Privacy in Context

Helen NissenbaumDepartment of Culture and

CommunicationNew York University

http://www.nyu.edu/projects/nissenbaum

Research supported by NSF-ITR Collaborative Grant: Sensitive Information in a Wired World

(PORTIA)

Traditional Model

• Private vs. Public Places• Private vs. Public Information

IT Privacy Threats• Tracking

– RFID tags, EZ Pass, online-tracking, video surveillance, DRM, etc.

• Aggregation, analysis, profilingChoicePoint, Census, Credit Bureaus, etc.

• Publication– Court records onliine

• Combinations… E.g. Warren and Brandeis, 1890

The problem…

RFID chip in U.S. Passports by mid-2005• The passport's RFID chip will contain all

personal data found on the information page of current passports, as well as a digital image of the bearer's face… an ID number and a digital signature … archived in a central government database … State Department says there is no need to encrypt the data on the RFID chip since it is identical to the data listed on the information page, and unencrypted data can be read faster using relatively simple technology. (Erin Biba, Medill News Service 3/21/05)

Puzzles

• Paradoxes: – say one thing, do another– New Media exhibitionism: Cams,

blogs, etc.

• Cultural and historical differences

Goal of work

Justificatory framework: an analytic model (or theory) for reasoning through hard cases and puzzles.

Layers of Analysis

• Bottom: Interest politics e.g. http://www.epic.org

• Top: Universal Human Rights & Values

• Middle: Social systems, institutions, cultures … contexts. E.g. Walzer’s “Sphere’s of Justice,: Bourdieu’s “fields,” Luhman’s “systems,” Raz’s “normative systems.”

Norms of Information Flow• Norms of Appropriateness

– Governing types/categories of information

• Norms of Transmission– Governing flow of information from agent to

agent • Volunteered• Inferred• Mandated• Third party confidentiality• Commercial exchange• Reciprocal vs. one-way• Dessert• Etc.

Contextual Integrity

CI is preserved when norms of appropriateness and flow are respected; it is violated otherwise.

Application HeuristicDetecting Change

A. What is the governing context?B. What type of information?C. According to what transmission

principles (flow and actors)?Red flag if CI is violated.

The Problem of Conservatism

• Opportunity Costs• Tyranny of the Normal

– e.g. Kyllo vs. United States (2001)

• Novel contexts: blogs? AIM?

Adjudicating Change Normal practice may not be norm drivenReform? When should norms be revised? – Value/goals/ends of the context (e.g. healthcare)– Moral and political considerations

• Harm (e.g. stigma, discrimination, identity theft)• Justice, power, distribution of goods (tyranny?)• Freedom, autonomy, democracy, property

Revolution? When change threatens context– Confidentiality in psychotherapy– Anonymous voting in democratic elections

http://www.nyu.edu/projects/nissenbaum