The brilliant New York University philosopher Helen Nissenbaum has put her approach to privacy at the center of the national agenda.
PALO ALTO -- A mile or two away from Facebook's headquarters in Silicon Valley, Helen Nissenbaum of New York University was standing in a basement on Stanford's campus explaining that the entire way that we've thought about privacy on the Internet is wrong.
It was not a glorious setting. The lighting was bad. The room was half empty. Evgeny Morozov was challenging her from the back of the room with strings of tough, almost ludicrously detailed questions.
Nissenbaum's March presentation was part of Stanford's Program on Liberation Technology and relied heavily on her influential recent research, which culminated in the 2010 book, Privacy in Context, and subsequent papers like "A Contextual Approach to Privacy Online."
But the most important product of Nissenbaum's work does not have her byline. She's played a vital role in reshaping the way our country's top regulators think about consumer data. As one measure of her success, the recent Federal Trade Commission report, "Protecting Consumer Privacy in an Era of Rapid Change," which purports to lay out a long-term privacy framework for legislators, businesses, and citizens, uses the word context an astounding 85 times!
Given the intellectual influence she's had, it's important to understand how what she's saying is different from other privacy theorists. The standard explanation for privacy freakouts is that people get upset because they've "lost control" of data about themselves or there is simply too much data available. Nissenbaum argues that the real problem "is the inapproproriateness of the flow of information due to the mediation of technology." In her scheme, there are senders and receivers of messages, who communicate different types of information with very specific expectations of how it will be used. Privacy violations occur not when too much data accumulates or people can't direct it, but when one of the receivers or transmission principles change. The key academic term is "context-relative informational norms." Bust a norm and people get upset.
This may sound simple, but it actually leads to different analyses of current privacy dilemmas and may suggest better ways of dealing with data on the Internet. A quick example: remember the hubbub over Google Street View in Europe? Germans, in particular, objected to the photo-taking cars. Many people, using the standard privacy paradigm, were like, "What's the problem? You're standing out in the street? It's public!" But Nissenbaum argues that the reason some people were upset is that reciprocity was a key part of the informational arrangement. If I'm out in the street, I can see who can see me, and know what's happening. If Google's car buzzes by, I haven't agreed to that encounter. Ergo, privacy violation.
Nissenbaum gets us past thinking about privacy as a binary: either something is private or something is public. Nissenbaum puts the context -- or social situation -- back into the equation. What you tell your bank, you might not tell your doctor. What you tell your friend, you might not tell your father-in-law. What you allow a next-door neighbor to know, you might not allow Google's Street View car to know. Furthermore, these differences in information sharing are not bad or good; they are just the norms.
Perhaps most importantly, Nissenbaum's paradigm lays out ways in which sharing can be a good thing. That is to say, more information becoming available about you may not automatically be a bad thing. In fact, laying out the transmission principles for given situations may encourage people, both as individuals and collectively, to share more and attain greater good. On a day when a House of Representatives committee is holding a hearing on privacy titled, "Balancing Privacy and Innovation," which really should be titled, "Balancing Privacy and Corporate Interests," any privacy regulation that's going to make it through Congress has to provide clear ways for companies to continue profiting from data tracking. The key is coming up with an ethical framework in which they can do so, and Nissenbaum may have done just that.
Right now, people are willing share data for the free stuff they get on the web. Partly, that's because the stuff on the web is awesome. And partly, that's because people don't know what's happening on the web. When they visit a website, they don't really understand that a few dozen companies may collect data on that visit.