The subject of "personal data protection," long the exclusive domain of experts and activists, has recently earned its political pedigree.
The French Edvige file, the endless extension of Google's services, Facebook's use of personal data, biometric IDs, contact-less chips have all sparked heated public discussions that, in many case, have forced businesses and governments into (albeit temporary) backtracking. Europe's data protection authorities, gathered within the G29, have taken a firm stance (PDF) on issues such as social networking, RFID tags, and video surveillance. In the U.S., the Mecca of contractual freedom, growing numbers now speak out for more encompassing and stricter legislation.
Guest author Daniel Kaplan is the author of the newly published Digital Privacy and Active Identities (Informatique, Libertés, Identités, Fyp Editions, edition available on eBook). This article briefly presents the book's philosophy, which could be summarized by the following statement: "The value of privacy is that it enables us to go public!" Kaplan is the founder of Fondation Internet Nouvelle Génération (FING).
A Bitter Victory
However, there is little to rejoice over.
Governments and businesses have never enjoyed such powerful, ubiquitous and discreet means of tracking or monitoring private citizens. Individuals have no more control over what organizations know about them than they did yesterday... probably less. At the very least, the imbalance of knowledge - and thus power - between individuals and organizations, is not diminishing. The legal and technical means to protect oneself exist. But they remain unfamiliar and unloved, seen as foreign bodies both by organizations and individuals.
In fact, individuals actually seem to take a perverse pleasure in doing the exact opposite of what privacy advocates expect them to do. They hardly contribute to their own protection. They appear to be ready to reveal their most intimate details at the drop of a hat, for the price of a plate of beans.
They expose themselves on the Web and through social networking. "What's wrong with people?" ask those who have been trying to protect them for the last 30 years. Then they turn to a nice, reassuring answer: people are "paradoxical", they declare themselves generally worried at the nibbling away of their privacy, and yet their practical actions in no way reflect their attitudes.
Accusing people of being paradoxical won't get us very far, though. Let us explore another hypothesis: that these practices in fact adhere to some sort of rationality (or coherence), based on the value we place on the power to project ourselves into the world and towards others.
Protect and Project
What this means is that we can't separate individual protection and projection: Individuals will only act on the former if they are empowered to the latter.
Identity is not a fixed property, provided once and for all, to be simply guaranteed and protected. It is a continuous, multifarious construction, which combines internal and external, objective and subjective, perennial and ephemeral factors. It is above all a social construction. Identity is defined in relation to others, as explained by Daniel Solove, among many others.
Privacy is the starting point from which we reach out to others and to which we return to reflect on our experiences, only to move outward again. Private life only makes sense if it forms the basis... for our public life! Individuals will only act on protecting the former if it helps them endow the latter with richness, diversity, creativity, pleasure and efficiency.
Protecting their privacy has value for individuals. Yet this value is weighed against others: increasing and maintaining social networks, improving one's reputation, sharing passions, saving time and gaining access to services. When protection conflicts with projection, protection doesn't always win.
Yet most privacy laws focus exclusively on protection.
What If... ?
In a democratic society, it is thankfully easier for governments to fix limits than to enforce models of behaviour. Laws will more often say "you can't" rather than "you may." Furthermore, when the first privacy laws passed in Europe, in the 1970s and 1980s, only the rich and powerful had access to computer technology. The fissure between bare naked individuals and heavily armed organizations seemed distinct and profound.
These imbalances have endured, and preventing or correcting the abuse of personal data by organizations remains as necessary as ever. Yet something essential has changed - individuals now have powerful means at their disposal to handle and exchange information. They use these means to affirm their identity, express themselves, share, collaborate, engage, and learn.
Let us now imagine that individuals could use, to their own ends, the masses of data that organizations hold about them, whether to turn surveillance on its head or just to get to know themselves better; that at school, kids are taught not only the dangers of the Internet, but how to use it in order to construct an autonomous and socially vibrant identity, one that is recognized and appreciated by their peers; that we, and our employers, learn to recognize and share the value of the myriad of informal skills that cannot be listed on our CVs; that it will become possible to give life to several heteronymous beings, i.e. alternative, perennial, credible personas that reflect the different facets of our personalities.
What could I accomplish if I had at my disposal all the data - in some truly useful form - pertaining to the journeys and communications I have made and had in recent years? As well as my past bank card transactions, search engine queries, or detailed lists of all my local supermarket purchases? Not just to control what others do with this information, but to actually use it myself, to my own ends?
Now if you're a serious enough person you've already wondered: What could people possibly do with all this information? Remember those computer manufacturers in the 1970s, who couldn't conceive what anyone could possibly do with a personal computer. Or the puzzled faces of corporate IT executives in the 1980s, when faced with their marketing departments' demands for huge databases that could be "mined" for interesting cross-data.
Then new software, decision-making models and visualization tools gave meaning to those masses of data. Could we not invent the tools, models and representations that will make the same amount of sense for individual people? Or even, while we're at it, invent an "Internet of Subjects", as Serge Ravet invites us to?
Protecting oneself is a reasonable, sad and boring thing to do, if no other purpose is served. If, however, we have something to project ourselves toward, then controlling what others do with our information becomes a necessary precondition.
A Changing Era
Associating self-projection and protection, in practice, technology, legislation, and education - here lies the (hopefully fecund) direction we now intend to explore. It will not be a straightforward journey. New solutions come with new risks. Exploring both solutions and risks will require the combined mobilization of citizens (for new rights need to be ascertained), researchers (for there are many questions to answer), and innovators (because there are tools to invent). Who will orchestrate this mobilization? What event will trigger it? The discussion is open!
Photo by opensourceway