Friday, November 06, 2009

Privacy as Contextual Integrity

Couple of days ago Dr. Helen Nissenbaum of NYU gave an extremely interesting, engaging and stimulating lecture entitled "Privacy in Context" at UC Berkeley.

The audio recording of the lecture is available @

Following are some of the notes I took from the lecture. Please feel free to add to these if I missed something.

Socio-technical systems: It is not just the technology that causes privacy issues. It is the technology embedded in the social system. e.g. RFID implanted into humans or RFID enabled passports.

Three classifications of socio-technical system:

  1. Tracking and monitoring systems e.g. Web browser cookies.
  2. Systems that aggregate and analyze - Choicepoint, Amazon's personalized recommendation system.
  3. Systems that broadcast, disperse, distribute, propagate, publicize and disseminate information. - e.g. making court records, which are public, available online. In this case the web is technical system that disseminate the court records.

Controversial vs non-controversial socio-technical systems. Medical devices in use at hospitals are non-controversial and maybe beneficial. However, using information electronic toll collection on freeways to track someone's movement is controversial.

Traditional approaches to privacy:

  1. Private / Public duality (dichotomy). This is an oversimplified approach. It may be argued that what is public maybe disseminated by any medium. e.g. Google's street view, license plate recognition is not a privacy breach as both streets and license plates are public in nature. Private / Public dichotomy maybe good in political philosophy, but it is problematic in privacy realm.
  2. The measure of respect for privacy is the control of information by the subject. i.e. the subject has control over what gets revealed and what does not.
  3. Lobbying for what is constitutes as a privacy breach and what doesn't. Especially problematic if the privacy is considered a preference rather then a moral right.
  4. Privacy vs. other values (e.g. security).

These approaches are limited and do not work.

Dr. Nissenbaum's proposed approach: Contextual Integrity. Based on privacy as a human/moral right.

Contextual Integrity is a measure of how closely the flow of personal information conforms to context relative information norms. Contextual integrity is breached when these norms are violated and is respected when these norms are enforced.

Context relative information flow norms: In a context the flow of information (particular attribute) about a subject from a sender to a recipient is governed by a particular transmission principle. Context (circumstance), attributes (information about the subject), actors (subject (information owner), sender and receiver) and transmission principles are the key parameters. All these parameters must be taken into account when performing a analysis of the information flow. Google street map argument fails because it only takes one principle i.e. attributes (streets are public) into account and ignores the other key principle i.e. the context (distributing it over the web and making it widely available).

Fiduciary transmission principle: You trust someone with private information about yourself under the assumption that your private information will be used to benefit you and not harm you.

Privacy is not secrecy but rather appropriate flow of information.



What is privacy?

  • "Privacy is the right to control information about and access to oneself." Regan, P. M. (1995). Legislating Privacy: Technology, Social Values, and Public Policy. University of North Carolina Press.
  • "Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves." Fried, C. (1984). Privacy (a moral analysis). In F. D. Schoeman, Philosophical Dimensions of Privacy (pp. 203-222). Cambridge University Press
  • "Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. .....privacy is the voluntary and temporary withdrawal of a person from the general society through physical or psychological means, either in a state of solitude or small-group intimacy or, when among larger groups, in a condition of anonymity or reserve." Alan F. Westin, Privacy and Freedom (New York, NY: Atheneum, 1967).
  • “A loss of privacy occurs as others obtain information about an individual, pay attention to him, or gain access to him. These three elements of secrecy, anonymity, and solitude are distinct and independent, but interrelated, and the complex concept of privacy is richer than any definition centered around only one of them.” – Gavison, R. (1984). Privacy and the Limits of Law. In F. D. Schoeman, Philosophical Dimensions of Privacy (pp. 346-404). Cambridge University Press.
  • "Privacy is a limitation of others’ access to an individual through information, attention, or physical proximity." Ruth Gavison
  • Common Law Right to Privacy (as defined by Samuel Warren and Louis Brandeis, 1890): An individual’s right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others. 

No comments: