The Commercialization of Personal Data
What Kind of Vegetable Are You?
It didn’t raise eyebrows when Aleksandr Kogan offered “This is Your Digital Life” as a Facebook quiz app. Quiz apps are a staple of Facebook marketing, enticing users to participate and then harvesting marketing data. These apps—which are enticing, seductive, and highly effective—have spawned an entire subindustry of quiz-marketing tools and specialists.
About 270,000 Facebook users installed Kogan’s app and took its personality test, in the process giving the app access to their contacts to invite them to follow suit. Kogan’s ostensible motivation was academic research—studying how emojis are used to convey emotion. But what he did with all the data he collected was quite different. Through Kogan’s app, the firm Cambridge Analytica harvested data on more than 50 million people. Cambridge Analytica used that information to help presidential candidate Donald Trump’s campaign target audiences for digital advertising and fundraising, model voter turnout, identify markets to air television ads, and even plan Trump’s travel. Cambridge Analytica asserted that its “psychographic profiles” helped to identify likely voters and the kinds of messages that would sway them to vote Trump.1
But how did a quarter million people downloading an app turn into data spillage from 50 million? Through the porous privacy model of Facebook apps. Each of the 270,000 users who installed the app was connected to an average of 200 friends. “This is Your Digital Life” based its assessment not so much on the quiz as on the history of pages “liked.” The quiz was a pretext to obtain access to users’ likes and those of their contacts. Facebook permitted that data shoveling in 2015—although it says Kogan violated the program’s terms by sharing profile data with Cambridge Analytica.
Your privacy is not your own. Even if you rejected “This is Your Digital Life,” any of your friends—or the apps they installed—could have compromised your data. This has parallels in the non-digital world as well, of course. (Consider the old saying “Two people can keep a secret if one of them is dead.”) But offline, you may have better intuitions about it. You know not to share a story with the gossipy neighbor until you’re ready to be asked questions by strangers in the supermarket. Online, it took a long time for Facebook’s privacy settings to gain simple audience controls, and not until after the Cambridge Analytica scandal did the social network stop allowing apps to traverse the social graph, slurping up the network of friend connections.
Leave Me Alone
More than a century ago, two lawyers raised the alarm about the impact technology and the media were having on personal privacy:
Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that “what is whispered in the closet shall be proclaimed from the house-tops.”
This statement is from the seminal Harvard Law Review article on privacy published in 1890 by Boston attorney Samuel Warren and his law partner, Louis Brandeis, later to be a justice of the U.S. Supreme Court (where, as we saw, he dissented in defense of privacy in Olmstead v. U.S.).2 Warren and Brandeis went on to say,
Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers. To occupy the indolent, column upon column is filled with idle gossip, which can only be procured by intrusion upon the domestic circle.
New technologies made this garbage easy to produce, and then the supply created the demand. And those candid photographs and gossip columns were not merely tasteless; they were bad. Sounding like modern critics of mindless reality TV, Warren and Brandeis raged that society was going to hell in a handbasket because of all that stuff that was being spread about:
Even gossip apparently harmless, when widely and persistently circulated, is potent for evil. It both belittles and perverts. It belittles by inverting the relative importance of things, thus dwarfing the thoughts and aspirations of a people. When personal gossip attains the dignity of print, and crowds the space available for matters of real interest to the community, what wonder that the ignorant and thoughtless mistake its relative importance. Easy of comprehension, appealing to that weak side of human nature which is never wholly cast down by the misfortunes and frailties of our neighbors, no one can be surprised that it usurps the place of interest in brains capable of other things. Triviality destroys at once robustness of thought and delicacy of feeling. No enthusiasm can flourish, no generous impulse can survive under its blighting influence.
The problem Warren and Brandeis perceived was that it was hard to say just why such invasions of privacy should be unlawful. In individual cases, you could say something sensible, but the individual legal decisions were not part of a general regime. The courts had certainly applied legal sanctions for defamation—publishing malicious gossip that was false—but then what about malicious gossip that was true? Other courts had imposed penalties for publishing an individual’s private letters—but on the basis of property law, just as though the individual’s horse had been stolen rather than the words in his letters. That did not seem to be the right analogy either. No, they concluded, such rationales didn’t get to the nub. When something private is published about you, something has been taken from you, you are a victim of theft—but the thing stolen from you is part of your identity as a person. In fact, privacy was a right, they said, a “general right of the individual to be let alone.” That right had long been in the background of court decisions, but the new technologies had brought this matter to a head. In articulating this new right, Warren and Brandeis were, they asserted, grounding it in the principle of “inviolate personhood,” the sanctity of individual identity.
Privacy and Freedom
The Warren–Brandeis articulation of privacy as a right to be left alone was influential, but it was never really complete. Throughout the twentieth century, there were simply too many good reasons for not leaving people alone, and there were too many ways in which people preferred not to be left alone. And in the United States, First Amendment rights stood in tension with privacy rights. As a general rule, the government cannot stop me from saying anything truthful. In particular, it usually cannot stop me from saying what I lawfully discover about your private affairs. Yet the Warren–Brandeis definition worked well enough for a long time because, as Robert Fano put it, “The pace of technological progress was for a long time sufficiently slow as to enable society to learn pragmatically how to exploit new technology and prevent its abuse, with society maintaining its equilibrium most of the time.”3 By the late 1950s, the emerging electronic technologies, both computers and communication, had destroyed that balance. Society could no longer adjust pragmatically because surveillance technologies were developing too quickly.
The result was a landmark study of privacy by the Association of the Bar of the City of New York, which culminated in the publication, in 1967, of a book by Alan Westin, titled Privacy and Freedom.4 (Fano was reviewing Westin’s book when he painted the picture of social disequilibrium caused by rapid technological change.) Westin proposed a crucial shift of focus.
Brandeis and Warren had seen a loss of privacy as a form of personal injury, which might be so severe as to cause “mental pain and distress, far greater than could be inflicted by mere bodily injury.” Individuals had to take responsibility for protecting themselves. “Each man is responsible for his own acts and omissions only.” But the law had to provide the weapons with which to resist invasions of privacy.
Westin recognized that the Brandeis–Warren formulation was too absolute, in the face of the speech rights of other individuals and society’s legitimate data-gathering practices. Protection might come not from protective shields but from control over the uses to which personal information could be put. “Privacy,” wrote Westin, “is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.” Westin proposed:
…what is needed is a structured and rational weighing process, with definite criteria that public and private authorities can apply in comparing the claim for disclosure or surveillance through new devices with the claim to privacy. The following are suggested as the basic steps of such a process: measuring the seriousness of the need to conduct surveillance; deciding whether there are alternative methods to meet the need; deciding what degree of reliability will be required of the surveillance instrument; determining whether true consent to surveillance has been given; and measuring the capacity for limitation and control of the surveillance if it is allowed.5
So even if there were a legitimate reason why the government, or some other party, might know something about you, your right to privacy might limit what the knowing party could do with that information.
This more nuanced understanding of privacy emerged from the important social roles that privacy plays. Privacy is not, as Warren and Brandeis had it, the right to be isolated from society; privacy is a right that makes society work.
Fano mentioned three social roles of privacy. First, “the right to maintain the privacy of one’s personality can be regarded as part of the right of self-preservation”—the right to keep your adolescent misjudgments and personal conflicts to yourself, as long as they are of no lasting significance to your ultimate position in society. Second, privacy is the way society allows deviations from prevailing social norms, given that no one set of social norms is universally and permanently satisfactory—and, indeed, given that social progress requires social experimentation. And third, privacy is essential to the development of independent thought; it enables some decoupling of the individual from society so that thoughts can be shared in limited circles and rehearsed before public exposure.
Philosopher Helen Nissenbaum similarly grounds privacy in social being, describing privacy as “contextual integrity.”6 Privacy depends on a match between data flows and the expectations and norms of the setting in which information was generated and shared. When Facebook invites you to friend your therapist or a fellow patient, that’s a context violation. Online spaces offer the opportunity to multiply contexts: You can be one persona on your Instagram feed and another in the classroom. But online spaces also threaten context collapse, as Stacy Snyder found way back in the days of Myspace, when her photograph captioned “drunken pirate” on what she thought was a merely social post cost her a teaching degree.7
The explosive growth in digital technologies has radically altered our expectations about what will be private and shifted our thinking about what should be private. It has made privacy violations easier and potentially more numerous. Indeed, it is remarkable that we no longer blink at intrusions that a decade ago would have seemed shocking. Unlike with the story of secrecy, there was no single technological event that caused the change, no privacy-shattering breakthrough—only a steady advance on several technological fronts that ultimately passed a tipping point.
Sensor devices got cheaper, better, and smaller. Tiny cameras, GPS units, and microphones have gone from the stuff of spy museums to the banality of everyday carry. Once they became useful consumer goods, we seemingly worried less about their uses as surveillance devices. Instead of trying to come up with a unifying theory of privacy and its value, we find ourselves piecing together privacy from feelings of discomfort and regret amid the abundance. It’s that much harder when we’re the ones bringing spies into our own homes and those of our friends, when we trade privacy against conviviality and convenience.
Smile While We Snap!
Big Brother had his legions of cameras, and the City of London has theirs today. But for sheer photographic pervasiveness, nothing beats the cameras in the cell phones in the hands of everyday people. Flying out before the Fourth of July, Helen was asked to switch seats with another woman who wanted to be seated with her boyfriend. She took her seat a row up and struck up a conversation with her new seatmate, unaware that the row behind was filming them as romance. The pair she had helped were tweeting the flight, hashtagged #PlaneBae, and the story soon made the rounds of television morning shows. Innocent fun, it might seem, but not for Helen, who stated (through lawyers),
Without my knowledge or consent, other passengers photographed me and recorded my conversation with a seatmate. They posted images and recordings to social media, and speculated unfairly about my private conduct.
Since then, my personal information has been widely distributed online. Strangers publicly discussed my private life based on patently false information.
I have been doxxed, shamed, insulted and harassed. Voyeurs have come looking for me online and in the real world.8
The massive dissemination of cheap cameras coupled with universal access to the Web enables a kind of vigilante justice—a ubiquitous Little-Brotherism, in which we can all be detectives, judges, and corrections officers. Bloggers can bring global attention to ordinary citizens.
For every lens aimed deliberately, there are also scores more watching unattended: public and private observation and surveillance. Main Street is lined with security cameras peeping from store windows and police surveillance cameras, some of which even offer public viewing. Leafy Lane may be watching, too, thanks to networks of Ring doorbells and vigilant neighbors in Nextdoor groups. Coupled with automated facial recognition, the wired streets could be building dossiers on us all.
Looking at images on the Web is now a leisure activity that anyone can do at any time, anywhere in the world. Using Google Street View, you can sit in a café in Tajikistan and identify a car that was parked in my driveway when Google’s camera came by (perhaps months ago). From Seoul, you can see what’s happening right now, updated every few seconds, in Piccadilly Circus or on the strip in Las Vegas. These views were always available to the public, but cameras plus the Web change the meaning of “public.”
Some of the intrusions into our privacy come because of the unexpected, unseen side effects of things we do quite voluntarily. While the Fourth Amendment protects us from overreach of government surveillance, there is only patchwork legal consideration of private information gathering in the United States. Companies routinely gather and infer information about individuals and use it to customize product offerings and advertisements. As the saying goes, if you’re not paying, you’re the product.