The "privacy paradox" and what privacy discourse misses plus other notes on privacy

The privacy paradox is no paradox

To live in a modern society, particularly if one is active in discussion and social life, can feel like incurring the costs of being a celebrity with none of the benefits. We have to watch ourselves and be careful of any ‘misstep’ or ‘gaffe’, yet we have no adoring fans.

The ‘privacy paradox’ is a name given by the academic literature for the tendency of people to say that they greatly value privacy but to not act in a manner protective of their privacy- e.g., saying you care about privacy, and then creating a Facebook account and sharing a bunch of information about it. I believe I know why people do this, at least in part. People believe both that privacy is valuable and that privacy is the sort of thing that an individual should be able to enjoy freely, rather than jealously guard. More exactly they believe:

1. I should be able to act like a normal human being in public with all the opinionatedness, wildness, and freedom that implies. I should not have to worry about every single little thing I do to make sure it cannot be misconstrued by a recruiter or other bastard years from now.

2. I should be protected in my privacy rights through law, custom, and decency, not paranoid individual action. Society should value our privacy because it is valuable. I should not have to live in fear of preserving it as an individual, because it should be defended collectively.

These connected points lead to both halves of the privacy paradox. They lead people to be free with their information (because they shouldn’t have to worry about that). They also lead people to tell interviewers that they value their privacy because they do value their privacy. However, in valuing their privacy they recognize that privacy is not the kind of thing we should have to value through individual paranoia- that’s not fair on them. Privacy is a social good, not an individual good, and while there are certainly times a wise individual should act to defend their privacy, the main defense of privacy against marauding social media networks, governments, etc. should be collective. Privacy is a social arrangement. It certainly isn’t something we secure by carefully reading through 300-page agreements and second-guessing ourselves before every post.

To hold a right is to hold it securely

To have privacy rights, I would argue, is to have them robustly. If a single mistake in what terms of service you click yes to, or how you set your social media settings can take away your privacy forever, you don’t really have privacy. If I accidentally make my Facebook status: “I just got investigated at work for fucking up the files again, lol” public rather than private, and that means forevermore this information is available to recruiters, then I never really had privacy on Facebook. To hold a right only very insecurely is not to really have that right at all, and so I doubt privacy can exist without a right to be forgotten because if a single mistake can flay open a part of my life to the world forever, I never really had privacy in its most valuable sense.

This is true of all rights I think. Most obviously this has been recognized in the literature on philosophical Republicanism- Republican freedom is secure freedom of a certain sort

Horder puts it this way: “On this account, I am not free solely because I can make choices without interference. I am truly free, only if that non-interference does not itself depend on another’s forbearance (what Pettit calls ‘formal’ freedom)”

But as I understand it, my point extends beyond traditional philosophical republican themes because it’s not just a matter of other’s forbearance. For any right, if a small matter of chance, or miscalculation can take that right away, I never really had that right. If I hold the right not to be killed by the government, but the law plainly specifies that right will be taken away from me if I absentmindedly get out of bed on the wrong side in the morning, I don’t really hold the right not to be killed by the state. This is true even though my right doesn’t really depend on “forbearance” in any sense I can tell- the conditions for losing the right are specified in black letter law, and we can imagine, scrupulously applied.

What privacy advocates don’t get

I am applying for a job. Fortunately, I have never been performance-managed. I have never faced misconduct hearings. There is no extant bad press about me and there are no major public scandals about my past actions. Thank God, because if I had, I would be expected to disclose it. Regardless, a faceless company will search the internet for evidence I’ve lied.

Your privacy matters to us, says the disclosure form as I fill it out, giving them permission to go on a fishing trip through my past. We keep our data in a number of countries. Our secure approach means you needn’t fear a privacy breach.

They don’t get it because their pay depends on them not getting it. I’m not worried they will enable a privacy breach. THEY ARE THE PRIVACY BREACH. I DO NOT WANT MY PROSPECTIVE EMPLOYERS APPOINTING A TEAM OF PRIVATE DETECTIVES. THAT’S WEIRD AND CREEPY. My consent is coerced, frankly extracting it just adds insult to injury. In many situations, it would be better for my life if a team of Eastern European hackers had my details than these guys. Again: They are the privacy breach.

This, mind you, is for an incredibly junior role, but that almost seems par for the course. It’s the junior roles that make you (proverbially or literally) pee into a cup, not the senior ones.

When we left our small communities for the big city, sociologists said we were making a tradeoff. On the one hand, we wouldn’t have a robust community, to be sure, but we would at least have the anonymity of the city. That came with the liberal possibility to remake ourselves. Now it seems that capitalism wants to take it all away from us- to leave us with the isolation of the city, and the ferocious moral economy of a small village- nosey and full of grudges.

I think even ex-cons should get a clean slate with a handful of exceptions (working with children checks should still be in place). But at least if these companies were checking my criminal record, even though I would resent that, I would have to have been duly convicted of a crime. Workplace discipline, performance management, newspaper stories, a stray Tweet in a moment of weakness now stripped of context- none of this amounts to a criminal process. “Have you ever been subject to workplace disciplinary proceedings”- it sounds so official, but that could just be someone’s dickhead small business owner boss.

The wrongness of this situation seems to me to encapsulate what the privacy debate misses. For example:

1. “Permission”, even if given in the light of full understanding, means very little when it is extracted from you through unequal bargaining power- e.g., employer-employee relations.

2. The greatest problem of privacy is not in abstractions about the wrong people ‘having’ your data- it is in your data being used against you. This includes people you have authorized to use that data, especially if that authorization was extracted by a power imbalance. People talk about privacy sometimes as if their primary concern was their data being in some office somewhere- instead, Privacy discussions should focus on the practical realities of people trying to live dignified lives, hold down jobs, and not have to live in fear of an overwhelming state or judgemental mob.

3. The distinction between ‘legitimately’ public information and private information is less important than often thought. The most obvious examples here are related to the internet- if I posted raunchy photos of myself on Facebook publicly ten years ago, it’s still a privacy breach if someone goes out of their way to find that and use it against me. We have the right to use the internet freely without being transformed into public figures.

4. As Graukroger argues, part of the purpose of privacy is to protect people who engage in wrongdoing. This isn’t a bug, it’s a feature. Life is very long, how many of us could stand the scrutiny of all our deeds? Even if you have something to hide, you shouldn’t necessarily have something to fear.

The exclusion arms race

What happens when companies start asking questions like:

1. Have you ever been investigated for misconduct in a previous role?

2. Have you ever been fired?

3. Is there any extant bad press about you

4. Have you ever been arrested or subject to civil proceedings

It leads to an exclusion arms race. Let’s say at the start there are two firms A & B, neither of which screens workers for previous misconduct. Now A has introduced a policy to require more extensive checks of would-be employees’ history. Presumably, fewer employees with a ‘negative’ history will be employed by firm A. If B doesn’t counter by introducing similar measures, all the people who can’t get jobs with firm A will go to firm B. Thus, just to avoid being stuck hiring all the workers company A didn’t want, company B has to introduce its own intrusive hunt through the past of would-be employees.

I suspect this is one of the reasons drug testing lasted so long. Even if it doesn’t help that much, if you’re the only company that doesn’t drug test, you’ll get all the drug users- even if you don’t care much about drug use, do you want to risk being the go-to company for drug using workers to find a job?

Comments

[Sam]

> The distinction between ‘legitimately’ public information and private information is less important than often thought. The most obvious examples here are related to the internet- if I posted raunchy photos of myself on Facebook publicly ten years ago, it’s still a privacy breach if someone goes out of their way to find that and use it against me. We have the right to use the internet freely without being transformed into public figures.

This is the weakest part of the article, IMO. Phrases like ‘less important’, ‘use against me’ and ‘use the internet’ are doing a lot of the heavy lifting while being too abstract. Important for what purpose? Use against me how? Use the internet how?

The last one is what doesn’t sit right with me. I find something wrong about the idea of demanding all of the benefits and none of the consequences of an action. If by ‘use the internet’ we mean to wilfully make some private information public and not bother to take steps securing it back, the burden of the consequences of said publicity cannot be simply shrugged off. To say nothing about how something like this would even be enforced justifiably. If I choose to colour my house bright pink, others are allowed to use that information to build my character in their minds.

But then again, Google Maps allows you to blur your house front in Street View, so maybe there’s something there. Certainly a discussion to be had.

[Isaac King]

> “Permission”, even if given in the light of full understanding, means very little when it is extracted from you through unequal bargaining power- e.g., employer-employee relations.

This part seems wrong to me. There's a huge difference between "choosing to work an unpleasant job for money" and "being forced into slavery where they also give me some money". Requiring consent creates a lower bound on how bad the thing can be for the person, since if it's worse than their other options, they'll choose to do something else.

Society of course should work to provide people with more alternative options to raise the overall "quality of life" bar, but the key is that we should be providing people with *more* choices, not fewer. Trying to fix exploitative jobs by banning exploitative jobs is like trying to fix expensive housing by banning expensive housing.