8.1 Understanding Privacy

8.1 Understanding Privacy

As with most big concepts, people have different definitions for the word privacy. The Merriam-Webster dictionary dates the word privacy back to the 15th century and defines it as "the quality or state of being apart from company or observation" and "freedom from unauthorized intrusion."^[1]

^[1] http://members.eb.com/cgi-bin/dictionary?va=privacy

8.1.1 The Tort of Privacy

In a famous 1890 article in the Harvard Law Review,^[2] Samuel Warren and Louis Brandeis argued that there should be a right to privacy, and that right should "protect those persons with whose affairs the community has no legitimate concern, from being dragged into an undesirable and undesired publicity" and "protect all persons, whatsoever; their position or station, from having matters which they may properly prefer to keep private, made public against their will."

^[2] Samuel Warren and Louis Brandeis, "The Right of Privacy," Harvard Law Review 4 (1890), 193. It's at http://www.lawrence.edu/fac/boardmaw/Privacy_brand_warr2.html. The right to privacy is not without limit. Warren and Brandeis made clear exceptions for the distribution and publication of court records. They also wrote that the right to privacy ceases once facts about an individual are published by that person or with his consent.

Interestingly, Warren and Brandeis wrote that "truth of the matter published does not afford a defense." They held that a person's privacy is violated by a portrayal of that person's private life whether the portrayal is accurate or inaccurate. Finally, they wrote that: "The absence of `malice' in the publisher does not afford a defense. Personal ill-will is not an ingredient of the offense, any more than in an ordinary case of trespass to person or to property." Over the past 110 years, the privacy violations described in the Warren/Brandeis paper have been reduced to four torts in American law:

Privacy intrusion

For example, intruding into a person's private sphere.

Disclosure of private facts

For example, the publication of private information about an individual for which the public has no compelling interest to have this information known.

Portrayal of information in false light

For example, publishing lurid details of a person's private life that aren't actually true, or information that is strictly true but easily misinterpreted. This tort is similar to defamation, but it is not the same: works that do not defame can nevertheless portray a subject in false light. The false light tort is most common in works that fictionalize real people.

Appropriation

For example, using a person's name or likeness for a commercial purpose without that person's permission.

The Harvard Law Review article was the basis for much legislation and litigation in the following years. But despite their vision, Warren and Brandeis didn't create a framework that extended to the computer age, where personal information for millions is now routinely collected, tabulated, indexed, used, and sold. Although similar to the tort of appropriation, the intrusions we face in the computer age have a distinctly different flavor.

In 1967, Columbia University professor Alan Westin created a new definition for privacy that seemed more appropriate to the computer age. Westin defined the term informational privacy as "the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others."^[3]

^[3] Westin, Alan. Privacy and Freedom, Atheneum Press, Boston, 1967.

All of these types of privacy come into play on the Web today. Stalkers, spammers, and nosy family members routinely intrude into our mailboxes. Gossips and buggy programs alike distribute private facts beyond their intended audience. Some web sites will appropriate the names of their subscribers and use this information in marketing. Distributing information about a demographic, and then saying that a particular user is a member of that demographic may constitute false light. But the largest number of violations of personal privacy on the Web today fall into Westin's characterization of informational privacy that is, many individuals have lost the ability to control how and to what extent information about them is communicated to marketing firms, government agencies, and nosy neighbors in the world's electronic village.

8.1.2 Personal, Private, and Personally Identifiable Information

The first thing that's apparent when you start to pick apart Westin's definition of information privacy is that there are many different kinds of "information" the definition can be applied to. The word "information" in Westin's definition could apply to a person's name, and it would certainly apply to a piece of paper that had a person's name, his Social Security number, and the list of web sites that the person had visited over the past month. But what if that piece of paper showed only the list of web sites and the first three digits of the person's Social Security number would that piece of paper be considered personal information?

To deal with questions like this, academics have subdivided the term "information" into many different subcategories. A few of them are:

Personal information

Information about a person. Your name, your date of birth, the school you attended, and the names of your parents are all personal information.

Private information

Personal information that is not generally known. Some kinds of private information are protected by law. For example, in the United States education records are considered private and cannot be released without the permission of the individual (or the individual's parent or guardian, in the case of a minor). Bank records are protected by law, although banks are allowed to sell the names and addresses of their customers for marketing purposes.

Most people have a large amount of information that they consider private but that is not protected under the law. For example, you might consider the name of the first person that you kissed to be private. Other information should be treated as private, even though it is widely available. For example, most people regard their Social Security numbers as private, even though they are available in many databases. This ambiguity arises in part because private is not a synonym for secret or confidential.

Whether or not a particular piece of information is private frequently depends on the context. For example, if your name is in a telephone directory, that information is not private. But if that directory is on the computer of an individual who is engaged in illegal activity, you might wish to keep the fact that your name is in his address book extremely private.

Personally identifiable information

Information from which a person's name or identity can be derived. Some personally identifiable information is obvious, such as a person's name or an account number. Some personal information, such as your shoe size, is not generally identifiable.

Anonymized information

The reverse of personally identifiable information. This is personal or private information that has been modified in some way so that identities of the individuals from whom the information was collected can no longer be discerned.

Aggregate information

Statistical information combined from many individuals to form a single record. One of the best examples of aggregate information is the statistics on census tracts that are released by the U.S. Census Bureau. According to the Bureau, "Census tracts usually have between 2,500 and 8,000 persons and, when first delineated, are designed to be homogeneous with respect to population characteristics, economic status, and living conditions. Census tracts do not cross county boundaries. The spatial size of census tracts varies widely depending on the density of settlement. Census tract boundaries are delineated with the intention of being maintained over a long time so that statistical comparisons can be made from census to census."^[4]

^[4] http://www.census.gov/geo/www/cen_tract.html

In practice, these categories of personal information are far more fluid than it may seem at first. Often, aggregate information and anonymized information can be combined to identify and reveal particular characteristics of an individual. This process is called triangulation. For example, if you have a class with ten students, and you know that nine of the students are men and one of the students is pregnant, you know with some certainty which student in the class is pregnant. If you have a list of the names of the individuals in the class, you probably know the name of the woman who is pregnant, because most names are strongly identified with a particular gender.

Many Internet users are surprised how easy it is to determine identity from the seemingly anonymous information they provide to web sites. For example, some web sites require a person register with a name and address, while other web sites require only a Zip code and birthday. Yet for many people in the United States, there are only ten or so people who live in the same Zip code and share the same birthday. Consider:

Number of individuals in the U.S. = approximately 284,000,000 (as of April 2001)Number of birthdays in the U.S. = 365.25Number of individuals in the U.S. with each birthday = 284,000,000 / 365.25 = approximately 777,549^[5] Number of Zip codes in the U.S. = approximately 100,000Number of individuals in each zip code with the same birthday = 777,549 / 100,000 = approximately 8 people

^[5] This example assumes an even distribution of birthdays throughout the year and people throughout Zip codes, which is a simplification, but not a very big one.

Thus, a web site that asks a visitor for a birthday, a Zip code, and an age is actually asking its visitors for personally identifiable information, even though it appears to be only asking for aggregate information. If that web site is hooked into the credit files of a company such as Equifax or Experian, the web site might, in turn, have access to information that the visitor considers personal and private, but that is, in fact, quite public and frequently shared among business partners.