With the participation of nine prominent privacy experts from around the world to the invitation of Michel Venne, journalist, Le Devoir, a Montreal based French daily newspaper, in the context of the International Conference on Privacy, held in Montreal 23-26 September 1997.
Every participant was invited by e-mail to write what he or she perceived as the five most important privacy issues that are presently confronting people or are emerging. All the answers were collected during August and September 1997 and this synthesis has been written by Michel Venne and delivered on September 22nd. Time was missing to allow to the nine experts to send back their reactions to this text. But further exchanges are still possible. Readers are invited to send their own comments to Le Devoir (www.ledevoir.com).
The nine experts who accepted to participate in this exercise are the following:
Colin J. Bennett is an associate professor of political science at the University of Victoria. He is the author of Regulating Privacy, Data protection, and Public Policy in Europe and United States (1992).Everybody has his own idea of what is an issue. Though some of our nine specialists produced a list of some of the new threats to privacy brought by technology -- DNA profiling, ID and smart cards, camera surveillance, biometric identifiers -- others put the discussion at another level and targeted some political challenges we face or personnal attitudes one should adopt if we want to protect privacy as the world is changing under the pressure of technological innovation, globalization, and downsizing of governement activities. So, it became impossible to make a list that would reflect a spontaneous consensus about what are the "five" most important privacy issues. Maybe we could achieve this goal after a longer discussion. But anyway, it doesn't matter. Despite the different approaches adopted by our select club of experts, it is still possible to identify common concerns. Moreover, we have to consider and accept the fact that the stakes are numerous and linked with other values than privacy itself.
Herbert Burkert is an associate with the German National Research Centre for Computer Science.
Roger Clarke is a consultant in application of information technology and visiting fellow with the Faculty of Engineering and Information Technology at the Australian National University.
Simon Davies is a founding member and the director general of Privacy International, and he is a visiting fellow with the Computer Security Research Centre of the London School of Economics.
Cecilia Jimenez has been deputy secretary general of the Philippines Alliance of Human Rights Advocates.
Pierrot Peladeau is one of the best known privacy experts in Quebec and Canada and is now scientific coordinator of the telehealth ethics programme of the Centre for Bioethics at Clinical Research Institute of Montreal.
Marc Rotenberg is the director of the Electronic Privacy Information Centre, based in Washington DC, and is a professor at Georgetown University Law Center where he teaches the Law of Information Privacy. He is the author (with Philip E. Agre) of Technology and Privacy: The New Landscape (1997).
Andre Vitalis is a professor at the Centre d'étude des médias, Université de Bordeaux, and author of Informatique, Pouvoir, et Liberté (1988).
Alan F. Westin is one of the best know privacy expert around the world. His book, Privacy and Freedom, published in 1967, is still considered like a reference. He is a professor at the Columbia University.
"The greatest threat to the future of privacy", would add Herbert Burkert, "will be the many good reasons for which WE are willing to give it up". What are those assumed good reasons? They have "four only too human and therefore forceful roots", says Burkert: "indolence (why should I bother showing my passport when I can just put my hand into this plam-reader); fear and yearning for security (we must keep an eye on those people who are different and therefore up to no good; it is in their genes, let us have a look); greed (I just want to have this free sample so why not filling out this questionnaire); and avarice (why should I give my hard-earned money via social security systems to other people; they should at least constantly prove to me that they are no crooks)". Cecilia Jimenez observed that "populations generally take the path of least resistance because of the alleged benefits as well as because of unperceived threats to their rights".
In the sixties, Péladeau writes, "fears for individual freedoms were great enough to call for some informational self-dermination of the citizens. This call was so successful that today in (too) many western circles "privacy" is now equated only to the application of personal data protection principles and law, if not only to confidentiality. (...) Meanwhile, many of integrist or authoritarian persuasions as well as many technocrats are more and more openly stating that privacy is either an obsolete value altogether or should be radically redefined, for instance to permit extensive use of personal information in research, or its free commercialization, or its systematic use to counter crime and fraud. Conversely, there are those for which privacy is first a political value. Among them, those who use privacy as the spearhead of some anarchist stand; those who, on the contrary, consider privacy as a democratic issue where the State clearly has a role to play in its protection; those who tend to disolve privacy into a larger civil libertarian framework where values such as freedom of speech are paramount".
So what is privacy? The simple definition summarised in the sentence: the right to be left alone, seems no longer to be enough. Or, as Colin Bennett believes, maybe privacy is a too much "elusive subject" to be captured in a set of specific issues. "Privacy issues are only issues because of the context", he says. In his book (Regulating Privacy), Bennett wrote that there is a "recent and widespread recognition among privacy advocates that data protection cannot continue to be seen as a discrete and separate political issue. Privacy, in an instrumental or strategic sense, is inextricably linked with a variety of other information policy issues, such as computer crime, international data flow, computer vulnerability, copyright, and access to information. Data protection policy should be conceived and implemented as just one problem among many in the increasingly interdependent and interconnected information society".
But Marc Rotenberg, for one, gives an advice to his colleagues. His fourth big privacy issue is "to end the myth of balancing privacy interests". He adds: "One of the easiest ways to avoid a debate about the future of privacy protection is to say that we must balance privacy against other competing interests. This is the answer of a person who does not understand an issue. The protection of privacy requires making choices". Why? Because (fifth Rotenberg big issue) we have "to act now" before technology wins over our law, our customs and our sense of community, Rotenberg writes. "We need to pursue privacy solutions with great determination and imagination" and encourage policy makers to explore new privacy policies. Rotenberg believes that "a politician who does not have recommendations for how to address the public's concern about privacy will not be able to govern in the twenty-first century".
The growth of visual surveillance is a phenomena arising around the world. The camera systems, says Simon Davies, use sophisticated military technology. "They often have infra red night vision, automatic tracking, remote control, audio channels, and a zoom so powerful that it can scrutinise your facial blemishes in full colour at two hundred yards. Central control rooms are being equipped with sophisticated computer and telecommunication technology which link directly to police computer systems". It could include microphones to detect conversations. "Originally installed to deter burglary, assault and car theft, in practice", adds Davies, "most camera systems have been used to combat so-called 'anti-social behavior' or to track the movement of individuals 'of interest' and to monitor public meetings, marches, and demonstrations".
Here is the issue of privacy put in terms of power.
So to protect privacy, maybe one way would be to put the power, the control over information, in the hands of the person. That's what Herbert Burket identify as one important privacy issue: empowering the data subject through technical means like "encryption applications combined with anonymous biological identifiers". Berkert says that the technology allows to build electronic systems that permit anonymous transactions even when money is involved. We are talking a lot, for a couple of years, about technologies enhancing privacy. Alan F. Westin put on his list of issues the "access to strong encryption by online users". Rotenberg would probably had put it on his list too if I would allow to participants to get more than five issues, if we consider the battle of EPIC against the restrictive encryption policy followed by the american administration. And Simon Davies put on his own list as an issue the development of new standards around the world to render telecommunications devices "wiretap friendly" that "will set a matrix for the establishment of flawed and weak encryption policy".
As a result that organisations, public or private, are developing technologies that permit what Simon Davies call "the pursuit of perfect identity". He classify in this category all means of biometric identification (use of fingerprint, palm print or pattern of rods and cones on the retina). The use of genetic test information and DNA profiles can be considered as an extreme use of biometric identifier and bear many risks of discrimination and the multiplication of compulsory testing procedures, writes Roger Clarke. Westin and Davies too identifies DNA or genetic information as an important issue to deal with.
Moreover, according to Davies, this "pursuit of perfect identity threatens to bring the world back to a village system of fixed and irrevocable identities". Davies recalls that "the ability of individuals to move anonymously in society, or even to have multiple identities, has been one of the most important factors in the evolution of human society. It has also been a key element in the maintenance of free thought, free speech and democratic development". The use of a single biometric identifier, says Davies, "will have the effect not just of manacling the citizen to the machinery of the State, but also of providing a link between all data systems". One of the danger, says Roger Clarke, is that "if it becomes common to have to present a chip bearing a biometric identifier, there will be a tendency to mount it in the only carrier that can be relied upon to be with the person at all times, why not, to install it in the person's body". Data matching (the process of linking systems, by a biometric or anotherone identifier) "should be avoid at all costs", says Davies, who put the "interoperability" of information systems on his list of issues. Why? Because the idea of functional separation is at the core of privacy protection.
For example, Roger Clarke mentions that one of the main privacy issues is the "failure of the American public to appreciate the need for publicly-funded watchdog agencies". American people, politicians, and institutions "continue to subscribe to the myth that individuals, in their roles both as consumers and as citizens, can exercise control over the actions and behaviours of large organisations. It is a myth, because the imbalance of power is so great, and the capacity of individuals to form organisations with sufficient countervailing power has been limited. There is a danger", says Clarke, "that this myth may migrate to other countries".
To face all those challenges, stakes or issues, Rotenberg would suggest to pursue a wide range of privacy solutions combining law, technology, practice, and codes. Others would prefer to rely upon the individual responsability. But Péladeau has another proposal. In his view, what is the most important thing is the "democratization of the design, normative, and implementation processes of personal information infrastructures". The idea is to assure that before a new infrastructure will be put in place or developed, people will have a say, within institutions that already exist (like parliaments) or other ones, about the necessity of it and about how it would work. Péladeau often promoted what he calls the need for public social evaluation of information infrastructures (like the Internet, DNA sampling bases, taxpayers databanks, telehealth information systems, encryption public key infrastructures, and so on). But Péladeau believes that democratization implies to consider issues beyond privacy and data protection, if not to redefine privacy itself.