It kills me that we don’t have a go-to answer for ‘why do we need privacy’. This is my take on real, broad-scale harm of eroding privacy in the new century.
- Engagement and its discontents
- Institutional overfitting & local maxima
- Bowers v Hardwick
- Secret police sometimes backfire
- No harm, no standing
- Digital privacy may be a new right
- Control must permit change
Engagement and its discontents
Netflix seeks the most efficient content. Efficient here meaning content that will achieve the maximum happiness per dollar spent. … To estimate that happiness, Netflix employs a complicated model predicting demand.1
Substitute ‘binge watching’ for ‘demand’ and this is saying bingeing is a proxy for happiness. In reality, watching a ton of TV is a proxy for depression.
Nobody is saying (yet) that TV is a root cause for depression. TV is like heroin in Rat Park2 – if you’re depressed (or in the bad cage) you’re going to use it a lot.
The table below has time shares for the apps people use most (25-34 year olds):3
|Top 3 facebook properties||23.7%|
The top apps keep their top spots by running nonstop behavioral experiments to learn how to keep users from switching away. My argument excludes Pandora, which is a background product. Nobody fears Pandora except their stockholders.
Are these products delivering user value? One argument is ‘yes, otherwise we wouldn’t use them’. By that argument, herpes delivers user value (or else your cells wouldn’t reproduce herpes virions and periodically build a cold sore on your lip).
Facebook is valuable as a way to get invited to things, but there’s no way to separate its components. You can’t access to its information without exposure to its anti-user features. Majority demand for shitty free products is moving a slice of commerce and community onto closed platforms that take users’ time and dignity instead of money.
I’m not just talking about the intangible harm of giving up my behavior, location, communication and social network data. I’m talking about becoming a guinea pig to help ‘engagement’ companies learn to make me a worse addict.
Institutional overfitting & local maxima
Why do companies use optimization models on their users? It’s a cycle:
- Businesses optimize their processes,
- which temporarily raises margins,
- but competitors are entering the market, so you have to use your new efficiency to lower prices.
- Now you have less income per customer and more overhead (staff of optimization experts). Let’s hope your model scales!
Optimization doesn’t continue forever; eventually you’ve tested every good idea you have on all your users and reach a state of diminishing marginal returns. Congratulations, you’ve reached a local maximum.
Low margins in an industry can be bad news. Airlines, for example, are overbooking flights and are apparently beating ticket-holders to get them to leave flights. Low margins also mean less money for R&D; low-margin organizations have what’s called ‘functional fixedness’ in psychology. They can’t easily respond to anything off-script, get fixated on categories and rules that used to matter but don’t anymore, and eventually get out-competed.
Sometimes low margins are unavoidable but other times we can change the game with new laws, though not without new consequences. For example, legislating against overbooking flights would probably raise airline costs but potentially improve customer service (not saying that’s a good compromise).
Bowers v Hardwick
What’s the government connection? Like private companies with their customers, governments are monitoring the behavior of their ‘customers’ and sometimes seeking to control it.
I believe that like private companies, governments can’t resist the urge to run optimization experiments. If you agree with that assertion (it’s not easy to prove), then the concept of the private sphere in legal theory isn’t just of moral importance.
The definition of the private sphere becomes data that governments aren’t allowed to collect. These barriers save them (and us) from the temptation of engaging in forms of behavioral control that, at best, provide low-margin improvements to society.
Bowers v Hardwick, the 80s SCOTUS case about anal sex in Georgia, upheld the lower court ruling 5-4. The majority opinion had lines for the ages like ‘infamous crime against nature’, ‘millennia of moral teaching’, and in my opinion worst, ‘a crime not fit to be named’. If you can’t name a crime how can you ensure due process?
My point is this is functional fixedness in action. When you’re at a local maximum, you’re pinching stale rules to try and make your society work better. A strong privacy protection makes it impossible to enforce a large class of useless laws. In the age of big data privacy is a legal problem of the same magnitude as speech, and privacy is far less protected.
(If you live in California you can help by supporting SB 21).
Secret police sometimes backfire
Some institutions choose to micromanage their people. This requires rigid control and tight feedback loops. In millennial language, it takes TMI.
Rigid top down control always backfires, and when it ends, it can be messy.
Take the case of Iran pre-revolution. The state had a security arm called SAVAK that assassinated their first director and also did bad things to a lot of other people. Solid numbers aren’t available for either organization but the ratio of SAVAK agents to Iranians in 1979 is ballpark similar to NSA agents to Americans in 2017.
In 1979, the Shah’s state wasn’t working and was going to be overthrown someday soon. SAVAK’s job was to prevent or delay that day. That meant cracking down on most forms of political assembly, except that Iran’s strong religious culture made it harder to disrupt communication within and between mosques. Khomeini used this to lead the revolution from exile.4
In a story that may be apocryphal:
… a class of religious students with undercover agents in its midst. The cleric tells his students to untie their turbans and then to tie them up again. The agents are unable to retie their turbans and are thus identified.4
When the Shah’s regime was replaced, his use of secret police meant that it was replaced with people who were the same as them except a more extreme version: more pious, more censorious.
This wasn’t an ideological overthrow, it was entirely about who was in charge. It’s trouble when your new government isn’t proposing a new social contract. Without that, what changed?
Cold War British PM Harold MacMillan had this to say about regime change:
How terrible it is that there’s some trouble in an independent country. What about our own? We murderd our king, we fought civil wars, we had the most bitter battles before we could get into a state of believing in some fair and reasonable government.5
I agree with him that there’s an element of shared belief in a working society. It doesn’t come from top-down control. It’s from bottom-up norms that are propagated because they work, because people work to maintain them.
Another secret police experiment was the Guerra Sucia in Argentina. It ended better than Iran but they’re still dealing with their equivalent of the Nuremberg trials now, this decade. If institutions need a reason not to engage in surveillance and secret policing: overthrow will happen in your lifetime and it will be messy. People have long memories for this kind of thing.
No harm, no standing
John Dewey wrote:
Rights should be valued on their social contribution. Society makes space for the individual because of the social benefits this space provides.6
His point is that rights don’t exist in a vacuum. States, in order to be willing to bind their hands, need a strong reason.
Many privacy cases start with a bang but end with a whimper, or more accurately, a finding of no harm or no standing. The highly-publicized Jewel v NSA is an example of this.
An even more interesting example is this bank breach/spam case from 02:
The “harm” at the heart of this purported class action, is that class members were merely offered products and services which they were free to decline. This does not qualify as actual harm.
The complaint does not allege any single instance where a named plaintiff or any class member suffered any actual harm due to the receipt of an unwanted telephone solicitation or a piece of junk mail.7
This is interesting to me because the harm, aside from breach of contract, is the interruption – it’s the person’s time value. It’s the same thing that’s at issue with mobile apps manipulating you into engaging with their content. Courts won’t care about this until congress does (so pick up your phone and tell them).
Digital privacy may be a new right
Some people think privacy entered American law with an 1890 paper by future Supreme Court judge Louis Brandeis and his law partner. Others think it was built into the fourth amendment from day 1. Still others think there’s no such right.
Digital communication throws privacy on its head. The ability to send an encrypted message to anyone, without using the post office and in ways that are hard to trace, is very scary to governments.
What would the framers think about HTTPS? Secret communication was in their time the province of the military and the most powerful businesses. Free assembly is one thing when you can see it happen, another when it can happen silently and instantly in every city at once.
If you’ve read this far you know I think we should encode a privacy right, that we should carve out and defend it for the digital space. But it has to be a legislative effort, because I don’t think the courts are going to cooperate.
Control must permit change
If you’ve been part of a large institution you’ll empathize with the Donnie Darko scene where Donnie struggles to explain that some categories aren’t that simple.
In theory certain kinds of basic control like traffic lights and lanes are a good thing. But there’s the story of the 42 traffic lights that went out in Beverley and traffic flowed better without them8.
Another issue is that innovation often comes from the fringes. When organizations make room for dissent and exploration, the fringes can exist inside them in a sort of uneasy truce (if it’s comfortable you’re not doing it right).
When organizations stamp out change within, the unstoppable forces of change will compromise by coming from without. In Iran it came from the most extreme segment of their population. In China, Ming was overthrown by Qing despite the Great Wall.
Privacy (or as Brandeis said ‘letting people alone’), whatever the invidual benefits, is a cheap way states can protect themselves from the urge to write too many rules.
Smith v Chase Manhattan (2002), as quoted in Solove ↩