Tuesday, January 11, 2005

The Digital Person

I just finished Daniel Solove's The Digital Person: Technology and Privacy in the Information Age. Here are excerpts from my review of the book for the academic journal Ethics & Information Technology.

...Solove, an associate law professor at George Washington University Law School, argues that our common conceptualization of the privacy problem as “Big Brother” – some all-knowing, constantly vigilant government entity that regulates every aspect of our lives through constant and total surveillance – fails to account for the new threats to personal privacy in our information age. It is not the all-seeing eye of “Big Brother” that most threatens personal privacy, Solove argues, but a world that is beginning to resemble Kafka’s vision in The Trial.

In Franz Kafka’s novel The Trial, the character Joseph K. awakens one morning to discover that he is under arrest for an unspecified crime. Instead of being taken into custody, Joseph spends the remainder of the story in a futile attempt to discover the nature of the charges and his fate. Joseph finds no answer except that a vast, perplexing and bureaucratic court system has apparently assembled a detailed dossier on him, which remains secret and beyond his reach. In the end, Joseph is seized in the middle of the night and executed. The Trial captures the sense of helplessness, frustration, and vulnerability one experiences when a large bureaucratic organization has control over a vast dossier of details about one’s life.

Solove successfully applies this Kafkaesque vision to the emerging threats to personal privacy in the information age. He examines the problem of the growing accumulation of personal data through a wide range of sources and technologies such as grocery discount cards, medical databases, public records, credit card transactions, product registration postcards, web cookies, and computer spyware. Pervasive data mining and aggregation from these otherwise disparate and unconnected databases result in the creation of what Solove calls “digital dossiers,” extensive electronic profiles of an individual’s behavior and day-to-day activities similar to what condemned Joseph K. in Kafka’s tale. The emergence of digital dossiers has created a “new breed of privacy problems,” Solove argues. The new threats to privacy do not emerge from a centralized surveillance program recording our intimate secrets, but rather the accumulation and aggregation of our daily activities and habits – the minutiae of our public lives – by a vast, nameless and unseen network of organizations.

The problem, as Joseph K. discovered, is that we are almost entirely powerless against these vast bureaucracies amassing these digital dossiers and scrutinizing our lives. Solove’s comprehensive study of privacy law reveals that the legal system has failed to respond to the growing Kafkaesque threats to personal privacy. Tort laws, for example, are designed to respond to specific invasions by individual wrongdoers, a non-applicable standard since many privacy infringements have become diffuse and systematic, created not by a single perpetrator, but by a combination of agents, often without malicious intent. Similarly, the concern over digital dossiers spans the entire information economy, making the narrowly written federal statutes mostly ineffective to protect against the assortment of parties involved in the amassment of personal information. Overall, our legal protections against privacy infringements remain rooted in Orwellian conceptions of privacy – the surveillance of intimate secrets through overt invasions of privacy.

Solove prescribes a new architecture of legal protections to regulate the relationship between government, commerce, and individuals. Instead of pursuing more legislation following the “Big Brother” paradigm, he argues for the creation of laws that regulate what types of public and private information can be collected and processed by organizations, how the information must be secured, and how information flow between entities should be limited. “The process toward developing an appropriate architecture should begin,” he argues, “by regulating both the government’s acquisition of personal data and its downstream uses of it.” Through the establishment of such “mechanisms of oversight,” Solove’s proposed legal architecture acknowledges a Kafkaesque vision of privacy by alleviating the feelings powerlessness, uncertainty and unease many individuals share with Joseph K. in our information age.

Solove’s focus on legal prescriptions is appropriate, but not exhaustive. His call for new architecture needs to be expanded beyond the law to include the technology itself. How a technology is designed will affect the freedoms and control the system enables; technological architecture engenders threats to privacy – and our ability to protect against such threats – as much as the legal architecture surrounding it. Solove understands how changes in information technology has brought about many of the Kafkaesque threats to personal privacy, but he appears to accept our current technological environment as given and inescapable – little is said about how things could be different. Technologies which threaten privacy – such as web cookies or automated toll systems – were designed a particular way, and it is not necessary that their future design and implementation remain threatening. Calling for shifts in the technological architecture, in concert with Solove’s proposal for a more robust legal architecture, would best protect us from Kafka’s dark vision....

[See Bruce Shneier's comments]

[Thanks to Prof. Solove for correcting my use of the adjective "Kafkian" instead of the preferred "Kafkaesque."]

Technorati tag: