What the Exactis Data Breach of 340 Million Records Tells Us About Privacy.


In part 1 last week I outlined how privacy is dead primarily based on failed attempts to define privacy particularly in the US.  Privacy is dead is that we can’t agree on what we mean by “privacy” generally, and “private information” in particular.  We can’t agree on who “owns” that information, and what rights individuals and entities have to collect, store, process or use that information.  And we got here because US privacy laws are inherently reactive. But if history is an indicator, it will return because privacy defines who we are.

Part 2 of 2    

Privacy is dead because we don’t know what privacy is, and we don’t know what privacy means.  The City of Orlando recently terminated (well, allowed to end) an agreement https://www.npr.org/2018/06/26/623545591/orlando-police-end-test-of-amazons-real-time-facial-rekognition-system with Amazon for the deployment (well, testing) of a sophisticated facial recognition software program called Rekognition (because privacy invading tools always sound better when vaguely Germanicized, right?).   While the software was being tested in a closed system with police volunteers, it raises the specter of collecting, storing and analyzing information about tens of millions of people who are doing nothing more sinister than going about their lives.  Before any such system is deployed or used (or even tested) there should be vigorous and public debate about the capabilities of the system, what data is collected, how it is stored, how it is used, and who has access to it.  And even after such debate, we should err on the side of protecting privacy.  Because once privacy is given up, it cannot be reacquired.  I recall in 1993 watching the movie “A Bronx Tale” (yes, it was a movie before it was a play) in a movie theater in Manhattan, when a series of commercials appeared before the trailers.  The audience actively booed the screen.  It was unthinkable!  Ah.  Quainter times.

Privacy is dead because we can’t protect what we can’t define.  Privacy is dead because there’s more money to be made by using data than by protecting it.  Privacy is dead because people act like they don’t care about privacy (although they say something different.)  Privacy is dead because the political constituency for privacy has to fight against the political constituency for privacy invading technologies.  Privacy is dead because it is assumed (incorrectly) to be a barrier to law enforcement.  Privacy is dead because it is costly to implement.  Privacy is dead because we want to share information with the world about who we are and what we do.

But it will be back.  It will return because privacy defines who we are.  It will return because its extinguishment contributes to the coarseness of society.  What future Justice Louis Brandeis and Samuel Warren described http://www.cs.cornell.edu/~shmat/courses/cs5436/warren-brandeis.pdf as  “unseemly gossip” which, when harvested, “becomes the seed of more, and in direct proportion to its circulation, results in a lowering of social standards and of morality.  Even gossip apparently harmless, when widely and persistently circulated, is potent for evil.  It both belittles and perverts.  It belittles by inverting the relative importance of things, thus dwarfing the thoughts and aspirations of a people.”   And that was 128 years ago.

So privacy is dead.  Long live privacy.