Code Simplicity

Privacy, Simplified

So, there’s a lot of talk on the Internet about privacy. Some people say that privacy is only desired by those who have something to hide. Some people insist that privacy is a human right that should never be violated without consent.

There’s only one problem with this whole debate: what is privacy, and why would anybody want it? This is rarely defined–most people just seem to assume that “everybody knows” that privacy is, so why would it have to be explained?

Well, I’m not a big fan of “everybody knows.” And in fact, it turns out that privacy actually means two different things, which many people use interchangeably without specifying what they’re actually talking about. So to help clear up some of the debate online, and to hopefully shed some light on how it can all be resolved, here are some clear definitions and discussions of what privacy is, and why people would want it.

Privacy of Space

The first type of privacy is “privacy of space”. This is the ability to control who does and does not enter a particular physical space, probably because you’re in the space and you don’t want certain others in that space. “Enter the space” in that definition includes any method of being able to perceive the space–so, for example, if somebody stands outside the door with their ear pressed to it, they’re violating your privacy. If somebody installs a camera in your room without your consent, they’re violating your privacy.

This form of privacy is not metaphorical. It does not apply to anything other than physical space. It literally means, “I do or do not want you to be perceiving this physical location, and I have the choice and ability to control that.”

The most common reason that we want this form of privacy is that we want to protect somebody or something from harm, most commonly ourselves. This harm can be minor (we don’t want to be annoyed by people walking through our house all the time), it can be purely social (we close the door when we go to the bathroom because we know others don’t want to perceive us going to the bathroom, and we may also not want to be perceived in such a state), or it can be extreme (a man with a mask and a chainsaw should not be in my closet).

One interesting thing about this form of privacy is that we don’t usually consider animals, plants, or material objects to be capable of violating it, even if they enter a space without our permission. It might be annoying if the cat comes in the room when you don’t want it to, but you’re not going to complain that the cat is “violating your privacy”, right?

So, when it comes to computer programs, this is not the form of privacy we’re talking about, since we don’t consider that a computer program being in the same room with us is a violation of our privacy of space. My word processor is not violating my physical privacy of space, even though it’s “in the room” with me, because it does not, itself, perceive. The only exception would be a computer program that was transmitting perceptions (sound or sight) to some location that we didn’t want to send it to–that would be a privacy violation, because someone could perceive our space through it when we didn’t want them to. When it comes to that sort of privacy, violations are pretty pretty cut-and-dry. If a computer program sends perceptions of my space anywhere without my permission, it is absolutely violating my privacy, it’s not useful to me, and it should stop immediately.

But on the Internet, that’s not usually the type of privacy we’re talking about.

Privacy of Information

The second type of privacy is “privacy of information.” This is the ability to control who knows certain things. When we talk about computer programs and the Internet, this is the most common type of privacy we’re talking about.

So why would somebody want privacy of information? Is it just because they’re doing something that they want to hide from others? Is it just for committing crimes or for hiding harmful acts? Well, sometimes it is, yes. There are many people who use the concept of “privacy” to protect themselves from the law or the moral rejection of others. It is probably because of these individuals that the concept of privacy is a muddy subject–as long as it’s unclear quite what “privacy” is, it’s much easier for those who have have committed harmful acts to invoke “privacy” as a defense.

But is that the only reason that somebody would want privacy of information? What about a normal person, who isn’t doing anything harmful–would they ever want to keep certain information private?

Well, there is absolutely a rational reason that people would want privacy of information, and interestingly, it’s the same reason that people want privacy of space:

An individual or group desires privacy of information because they believe that other people knowing that information could or would be more harmful than them not knowing it.

Here’s a very straightforward example: I consider that a criminal knowing my credit card number would be harmful–far more harmful than them not knowing it.

In certain countries, the fact that I read a certain website or talked to certain people on the Internet could get me killed or put in jail. So, in that situation, other people knowing my browser history could be very harmful, no question about it.

Of course, if one kept everything private, one could not live. If you pay for a piece of candy with a quarter, the person receiving that quarter now knows that you had a quarter. They may know that you kept it in a waller, or that you pulled it out of your pants. They probably know what you look like, if you’re not wearing a mask. They most likely also know that you have five fingers, and that you were in their store at a certain time. In short, no matter what you do, in order to live, you must exchange information with other people. The more things you do, the more information you will have to exchange.

In fact, usually, the more information that others know about you, the more helpful they can be. The bank knows all the transactions that I made, so they can help me by creating an online system that shows me my transactions and lets me search them. That information can be seen by bank employees, but I don’t consider that to be potentially harmful enough to outweigh the obvious benefits of the bank having it.

The web browsers that I use know my passwords to certain sites, so they can help me by putting those passwords into the box, saving me some typing. Potentially, somebody could steal that information from my computer, but the chance of that happening is small enough, and the benefit is significant enough, so I consider it acceptable to save my passwords in the browser.

The examples like this go on and on–the appropriate use of information is extremely beneficial. The inappropriate use is what’s harmful.

So who decides what what’s an appropriate use and what’s an inappropriate use? What information should be sent and stored, and what information should be kept private? Well, these are the fundamental questions being asked when people debate privacy issues–who gets to choose whether my knowledge becomes somebody else’s knowledge? Should I be asked before my information is sent, or should I just be given the option to opt-out and delete the information? Is there some information that should never be sent? What information is more important to keep private than other information?

Though this is all far less cut-and-dry than “privacy of space” issues, these questions can generally be answered by the “help vs harm” equation. The basic sort of questions one might want to ask would be:

  • Will sending and storing this information harm any users, immediately or potentially? (Remember, “potentially” is pretty broad–what happens if somebody with bad intentions steals that information from you? What happens if somebody buys your company and decides to use that information in a way that you think is bad?)
  • Would it help your users more than harm them to take this information?
  • Taking all the above into account, should sending this information be optional? (This is largely determined by how broadly it could be harmful to collect the information.)
  • If sending the information is optional, should it be opt-out or opt-in? (That is, should it automatically be on, and people have to turn it off if they don’t want to send the info, or should it be off and people have to choose to turn it on?)
  • If it’s opt-in, will the feature still be helpful to enough of your users to justify implementing it?

There are some people who will claim that no information should ever be sent or stored about the user, that all privacy options should always be opt-in, and that all information is so potentially harmful that no debate about this can be accepted. That is, frankly, a ridiculous proposition. It’s so obviously untrue that there’s almost no way to argue with it, because it’s such a shocking irrationality. Just like the fact that somehow, liquids could harm somebody (so you can’t bring liquids on an airplane in the USA) it’s true that there are situations in which almost any piece of information could be dangerous. That doesn’t mean that all information is dangerous, though.

My martial artist friends have frequently joked that they shouldn’t be allowed to bring any object on an airplane, because they could kill somebody with any of them. Similarly, given almost any piece of information, somebody could do something harmful with it, somewhere, at some point. If I know you have a quarter in your pocket, I’m sure there’s some situation in which I could use that information to get you in some serious trouble. But that doesn’t make that information realistically harmful, even potentially.

Even the idea of “every single piece of information should be opt-in” is ridiculous. Do you want the web browser to ask you, “May I send this page your IP address?” every time you load a web page? Well, if you’re a spy in a hostile country, maybe you do. But if you’re like most people, that would probably just annoy you–you’d stop using that web browser and switch to another one. And if you are a spy or a resistance fighter, then you probably know how to use Tor to avoid being tracked.

So when we’re talking about privacy, it’s not an issue of “in some incredibly unlikely situation, this information could be very harmful,” it’s an issue of balancing help vs. harm in real-world situations. Real-world situations can be pretty strange and unexpected, but they at least are real, and can be balanced and talked about. Doing so, you can make good decisions about how to protect your users’ privacy–how much information to take, how you inform them about the information you’re taking, and what you do with that information when you have it.

So no, this is not a casual issue or something that we should brush-off and just ignore the dangerous implications of, but it’s also not an extreme unsolvable situation where we have to decide to keep everything private because we can’t make up our minds about it. Privacy is simply something that we should be able to analyze factually, based on real-world situations and data, and come to some practical and useful decision about.

-Max

22 Responses to Privacy, Simplified

  1. Stuart says:

    The distinction between privacy of space and of information isn’t as clear cut as you make it out to be. Any time a picture is taken or audio or video is recorded, it translates perceptions of a space into information. There may be no privacy issues involved in the taking of the picture itself, but which form of privacy is being violated if (say) an intimate picture taken by your significant other with your consent is then made public without your consent?

    This is a nitpick on an otherwise very useful and insightful post, but I do feel there’s a real problem with trying to define an absolute distinction between the two types. Just as real situations require subtlety and thought with regard to how privacy should be treated, there’s more subtlety involved than a simple binary distinction between privacy of space vs information, too.

    I think the way I think of it is that privacy always regards information, it’s just that sometimes the information is of the form “what I’m doing in this particular space at this particular time, or what I look/sound like doing it”.

    • Max Kanat-Alexander says:

      I thought about the issue, too–that pictures are, in a sense, information, just as recorded sound would be. So yes, it’s not totally clear-cut, unless we’re talking about somebody actually physically standing in your space. But in this case I think that the average person differentiates perception from other types of information enough to make it a significant-enough difference to most people that the distinctions hold.

      You could be right that it always involves information, though sometimes I personally want privacy of space for reasons that aren’t information related–that feeling that one “wants to be alone at the moment”. It’s a sort of a scale, I suppose, there, too–I’d feel very much not alone with a person in the room, slightly less “not alone” if there were a camera, etc.

      So yeah, everything has a scale, these are just two sides of this particular scale–space and information.

      -Max

  2. Havvy says:

    Might I suggest another way of looking at privacy: From the bare elements up. In defining human interactions, I always start with the axiom ‘humans act’, and work my way up;

    In doing so, I have found that privacy is not a right, and has to be developed. Furthermore, I have found that when you put a URL into your web browser, you are, in a sense, opting in to anything that site gives you whether you know it or not. It is possible that there could be fraud from another source describing the site, but the site itself would not be at fault; the source would be, similar to if somebody was being fraudulent about non-electronic resources.

    In other words, be careful with your actions. You cannot control what others think. If you try, you are by definition, evil.

    • Max Kanat-Alexander says:

      Hey Havvy. I wouldn’t say that you’re opting-in to anything a site gives or takes from you just because you typed in a URL. One could easily say that one was opting-in to being knifed or robbed by choosing to walk down the streets of New York City. It’s true that the City or the street is not at fault in that case, though, of course.

      I would say that privacy is a right in the sense of the definition of the word “right”–definition 2 here: http://www.merriam-webster.com/dictionary/right

      -Max

      • Havvy says:

        Under that definition of ‘right’, yeah.

        As a person, I don’t have the right (ethical) to transgress against another person. Knifing somebody without their permission is a form of transgression. By going onto public space, I do not make myself public property to be used at the whims of others. No, I still own my physical body. On the other hand, if I were to access a website, unless it was government owned, I would be accessing privately owned data. This data, once on my computer, can do whatever it wants, but if I don’t like what it is doing, I won’t go to that website.

        You don’t opt-in to everything just by being at a location. Instead, your actions determines whether you opt-in or not. On the street, you might not opt-in to anything, but you might ask a stranger to knife you in the back (improbable, but not unethical; probably not right under the second definition). When you access a computer, you might not go on the Internet or run programs made by other people (extremely improbably), but you probably will, and when you do so, you have to make the decision on whether or not you allow all that is happening. No “law” should say otherwise. Contracts, on the other hand…

        • Max Kanat-Alexander says:

          Well, I don’t know that that the public place bit holds up–for example, I could walk into a building made and owned by another person, and that doesn’t give anybody in there the right to knife me, either. I think that I don’t opt-in to having my data stolen or being harmed just because I access a website, either.

          -Max

  3. Janson says:

    Nice piece. Cleared my mind a bit. I would like to know how your rules apply to China? Should the government have any say in what is private and what is not?
    To me privacy on the Net is not much different from privacy on the road. Thou shalt take care not to ‘flash’ anybody. Thou shalt seek with immodest terms on Google.

    • Janson says:

      Thou shalt not seek immodest terms on Google

    • Max Kanat-Alexander says:

      That’s a good question, I suppose. I think the problem with the Chinese government is a more fundamental human rights issue, which is that people should have the right to seek and send information as they please, unless we’re talking about information that is harmful to pass around at all–such as how to build a hydrogen bomb. The problem isn’t privacy (the ability to control who can find out things) but communication (the ability to decide who you want to send and receive information with).

      -Max

      • Janson says:

        people should have the right to seek and send information as they please, unless we’re talking about information that is harmful
        That calls for discussion on censorship. Which the govt. doesn’t allow. Which is the problem. Seem to get it. Sort of.

        • Max Kanat-Alexander says:

          Yeah, it all gets very complex when you get into a situation where the government is trying to decide on a very broad basis what is an isn’t acceptable to talk about. The First Amendment in the US makes it all very simple–you can talk about pretty much anything, as long as it isn’t publicly “obscene”, or seditious.

          -Max

  4. Ekta says:

    Privacy, it totally depends on individuals that which information they want to share and what not.So, I agree with dat “Privacy of Space”.
    But,in India ders a diff. picture. For ex- Elders,particularly ur parents wants to know,or i say to an extend shud knw what their child is doing.They may stop the child from getting into trouble,and avert d situation if sumthng bad is being done.Here,they say that if u r hiding sumthng from ur close ones or elders ,sumwhr it is wrong.
    They consider that u r not mature enuf to take rite decisions, atleast till u r 18(or may b above).

    • I don’t want to make an assumptions about laws in India, but in the USA your parents are still legally responsible for anything you do until you are 18. Since this is the case, parents in the USA not only have a want to know, but a need to know where their kids are and what they are up to. They have a legal obligation to know.

      It’s one reason we had such a lively debate in my school district about children being given consent to leave school campus for doctor visits, without informing parents. Part of the problem is that parents still legally responsible for them even though they were under the assumption that the children were under the care of the school until after school hours. Further, parents have a legal obligation to bring their children for education (home schooling and private school are also options, but not everyone can afford these options).

      The district board of trustees were shown in force of numbers that this was not acceptable, and they voted it down (unless a parent specifically signs a paper saying the school has their permission for their child to leave for doctors visits without notifying them).

    • Max Kanat-Alexander says:

      Yeah, what Ekta and Jason say here are both totally valid issues–but I think that again, it boils down to harm. The parents are trying to prevent harm from coming to their child, by receiving information about the child’s whereabouts and activities. Clearly, in some cases it is beneficial to the child to share that information and space with their parents, so they should ideally choose to do so.

      -Max

  5. nirali says:

    In privacy of info,acc to me it all differs from person to person if one thinks sharing that info to another won’t be harmful being an introvert one shud be free to share it.
    one should keep in mind and check to whom and what info is being shared and after sharing it are there any pros and cons.
    I also agree with the max’s blog.

  6. saroj says:

    some companies have official paid software engineers who restricts hacking,to keep the company’s privacy intact.And also some people work as ethical hacker.So what do you want to say about this ethical hacking in the term of privacy?

    • Max Kanat-Alexander says:

      Well, it depends. If you’re truly “ethical”, then you aren’t violating the privacy of individuals against their will, so there wouldn’t be a problem. If somebody hires you specifically to attempt to violate their privacy, so that you can help them improve security, I don’t think there’s any ethical issue at all.

      -Max

  7. Fagun says:

    Privacy depends on individual person if which we want to share information or not. so I belive in “privacy of space”.
    But when somebody or some country is trying to steal the important information of govt. of India(or any country)through hacking then it is dengerous.

    • Max Kanat-Alexander says:

      Well, sure. Wouldn’t you say that a government or an organization has a right to privacy just the same as an individual does? After all, an organization is just a group of individuals.

      -Max

  8. Good reading, Max.

    One thing I’ve always heard regarding privacy and encryption is that of mailing a letter in an envelope vs. putting it in on a postcard.

    One can argue that someone has something to hide, not mailing it on a postcard. However, we all know this is ridiculous, we just want to keep what is private, private, even if it is just trivial personal correspondence.

    The same argument can be made for email, hard drives, etc. The only people that can see the email are folks along the way (mail servers, ISPs, etc.) or people purposely snooping – which is the same as the postcard/envelope example.

    Just food for thought. It gets even more complicated when you have sensitive information co-located, and perhaps have a business obligation to keep information sensitive. We all know physical security is everything, but there has to be some way to accomplish things even in a shared environment.

    My argument is simple: I don’t want you to know what I don’t want to disclose to you. For that reason, I’m going to use what technical methods I can to prevent you from knowing what I don’t want to disclose. It doesn’t make me a criminal (I like to think I’m a very moral person and don’t break laws, even copyright laws that I don’t agree with), doesn’t mean I do or don’t have something to hide, it just means I want to keep my business to myself.

    I believe there is nothing wrong with that. Of course, many government agencies would prefer no one have that attitude or capability. They site things like the need to track down all sorts of bad people, which they couldn’t do without prying into everyone’s privacy.

    Sorry, I don’t trust anyone with that sort of access. I don’t trust ME with that access. I don’t think anyone should. The government you like and trust today can easily be replaced tomorrow with another, that’s what I think folks need to keep in mind.

    No, I don’t wear a tinfoil hat, but I’m very realistic when it comes to thinking about security and privacy and what it really means.

    • Max Kanat-Alexander says:

      Yeah, I totally agree with you here. The envelope vs. postcard analogy is great, and particularly because it shows a sub-subject of privacy, which is an individual’s ability to control his lines of communication. That is, any individual should have the right to choose whether or not they want to communicate to any other individual. In addition, they should normally (barring significant potential harm) have the right to choose *how* they want to communicate, which includes the right to choose who else can receive the communication.

      You’re totally right about the government thing, too–there’s no reason to violate *everybody’s* rights just because a few people might need to be regulated in the future. And I’m very similar to you in the sense of following the law but not necessarily wanting to expose all my information everywhere–and I’m REALLY not a private person; I mean, almost everybody in the world could acquire my address, phone number, and all my contact information if they really wanted to. Still, I think that individuals should have the right to make that decision about what information they want to expose to whom.

      I think in general the idea that normal people need to be treated identically to criminals is one of the major root ideas that undermines our human rights everywhere in the world.

      -Max

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>