Report

Databuse: Digital Privacy and the Mosaic

Benjamin Wittes

Introduction

The question of privacy lies at, or just beneath, the surface of a huge range of contemporary policy disputes. It binds together the American debates over such disparate issues as counter-terrorism and surveillance, online pornography, abortion, and targeted advertising. It captures something deep that a free society necessarily values in our individual relations with the state, with companies, and with one another. And yet we see a strange frustration emerging in our debates over privacy, one in which we fret simultaneously that we have too much of it and too little. This tendency is most pronounced in the counter-terrorism arena, where we routinely both demand—with no apparent irony—both that authorities do a better job of “connecting the dots” and worry about the privacy impact of data-mining and collection programs designed to connect those dots. The New Republic on its cover recently declared 2010 “The Year We Were Exposed” and published an article by Jeffrey Rosen subtitled “Why Privacy Always Loses.”[1] By contrast, in a book published earlier in 2010, former Department of Homeland Security policy chief Stewart Baker described privacy concerns as debilitating counter-terrorism efforts across a range of areas:

even after 9/11, privacy campaigners tried to rebuild the wall [between intelligence and law enforcement] and to keep DHS from using [airline] reservation data effectively. They failed; too much blood had been spilled. But in the fields where disaster has not yet struck—computer security and biotechnology—privacy groups have blocked the government from taking even modest steps to head off danger.[2]

Both of these theses cannot be true. Privacy cannot at once be always losing—a value so at risk that it requires, for so Rosen contends, “a genuinely independent [government] institution” dedicated to its protection—and be simultaneously impeding the government from taking even “modest steps” to prevent catastrophes.

Unless, that is, our concept of privacy is so muddled, so situational, and so in flux, that we are not quite sure any more what it is or how much of it we really want.

In this paper, I explore the possibility that technology’s advance and the proliferation of personal data in the hands of third parties has left us with a conceptually outmoded debate, whose reliance on the concept of privacy does not usefully guide the public policy questions we face. And I propose a different vocabulary for that debate—a concept I call “databuse.” When I say here that privacy has become obsolete, to be clear, I do not mean this in the crude sense that we have as a society abandoned privacy in the way that, say, we have abandoned once-held moral anxieties about lending money for interest. Nor do I mean that we have moved beyond privacy in the sense that we moved beyond the need for a constitutional protection against the peacetime quartering of soldiers in private houses without the owner’s consent.[3] Privacy still represents a deep value in our society and in any society committed to liberalism.

Rather, I mean to propose something more precise, and more subtle: that the concept of privacy as we have traditionally understood it in law no longer describes well or completely the actual value at stake in the set of issues we continue to argue in privacy’s name. The notion of privacy was always vague and hard to pin down as an operational matter in law. But this problem has grown dramatically worse as a result of the proliferation of data about all of us and the ability to analyze and cross-reference that data systematically and instantly. To put the matter bluntly, the concept of privacy will no longer bear the weight we are placing upon it. And because the term covers such a huge range of ground, its imprecision with respect to these new problems creates great indeterminacy as to what the value we are trying to protect really is, whether it is gaining or losing ground, and whether that is a good thing or a bad.

In this paper, I examine privacy’s conceptual obsolescence with respect only to a single area, albeit one that is by itself hopelessly sprawling: data about individuals held in the hands of third parties. Our lives, as I have elsewhere argued, are described by a mosaic of such data—an ever-widening array of digital fingerprints reflecting nearly all of life’s many aspects. Our mosaics record our transactions, our media consumption, our locations and travel, our communications, and our relationships. They are, quite simply, a detailed portrait of our lives—vastly more revealing than the contents of our underwear drawers yet protected by a weird and incoherent patchwork of laws that reflect no coherent value system.[4] We tend to discuss policy issues concerning control over our mosaics in the language of privacy for the simple reason that privacy represents the closest value liberalism has yet articulated to the one we instinctively wish in this context both to protect and to balance against other goods—goods such as commerce, security, and the free exchange of information. And there is no doubt an intuitive logic to the use of the term in this context. If one imagines, for example, the malicious deployment of all of the government’s authorities to collect the components of a person’s mosaic and then the use of those components against that person, one is imagining a police state no less than if one imagines an unrestricted power to raid people’s homes. If one imagines the unrestricted commerce in personal information about people’s habits, tastes, and behaviors—innocent and deviant alike—one is imagining an invasion of personal space as destructive of a person’s privacy as the breaking into that person’s home and the selling of all the personal information one can pilfer there.

Yet the construction of these issues as principally implicating privacy is not inevitable; indeed, privacy itself is not inevitable as a legal matter. It was, as I shall argue, created in response to the obsolescence of previous legal constructions designed to shield individuals from government and one another, and it was created because technological developments made those earlier constructions inadequate to describe the violations people were feeling. Ironically, today it is privacy itself that no longer adequately describes the violations people are feeling with respect to the mosaic—and it describes those violations less and less well as time goes on. Much of the material that makes up the mosaic, after all, involves records of events that take place in public, not in private; driving through a toll booth or shopping at a store, for example, are not exactly private acts. Most mosaic data is sensitive only in aggregation; it is often trivial in and of itself—and we consequently think little of giving it, or the rights to use it, away. Indeed, mosaic data by its nature is material we have disclosed to others, often in exchange for some benefit, and often with the understanding, implicit or explicit, that it would be aggregated and mined for what it might say about us. It takes a feat of intellectual jujitsu to construct a cognizable and actionable set of privacy interests out of the amalgamation of public activities which one transacted knowingly with a stranger in exchange for a benefit. The term privacy has become a crutch—a description of many different values of quite-different weights—that does not usefully describe the harms we fear.

The more sophisticated privacy scholars and advocates appreciate this. In his exhaustive effort to create a “Taxonomy of Privacy,” Daniel Solove argues up front that “The concept of ‘privacy’ is far too vague to guide adjudication and lawmaking”[5] and that “it is too complicated a concept to be boiled down to a single essence.” Rather, he treats privacy as “an umbrella term, referring to a wide and disparate group of related things.”[6] Just how wide becomes clear over the course of his 84-page article. His taxonomy contains four principal parts, each consisting of multiple subparts—creating, all in all, a 16-part typology that ranges from blackmail to data “aggregation” and “decisional interference.” And he concedes in the end that although all of the privacy harms he identifies “are related in some way, they are not related in the same way—there is no common denominator that links them all.”[7] Solove’s heroic effort to salvage privacy’s coherence through comprehensive cataloguing has the unintended effect of revealing its unsalvagability.

My purpose here is to propose a different vocabulary for discussing the mosaic—in some ways a simpler, cruder one, but one that both more accurately describes than privacy our behavior with respect to the mosaic and that offers more useful guidance than the concept of privacy does as to what activities we should and should not tolerate. The relevant concept is not, in my judgment, protecting some elusive positive right of user privacy but, rather, protecting a negative right—a right against the unjustified deployment of user data in a fashion adverse to the user’s interests, a right, we might say, against databuse. The databuse conception of the user’s equity in the mosaic is more modest than privacy. It doesn’t ask to be “let alone.” It asks, rather, for a certain protection against tangible harms as a result of a user’s having entrusted elements of his or her mosai c to a third party. Sometimes, to be sure, these tangible harms will implicate privacy as traditionally understood, but sometimes, as I will explain, they will not. Think of it as a right to not have your data rise up and attack you.

Thinking about mosaic questions we currently debate in the language of privacy in terms of databuse has a clarifying effect on a number of contemporary public policy disputes. In some cases, it will tend to suggest policy outcomes roughly congruent with those suggested by a more conventional privacy analysis. In other cases, by contrast, it suggests both more and less aggressive policy interventions and market developments on behalf of users. In some areas, it argues for a complacent attitude towards data uses and acquisitions that have traditionally drawn the skeptical eye of privacy activists. Yet it also suggests more intense focus on a subset of privacy issues that are currently under-emphasized in privacy debates—specifically, issues that genuinely implicate personal security.

A Very Brief, Reductionist History of Privacy

It is not an accident that we instinctively think about the regulation of the mosaic in terms of privacy. The concept of privacy has deep roots in American democratic thought and provides a convenient vocabulary for all sorts of issues implicating personal autonomy, seclusion, reputation, and the ability to control information about oneself. It thus seems intuitive that when companies collect large quantities of data about a person or when government fishes through that person’s bit stream, these actions implicate her privacy. This point is so obvious to us that we seldom stop and ask precisely what we mean by it or where the idea comes from. 

Yet privacy, at least as a distinct legal concept, is a relatively recent idea, one that developed in American law and political culture only in response to the development of surveillance technologies that outmoded earlier ways of thinking about keeping government and outsiders out of one’s business. This point bears emphasis: The concept of privacy only separated from the concept of property and emerged as a legal concept of its own as technologies and organizational structures rendered property rights an inadequate conceptual framework for thinking about publicity and surveillance. We created privacy, to put it simply, because we had reached a technological tipping point that required a conceptual breakthrough.

The Constitution, which predates the separation, thus does not mention privacy explicitly. It did not need to. At the time of its drafting, it was relatively difficult to invade someone’s privacy without invading his physical space. Any legal conception of privacy in that era was consequently indelibly bound up with property rights, from which it had no autonomous existence. The concern for what we later came to call privacy did, of course, exist. Indeed, it shows up in English common law long before the Founding. As early as 1604, a British court famously wrote that “the house of everyone is to him as his castle and fortress, as well for his defence against injury and violence, as for his repose.”[8] Sometimes, the concern for privacy in early texts is explicit—though the word “private” tends to appear as an adjective modifying “property,” not in its noun form, “privacy.” Indeed, by the time of the founding of the American Republic, British courts had begun reining in the power of the King’s men to raid people’s houses. The celebrated cases of British Parliamentarian John Wilkes and publisher John Entick had a particularly profound impact on the later development of the Fourth Amendment.[9] And the language the British courts used in Entick offers a useful example of the inextricable intertwining of privacy and property in that era:

By the laws of England, every invasion of private property, be it ever so minute, is a trespass. No man can set his foot upon my ground without my license, but he is liable to an action, though the damage be nothing. . . . Papers are the owner’s goods and chattels: they are his dearest property; and are so far from enduring a seizure, that they will hardly bear an inspection; and though the eye cannot by the laws of England be guilty of a trespass, yet where private papers are removed and carried away, the secret nature of those goods will be an aggravation of the trespass, and demand more considerable damages in that respect.[10]

These cases, in other words, reflect a concern for privacy, but the concept is never separate from the broader concern about the sacrosanct nature of property. Which is cart and which is horse is never clear; they are not that distinct.

The protections in the Constitution thus surround the value that we would call privacy but they do not protect it explicitly. Similarly, as Solove’s taxonomy makes clear, other values we have come to think of as contained in the notion of privacy had roots as well that long predate the emergence of privacy itself as a legal value. For example, rules against eavesdropping go back centuries.[11] The Founding generation did not attempt to embed in American law specific protections for privacy above and beyond protecting the physical spaces the individual owned and his own conscience, because it did not have to. The technology of the time generally did not permit egregious invasions of privacy in the absence of some physical intrusion into someone’s house, office, or things. The law of trespass and theft already kept private individuals at bay. Keeping the government out—except with cause—ensured the individual a zone of seclusion. So the Fourth Amendment, which forbids unreasonable searches and seizures, and the mostly forgotten Third Amendment, which forbids the quartering of soldiers on private property in peacetime without consent, restrained government from unwarranted invasions of the physical property of the citizen. The Fifth Amendment provided a right against self-incrimination, that is, the right to keep mum about one’s own wrongdoing. And a measure of protection for the privacy of one’s guilt and thought inherently resides in any right not to confess. And the First Amendment provided for freedom of religious conscience and freedom of thought and expression. But the Founders did not generalize the privacy principle that conceptually unites these restraints into something broader. Technology did not require that they do so.

The legal concept of privacy only began meaningfully to separate from the idea of property in the late 19th Century, as both technology and organizational structures evolved to permit privacy intrusions in the absence of trespass. In 1878, the Supreme Court confronted the question of whether letters entrusted to the post office required a warrant to inspect. The decision, still infused with a sense of letters as personal property, seems to hint at a broader privacy principle:

The constitutional guaranty of the right of the people to be secure in their papers against unreasonable searches and seizures extends to their papers, thus closed against inspection, wherever they may be. Whilst in the mail, they can only be opened and examined under like warrant, issued upon similar oath or affirmation, particularly describing the thing to be seized, as is required when papers are subjected to search in one’s own household. No law of Congress can place in the hands of officials connected with the postal service any authority to invade the secrecy of letters and such sealed packages in the mail; and all regulations adopted as to mail matter of this kind must be in subordination to the great principle embodied in the Fourth Amendment of the Constitution.[12]

A few years later, the Supreme Court all but merged the right against self-incrimination with the right against unreasonable searches and seizures—holding that the government could not compel a suspect to produce his private business papers and then use those papers against him in court. Its language—to be precise, its discussion of Entick—went further in invoking privacy as the relevant value at stake, though still linking it strongly to property:

The principles laid down in [Entick] affect the very essence of constitutional liberty and security. They reach farther than the concrete form of the case then before the court, with its adventitious circumstances; they apply to all invasions on the part of the government and its employees of the sanctity of a man’s home and the privacies of life. It is not the breaking of his doors and the rummaging of his drawers that constitutes the essence of the offence, but it is the invasion of his indefeasible right of personal security, personal liberty, and private property, where that right has never been forfeited by his conviction of some public offence—it is the invasion of this sacred right which underlies and constitutes the essence of Lord Camden’s judgment. Breaking into a house and opening boxes and drawers are circumstances of aggravation, but any forcible and compulsory extortion of a man’s own testimony or of his private papers to be used as evidence to convict him of crime or to forfeit his goods is within the condemnation of that judgment. In this regard, the Fourth and Fifth Amendments run almost into each other.[13]

One can see here privacy as a value beginning to assert an autonomous existence in law. But the separation from property did not become complete until technology began to permit new kinds of surveillance that required no invasion of property at all.

Anyone who doubts that the intellectual history of privacy as a legal concept is inextricably linked to the technological history of surveillance need only reflect for a moment that two of the watershed events in the development of privacy rights took place in direct response to the development of new surveillance technologies. These two events—the 1890 publication of Samuel Warren’s and Louis Brandeis’s seminal law review article, “The Right to Privacy,” and Brandeis’s subsequent dissent in the 1928 Supreme Court case of Olmstead v. United States—were  pivotal in crafting modern American attitudes in law, policy, and culture alike towards the concept of privacy. The first responded to the invention of the instant camera and its use by the press to report on society figures. The second responded to the development of wiretapping technology.

Brandeis’s first great contribution was to sever the idea of privacy from the idea of property entirely. Brandeis’s and Warren’s concern went far beyond the intrusion by government onto physical property belonging to an individual. For them, the issue was that

[i]nstantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that “what is whispered in the closet shall be proclaimed from the house-tops.” For years there has been a feeling that the law must afford some remedy for the unauthorized circulation of portraits of private persons; and the evil of invasion of privacy by the newspapers, long keenly felt. . . . The press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers. To occupy the indolent, column upon column is filled with idle gossip, which can only be procured by intrusion upon the domestic circle. The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.[14]

Brandeis and Warren here were not suggesting a constitutional right, but recognition of new common-law torts. And they made clear that protections of property were not adequate for their purposes:

[T]he protection afforded to thoughts, sentiments, and emotions, expressed through the medium of writing or of the arts, so far as it consists in preventing publication, is merely an instance of the enforcement of the more general right of the individual to be let alone. It is like the right not be assaulted or beaten, the right not be imprisoned, the right not to be maliciously prosecuted, the right not to be defamed. In each of these rights, as indeed in all other rights recognized by the law, there inheres the quality of being owned or possessed—and (as that is the distinguishing attribute of property) there may some propriety in speaking of those rights as property. But, obviously, they bear little resemblance to what is ordinarily comprehended under that term. The principle which protects personal writings and all other personal productions, not against theft and physical appropriation, but against publication in any form, is in reality not the principle of private property, but that of an inviolate personality.[15]

For them, privacy was not defined by physical space or property but by one’s ability to “retreat from the world” and avoid “publicity.” A picture snapped in public and published against one’s will invaded one’s privacy even if it required no trespass to obtain and even if one didn’t own one’s own image. A newspaper article about one’s affairs offended the right even if the information were all true and collected from public sources. The right to privacy in Brandeis’s and Warren’s conception was a right to shield one’s personality from the view of others; it was bound up with personal autonomy and, as the article famously notes, “the right to be let alone.”[16]

There is a contradiction—or at least a tension—at the core of this conception of privacy, predicated as it is on the theory that property is insufficient to protect the value at stake: It necessarily claims protection as private for information collected lawfully in public about activity conducted in public.[17] For many years, the paradox of a privacy right concerning public acts manifested itself chiefly as a conflict between the right to privacy—which the courts began recognizing in a variety of tort claims—and the right to free speech. Brandeis’s specific concerns today not only seem a bit quaint, they fly in the face of our modern understanding of the press and its function in American life. As Stewart Baker has written of Brandeis’s solicitude for the privacy of Victorian society figures against media attention, “Is there anyone alive who thinks it should be illegal for the media to reveal the guest-list at a prominent socialite’s dinner party or to describe how elaborate the flora arrangements were? . . . To be blunt, when he complains so bitterly about media interest in a dinner party, Brandeis sounds to modern ears like a wuss.”[18]

The tension, which the courts have resolved over the years almost entirely in favor of free speech and press, was muted for decades because the volume of information in question was small. Investigating a person took time and energy, and very few people warranted that kind of attention. Not only was the amount of information available relatively slight and the number of targets relatively small, but once collected, the information had relatively few legal uses other than publication. In the absence of big databases easily mined about either individuals or society at large, it was possible to square the circle of a robust privacy interest in assorted public behaviors. Indeed, as late as 1989, the Supreme Court could hold unanimously that government “rap sheets” were shielded from disclosure under freedom of information law, though the criminal records they contained were all matters of public record, because the assembly of the information added significant value to it—value that injured privacy. The cumbersome process of compiling such material ensured a degree of “practical obscurity” that the rap sheets negated, the court found. “Plainly,” the court wrote in a passage that reads today like the height of judicial naïveté, “there is a vast difference between the public records that might be found after a diligent search of courthouse files, county archives, and local police stations throughout the country and a computerized summary located in a single clearinghouse of information.”[19] Today one need not conduct a “diligent search” of anything to find out someone’s criminal record, and no sane person would try to find it out with a time-consuming request to some government agency either. It’s all available for sale online.[20] The world of the mosaic is not Brandeis’s world. The circle is no longer squarable. We are not, to use Baker’s word, wusses.

Brandeis’s other great contribution to the debate over privacy and surveillance was the insistence that the Fourth Amendment offers the proper analytical frame through which to consider governmental uses of new technologies for investigative acquisition. In the context in which he reached this judgment—wiretapping—it seems today unassailable. Almost nobody, after all, now believes, as the Supreme Court held in 1928, that wiretapping is not a form of search covered by the Fourth Amendment.[21] The court at that time took a view of the amendment’s coverage still conditioned by property, not privacy. There was no trespass on the individual’s property in the course of tapping his phone line, and there was therefore no search, it held. As a consequence, a warrant was not required. Brandeis, in his celebrated dissent in Olmstead, saw things differently—that is, saw the value as privacy, not property:

When the Fourth and Fifth Amendments were adopted, . . . [f]orce and violence were then the only means known to man by which a government could directly effect self-incrimination. [The government] could compel the individual to testify—a compulsion effected, if need be, by torture. It could secure possession of his papers and other articles incident to his private life—a seizure effected, if need be, by breaking and entry. Protection against such invasion of “the sanctities of a man’s home and the privacies of life” was provided in the Fourth and Fifth Amendments by specific language. . . . But “time works changes, brings into existence new conditions and purposes.” Subtler and more far-reaching means of invading privacy have become available to the government. Discovery and invention have made it possible for the government, by means far more effective than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet. Moreover, “in the application of a Constitution, our contemplation cannot be only of what has been, but of what may be.” The progress of science in furnishing the government with means of espionage is not likely to stop with wire tapping. Ways may some day be developed by which the government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home. Advances in the psychic and related sciences may bring means of exploring unexpressed beliefs, thoughts and emotions. . . . Can it be that the Constitution affords no protection against such invasions of individual security?[22]

For Brandeis, the fundamental right at stake lay not in the literal words of the amendments in question—bound up as they are in physical space and, again, property. It lay in the privacy that they protected. And as new technologies became available, he insisted, that right required translation to cover the use of those technologies to keep the underlying right as real as it had been at common law under the technologies available then. While the Supreme Court took decades to adopt his vision of wiretapping, this approach ultimately prevailed not just as to bugging but also as to the larger principle. Supreme Court justices of all stripes today accept that the Fourth Amendment reaches beyond the technology of the 18th Century and requires application to today’s analogous intrusions.[23]

These two foundational principles of Brandeisian, as opposed to Founding Era, privacy—that we should consider new government surveillance technologies under the rubric of the Fourth Amendment and that people