s statement and, this is extremely controversial, he became the subject of this year’s assignment.
US law students, probably because they’re on courses which leave them in such sickening levels of debt they absolutely require top dollar jobs to possibly pay off, are amazingly industrious and the hand-in they submitted ran to 15 pages of facts about the judge. As a combination of a desire to be ethical and open and to encourage debate the dossier was sent to Scalia to show him how unprivate his life was and see if this would change his mind. I found his reply to be fairly unexpected.
Scalia, to everyone’s surprise I think, did not really reply with a answer to if he considered the dossier to step into areas which he considered to deserve privacy protection or if it actually did break privacy law or other issues which I’d really love to hear him answer on but instead criticised the professor for his “judgement”. I can understand his reaction to this – receiving 15 pages of facts about myself would make me feel deeply uneasy since they come from a stranger and it’s not a justification to “e-stalk” because they said it wasn’t a universal right. Deciding you can teach someone a lesson by doing what they said was fine leads down a dingy road which ends with Dick Cheney being waterboarded. It’s not ethical just because people don’t see a problem with it.
Comments that suggest that Scalia was “asking for it” are wrong, he was not asking for a 15 page collection of his publicly accessible details to be arrive in his mail. He would have used totally different language if he was, probably including “I’d like” or “Please can I get” more than he did. He was taking a strong position on the topic but not actually giving his blessing to the project. However, that does not mean the dossier does not constitute an incredibly useful discussion aid in this debate and I believe that is what it was intended to be.
That out of the way I would dearly like to know what facet of Reidenberg’s judgement was wrong in Scalia’s opinion – legally, morally, socially, ethically? I think that Scalia simply saying that he thought the dossier was ill judged leaves so many questions unanswered. Most fundamentally of all would be “what is the ill-judged element?”
The dossier contained no new information, it was simply a collection of facts already accessible on the internet. All the students did was put the dossier together, probably using little more than a combination of copy and paste with Word’s footnotes and formatting for polish and referencing. If Scalia thinks the dossier was ill-judged he presumably must think that the aggregation of data is what’s ill-judged. That leads to some quite thought provoking questions:
- Does that mean that marketeers are practicing bad judgement when they compile demographic data?
- Is the government practicing bad judgement when they compile census data?
- Is it ok to use surveys because they’ve been consented to?
- What level of consent could you use to stop people repeating the dossier project?
- Are we talking EULAs on search engines here?
Most of all we have to ask is “bad judgement” illegal?
This is what it comes down to. Could bad judgement be enough to make the compiling of data illegal? Not in the US according to Scalia and also would we be comfortable being quite that paternalistic? Privacy law is supposed to cover unreasonable violations of privacy and no further, especially in the US where the right to free speech is entrenched in their highest source of law.
This requires a line in the sand to see what is unreasonable. It is a difficult task further complicated by the unusual nature of data even the most sensitive facts about a person – even something like “HIV positive” – is harmless without other pieces of information – a name, for example. Whereas very innocuous details, “[name] has spent 5% more on petrol than average this month” when combined with other equally innocuous trivia can reveal hugely embarrassing or unfortunate situations which completely violate the person’s privacy, for example [name] suffering from a serious illness and using the small amount of extra petrol to drive to hospital for regular treatment.
We would consider “outing” an HIV sufferer to be a massive breach of their privacy if they are not a danger to others yet we could not draw an unbreachable privacy line at “petrol receipts.” This does not help anyone in deciding if the information they possess is going to be an unreasonable breach of privacy when it’s put online before a judge decides on the legality of the end result and that’s a difficult position to be in.
Edit: Thank god I went for broad strokes instead of lots of close analysis. As someone who has tried to get full quotes from the Associated Press will know, that was not the full response, this appears to have been:
I stand by my remark at the Institute of American and Talmudic Law conference that it is silly to think that every single datum about my life is private. I was referring, of course, to whether every single datum about my life deserves privacy protection in law.
It is not a rare phenomenon that what is legal may also be quite irresponsible. That appears in the First Amendment context all the time. What can be said often should not be said. Prof. Reidenberg’s exercise is an example of perfectly legal, abominably poor judgment. Since he was not teaching a course in judgment, I presume he felt no responsibility to display any.
This is a bit better response than a mere “ill-judged.” I still wonder if it covers malice which is a wholly different kettle of fish. The issue would have many fewer people wearing tinfoil hats if it was simply an academic exercise that law students did in an elective but there are hugely significant implications which need to be addressed. The reference to the First Amendment is quite interesting, it’s a constitutional right that often gets criticised as everyone’s free ticket to shooting their mouth off with impunity. Scalia’s statement of using the rights in the first amendment with responsibility is common sense but it’s not something that can be guaranteed – just as data collection can be innocent and it can be something more. There’s limits on free speech in the UK, who’s to say there can’t be the same for data collection. The only question is what metric we use for that limit.
(1) from a data security perspective
It has been noted in the comments that some details are incompletely stated or inaccurate:
Justice Scalia was sent a letter which included an offer to be sent the dossier, rather than the entire dossier itself (which is, subjectively speaking, a better image in a narrative)
Scalia’s response was sent through the “legal tabloid” abovethelaw.com and not the professor directly.
I don’t believe I stated that the dossier has been published but just to be explicit – it’s not been. It’s still a “course material” and protected as such.
Thanks again to the commentator “Accuracy” for the fact-spotting.