Book Review: Understanding Privacy

Big Brother is watching you. If you’ve been watching the news lately, you may be feeling nostalgic for some good old-fashioned doublethink, that Orwellian power of holding two contradictory beliefs in your mind simultaneously and accepting both of them: Who controls the past controls the future. Who controls the present controls the past. Freedom is slavery. And of course: The best books… are those that tell you what you know already.

These days, everyone seems to know an awful lot about big data, so it’s hardly a surprise that in the big data age, concerns about Big Brother become more prominent—and more profound. Since the publication of Orwell’s Nineteen Eighty-Four some 70 years ago, we’ve seen more colors added to the chameleon of his archetypal all-seeing eye. We recognize Big Brother in the guise of social media superpowers, credit information conglomerates, government systems, and even—if claims against Kaspersky Lab are to be believed—security companies.

But while Big Brother has remained relatively easy to detect, its counterpoint—privacy—has stayed quietly elusive. It is both everywhere and nowhere. Privacy has remained in a conceptual jungle (P.196), a moving target that is hard to define in absolute terms, difficult to legislate, and challenging to assign values to. Yet these are the very aims of Daniel J. Solove’s seminal text, Understanding Privacy.

Solove, a professor at George Washington University Law School, published his book a decade ago, before the watershed privacy incidents—like the Snowden revelations, the Office of Personnel Management (OPM) hack, and the Equifax breach—occurred. The lessons imparted in Understanding Privacy not only presage those moments, but they also lay bare how much work is still needed to address shortcomings in our collective understanding of privacy as reflected both in policy making and in responsible corporate risk management. After taking another look at Solove’s book, it’s abundantly clear that we just don’t get it.

Delving Into the Philosophical Core of Privacy

But it’s not for lack of trying. In the early chapters, Solove discusses six historical attempts to establish top-down, universal, conceptual approaches to privacy. The six vignettes constitute individual efforts to get at the philosophical core of privacy and find a common denominator among various privacy rights that include the right to be left alone, limited access to the self, secrecy, control over personal information, personhood, and intimacy.

Although Solove finds each of these rights wanting as proxy vehicles for understanding privacy, he nevertheless acknowledges that aspects of all of them have already been enshrined in United Nations doctrine, landmark U.S. Supreme Court decisions, U.S. and European tort law, congressional legislation, and company and agency privacy policies. Standing alone, each right is subject to criticism from Solove from being overly broad, overly narrow, overly vague, or some combination of the three.

Instead of offering a traditional or absolutist concept of privacy and attempting his own description of its essence, Solove rejects the notion that such descriptions are even possible to conceive. Borrowing from Wittgenstein and Dewey, Solove posits a theory of privacy that builds from the bottom up as a “set of protections against a related cluster of problems” (P.40). He takes from Wittgenstein the idea of “family resemblances,” wherein meaning comes from “the way a word is used in language, not from any inherent connection between the word and what it signifies” (P.42).

Privacy, then, refers to a number of different concerns that all resemble one another but that are not exactly the same. From Dewey and the pragmatists, he promotes the idea that “knowledge originates through experience” (P.47) and focuses on the “relationships in which information is transferred and the uses to which information is put,” all of which differ in their level of intimacy, expectations of confidentiality, and power dynamics (P.48). In other words, we’ll know privacy when we see it.

Navigating the Changing Terrain of Privacy

Charting the conceptual territory of privacy means, for Solove, acknowledging that the terrain changes over time and even incorporates the aspirational intent of society (P.65), however tricky that may be to define. The cartography metaphor is one that Solove uses frequently in Understanding Privacy, and to great effect. Midway through the book, after stating that privacy is protection from “a web of interconnected problems that disrupt specific activities,” he goes into great detail mapping the topography of that web (P.77).

Through this metaphor and the explication of a multitude of privacy problems, Solove goes on to define the contours of the privacy landscape and begins to determine privacy’s value. He does so with the same approach used to define the privacy concept itself—not in the abstract, but contextually in terms of its practical consequences (P.87). This is where Solove shifts form a more theoretical and philosophical approach to a truly insightful diagnosis of society’s failure to recognize the value of privacy by way of the harms imposed by each of the problems he enumerates.

He notes that the value of privacy is too often framed in individualistic terms, a falsity that leads to privacy’s undervalued status. In the case of the 2015 San Bernardino shooter for example, which occurred after the book’s publication, Solove might argue that the rights of the shooter to preserve the encrypted state of his iPhone are unfairly held by the media and law enforcement as standing alone against the rights of the public to be secure from domestic terrorism. When security interests are balanced against privacy interests and the latter is framed in terms of individual rights, security wins time and again. But Solove doesn’t accept the premise.

Indeed, he argues convincingly that the value of privacy should be assessed not on individual rights but “on the basis of [privacy’s] contributions to society” (P.91). Privacy shields both individuals and society from intrusions into important activities that affect us all. What benefits the individual benefits the group. Intrusions that harm the individual also harm society.

Solove then breaks those intrusions into four categories: information collection, information processing, information dissemination, and invasion. It is in the methodical and detailed unpacking of these four problems that Understanding Privacy presents its greatest value. We are given an exhaustive understanding and taxonomy of surveillance, interrogation, aggregation, identification, insecurity, secondary use of data, exclusion from decision-making, breach of confidentiality, disclosure, exposure, increased accessibility, blackmail, appropriation, distortion, intrusion, and decisional interference.

Solove ticks off these harms, brought not just from activities that result in an invasion of privacy, but from activities that merely threaten such an invasion. He calls out events like the huge (and hugely damaging) hacks of the first decade of the millennium, where the harm is plain to see, in addition to more oblique privacy damage in the form of glitches, security lapses, abuses, and illicit uses of personal information that create the risk of downstream harm—what Solove dubs “insecurity”—where individuals and companies are left in a weakened, vulnerable state, waiting for the proverbial shoe to drop (P.127).

Government vs. Society: Do We Have a Right to Anonymity?  

At the heart of many privacy problems (and, conversely, their values) described in the book lies the uneven power dynamic between an organization and an individual, between government and society. Solove writes of the harms resulting from aggregation of data (i.e., the big data hoovering that we largely consent to whether we realize it or not) over which we as individuals have no control. Once out of our hands, this data can be distorted or used in ways we cannot anticipate but that may still tie to our identities and thus affect our ability to change and “prevent [our] self-development by tying [us] to a past from which [we] want to escape” or in which we wish to remain anonymous (P.124).

The rather frustrating irony reached at the conclusion of Understanding Privacy is that while Solove clearly recognizes the damage that results from privacy impingement (to wit: financial loss, property harm, reputational harm, emotional and psychological harm, relationship harm, vulnerability harm, chilling effects, and power imbalances), the courts by and large do not—he remarks that even the fourth amendment to the U.S. Constitution “fails to recognize breach of confidentiality as a harm” (P.139).

Most courts, Solove asserts, want to see demonstrable harm done when privacy is imperiled, and many of the privacy troubles he rightly identifies are difficult to recognize and quantify as such—which helps explain why it has been difficult for those affected to seek redress and remedy in the courts. A case in point is the OPM breach referenced above, where the personal information of tens of millions of Americans who held or applied for security clearances was stolen. Although enough information was stolen to facilitate identity theft en masse, evidence of such widespread theft hasn’t surfaced (yet), and therefore the individual harm has been difficult to demonstrate. In that case, as in many others, it may be years before the kind of proof of harm courts recognize materializes.

In other words, when it comes to matters of technology, data, and information security, the law is frequently playing catch-up, so it’s no surprise that Solove finds much room for improvement. In the meantime, Solove does well to ring the alarm bell and draw our attention to the invisible harm we currently endure. He names the erosion of trust between individuals and the companies they do business with and the deterioration of personal dignity as our digital dossiers take on lives of their own and become alien to us.

Most of all, Understanding Privacy educates us about the crime of indifference we all commit when we click “I Agree” on interminably long and complex terms of service and privacy policy  notifications that pop up online without caring about or even fully understanding the consequences; when we yield power to social media giants and government organizations without a second thought; and when we shrug off the effort to understand what privacy is to begin with and why it should matter to all of us so that we can, with a final nod to Orwell, meet in the place where there is no darkness.

About Daniel J. Solove

Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School and an internationally-known expert in privacy law. He is the founder of TeachPrivacy, a company that provides privacy and data security training.

A graduate of Yale Law School, he clerked for Judge Stanley Sporkin, U.S. District Court for the District of Columbia and Judge Pamela Ann Rymer, U.S. Court of Appeals for the 9th Circuit.

Solove is also the author of 10 books, including the leading textbook on information privacy law. He has published with Harvard University Press and Yale University Press, among others, and his books have been translated into many languages.

You can find him online at http://danielsolove.com, or follow him on LinkedIn.

Understanding Privacy by Daniel J. Solove was published by Harvard University Press in 2008.
You can find the latest edition on Amazon HERE.
Chapter One is available to read and download HERE (PDF).