Two Paradoxes of Privacy Regulation

by on August 25, 2010 · 5 comments

As a cyber-libertarian, I’ve been lucky enough to work with people of all ideological stripes in pursuit of various public policy objectives.  I’ve made selective alliances with people on the Right on economic policy issues (like opposing Net Neutrality regulation, Internet taxes, etc) and also worked closely with folks on the Left on speech and culture issues (content controls, anonymity, online safety concerns, etc).

While engaging with with people on both sides of the political fence, I’m often struck by some of their internal inconsistencies.  Conservatives, for example, talk about a big game about personal responsibility on some issues, but quickly abandon that notion when they claim media content or online speech should be regulated by the State (typically “for the children.”)  In this essay, I’d like to discuss interesting inconsistencies on the political Left, especially among advocates of strong privacy regulation (most of whom tend to be Left-leaning in their worldview).  In particular, here are the two things I find most interesting about modern privacy advocates:

(1) Most privacy advocates are vociferous First Amendment supporters, yet they abandon their free speech values and corresponding constitutional tests when it comes to privacy regulation.  When it comes to proposals to regulate media content or online speech, most folks on the Left have a very principled, clear-cut position: people (or parents) should take responsibility for unwanted information flows in their lives (or the lives of their children). In particular, they rightly argue that the many user empowerment tools on the market (filters, monitoring software, other parental control technologies) constitute a so-called “less-restrictive means” of controlling content when compared to government regulation.

Advocacy groups that I have a great deal of respect for and work with quite closely on these issues–such as EFF, CDT and ACLU—all take this position.  Generally speaking, they argue that, when it comes to speech regulation, “household standards” (user-level controls) should trump “community standards” (government regulation). And in Court—where I frequently file joint amicus briefs with them—they repeatedly employ the “less-restrictive means” test to counter government efforts to regulate information flows.

But when it comes to privacy, they throw all this out the windowFor some reason, when the topic of debate shifts from concerns about potentially objectionable content to the free movement of personal information, personal responsibility and self-regulation become the last option, not the first.  What’s most troubling about this is the way these advocates of privacy regulation are unwittingly undermining the power of the “less-restrictive means” test, which is a vitally important barrier to greatly enhanced government control of cyberspace.  That is, when privacy advocates ignore, downplay, or denigrate user-empowerment tools, they are essentially saying self-help is the right answer in one context, but not the other.

That’s a shame because self-help tool work well in both contexts.  Indeed, I’ve spent years documenting the wide variety of user-empowerment tools on the child safety front, and more recently I have worked with colleagues at PFF to provide a similar inventory of “privacy solutions” that can help users control personal information flows.  Can privacy tools be confusing at times or difficult to set up? Yes, they can. But no more so that parental control tools.  Are privacy tools as effective as parental control tools?  I think they are actually more effective because in the case of parental controls, the person you are trying to “protect” (namely, kids) often have a stronger incentive to evade / defeat those tools.  Moreover, privacy-enhancing controls can be very effective—perhaps even too effective—at shutting down unwanted information flows.  Whether it’s ad-blocking tools, cookie controls, or encryption techniques, these tools can actually be far more effective blocks on information flows than, say, Internet filters meant to block porn or hate speech, which is also more subjective by nature.

Of course, no tool is perfect. But as the Supreme Court held in United States v. Playboy, empowerment tools need not be perfect to be preferable to government regulation. “Government cannot ban speech if targeted blocking is a feasible and effective means of furthering its compelling interests,” the Court held.  Moreover, “It is no response that voluntary blocking requires a consumer to take action, or may be inconvenient, or may not go perfectly every time.  A court should not assume a plausible, less restrictive alternative would be ineffective; and a court should not presume parents, given full information, will fail to act.”

So, then, why doesn’t the exact same principle hold for privacy regulation?  I believe it should, and because of that I get in some pretty heated fights with friends at EFF, CDT and ACLU when they abandon the user-empowerment regime on the privacy front and instead invite the government to come in and establish an information control regime.  Which leads to the second thing I find interesting about advocates or privacy regulation…

(2) Most privacy advocates bash copyright and claim it is an information control regime, yet privacy regulation would constitute a stronger information control regime by creating the equivalent of copyright law for personal information (which would, in turn, conflict mightily with the First Amendment).

While many libertarians oppose any form of copyright protection, I still find much worth praising in America’s copyright system.  Nonetheless, I do admit to my libertarian friends, as well as anti-copyright advocates on the Left, that copyright places limits on the flow of certain types of information.  After all, quite literally, copy-right deals with rights to copy information.  Of course, that’s the nature of all property rights—they foreclose and constrain alternative uses. But there’s typically a good reason for that: In the case of intangible property, it’s because we want to promote the creation of content/information in the first place.

For many copyright critics, however, this is an intolerable trade-off. Any limits on reproduction/reuse—even if those rights incentivize artistic/scientific creativity—are regarded as an unjust form of information control.  But if they believe that to be the case for copyright, why do they not feel the same of privacy rights?  After all, there are some striking similarities between the regimes.

In his new book, Skating on Stilts, Stewart Baker reminds us that the famous 1890 Brandeis and Warren Harvard Law Review essay on “The Right to Privacy“–which is like a sacred text to many modern privacy advocates–was heavily influenced by copyright law.  As Baker explains:

Brandeis wanted to extend common law copyright until it covered everything that can be recorded about an individual. The purpose was to protect the individual from all the new technologies and businesses that had suddenly made it easy to gather and disseminate personal information: “the too enterprising press, the photographer, or the possessor of any other modern device for rewording or reproducing scenes or sounds.”  […]

Brandeis thought that the way to ensure the strength of his new right to privacy was to enforce it just like state copyright law. If you don’t like the way “your” private information is distributed, you can sue  everyone who publishes it.

Incidentally, it’s important to recall that the Brandeis and Warren’s call for such a regime was essentially driven by their desire to control the press. In their article, they argued that:

The press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers. To occupy the indolent, column upon column is filled with idle gossip, which can only be procured by intrusion upon the domestic circle.

So angered were Brandeis and Warren by reports in daily papers of specifics from their own lives that they were led to conclude that:

man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.

Let’s ignore their hyperbolic claim that invasions of privacy could cause more harm than “mere bodily injury.”  No, wait, let’s not!  Seriously, can you believe men of this stature could utter such nonsense?  I’d love to hear a modern privacy advocate defend this notion and explain how, exactly, one could have greater “pain and distress” inflicted by words than “by mere bodily injury.”  That’s a doozy of a claim.  Nonetheless, they said it—in the law review article that quite literally gave birth to American privacy law.  And it only follows, then, that they would want fairly draconian controls on free speech / press rights if they felt this strongly.

Taken to the extreme, however, giving such a notion the force of law would put privacy “rights” on a direct collision course with the First Amendment and freedom of speech/communication.  As Eugene Volokh argued in a 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You“:

The difficulty is that the right to information privacy — the right to control other people’s communication of personally identifiable information about you — is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.

Indeed, how could a journalist even conduct their business in such a world? By their very nature, good reporters are nosy and disregard the privacy rights of the people and institutions they report on. But in a world where privacy “rights” trump other rights, free speech would be forced to take a back seat.

To be clear, I’m not opposed to all privacy “rights.” But as I noted in my lengthy review of Daniel Solove’s Understanding Privacy, we need to begin with a theory of rights and then figure out what privacy “harms” we are trying address/rectify.  Generally speaking, I am skeptical of most claims about harms coming from people talking about us or knowing more about us and I believe that freedom of speech / communications should trump such rights claims. But that’s because I subscribe to a libertarian theory of rights/justice that–as the name implies–places human liberty at the core of that theory of rights.  If liberty isn’t your cup of tea, I can see how “privacy” might be viewed as co-equal in your theory of rights.  Nonetheless, I would hope such people would acknowledge that, at the end of the day, such a theory requires trade-offs and that, much like making an allowance for copyright in a libertarian system, information flows might be limited by these assertion of privacy rights.   What I’m asserting here, however, is that privacy regulation would entail far greater restrictions on liberty–especially freedom of speech/communication–than copyright law. After all, as Volokh notes, we are talking about “a right to have the government stop people from speaking about you.”

Addendum: I failed to mention that my fellow TLF blogger Tom Bell has said all of this much more elloquently in his 2001 Cato white paper, “Internet Privacy and Self-Regulation: Lessons from the Porn Wars.”

Previous post:

Next post: