There are a number of ... not-very-good books on the subject (I picked up Carolyn Kennedy's 1990s effort, it's ... poor).
A challenge is that privacy itself is an emergent concept (this is my view, not one widely shared), which is a response to ever-more invasive or capable technologies. As such, much of the relevant caselaw and legal thinking is fairly new, and reflects advances in publishing (Brandeis and Warren), recording, transmission, and detection.
There are some historical antecedants.
Some of the more interesting non-legal-scholar work has come from Jill Lepore in recent years. I'd suggest her work as at the least a good entry point. She's a historian, and should be copiously documenting sources which may be of interest. Unseen: A History of Privacy (2013) https://scholar.harvard.edu/jlepore/presentations/unseen-his...
In the year 1890 Samuel D. Warren, with future Supreme Court Justice Louis Brandeis, published "The Right to Privacy" in Harvard Law Review[1]. Among other things, they wrote, "Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that "what is whispered in the closet shall be proclaimed from the house-tops."
In the intervening 131 years the law has addressed this problem, but it is lagging behind the changes and problems brought by new technologies like digital imaging and the Internet. The solution, as it was in the late 19th and early 20th century, is for a legal framework to protect the victims.
Right now we're in the "You have zero privacy anyway, get over it"[2] era.
Privacy laws, much like noise ordinances and pollution regulations, are emergent responses to novel threats and ills.
In a world without the printing press, anti-libel laws didn't exist. In a world without photography, rights to personal image and freedom from invasive shutterbugs didn't esist. Anti-wiretapping and phone-recording restrictions were necessitated by the telephone. The Bork bill protecting the sanctity of ... video store rental records ... was necessitated by videocassette technology, a video rental market, Supreme Court nomination hearings, chatty store clerks, and newspapers interested in publishing such details.
As technologies tear down and penetrate the long-standing barriers to snooping, recording, transmitting, analyzing, and acting on what had always. been personal and private behaviours, societies turn to law to reinstitute those protections.
Privacy is an emergent phenomenon and a direct response to intrusions.
"Before the advent of these new technologies, time and effort created effective barriers to surveillance abuse. But those barriers are now being removed. They must be rebuilt in the law."
Time and effort maintained privacy in the past, by default. However, as technology improves, privacy is no longer the default, so we need to request it, specifically.
I hear again and again that "no one cares about privacy", but I'm starting to think this is a relic of the past. Perhaps 10 years from now we will say "no one used to care about privacy, but that was before technology became sufficiently advanced."
You're asking the right questions. Welcome to having an awareness of the sprawling surveillance industry!
In short there are vanishingly few privacy laws in the US, and the few that do exist are mostly undermined by fake consent in EULAs-that-nobody-reads. Even when a company somehow does manage to run aground of some law, they generally just end up with financial slap on the wrist while keeping their ill gotten data gains.
The best time to push for meaningful privacy legislation was over the past 40 years when all of these surveillance databases were being built out. But the second best time is now, especially as more people gain awareness of how invasive and pervasive this totalitarian industry has become. The records being created and kept by this industry would make a dyed in the wool Stasi agent blush, and Americans need to start rejecting this fallacious justification that things that are reasonable for individuals to do at a small bespoke scale remain legitimate when scaled up to industrial levels.
Since the early days of mass internet, it seemed obvious to me that there was a need to "translate" into the digital world the legal principles that we enjoy in the physical world.
Concepts like the privacy of a "home", of "mail", the need for warrants to reach any private item, or general manners like not snooping too intimately over a customer in a shop (you may watch what they do, where they go etc., but probably not strip-search them to the bone, at least not all of them all the time).
That's why instead of going straight into tech, I studied law to have a shot at one day solving this problem, among others. We're talking constitutionalism, indeed property rights, and a slew of red lines to draw in digital terms (the sec community knows what "boundaries" mean as far as preserving the integrity of a person or system is concerned: big tech happily triple-violates those boundaries, not on occasion but as a business model and moral ethos).
The inception of "social networks" a decade later only confirmed my initial worries, especially given the psychological profile of their executive leaders (they should know, as I do, that being socially weird means you probably shouldn't decide how people get to live their social life. Just sayin').
The real battle is ahead, it'll be played in congresses and courts around the world come a generation of digital natives in power (my guess is millennials, but history is being stalled by the oldest generations alive-and-well in human history, as you all know; so the beginning of a "legal update" process that should already have been done by now is probably still a good ten-fifteen years away).
The tech part is trivial. There are 1,001 ways to implement privacy-abiding systems, should we choose to.
I'm all for privacy tools for now, but the privacy-surveillance arms race feels like a hack compared to actually fixing the culture that creates a need for privacy. Is anyone discussing what it would take to solve the problem from that level?
Yes, in the US, the current state of the law is that anything done in public is fair game for anyone - there is no expectation of privacy when in public.
However, this point of law was determined back in the late 60's or early 70's, back when the concept of an indexed database of millions of permanent records of essentially everybody in public was barely even the stuff of science fiction, much less everyday fact. I think we are long overdue for a revaluation of the legal situation given the drastic change in circumstances of the last 40 years.
I think this is a result of applying 19th century concepts of privacy to a 21st century world.
I don't disagree. Privacy case law has mostly evolved in the context of large corporate or government entities violating the privacy of individuals, because those entities were the ones with access to surveillance and broadcasting or publishing technologies. Now everyone is a broadcaster, and their editorial discretion (and morals) will vary.
Legislation and regulation operate on the basis of finding some viable point of control or enforcement.
The devices are ... ubiquitous. Collection all but certainly cannot be stopped.
What can be controlled is:
- The collection, solicitation, retention, sale, purchase, or transacting of the images, data, or access to each.
- Voiding of any contractual obligations concerning same. Any such business would literally be outside the law.
- Development of technologies or training sets concerning such data.
- Validity of any such data or conclusions derived from it in courts of law.
- Any business decisionmaking based on such data. Protected by whistleblower laws.
As a start.
Standalone collection, security footage recordings, and the like might be permitted with some limited retention period (say, 1--3 months), but restricting any aggregation of such data. Individual images could be taken. Posting identifiable images online without the freely-given willing consent of subjects should be sharply limited. Yes, that includes children. Compelling public-interest exceptions might exist.
The biggest challenge will be totalitarian surveillance states which practice and cultivate such surveillance, and which drive further technology and practices both within and beyond their own borders. That is a problem whcih inherently goes beyond mere law, and always has.
Privacy is the ability to express and enforce limitations on access to and distribution of information of, by, or about you. It is an emergent principle, and its own scope and definition expand precisely as information technologies do. In an age of speech, it concerns gossip, hearsay, and slander. In an age of print, libel. It has expanded with photography, telephony, improved optics and sensing (long lenses, infrared imaging, microwave scanning of structures), and with ever-expanding data storage, processing, and distribution.
In response to an earlier discussion where it was asserted that concerns over privacy in information technology are somehow a post-1980s phenomenon,[1] I compiled a list of notable persons in the field who'd voiced concern earlier, one of the most notable being Paul Baran, a co-inventor of packet-switched networks whilst working at RAND in the 1960s. At my request, his RAND monographs are now freely accessible to the public:
Paul Baran:
- "On the Engineer's Responsibility in Protecting Privacy"
- "On the Future Computer Era: Modification of the American Character and the Role of the Engineer, or, A Little Caution in the Haste to Number"
- "The Coming Computer Utility -- Laissez-Faire, Licensing, or Regulation?"
- "Remarks on the Question of Privacy Raised by the Automation of Mental Health Records"
- "Some Caveats on the Contribution of Technology to Law Enforcement"
I'd say that legislation is more important than ever; privacy can now be violated in ways that were technically impossible 30 years ago. I agree that enforcing privacy laws is problematic, but that doesn't mean it's impossible, nor that it isn't worth trying.
A challenge is that privacy itself is an emergent concept (this is my view, not one widely shared), which is a response to ever-more invasive or capable technologies. As such, much of the relevant caselaw and legal thinking is fairly new, and reflects advances in publishing (Brandeis and Warren), recording, transmission, and detection.
There are some historical antecedants.
Some of the more interesting non-legal-scholar work has come from Jill Lepore in recent years. I'd suggest her work as at the least a good entry point. She's a historian, and should be copiously documenting sources which may be of interest. Unseen: A History of Privacy (2013) https://scholar.harvard.edu/jlepore/presentations/unseen-his...
The Unwanted Gaze by Jeffrey Rosen (2001) addresses concerns as the Internet age was beginning to mature. https://www.worldcat.org/title/unwanted-gaze-the-destruction...
The EFF and ACLU have extensive resources on privacy, though not necessarily of specific legal focus:
https://www.eff.org/issues/privacy
https://www.aclu.org/issues/privacy-technology
For current legal opinion, Solve and Schwartz might be a standard (I honestly don't know, though it gets prominant mention):
https://www.worldcat.org/title/privacy-law-fundamentals/oclc...
reply