by Martin Kuhn. New York: LFB Scholarly Publishing, 2007. 294pp. $65.00. ISBN: 9781593322304.
Reviewed by Robert M. Pallitto, Department of Political Science, Seton Hall University. Email: pallitro [at] shu.edu.
The anti-terror initiatives created in the wake of 9/11 have generated vigorous debates about privacy, and one facet of those debates has been an effort to conceptualize privacy in ways that reflect contemporary experience. The most explicit constitutional warrant for privacy protection – the Fourth Amendment’s limitation on search and seizure – simply does not cover the range of privacy issues that confront the 21st century subject via state/individual interactions. In particular, data-mining activities, termed “knowledge discovery in databases” or KDD, have vast implications for individual privacy, as the ongoing litigation over warrantless surveillance by the Bush administration shows. Martin Kuhn’s FEDERAL DATAVEILLANCE reviews both the theorizations of privacy in scholarly work and the application of privacy conceptions in federal court jurisprudence, and the work provides a useful reference for recent developments in privacy law.
Kuhn articulates five conceptualizations of privacy that correspond to developing case law. These conceptualizations also map experiences of privacy (or lack of privacy) in social life. They are privacy as space, secrecy, information control, confidentiality and knowledge control. The fourth and fifth of these – confidentiality and knowledge control – are newer categories, and knowledge control in particular corresponds to the KDD activities that are the primary focus of the book.
We are familiar with spatial conceptions of privacy through Fourth Amendment jurisprudence: the home, or the car, is a space shielded from public view where, in ordinary circumstances, the state may not enter without advance judicial authorization. Privacy as secrecy, though more limited, is similarly familiar: “only information that individuals consciously hide from others can be considered private” (p.16). However, there has been a tremendous increase, since the mid-1900s, in the “surrender of personal information” (credit-related and identity-related information, for example), and consequently the privacy-as-secrecy conceptualization has been gradually replaced by privacy-as-information-control. To put it another way, we know that some of our personal information will inevitably be released to third parties, and the resulting questions are about the scope of disclosure rather than the fact of disclosure. First Amendment cases relating to anonymous pamphleteering fall into the information control category. The pamphlet or handbill author seeks to publish his/her views, but wishes to remain anonymous while doing so, thus controlling the information to be released. [*450]
Privacy as confidentiality emerged as a new privacy dimension with the 1977 Supreme Court decision in WHALEN v. ROE, a case involving the release of medical information by physicians. Confidentiality differs from information control, Kuhn tells us, by virtue of the agent of control (p.121). In information control generally, the individual remains the agent of control, whereas confidentiality imposes restrictions on what other agents may do with one’s personal data once they have it. This distinction leads Kuhn to emphasize the importance of confidentiality as a distinct variety of information privacy.
Knowledge control is an even newer dimension of privacy, distinct from information control and confidentiality in an important way: the knowledge produced through manipulation of data is more than the sum of its parts. While the release, or loss of control, over individual bits of information might not, by itself, be objectionable, it is the knowledge produced through data matching and other applications that generates harmful effects on the individual subject. In the same way that market research produces consumer profiles that are then used to target subjects for marketing activities, data matching to create suspect profiles results in the targeting of individuals for surveillance (and, potentially, other actions). This much is not news; however, the book’s key insight here consists in pointing out that the knowledge is obtained through use of information not necessarily confidential in itself, but rather processed to create something new that is more threatening and dangerous. Flight records, for example, are not ordinarily information that individual travelers want to keep secret. However, when those records are matched with other data sets (e.g., biometrics, membership lists), the ceding of control over one piece of information can lead to unwanted results. Privacy-as-knowledge-control is complicated further by the “state action obstacle”: the involvement of private entities in KDD applications can place these activities beyond the reach of constitutional challenge because the KDD applications in question are not being performed by the state. This is another key insight. Although other causes of action are potentially available to an individual or class plaintiff in such cases, constitutional claims based in privacy may be precluded because of the lack of state action. In this important section of the book, Kuhn maps out the law of state action and cites the showing plaintiffs would have to make in order to overcome the state action problem.
The knowledge production element of KDD renders it less susceptible to control by privacy doctrine. Kuhn points out that because “KDD analysis applications generate new knowledge, . . . it is unlikely that plaintiffs would be able to claim privacy protection for information they have not actually surrendered to the government” (p.200). Moreover, it is “treated by the courts more like surveillance than like a search,” and thus it is not regulated the way law enforcement searches are (Ibid.). Here, as it cites the surveillance/search distinction, the book would benefit from a discussion of the Foreign Intelligence Surveillance Act (FISA), which creates a warrant process for intelligence surveillance and requires a lesser showing of particularized suspicion (as compared to the law enforcement warrant process) before a [*451] surveillance warrant can be granted. Although FISA is of course statutory rather than constitutional, its warrant process certainly has constitutional implications.
The methodology of FEDERAL DATAVEILLANCE is chronological case law analysis. Beginning with a set of 135 cases referencing privacy, surveillance and related keywords, Kuhn culls that set down to “landmark” cases often cited by the Supreme Court. Those cases are analyzed to see how they reflect and shape privacy law in the five dimensions under examination (space, secrecy, information control, confidentiality and knowledge control). It is important to note that only constitutional privacy doctrines are considered here: common law and statutory privacy protections are beyond the scope of the study. The book also references privacy theorists whose work supports the five classificatory divisions. The philosophical works could be integrated more fully into the discussion than they are; as things stand, the work of Anita Allen, Daniel Solove and others does not interact with existing decisional law and therefore cannot offer much guidance for future litigants and policymakers. This limitation is probably intentional, as Kuhn does not seek to make normative claims. As he puts it, “the book is intended to provide insight into the legal interpretation of constitutional privacy rights in regard to emerging data technologies and is not intended as a contribution to current policy debates about dataveillance” (p.33).
The insights provided through case law analysis in FEDERAL DATAVEILLANCE can be useful to scholars, advocates and policymakers despite the book’s avoidance of normative critique. For instance, Kuhn explains that courts use a balancing test to determine the applicability of confidentiality when the government seeks to make private information public. In the “war on terror” context, however, “national security” will often be the item placed on the pro-government, pro-disclosure, side of the balance, and recent experience tells us that national security will be found to outweigh most confidentiality claims. This unfair balancing becomes even worse when we factor secrecy into the equation. The state secrets privilege, as used in the warrantless surveillance and extraordinary rendition litigation, has enabled the federal government to withhold information and terminate lawsuits without disclosing specifically why national security requires such measures. In short, while claims of “national security” distort balancing tests in the privacy context, the state secrets privilege renders the balancing process incomprehensible because we do not know what is being balanced. One of the virtues of this book is that its elucidation of constitutional privacy doctrines provides conceptual and doctrinal frames for debates about privacy that will continue to emerge around anti-terror initiatives involving KDD.
WHALEN v. ROE, 429 U.S. 589 (1977).
© Copyright 2008 by the author, Robert M. Pallitto.