by Helen Nissenbaum. Stanford, CA: Stanford Law Books, 2010.304pp.Cloth $70. ISBN 9780804752367. Paper $24.95. ISBN: 9780804752374. E-Book $24.95. ISBN 9780804772891.
Reviewed by Lynne S. Viti, Writing Program, Wellesley College AND Arts, Humanities and Social Sciences, Franklin W. Olin College of Engineering. Email: lviti [at]wellesley.edu.
In this treatise on privacy and technology, Helen Nissenbaum combines privacy theory, legal case studies and philosophical analysis to good effect. A distinguished philosopher and expert on ethics and technology, Nissenbaum has previously delved into the ethics and legality of facial recognition software and collaborated on the creation of browser extensions to protect users against tracking and profiling on the Internet. In this philosophical inquiry into the clash between privacy and technology, she examines the threats posed to privacy by a range of technological advancements over the past two decades, and proposes a systemic approach to determining whether and when curtailing privacy through technology should be deemed permissible and even salutary.
Nissenbaum first reviews a plethora of new technologies, from the Internet and the multiple search engines users rely on to navigate it, to radio frequency identification (RFID), telephone caller ID, closed circuit tv in public spaces, facial recognition devices, computer-assisted accumulation and storage of personal data, and mobile telephones. She then turns to the difficult task of parsing the privacy issues these technologies give rise to. In creating a heuristic to assess the benefits and burdens of technology on individuals, she is careful to evaluate these factors not merely in terms of established legal doctrines and traditional philosophical notions of privacy, but also in light of what she terms contextual integrity. In short, to decide whether and in what particular context a technology offends our common moral sense of privacy, she has developed a system to probe and dissect the many social contexts in which a technology is put to use.
Drawing on philosophers from Mill and Bentham to twentieth and twenty-first century commentators – including, inter alia, Michael Foucault, Gerald Dworkin, Charles Fried, Anita Allen, and Eugene Volokh – Nissenbaum arrives at what she asserts is a generally shared concept of privacy in democratic societies. She acknowledges that any waiver of what we consider private information must be wholly conscious, whenever we permit technology to observe and gather data about our health, spending habits, employment, and our most fervent beliefs. In the first of three main sections of the book, Nissenbaum reviews the “democratization of database technologies” (p.38), resulting from the decreasing cost of both hardware and software used to track individuals and their habits and activities. She describes “massive and deep databases” (p.36) and [*602] technology’s enhanced ability to stockpile information about us, and then introduces the vocabulary of information technology and digital media. In particular, she focuses her introductory chapters on “omnibus service providers … a thriving industry of information service providers who sell products and services … online data vendors, information brokers, information services …” (p.45) She notes that these entities differ from institutions that in the past gathered information about us as an essential component of their raison d'etre – hospitals, credit card companies, insurers, and educational institutions. She points to the most egregious purveyors of private information: Acxion Corporation, ChoicePoint, and First Advantage corporation (owned by Lexis/Nexis), and paints a disturbing picture of “a spiraling feedback loop … vast repositories of digitized records of personal information” (p.45) generating an ever greater demand on the part of companies and governments for the collection of such data.
Nissenbaum also considers the effects on privacy effectuated by social networking sites like Facebook, LinkedIn, and My Space, and the litigation these sites spawned in their early days. This litigation was initiated primarily by job applicants ruled out of the hiring process because of Facebook posts revealing drug use, workers fired for posting negative comments about their employers, or individuals “tagged” in photographs posted on Facebook and similar sites without permission. More pernicious, Nissenbaum opines, are privacy invasions resulting from software’s capacity to monitor and track, both on the World Wide Web and in the actual world. Tracking systems via keystrokes on computers, swipe card entry systems, RFID systems, and clickstream tracking system comprise an arsenal of these privacy-invading tools. All these technologies, Nissenbaum notes, have given rise to a new field of scholarly inquiry – “’surveillance studies’” (p.63) – which focuses not only on monitoring and tracking, but also on promoting “’fair information practices’” (p.63). This inquiry extends well beyond critiquing the tracking of an individual’s Web usage or viewing his EZ pass records, to the study of privacy issues raised by journalists who disclose sensitive information, as recently seen in the Murdoch-News of the World scandal in the U.K.
The essential question that guides Nissenbaum’s inquiry is “…how do we tease apart the benefits [of technology] from the threats, how do we evaluate them and craft sensible policies?” (p.63) To answer this guiding question, she interrogates current approaches to assessing threats to privacy, including popular opinions gleaned through surveys, views of advocacy groups, and the views of worried or resigned individuals who fear their privacy is fast disappearing. Nissenbaum rejects the democratic approach, that is, letting stakeholders vote to determine which technologies should be curtailed because they violate the majority’s sense that privacy is sacrosanct. She emphasizes privacy’s “moral weight, its importance as a value … worth taking seriously because it is among the rights, duties, or values of any morally legitimate social and political system” (p.66).
Of particular interest is Nissenbaum’s dissection of what she labels “the private-public dichotomy” in privacy [*603] analysis. She rejects this approach, taking her cue from Israeli scholar Ruth Gavison, who argues for a “neutral conception – describing what privacy is without getting into the question of whether it is something worth working towards and enjoying” (p.68). Nissenbaum agrees with Gavison that it is necessary to define privacy in neutral terms in order to build legal and moral conceptions upon it. Such an approach “leaves open the possibility that in certain circumstances less privacy might be better than more and that reductions in privacy need not constitute violations or intrusions or incursions” (p.68).
Nissenbaum examines trade-offs in harnessing new information technologies, “the force of countervailing interests and values” that she believes current discussions of privacy largely ignore (p.108). An obvious example of the struggle between privacy purists and those who wish to use technology for information gathering, storage and manipulation is the clash between privacy and security in the post 9/11 world. Through her rich exploration of contextual privacy and the many ways in which social context requires us to constantly revise our ideas of what ought to be private and when an individual’s claim of privacy must yield to broader social goals and concerns, Nissenbaum provides a nuanced, thoughtful discussion of the issues and a rigorous way to calculate the benefits and burdens of a technology that at first glance disturbs our expectations of privacy.
The most useful section for those teaching courses on privacy law is Part III, “The Framework of Contextual Integrity,” in which Nissenbaum reiterates her claim that “a right to privacy is neither a right to secrecy nor a right to control, but a right to appropriate flow of information” (p.127). This notion of “appropriateness” is the linchpin of the contextual integrity approach, whereby the right to privacy only makes sense if we accept it as “a right to contextual integrity” which “varies from context to context” (p.129).
Nissenbaum concludes that privacy is not culturally relative, nor is it a universal value; rather, she maintains that an individual’s expectations as to privacy are invariably tied to “the background social situation” (p.129) By way of illustration, Nissenbaum applies the heuristic of contextual integrity to two events in recent memory: the Clinton-Lewinsky scandal, with a focus on Linda Tripp’s secret recording of her telephone conversations with Monica Lewinsky, and the passage of the Gramm-Leach-Bliley Act (1999), which governs the collection, disclosure and protection of personal information. Turning to the contexts of education, health care, psychoanalysis, voting, and employment law, she defends the contextual integrity heuristic as “a more sensitive instrument" for flagging and evaluating privacy breaches than a one-rule-fits-all measure.
Nissenbaum’s book is provocative and thoughtfully organized. Her contextual integrity heuristic is a useful mechanism for evaluating the ways in which technology limits, impinges upon or altogether abridges privacy. By eschewing the public/private dichotomy and probing the social context in which a technology functions, she addresses these issues while remaining fully cognizant of their complexity. Explanatory endnotes and an exhaustive [*604] list of references provide ample fodder for those wishing to delve deeper into this topic.
The book’s flaws are few. Although Nissenbaum assumes that the reader is thoroughly conversant with nineteenth and twentieth century philosophers, this may not be true for all students, especially undergraduates. Graduate students will benefit from reading Nissenbaum’s theories and practical approaches to parsing the ways in which technology challenges privacy. The first printing would have benefited from a more rigorous copy editing. Nissenbaum’s prose style at times is verbose, with unnecessarily complicated syntax. These are cavils, however. Either in part or in full, Privacy in Context belongs in the syllabus of any course on privacy law, ethics and technology, or philosophy of law.
© Copyright 2011 by the author, Lynne S. Viti.