Privacy and Computers

Seumas Miller, PhD

Charlest Sturt University

smiller@csu.edu.au

---

The coming into being of new communication and computer technologies has generated a host of ethical problems, and some of the more pressing concern the moral notion of privacy. Some of these problems arise from new possibilities of data collections. For example, computers can now combine and integrate data bases provided by polling and other means to enable highly personalised detailed voter profiles. Another cluster of problems revolves around the threat to privacy posed by the new possibilities of monitoring and surveillance. For example, telephone tapping, interception of electronic mail messages, minute cameras and virtually undetectable listening and recording devices give unprecedented access to private conversations and other private communications and interactions.Possibly the greatest threat to privacy is posed by the possibility of combining these new technologies, and specifically combining the use of monitoring and surveillance devices with computer data bases[1]

Provision of an adequate philosophical account of the notion of privacy is a necessary precursor to setting the proper limits of intrusion by the various new technologies. Such an account of privacy would assist in defining the limits to be placed on unacceptably intrusive applications of new technologies. Moreover it would do so in such a way as to be sensitive to the forms of public space created by these technologies, and not unreasonably impede those new possibilities of communication and information acquisition which are in fact desirable. In this paper I will restrict myself to a discussion of the notion of privacy with reference only to computer data bases. I will begin with an outline of the general notion of privacy.

The notion of privacy has proven to be a difficult one to adequately explicate. However there are a number of general points that can be made.[2] First, the notion of privacy has both a descriptive and a normative dimension. On the one hand privacy consists of being in some condition of not being interfered with or having some power to exclude, and on the other privacy is held to be a moral right, or at least an important good. Most accounts of privacy acknowledge this much. For example, Warren and Brandeis gave an early and famous definition in terms of the right to be let alone.[3] Naturally the normative and the descriptive dimensions interconnect. What ought to be must be something that realistically could be. The normative dimension of privacy is not a fanciful thing. We need to reject the proposition that the extent and nature of the enjoyment of rights to individual privacy is something to be determined by the most powerful forces of the day, be they market or bureaucratic forces. But it is equally important to avoid utopian sentimentality; it is mere self-indulgence to pine after what cannot possibly be.

Second, privacy is a desirable condition or power or a moral right that a person has in relation to other persons, and with respect to the possession of information by other persons about him/herself or the observation/perceiving of him/herself by other persons. The kind of 'interference' in question is cognitive or perceptual (including perhaps tactile) interference. [4] Third, the range of matters regarded as private embraces much of what could be referred to as a person's inner self. A demand - as opposed to a request - by one person to know all about another person's thoughts, beliefs, emotions, and bodily sensations and states would be regarded as unacceptable. Naturally there are conditions under which knowledge concerning another person's inner self are appropriate. A doctor needs to know about a patient's bodily sensations and states, in so far as this was necessary for successful treatment and in so far as the patient had consented to be treated. Nevertheless such information while no longer unavailable to the doctor, would still be unavailable to others, and for the doctor to disclose this information would constitute a breach of confidentiality. More generally, people are entitled to know of a person's intentions and beliefs in so far as these are likely to lead to actions which will affect their interests.

Fourth, a person's intimate personal relations with other people are regarded as private. So while a lover might be entitled to know his/her lover's feelings toward him/her others would not be so entitled. Indeed there would typically be an expectation that such infomation would not be disclosed by a lover to all and sundry.

Fifth, certain facts pertaining to objects I own, or monies I earn, are held to be private simply in virtue of my ownership of them. Ownership appears to confer the right not to disclose information concerning the thing owned. Or at least there is a presumption in favour of non-disclosure; a presumption that can be overridden by, for example, the public interest in tax gathering.

Sixth, certain facts pertaining to a person's various public roles and practices, including one's voting decisions are regarded as private.[5] These kinds of facts are apparently regarded as private in part in virtue of the potential, should they be disclosed, of undermining the capacity of the person to function in these public roles or to fairly compete in these practices. If others know how I vote my right to freely support a particular candidate might be undermined. If business competitors have access to my business plans they will gain an unfair advantage over me. If a would-be employer knows my sexual preferences he or she may unfairly discriminate against me.

Seventh, and more generally, a measure of privacy is necessary simply in order for a person to pursue his or her projects, whatever those projects might be. For one thing reflection is necessary for planning, and reflection requires privacy. For another, knowledge of someone else's plans can enable those plans to be thwarted. Autonomy requires a measure of privacy.

Equipped with this working account of privacy, including a basic taxonomy of the kinds of information regarded as private, let me now consider three different kinds of ethical issues posed by computer data bases.

One kind of issue arises when a person discloses private data, such as the state of one's finances, to an organisation. Obviously the accuracy of this data is an ethical issue. The literature in computer ethics is replete with cases in which individual persons have been harmed in virtue of the inaccuracy of the data about them. In one such case a man was actually shot by police who were acting on computer supplied (false) information that his car was owned by a gangster, and that therefore he was that gangster. However, the harm that might arise from inaccurate data is not in itself an issue of privacy.

As we saw above, personal financial information is regarded as private in virtue of its ownership by the person to whom it pertains. Nevertheless it is obviously legitimate for, say, lenders, to be aware of the credit record of their would-be customers. However lenders are only entitled to certain private financial information if they need it for a legitimate purpose - say, to ensure credit-worthiness - the customer is prepared to freely disclose it, the customer has access to it, and so on. Thus car sellers are not entitled to detailed knowledge of the assets and liabilities of members of the public simply because it would be useful in terms of their marketing or sales initiatives.

Moreover, organisations are not morally entitled to make personal financial information available to other organisations who may be interested in it. Rather such data should be regarded as confidential and it ought to be destroyed when the purpose for which it was originally freely given no longer exists. Moreover such data ought to be a matter of common knowledge between the individual and the organisation. That is, the customer is entitled to know precisely what information about him/herself the organisation is in possession of. The fundamental point here is that the data has not come to be 'owned' by the organisation. Quite the reverse, the data is still 'owned' by the individual. But in that case the individual is entitled to maintain control over that data.

This fundamental point is not undermined because the arrival of computer technology, smart cards, and so on, has vastly increased the capacity for storage, retrieval, access and communication of such data, or because business and governmental organisations routinely ignore individual rights to privacy in this area. Nor is it undermined by the fact that such data being abstract is capable of being possessed by many different people at the same time. Unlike washing machines and biscuits, information is transferable to others without loss of that information by the one who transfers it. The kind of data in question is arguably a form of intellectual property - notwithstanding the absence of any creative input - and ought to be protected as such.

A second ethical problem in relation to computer data bases concerns the increased accessing and integrating of data concerning individuals by (especially) government bodies, such as taxation departments and law enforcement agencies. For example, taxation departments sometimes embark on 'trawling' operations through data bases held by other departments and organisations, in order to detect apparent discrepancies in data and thereafter initiate a targetted investigation of the person in question.

One of the issues here concerns the conflict between governmental functions on the one hand and on the other individual privacy rights in relation not only to personal data, but more generally in relation to surveillance and monitoring. The implicit assumption that lies behind much of this monitoring and surveillance activity is that government functions override individual rights in virtue of the fact that these government functions serve the common good. This assumption is open to questioning on a number of counts. For one thing it is far from clear that there is a net benefit to the community from much of this monitoring and surveillance activity. For example, research at the Australian National University indicates that 35,000 people have been wrongfully threatened by punitive action arising from 'trawling' operations, and research at the University of New South Wales, that of 10 million attempted datamatching exercises only a paltry 15 hundred resulted in action.[6] Moreover the costs associated with these activities include intangible, but nevertheless important ones, such as the erosion in public trust. As the East European experience under communism has taught us, high levels of monitoring and surveillance are inconsistent with an open free society based on trust between public bodies and private citizens.

More important still, it is simply false that the common good overrides individual rights, at least in the area of detection of crimes and misdemeanours. Indeed the reverse is the case. Because monitoring and surveillance are by definition an infringement of privacy the presumption must be against their use. That presumption can be overridden in particular cases, but certainly not by some general appeal to the common good or the need to reduce tax evasion. There are two obvious kinds of case in which it can be overridden. In one kind of case the individual is aware of the monitoring or auditing and in effect consents to being monitored or audited for a particular delimited and legitimate purpose.[7] An example of this is a customer being 'watched' by closed circuit TV cameras in a particular store which has been robbed frequently in the past. (There being other stores selling similar goods in which there is no need for such monitoring.)

The other kind of case is one in which there is reasonable suspicion that a particular individual has in fact committed some offense. (Here the suspicion could not in itself have arisen from unacceptable kinds and levels of monitoring and surveillance.) In such cases a greater level of scrutiny may well be called for and it may be legitimate to seek information not otherwise available. For example, it might be acceptable to access the telephone numbers called over a given period by a drug dealer in the context of a police investigation into a particular drug deal in which there is evidence of his involvement.

A third kind of issue concerns the relative power of individuals in relation to organisations, including governments and corporations. As is well known knowledge confers power. If I know a great deal about you and you very little about me, you are at a disadvantage. This is particularly the case if you do not know what I know about you. Now one of the effects of the introduction of new computer and communication technologies is that the volume and kinds of information and access to information, about individual persons possessed by organisations, including corporations and governments, has increased enormously. However the information, and access to information, that individuals possess in respect of governments and corporations has not undergone a similar increase; though privacy legislation in some countries has gone a small way to redressing this imbalance, by ensuring access to government files on individuals, and so on. We thus have an increasing informational imbalance between individual persons and organisations.This informational imbalance entails a shift in the balance of power between individuals and organisations. Indeed it exacerbates an already existing imbalance of power grounded in the enormous material and other non-informational resources at the disposal of organisations. Obviously any increase in the power of organisations, including corporations and governments, has profound implications for individual rights, including especially autonomy. For rights cannot be exercised by those who have little or no power.

The information thus amassed by organisations does not necessarily consist of items of data which taken individually would have in the past been regarded as private; though in fact much of this information would have been so regarded. However even apparently 'non-private' computer based information is relevant to issues of privacy in the following way. As we saw above, privacy is a necessary condition for autonomy. And we have just seen that the informational imbalance between organisations and individual persons is a threat to individual autonomy in particular. But there are only two ways to correct this imbalance. One way is to increase the extent of, and access to, information possessed by individuals in respect of governments and corporations. The possession of such information would presumably entail access to the relevant technology, including computers. This first response consists in part in redrawing, and in particular, restricting the boundaries of the 'private sphere' of organisations. Private citizens need to know more about governments, corporations and the like; those who monitor need themselves to be monitored. The other way is to decrease the amount of information, and access to information, possessed by organisations in respect of individual persons. This second response consists in redrawing, and in particular, extending the boundaries of what is regarded as the private sphere of the individual. It may be that some combination of both these strategies is called for in the context of the threat to privacy and autonomy posed by new computer based and communication technologies.[6]

---

Footnotes

[1]

For introductions to these issues see Tom Forester and Perry Morrison Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing (Cambridge, Mass.: MIT Press, 1992) and Effy Oz Ethics for the Information Age (Brown Communications Inc., 1994).

[2]

One of the most helpful discussions of the philosophical notion of privacy is that of Stanley I. Benn in his A Theory of Freedom (Cambridge: Cambridge University Press, 1988) chapters 14 & 15.

[3]

S.D.Warren and L.D.Brandeis "The Right to Privacy" Harvard Law Review 4 1890.

[4]

It is also taken to include occupancy of 'private' space by unwanted physical intrusions.

[5]

See Benn op.cit. p.289.

[6]

John Birmingham "Nowhere to Hide" Independent Monthly June 1995.

[7]

It is important to stress that consent is not a sufficient condition for the use of 'private' information. Some information ought not to be made use of even if the relevant person consented to it. For example, a person might be in the habit of freely disclose personal details about himself, and yet such disclosure might be very harmful, indeed, psychically damaging.

[8]

Thanks to Andrew Alexandra for comments on an earlier version of this paper