Sir, This is a question for which hard answers seem difficult. Nevertheless, below are a few paragraphs from my current book draft. The draft does not now include Ayn Rand's pronouncement that "Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men." In any case, I concur with you that it would indeed be prudent to nail down an answer to your question well before science allows us to read the mind externally and without reserve.
--dan -----------------8<------------cut-here------------8<----------------- There are two ways to define privacy, and neither involves the squishiness that begins "a reasonable expectation of..." The first is what privacy means as a civil construct -- what Brandeis described[1] as "[T]he right to be left alone -- the most comprehensive of rights, and the right most valued by civilized men." The second is what privacy means at its operational core: the effective capacity to misrepresent yourself with de minimus side effects. As to the first, privacy is something that society, meaning you, give the individual, meaning me. When privacy will not be given and is thus not available, secrecy is something I can take for myself -- secrecy is a functional backstop for the absence of the civil construct. If privacy is a gift and secrecy is a taking, then the possibility of privacy is inversely proportional to the numbers of those who must do that giving for the state of privacy to prevail, hence privacy is inversely proportional to interconnectedness. This is consistent with a view of risk as proportional to dependency where dependency, in turn, is proportional to non-optional interconnectedness. This is where the all-wired world's "information wants to be free" is most robustly anti-privacy. As to the second, "Privacy is the power to selectively reveal oneself to the world."[2] which means that in choosing what to reveal, however idiosyncratically we choose, we demonstrate our liberty. As if that were not enough, "Philosophical and legal analysis has identified privacy as a precondition for the development of a coherent self."[3] which asks the question of whether a person whose life experience has been one without privacy can even comprehend the desire of those who prefer privacy. As a matter of prediction, raising the young to not expect privacy foreordains that when it is their turn to run society they will be as happy despite privacy's absence, and leglislate accordingly. It is said that the wonderful thing about a small town is that you know everyone, while the terrible thing about a small town is that they all know you. Indeed, a coherent argument for a "transparent society"[4] can be made, one where there are no secrets, where there is no privacy, where everyone knows everyone else's business, where unsolved crime is very nearly impossible, where neither need nor triumph is invisible, a place where everything that is not self-incriminating is therefore public and yet, at the same time, it is that surveillance which preserves liberty. Even were you able to craft the consensus that we all would each tell each other the contents of our hearts while leaving our cameras on at all times, I'm afraid that in such a utopian society you would soon find some were more equal than others. In short, I reject the one extreme, that of glass houses for us all. I have come to the conclusion that in all things it is bigness that is the enemy, neither ideology nor biology nor theology but bigness. Big business, big government, big labor, big money, big crime, big media, big religion -- their bigness predisposes them to predatory behavior. It is they who own the bulldozers that unlevel the playing field. The two economists Adam Smith and Ronald Coase described the nature of our economic interactions -- Smith with his millenial ideal of small producers trading amongst themselves in the mutual self-interest of wealth maximization,[5] and Coase with his explanation of why the millenium does not arrive.[6] Coase observed that economically viable firms expand until intra-firm coordination costs exceed inter-firm transaction costs. Putting it in biologic analogy, cells grow until their surface to volume ratio crosses a survivability threshold. It is unarguably clear that although the Internet did spectacularly lower transaction costs, it lowered coordination costs more. thus enabling the greatest economic concentration in world history. It is precisely this side effect of the global concentration of the control of power that must be the foundation of our thinking about privacy. As the ever prescient Phil Agre put it,[7] The global integration of the economy is ... commonly held to decentralize political power by preventing governments from taking actions that can be reversed through cross-border arbitrage. But political power is becoming centralized in equally important ways: the power of national governments is not so much disappearing as shifting to a haphazard collection of undemocratic and nontransparent global treaty organizations, and the power to influence these organizations is likewise concentrating in the ever-fewer global firms. to which I might add the observation that governments everywhere are deputizing those global firms as outsourced enforcers of government edict. If the reason I reject the transparent society is that I acknowledge my inability to sufficiently police its stronger members, then the most important thing I can do is to protect my privacy at all costs. The loss of privacy is irreversible for information is never un-revealed. Privacy is therefore the paragon of Hume's conjecture: "It is seldom that liberty of any kind is lost all at once."[8] In the face of the snow-balling bigness of the institutions of globalized human life, we must reserve privacy rights explicitly so that we may misrepresent ourselves to those against whom we have no other defense, against those for whom our name is a label on data collected without our consent. Consider your own life. Perhaps there is indeed no one fact about you that you wouldn't good-naturedly share with the world if I asked you politely, but by the time I got to twenty questions, few of you would still think this an amusing parlor game. The risk to you grows as the product of the number of personal facts times the number of potential recipients, but it is hard to fabricate an example where the benefit grows as fast even if you are a Hollywood- friendly politician. On purely risk management grounds, any finite tolerance for risk absolutely caps the amount of information you will want in play. This has nothing whatsoever to do with whether you have anything to hide.[9] If for no other reason, we must make it understood that just as "...there is nothing sinister in so arranging one's affairs as to [minimize] taxes,"[10] neither is there anything sinister in so arranging one's affairs as to minimize observability. Of course the technologic tools of privacy can be misused, but tell me what is it that is marvelous that can not also be misapplied? A wise man of my acquaintance, after a career in Federal law enforcement, told me my arguments were typically naive. He said that my (your) choice is not between Big Brother or no Big Brother, rather it is between one Big Brother and lots of Little Brothers. He suggested that I think carefully before I choose. I've thought about that a lot. I've thought about the comfort of being taken care of against the unease of having to be. I've compared the low cost of "one size fits all" to its correspondingly low benefit. I've thought hard about the proposition that the price of freedom is the possibility of crime. I've accepted that there is no such thing as righteousness if there is no possibility of sin. I conclude that privacy is worth its price, that near absolute privacy is indeed the worst of all social constructs, except for all the others. To this we will shortly return. ------------- [1] Judge Louis Brandeis, OLMSTEAD V. U.S., 277 U.S. 438 (1928) [2] Hughes E, "A Cypherpunk's Manifesto," 9 March 1993 [3] Agre P, "The Architecture of Identity," Seminar on People, Computers, and Design, Stanford, 1 May 1998 [4] Brin D, _The Transparent Society_, Perseus Books, 1998 [5] Smith A, _The Wealth of Nations_, W. Strahan, 1776 [6] Coase R, "The Nature of the Firm," Economica, v4 n16 p386-405, November 1937 [7] Agre PE, "The Market and the Net: Personal Boundaries and the Future of Market Institutions," Telecommunications Policy Research Conference, 6 October 1998 [8] Hume D, _Essays Moral, Political and Literary_, 1742 [9] Solove D, _Nothing to Hide_, Yale Univ. Press, 2011 [10] "Over and over again, the courts have said there is nothing sinister in so arranging one's affairs as to keep taxes as low as possible. Everybody does so, rich and poor, and all do right, for nobody owes any duty to pay more tax than the law demands. Taxes are enforced exactions, not voluntary contributions. To demand more in the name of morals is mere cant." -- Judge Learned Hand, COMMISSIONER V. NEWMAN, 159 F.2D 848, 850-851 (CA2 1947) _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography