Is privacy dead? Vint Cerf, proclaimed as the father of the internet, was the keynote speaker for a recent FTC workshop on the internet of things (IoT). He stated in his address that privacy may have always been an illusion.
If you consider the history of human culture there has hardly been a time where any individual had private moments. In primordial cultures people dwelt together. In feudal eras only the nobility had any notion of private spaces. It was not until modern times when both the wealth and the population lead to a combination of personal space and a concentrated urban sense of anonymity. But what is privacy, really?
Is privacy the same as anonymity? Just because I do not know you are does not mean that you have privacy. I was reminded of this recently while hiking on remote trail. I was enjoying the overlook when I noticed a couple taking pictures in my direction. There I was captured in their image without my express consent. Was it anonymous? In the age of facial recognition and location-aware devices, it's likely there are existing software (e.g. social media sites) that would recognize me. Such software could tag me behind the scenes without my knowledge. Clearly obscurity is increasingly eroding. Our sense of personal boundaries is enlarging such that it encompasses our digital environments.
Is privacy the same as security? Perhaps anonymity doesn't matter if you live in a castle? The problem with this line of reasoning is that all attackers have to do is figure out how to climb the walls of the castle. We have seen this happen in modern industry many times when publicly exposed end points are compromised. When this happens people's online presence is no longer private. But are there cases where neither anonymity nor security matter?
Is privacy the same as ownership? There are plenty of examples where private places, assets, and ideas are neither anonymous nor secure. In such cases the owner shares their private resource in exchange for money, for notoriety, or for having the public manage their asset. For example, patents protect private ideas in an unsecured commons. Air travel allows passengers to pay for a share of a jet. Ungated private roads in housing developments benefit from public upkeep. But how do we collectively manage the ability to own digital ecosystem.
What is the role of government? There is an entire field dedicated to answering this question. One of my favorite definitions claims that its role is to balance the public and private benefit of shared resources. For example, how do we balance the need to keep our environment healthy with corporations' need to produce products whose bi-products pollute the environment? In this example pollution is a negative exertnality- it is a cost the public must pay while receiving very little benefit. Corporations can also receive positive externalities from the public. For example, the interstate highway system benefits shipping companies who pay a minute share of the creation cost of this infrastructure. In these examples our collective governance regulates the exchange of private and public resources.
How does this apply to data? Data governance as with other forms of governance can relate to the collective management of public and private data resources. We have well-established patterns for collective benefit from public resources. For example, the U.S. Census help organizations learn more about their customers. What about the need for collective positive externalities from private data? Is there a data governance role to regulate the public use of private healthcare data? Is there a way we can use data such as these to help cure diseases and saving lives while minimizing the exposure of private individuals to negative externalities? What if individuals retained ownership in the same way that private housing complexes retain ownership over their public roadways. Would it matter if this data were secure as long as it was made anonymous? As mentioned, increasingly possible to determine who people are based upon their digital signatures. In such a case, what if we only made individuals digital archives a part of such a record after they were deceased?
What is our long-term data legacy? I think these problems become easier to think about on the scale of generations. For example, we commonly exploit the private data from deceased generations in publicly available tools such as maps, ancestry charts, and healthcare records. Rather than bemoaning the lack of privacy, I think it is more helpful to learn to this digital commons through a new form of data governance. Such a proactive approach would allow us to maximize the benefit of these records for generations to come.
No, privacy is not dead. Instead, it is a concept that we are all responsible for defining. What we need from the father of the internet is not to bemoan the death of privacy. What we need is advice on how to set open data standards that create common data structure, disclosure protocols, and criteria for using private data in public sets in exchange for money. What we have to gain should surpass what we have to lose. We need to find a form of collective data governance that allows for maximum public benefit with minimal individual exposure. Did I get this right?