Daniel J. Solove, The End of Privacy?

DANIEL J. SOLOVE

The End of Privacy? [text essay]

Daniel Solove (b. 1973) earned a B.A. in English from Washington University (St. Louis) in 1994 and a J.D. from Yale in 1997. Since 2000, after two legal clerkships and a year at a prestigious law firm, he has been a professor, first at Seton Hall, and since 2004, at George Washington University Law School. His international reputation on privacy rights has been established by three books as well as numerous professional articles and a textbook, Information Privacy Law (third edition, 2009). In The Digital Person: Technology and Privacy in the Information Age (2004) Solove says, I “explored how business and the government were threatening individual privacy by collecting massive digital dossiers of information about people,” thereby jeopardizing their “freedom and well-being.” In The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (2007) Solove investigates the clash of values that occur when “gossip and rumor” are spread on the Internet. He says: “We’re invading each other’s privacy . . . and our own privacy by exposures of information we later come to regret. . . . Protecting privacy can come into tension with safeguarding free speech, and I cherish both values” (vii). In Understanding Privacy (2009), Solove provides a framework for understanding privacy, “one of the most important concepts of our time, yet . . . one of the most elusive,” as he addresses issues of “surveillance, data mining, identity theft, state involvement in reproductive and marital decisions,” and other hot-button issues. His most recent book, Nothing to Hide: The False Tradeoff Between Privacy and Security (2011), rejects the notion that we must trade privacy for security. “The End of Privacy?” was first published in Scientific American’s special issue on the future of privacy (September 2008). In it Solove examines the phenomenon of “social-networking Web sites [which] may be radically realigning what is considered public and private.”

He has a name, but most people just know him as “the Star Wars Kid.” In fact, he is known around the world by tens of millions of people. Unfortunately, his notoriety is for one of the most embarrassing moments in his life.

In 2002, as a 15-year-old, the Star Wars Kid videotaped himself waving around a golf-ball retriever while pretending it was a lightsaber. Without the help of the expert choreographers working on the Star Wars movies, he stumbled around awkwardly in the video.

The video was found by some of the boy’s tormentors, who uploaded it to an Internet video site. It became an instant hit with a multitude of fans. All across the blogosphere, people started mocking the boy, making fun of him for being pudgy, awkward and nerdy.

Several remixed videos of the Star Wars Kid started popping up, adorned with special effects. People edited the video to make the golf-ball retriever glow like a lightsaber. They added Star Wars music to the video. Others mashed it up with other movies. Dozens of embellished versions were created. The Star Wars Kid appeared in a video game and on the television shows Family Guy and South Park. It is one thing to be teased by classmates in school, but imagine being ridiculed by masses the world over. The teenager dropped out of school and had to seek counseling. What happened to the Star Wars Kid can happen to anyone, and it can happen in an instant. Today collecting personal information has become second nature. More and more people have cell phone cameras, digital audio recorders, Web cameras and other recording technologies that readily capture details about their lives.

For the first time in history nearly anybody can disseminate information around the world. People do not need to be famous enough to be interviewed by the mainstream media. With the Internet, anybody can reach a global audience.

Technology has led to a generational divide. On one side are high school and college students whose lives virtually revolve around social-networking sites and blogs. On the other side are their parents, for whom recollection of the past often remains locked in fading memories or, at best, in books, photographs and videos. For the current generation, the past is preserved on the Internet, potentially forever. And this change raises the question of how much privacy people can expect—or even desire—in an age of ubiquitous networking.

GENERATION GOOGLE

The number of young people using social-networking Web sites such as Facebook and MySpace is staggering. At most college campuses, more than 90 percent of students maintain their own sites. I call the people growing up today “Generation Google.” For them, many fragments of personal information will reside on the Internet forever, accessible to this and future generations through a simple Google search.

That openness is both good and bad. People can now spread their ideas everywhere without reliance on publishers, broadcasters or other traditional gatekeepers. But that transformation also creates profound threats to privacy and reputations. The New York Times is not likely to care about the latest gossip at Dubuque Senior High School or Oregon State University. Bloggers and others communicating online may care a great deal. For them, stories and rumors about friends, enemies, family members, bosses, co-workers and others are all prime fodder for Internet postings.

Before the Internet, gossip would spread by word of mouth and remain within the boundaries of that social circle. Private details would be confined to diaries and kept locked in a desk drawer. Social networking spawned by the Internet allows communities worldwide to revert to the close-knit culture of preindustrial society, in which nearly every member of a tribe or a farming hamlet knew everything about the neighbors. Except that now the “villagers” span the globe.

College students have begun to share salacious details about their school-mates. A Web site called JuicyCampus serves as an electronic bulletin board that allows students nationwide to post anonymously and without verification a sordid array of tidbits about sex, drugs and drunkenness. Another site, Don’t Date Him Girl, invites women to post complaints about the men they have dated, along with real names and actual photographs.

Social-networking sites and blogs are not the only threat to privacy. . . . Companies collect and use our personal information at every turn. Your credit-card company has a record of your purchases. If you shop online, merchants keep tabs on every item you have bought. Your Internet service provider has information about how you surf the Internet. Your cable company has data about which television shows you watch.

The government also compromises privacy by assembling vast databases that can be searched for suspicious patterns of behavior. The National Security Agency listens and examines the records of millions of telephone conversations. Other agencies analyze financial transactions. Thousands of government bodies at the federal and state level have records of personal information, chronicling births, marriages, employment, property ownership and more. The information is often stored in public records, making it readily accessible to anyone—and the trend toward more accessible personal data continues to grow as more records become electronic.

THE FUTURE OF REPUTATION

Broad-based exposure of personal information diminishes the ability to protect reputation by shaping the image that is presented to others. Reputation plays an important role in society, and preserving private details of one’s life is essential to it. We look to people’s reputations to decide whether to make friends, go on a date, hire a new employee or undertake a prospective business deal.

Some would argue that the decline of privacy might allow people to be less inhibited and more honest. But when everybody’s transgressions are exposed, people may not judge one another less harshly. Having your personal information may fail to improve my judgment of you. It may, in fact, increase the likelihood that I will hastily condemn you. Moreover, the loss of privacy might inhibit freedom. Elevated visibility that comes with living in a transparent online world means you may never overcome past mistakes.

People want to have the option of “starting over,” of reinventing themselves throughout their lives. As American philosopher John Dewey once said, a person is not “something complete, perfect, [or] finished,” but is “something moving, changing, discrete, and above all initiating instead of final.” In the past, episodes of youthful experimentation and foolishness were eventually forgotten, giving us an opportunity to start anew, to change and to grow. But with so much information online, it is harder to make these moments forgettable. People must now live with the digital baggage of their pasts.

This openness means that the opportunities for members of Generation Google might be limited because of something they did years ago as wild teenagers. Their intimate secrets may be revealed by other people they know. Or they might become the unwitting victim of a false rumor. Like it or not, many people are beginning to get used to having a lot more of their personal information online.

WHAT IS TO BE DONE?

Can we prevent a future in which so much information about people’s private lives circulates beyond their control? Some technologists and legal scholars flatly say no. Privacy, they maintain, is just not compatible with a world in which information flows so freely. As Scott McNealy of Sun Microsystems once famously declared: “You already have zero privacy. Get over it.” Countless books and articles have heralded the “end,” “death” and “destruction” of privacy.

Those proclamations are wrongheaded at best. It is still possible to protect privacy, but doing so requires that we rethink outdated understandings of the concept. One such view holds that privacy requires total secrecy: once information is revealed to others, it is no longer private. This notion of privacy is unsuited to an online world. The generation of people growing up today understands privacy in a more nuanced way. They know that personal information is routinely shared with countless others, and they also know that they leave a trail of data wherever they go.

The more subtle understanding of privacy embraced by Generation Google recognizes that a person should retain some control over personal information that becomes publicly available. This generation wants a say in how private details of their lives are disseminated.

The issue of control over personal information came to the fore in 2006, when Facebook launched a feature called News Feeds, which sent a notice to people’s friends registered with the service when their profile was changed or updated. But to the great surprise of those who run Facebook, many of its users reacted with outrage. Nearly 700,000 of them complained. At first blush, the outcry over News Feeds seems baffling. Many of the users who protested had profiles completely accessible to the public. So why did they think it was a privacy violation to alert their friends to changes in their profiles?

Instead of viewing privacy as secrets hidden away in a dark closet, they considered the issue as a matter of accessibility. They figured that most people would not scrutinize their profiles carefully enough to notice minor changes and updates. They could make changes inconspicuously. But Facebook’s News Feeds made information more widely noticeable. The privacy objection, then, was not about secrecy; it was about accessibility.

In 2007 Facebook again encountered another privacy outcry when it launched an advertising system with two parts, called Social Ads and Beacon. With Social Ads, whenever users wrote something positive about a product or a movie, Facebook would use their names, images and words in advertisements sent to friends in the hope that an endorsement would induce other users to purchase a product more than an advertisement might. With Beacon, Facebook made data-sharing deals with a variety of other commercial Web sites. If a person bought a movie ticket on Fandango or an item on another site, that information would pop up in that person’s public profile.

Facebook rolled out these programs without adequately informing its users. People unwittingly found themselves shilling products on their friends’ Web sites. And some people were shocked to see their private purchases on other Web sites suddenly displayed to the public as part of their profiles that appeared on the Facebook site.

The outcry and an ensuing online petition called for Facebook to reform its practices—a document that quickly attracted tens of thousands of signatures and that ultimately led to several changes. As witnessed in these instances, privacy does not always involve sharing of secrets. Facebook users did not want their identities used to endorse products with Social Ads. It is one thing to write about how much one enjoys a movie or CD; it is another to be used on a billboard to pitch products to others.

CHANGING THE LAW

Canada and most European countries have more stringent privacy statutes than the U.S., which has resisted enacting all-encompassing legislation. Privacy laws elsewhere recognize that revealing information to others does not extinguish one’s right to privacy. Increasing accessibility of personal information, however, means that U.S. law also should begin recognizing the need to safeguard a degree of privacy in the public realm.

In some areas, U.S. law has a well-developed system of controlling information. Copyright recognizes strong rights for public information, protecting a wide range of works, from movies to software. Procuring copyright protection does not require locking a work of intellect behind closed doors. You can read a copyrighted magazine, make a duplicate for your own use and lend it to others. But you cannot do whatever you want: for instance, photocopying it from cover to cover or selling bootleg copies in the street. Copyright law tries to achieve a balance between freedom and control, even though it still must wrestle with the ongoing controversies in a digital age.

The closest U.S. privacy law comes to a legal doctrine akin to copyright is the appropriation tort, which prevents the use of someone else’s name or likeness for financial benefit. Unfortunately, the law has developed in a way that is often ineffective against the type of privacy threats now cropping up. Copyright primarily functions as a form of property right, protecting works of self-expression, such as a song or painting. To cope with increased threats to privacy, the scope of the appropriation tort should be expanded. The broadening might actually embody the original early 20th-century interpretation of this principle of common law, which conceived of privacy as more than a means to protect property: “The right to withdraw from the public gaze at such times as a person may see fit . . . is embraced within the right of personal liberty,” declared the Georgia Supreme Court in 1905. Today, however, the tort does not apply when a person’s name or image appears in news, art, literature, or on social-networking sites. At the same time the appropriation tort protects against using someone’s name or picture without consent to advertise products, it allows these representations to be used in a news story. This limitation is fairly significant. It means that the tort would rarely apply to Internet-related postings.

Any widening of the scope of the appropriation tort must be balanced against the competing need to allow legitimate news gathering and dissemination of public information. The tort should probably apply only when photographs and other personal information are used in ways that are not of public concern—a criterion that will inevitably be subject to ongoing judicial deliberation.

Appropriation is not the only common-law privacy tort that needs an overhaul to become more relevant in an era of networked digital communications. We already have many legal tools to protect privacy, but they are currently crippled by conceptions of privacy that prevent them from working effectively. A broader development of the law should take into account problematic uses of personal information illustrated by the Star Wars Kid or Facebook’s Beacon service.

It would be best if these disputes could be resolved without recourse to the courts, but the broad reach of electronic networking will probably necessitate changes in common law. The threats to privacy are formidable, and people are starting to realize how strongly they regard privacy as a basic right. Toward this goal, society must develop a new and more nuanced understanding of public and private life—one that acknowledges that more personal information is going to be available yet also protects some choice over how that information is shared and distributed.