Privacy Is Still Personal

Summary: We solved privacy in the natural world with clothing, shelter, manners and laws. So far in the digital world, we have invisibility cloaks and the GDPR. The fastest way to get the rest of what we need is to recognize that privacy isn't a grace of platforms or governments. It starts as a grace of our own agency and the tech we use to express it.

_______________________________________

We've had millennia to work out privacy in the physical world, and about two decades to do the same in the digital one. And we haven't done it yet. So it should help to cut ourselves a little slack while we come up with the tech, plus the manners and laws to go with it—in that order.

To calibrate a starting perspective, it might help to start with what Yuval Noah Harari says in his book Sapiens: A Brief History of Humankind:

Judicial systems are rooted in common legal myths. Two lawyers who have never met can nevertheless combine efforts to defend a complete stranger because they both believe in the existence of laws, justice, human rights—and the money paid out in fees. Yet none of these things exists outside the stories that people invent and tell one another. There are no gods in the universe, no nations, no money, no human rights, no laws, and no justice outside the common imagination of human beings.

And yet this common imagination is what gives us civilization. We are civil to one another because of all the imaginings we share. Technologies make many of those imaginings possible. Without the technologies that gave us privacy in the physical world, we would have none of the manners and laws respecting it.

The first privacy technology—one we still use—was clothing. Nature didn't give it to us. We had to make it from animal skins and woven fabrics. Sure, one purpose of clothing was to protect us from cold and things that might hurt us. But another was to conceal what today we politely call our "privates", plus other body parts we'd rather not show.

Second among those technologies was shelter. With shelter we built and marked personal spaces, and valved access and exposure to those spaces with doors, locks, windows and shades.

How we use clothing and shelter to afford ourselves privacy differs between cultures and settings, but is well understood by everyone within both.

With clothing and shelter, we also can signal to others what personal spaces are okay and not okay to visit, and under what conditions. The ability to send, receive and respect those signals, and to agree about what they mean, are essential for creating order within a civilization, and laws as well.

As of today, we have very little clothing and shelter in the digital world.

Yes, we do have ways of remaining hidden or anonymous (for example, with crypto and Tor), and of selectively revealing facts about ourselves (for example with PKI: public key infrastructure). Services such as VPNs have also grown up around those developments. (Disclosure: Linux Journal's sister company is Private Internet Access, a VPN. See my interview in this issue with Andrew Lee, founder of PIA, about the company's decision to open source its code.) We also have prophylaxis against tracking online, thanks to browser extensions and add-ons, including ad blockers that also stop tracking.

As clothing goes, this is something like having invisibility cloaks and bug spray before we get shirts, pants and underwear. But hey, they work, and they're a start.

We need more, but what? Look for answers elsewhere in this issue. In the meantime, however, don't assume that privacy is a grace of companies' (especially platforms') privacy policies. Here are three things worth knowing about those:

  1. They can be changed whenever the company pleases.
  2. They are not an agreement between you and the company.
  3. They are theirs, not yours.

Alas, nearly all conversation about privacy in governments and enterprises assumes that your privacy is mostly their concern.

Here's how I framed an approach to solving privacy three years ago here, in a column titled "Privacy Is Personal":

So the real privacy challenge is a simple one. We need clothing with zippers and buttons, walls with doors and locks, windows with shutters and shades—that work the same for each and all of us, to give us agency and scale.

Giants aren't going to do it for us. Nor are governments. Both can be responsive and supportive, but they can't be in charge, or that will only make us worse victims than we are already. Privacy for each of us is a personal problem online, and it has to be solved at the personal level. The only corporate or "social" clothing and shelter online are the equivalents of prison garb and barracks.

What would our clothing and shelter be, specifically? A few come to mind:

  • Ways to encrypt and selectively share personal data easily with other parties we have reason to trust.
  • Ways to know the purposes to which shared data is used.
  • Ways to assert terms and policies and obtain agreement with them.
  • Ways to assert and maintain sovereign identities for ourselves and manage our many personal identifiers—and to operate anonymously by default with those who don't yet know us. (Yes, administrative identifiers are requirements of civilization, but they are not who we really are, and we all know that.)
  • Ways to know and protect ourselves from unwelcome intrusion in our personal spaces.

All these things need to be as casual and easily understood as clothing and shelter are in the physical world today. They can't work only for wizards. Privacy is for muggles too. Without agency and scale for muggles, the Net will remain the Land of Giants, who regard us all as serfs by default.

Now that we have support from the GDPR and other privacy laws popping up around the world, we can start working our way down that punch list.

Doc Searls is editor-in-chief of Linux Journal, where he has been on the masthead since 1996. He is also co-author of The Cluetrain Manifesto (Basic Books, 2000, 2010), author of The Intention Economy: When Customers Take Charge (Harvard Business Review Press, 2012), a fellow of the Center for Information Technology & Society (CITS) at the University of California, Santa Barbara, and an alumnus fellow of the Berkman Klien Center for Internet & Society at Harvard University. He continues to run ProjectVRM, which he launched at the BKC in 2006, and is a co-founder and board member of its nonprofit spinoff, Customer Commons. Contact Doc through ljeditor@linuxjournal.com.

Load Disqus comments