First Ascent in Protecting Privacy: Redefining the Public and Private Spheres
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Remarks at the Access and Privacy Conference (IAPP Program)
June 16, 2011
Address by Chantal Bernier
Assistant Privacy Commissioner of Canada
(Check against delivery)
I am pleased to be here today to talk about the redefinition of the public and private spheres. It’s a topic that may seem abstract and yet always sparks highly stimulating exchanges in our Office and gathers keen public interest.
Consider simply the travails of New York Congressman Anthony Weiner whose career is hanging by a thread because he sent suggestive pictures of himself on the Net; or this 16-year-old in Germany who invited friends to her birthday party without properly checking her privacy settings, and was besieged by a crowd of 1,500 that had to be handled by the police.
I could give many more examples, but I believe my point is clear: the topic you have chosen to address is current and relevant and I am delighted to have an opportunity to continue the conversation with you today.
In my presentation, I will share with you:
- First, what we heard on this topic in our consultations on consumer privacy last year;
- Second,what the OPC observes, on the basis of research as well as handling of complaints, to be the main challenges for the public/private divide in the era of electronic communications; and
- Finally, some pathways to ensure the crucial divide between public and private that defines our society as well as our personal dignity.
So first, I will set the stage by summarizing what we heard about the public/private divide during the consumer privacy consultations we hosted last spring in Calgary, Toronto and Montréal before I move on to what I feel are the main drivers of the perceived shift in this divide.
What we heard at the 2010 Consumer Privacy Consultations
Our consultations were held in the spring of 2010 and brought together privacy professionals, marketers, private-sector representatives and academics. Each session was focussed on a particular topic: cloud computing, geospatial tracking, advertising, etc. However, the more reflective issue of people’s private and public selves emerged throughout the sessions.
Some participants argued that social networking sites and social media in general provide individuals with the means to make their private lives more public, which causes a decrease in the expectations of privacy. (Although research is showing that people still expect privacy online—the thirst for notoriety does not negate an expectation of privacy.)
Others mentioned that the use of smartphones and the increasing availability of location-based apps contribute to making private lives available in the public realm. (Again, I must insert a caveat: the use of location-based apps may be on the rise, but is user awareness and consent following suit? That is precisely the point of the smartphone location uproar: are users fully aware and in control of what their smartphone collects and discloses?)
We also heard about the “invisible audience”: the type of information and the amount of information that people share online is greatly influenced by what they perceive their audience to be. Children, in particular, assume that their audience is composed of other children.
Another point that was made is that people’s behaviour changes online. Tracking others was given as an example: not only does this practice become socially acceptable when performed online, it becomes a social activity in itself.
Another factor that was mentioned is that people feel compelled to join all sorts of networks for fear of being left behind by their social circles: our social lives depend on the use of information technology, and the architecture that supports it is often public by default and private by effort.
And finally, it was pointed out that the business practices of social media sites are invisible. How do Google or Facebook make money if you don’t have to pay for the service? The only way they can make money is by selling the currency you provide: your personal information.
Combine this with the fact that today’s multinationals are still in their adolescence and are still developing their governance structure to protect personal information, their primary asset.
The picture becomes clear as to how people’s private lives can get swept up in the current.
A good example of the potent mix, so to speak, of the adolescent stage of organizations that collect a tremendous amount of personal information is the report we have just issued on Google Wi-Fi: Through our investigation, we found that Google had built a code, without properly checking its potential privacy impact, in its Street View program.
As a result, while Google cars were travelling the world to take pictures of our streets, they found themselves collecting personal information held on Wi-Fi networks. Why? Because no one checked—no one checked because the organization does not have the proper governance structure to properly control its privacy impact.
So it is not surprising that the general consensus throughout the consultations seemed to be that the “traditional notion” of public and private spaces is changing. So why is it changing? This brings me to what I see as the drivers of change in the public/private divide, and I share them with you in the hope that you will share with me what you see as the main drivers.
Gap between technology and digital literacy
To me, the first driver of this increasing sense of confusion surrounding the boundary between the public sphere and the private sphere is the increasing gap between technology and laypersons’ ability to manipulate it. The opening examples I gave you, of New York Congressman Weiner and the 16-year-old in Germany are perfect examples of that.
Anthony Weiner thought he was sharing his pictures “privately.” One political pundit in the US commented that the Congressman should resign not so much for what he did, but for being so “clueless” about the limits of privacy on the Internet. And that German girl did not intend to invite 1,500 people—she just mishandled her privacy settings.
Another resounding example of this in recent memory is the case of a British woman who posted her vacation pictures on Facebook. Among them was a picture of her husband in his Speedo. She also posted details about the location of their home and the whereabouts of their children. Her profile settings were set to “public,” which meant the whole world had free access to this information.
What makes this story interesting is that the woman’s husband is Sir John Sawers, the head of MI6, the British Secret Service.
Obviously, technological advances are progressing much faster than overall digital literacy.
I’m sure Sir Sawers’s wife valued her safety and that of her husband and children, let alone her husband’s employment. The fact that she would jeopardize it all in such a manner is, in my view, explained by a lapse in digital literacy, and not by a lapse in judgement. Information technology simply brings technical complexity that exceeds the layperson’s control.
As privacy is the right to control what others know about you, loss of control through digital illiteracy is a direct challenge to the public/private divide.
Transition from a concrete social platform to an abstract social platform
The second driver in the redefinition of the public and private spheres is the transition from a concrete social platform to an abstract one.
In the physical world, if we stand in front of a window and can see into another window with the blinds open, we instinctively close the blinds. We don’t seem to have a comparable reflex in the online world because we do not perceive, with our senses, our actual level of exposure. Indeed, our exposure is virtual, abstract, but no less real.
In fact, there is even an illusion of privacy—what experts refer to as the asymmetry of the online world. You are physically alone in your room with the doors locked, while at the same time entirely visible to everyone else on the Internet.
This is compounded by the fact that when we started going online, we all did relish the anonymity it provided us. It allowed a freedom we did not know in real life and we just loved to let loose. In a speech at the Canadian Marketing Association’s Convention two weeks ago, Arianna Huffington was commenting that on the Net, “self-expression has become the new entertainment.”
All the better if no one knows who you are. But that’s what’s changed.
We all remember the emblematic 1993 New Yorker cartoon with the caption, “On the Internet, nobody knows you’re a dog.” Last month, Eli Pariser quipped on cnn.com: “The new Internet doesn’t just know you’re a dog; it knows your breed and wants to sell you a bowl of premium kibble.”
And yet, we continue to use the Net, this vast, seemingly unlimited platform, for the most personal activities: we date online, we bank online, we confide online. And we want to continue to do it. We just want the platform to give us the proper controls to preserve the essential public/private barrier in this new form of communication.
Renegotiation of our relationship to the state in light of a dramatically increased capacity for data collection
Another important factor in the growing feeling that our private lives are open for public scrutiny is in the context of the public sector. The pressures of a new public safety environment force the renegotiation of our relationship with the state:
Airline security is the most acute manifestation of this new public safety reality where everyone is a suspect and therefore everyone’s privacy is diminished.
Why do we live with it? Because we believe, rightly or wrongly, that to display our toiletries does reduce the chance of another liquid bomb attempt as the one thwarted in the UK in 2006, that supplying personal information to law enforcement and national security authorities does increase the chance of catching a suspected terrorist before boarding the plane—and because we are still reeling from Air India, and even from the failed attempt on Christmas 2009.
And there are many more examples, beyond airline security, of the dramatically increased capacity for data collection by the state in the name of public safety: automatic licence plate recognition at the RCMP; or the omnibus crime bill announced by the government of Canada that will likely contain provisions giving law enforcement and national security authorities lawful access to electronic information such as the customer information behind an IP address without a warrant.
Last spring, the House of Commons adopted legislation that allows Canadian airlines to share with US authorities the personal information of passengers on flights that fly over the US, even if they don’t make a stop... and I could go on and on, but at some point, it seems to me the question arises: What’s public and what’s private, as states amass more and more information about law-abiding citizens?
There is no doubt the world feels like a different place since the terrorist attacks on the US ten years ago. Threats to our national and personal safety have become so diffusive, resting in individuals rather than states as was the case under the Cold War, that everyone has become a suspect. And it seems that being treated like criminals for having the audacity of wanting to board a plane now feels completely normal to us.
Yet, at least subconsciously, there is an impact on the public/private divide. We now assume the state doesn’t trust us. And perhaps, that the state shouldn’t trust us, or anyone. After all, it’s for our own good. The state’s appetite for personal information—whereabouts, travel patterns, financial transactions, known associates—is fuelled by this new reality of diffusiveness and individualization of threats, and enabled by a formidable potential for collecting and storing information.
And in this tremendous repository of personal information that is government, the public/private divide is blurred.
Use of electronic communication for personal and professional purposes
A fourth driver for the growing sense of confusion between the private and the public realms is the use of the same technological interface for personal and professional purposes. More employers, including governments, are resorting to social media.
Employees use their work computers for personal reasons, just as they use their phones for personal reasons—but the computer retains the information.
Professor Michael Geist, a member of the OPC’s External Advisory Committee, calls this the “collapsed context” of social and professional interaction. He summarized this idea in a Toronto Star article last fall, with the following observations:
- He puts in contrast the offline world, where we interact with many different groups—friends, family and coworkers, sharing different information with each group—with the online world, where all these conversations are collapsed into a single space—your e-mail account, the Net;
- What compounds the collapsing of private and public contexts online is that the information never disappears.
The use of the same tools—the same computer, the same smartphone, the same social networking site—for our public, professional lives and our personal, private lives calls for a whole new framework for the preservation of the public/private divide in the workplace. While the same rules apply online and offline, for example,
- we all know public servants cannot publicly criticize government policy, or
- that public servants must remain politically sensitive and discreet in their support of one party or another, or
- that a strict classification of documents must govern their level of secrecy—the trappings of the Internet, however, create the illusion of privacy, or the illusion of anonymity, and the limitations of digital literacy, require new policies and practices for the use of the Internet in the workplace that take into account these new factors that challenge the public/private divide.
Conclusion: Redefinition of the public and the private spheres in our lives
In the end, all these drivers—the gap between technology and digital literacy, the abstract nature of social platforms, the new appetite of the state for personal information, and the use of electronic communication for personal and professional purposes—culminate in a redefinition of the public and the private spheres in our lives.
But are we really sure that things were ever as cut-and-dry as we assume they were? A group of academic researchers came together under the “Making Publics: Media, Markets and Association in Early Modern Europe” project at McGill University. Their findings were recently featured in a 14-part series on CBC Radio’s Ideas.
Their work is fascinating in the context of a debate on the supposed erosion of privacy because it shows quite clearly that privacy was not always something that people valued. Back in the 16th century, important people lived public lives, fulfilling the right to notoriety, and private persons were nobodies. Access to public life was essential to forming an individual identity—whereas today, we view privacy as a condition of identity.
And even today, do we really have universally accepted definitions of “public” and “private”? Are these concepts really the same across continents, organizations, genders and generations?
It is unquestionable that in today’s world of ubiquitous networks, there is a gray area between what is public and what is private. If there is a boundary between the two spheres, it is indeed quite porous. However, I am not convinced that the line between the two was ever that clear and that impermeable. How could it be, really, when these two concepts are forever intertwined, interdependent and inter-related?
Yet, I posit that there is one constant throughout the ages, genders and continents: the dread of loss of control over one’s personal information.
While the definition of public and private is a social construct that varies through generations, cultures and individuals, there is one constant: we all want to control what we regard as private, we all want to control what others know about us because we know intuitively and empirically that it is essential to manage our place in society. What others know about us can help us—or it can harm us. The right to privacy is the right to control that transaction of personal information.
So the way to ensure the preservation of the public/private divide, that essential component of personal integrity, we need to develop new controls to respond to new challenges: we need to increase digital literacy, we need to impose upon social networks the finest granularity of privacy settings to ensure the highest level of control, and we need to keep governments strictly accountable for the information they seek about us.
A tall order, but a very exciting challenge.
Once again, I am quite honoured to have an opportunity to have this fascinating conversation with you today, and I am very much looking forward to your comments on this issue.
- Date modified: