28 Nov 2011

Better answers through better questions

I was listening to Daniel Solove’s presentation at the Reboot Ottawa conference earlier today. His talk was modeled on the main points of his latest book, Nothing To Hide, and he addressed four “fallacies” that skew the debate between privacy and national security in favour of the latter.

The first fallacy is the “nothing to hide” argument. We have all heard about how if we had nothing to hide, we would have nothing to worry about. Solove counters that the “nothing to hide” argument belies a misunderstanding of what privacy is: it doesn’t exist to hide bad things; rather, it is many different, related things that are linked to dignity and integrity.

The second is the deference argument: we have to defer to the authorities because they know best. Solove mentioned that even some eminent jurists in the US are rallying behind the argument that the courts don’t know enough to pass judgement on law enforcement activities. Solove suggests we hold law enforcement and national security authorities accountable for the effectiveness of the measures they propose—they should prove the measures are effective.

The third argument countered by Daniel Solove this morning was the “all or nothing fallacy.” Solove pointed out that you don’t get more security by giving up privacy, and that you don’t get more privacy for giving up security. Rather, privacy can be—and must be—integrated into security measures. In developing this point, he touched on the idea that privacy should not necessarily be viewed as an individual right (to be pinned against collective interests), but rather as a social interest itself. Privacy should be protected on a societal level.

And finally, Solove addressed what he called the failure of the reasonable expectation of privacy test, which according to him asks the wrong question. The “reasonable expectation of privacy” rests on the assumption that people know how their privacy is being violated and that they have the power to do something about it, which is not necessarily the case. He suggests the courts shouldn’t be asking if a security measure violates a reasonable expectation of privacy (which opens up the door to esoteric debates about what is privacy), but rather, should this measure be allowed without judicial oversight and accountability.

It appears this idea of asking the right questions and putting the right elements on the balance was the running theme of Daniel Solove’s presentation: he suggests we shouldn’t be asking ourselves if a security measure in itself violates privacy, but rather if the security measure is acceptable with no oversight, no court order, no probable cause and no accountability. We shouldn’t be questioning whether the state has a right to intrude upon privacy for security reasons, but rather if we are getting better security as a result.

In a nutshell, Daniel Solove suggests what we should weigh on either side of the balance are not privacy and security, but rather a specific security measure by itself, and the same security measure with privacy protection.

A very interesting talk by a very engaging speaker.

2 Responses

Paul Darlaston Says:

Mr. Solove takes us back to fundamentals that opponents love to dismiss. Shades of Justice Brandeis.
I remember being an invited member of a panel on privacy many years ago. The audience was made up of systems auditors. First question from the floor restated the position taken by Scott McNealy, the co-founder of Sun Microsystems in 1999. McNealy was quoted as saying, “You have zero privacy anyway. Get over it”!
Back then, there was a tiny piece of truth in his statement. There were very few privacy laws on the books, and none at that time covered the private sector that he was really speaking about. Fortunately, services like Google didn’t exist then, or at least were only under development.
Fortunately for Canadians, since then we have PIPEDA, a lot of substantially similar privacy legislation, and government and even private sector are beginning to take these seriously, thanks to your Office and those of your peers.
The big challenge we seem to have going forward is that newer technologies now being adopted, are designed more for sizzle and convenience than for security. I mainly work in the Health Care world, where the big push seems to be for health care providers to use mobile devices like smartphones and tablets, and for sensitive personal health information to be considered fair game for storage in the internet cloud, where it could potentially be actually stored anywhere in the world and subject to unknown jurisdictional powers. Mr. McNealy may not have been totally right, but he certainly was prescient about the scale of the challenges that privacy practitioners face every day.

J Jones Says:

1. We (Canada) should not look to the USA for leadership on privacy issues but develop our own models.
2. There are consequences to not “hiding” our personal information including fraud, identity theft, and stalking. Protecting information is important for much more than hiding wrong-doing.

Leave a Reply

If you wish to leave a reply, you will be asked to provide your name and e-mail address. Your e-mail address is required for the purposes of limiting spam and contacting you should we have questions about your comment.

To learn more about why this information is collected and how it will be used, please read our Blog Comment Policy.