2.7: Privacy Please

Transcript
Subscribe
All Trailblazers Podcasts
Privacy is an American norm, but did you know it wasn’t an American law until 1977? The war to protect our image, our data and our humanity rages as hot as ever – now more digital than ever. In this episode, we’ll take a look at the mechanisms in place that preserve our autonomy.

All the news that’s not fit to print.

Privacy may be an American norm, but did you know it wasn’t written into U.S. law until 1977? Yes, until then, there was no legal way to protect yourself from the world finding out everything about you – if they chose to. This was often problematic with regards to slander and libel, as newspapers could print salacious details about your life without your consent. Samuel Warren fought this in the 1880s and 1890s, as gossip columnists began to take over the op-ed pages.

Digital problems meet analog solutions.

As privacy was baked into legality with respect to analog concerns, a digital revolution was in its mere infancy. Sure, no one could legally steal your identity, invade your private space without your consent, defame your dignity nor publish private facts, but with the way television, blogging and social media proliferated during the age of the Internet and smartphones – and with everyone now having journalistic capacity to some degree – how could law ever keep up with all the privacy breaches without needing to be rewritten or reinforced?

Protecting data means protecting dignity.

As we’ve found from recent data breaches at Equifax and Yahoo – breeches that compromised the personal information of hundreds of millions of people – we’ve reached an era in which data can be bought and sold, hacked and marketed, on an industrial scale without the consent or awareness of the person to whom that information belongs to. Data ethicists, politicians and activists are doing their best to keep up with the changing times, but have we reached a point where it’s too late? The answer to that question may be the best kept secret we have left.

“People are interested in having human autonomy, and that won’t die anytime soon, because there’s something in our human spirit that wants that. What we call privacy facilitates that. It’s the ability to make the choices in our lives, and not be bounded unfairly or by other information.”

PAM DIXON, FOUNDER, WORLD PRIVACY FORUM

What you’ll hear in this episode

  • How a beaten reverend paved the way to a guaranteed (in some cases) right to privacy
  • The guy who literally wrote the book on privacy in the US
  • Why you legally can’t read someone else’s mail
  • The analog origins of encryption
  • What makes the 1890 census so important?
  • One man’s war on gossip columns takes a startling and meaningful turn
  • The right to privacy was only guaranteed by US law in 1977
  • Misappropriation, intrusion into seclusion, defamation, publication of private facts
  • Privacy: Now a matter of preserving humanity, dignity and free will
  • The curious case of Gawker and Hulk Hogan
  • What to do when private companies know all too much about us
  • The burgeoning field of data ethics
  • Autonomous cars and the blurring of the lines between personal and universal while in transit
  • Equifax
  • Peak indifference and the point of no return
  • The GDPR, the EU’s line in the sand on data protection
  • Is privacy dead?

Guest List

  • Frederick Lane Is an attorney, educational consultant, and the author of American Privacy: The 400-Year History of Our Most Contested Right. He is a nationally-recognized expert in personal privacy.
  • Cory Doctorow Is an author, activist and co-editor of boingboing.net. He works for the Electronic Frontier Foundation, is a MIT Media Lab Research Affiliate and co-founded the UK Open Rights Group.
  • Pam Dixon Is the founder and executive director of the World Privacy Forum. An author and researcher, she has written influential studies in the area of data protection, identity, and privacy.
  • Lauren Smith Is Policy Counsel at the Future of Privacy Forum, where she focuses on big data and the Internet of Things related to connected cars, algorithmic decision-making, and drones.
  • Amy Gajda Is a professor of Law at Tulane University Law School and the author of The First Amendment Bubble: How Privacy and Paparazzi Threaten a Free Press.

[MUSIC PLAYING] WALTER ISAACSON: Let’s begin with a story. It’s not a very edifying story, but it’s true. And there’s an important lesson to be learned from it.

On September 19, 1800, the “York Gazette” of York, Pennsylvania published a shocking report concerning the local clergyman, a man named Reverend William Runkle. According to the article the reverend, while working in Virginia a few years earlier, had become enamored with one of his parishioners. The big problem for the reverend, though, was that this particular parishioner was married.

[MUSIC PLAYING]

In order to get the woman’s husband out of the picture, he counseled the couple that it would be in their best interest if they no longer shared the same bed. And with the husband now safely out of the way, Reverend Runkle made his move. Late one night, he skulked into the bedroom where the woman lay sleeping. Little did he know, though, he had just walked into a trap.

The couple had become suspicious of the reverend’s true motives. And moments after he entered the sleeping woman’s bedroom, the husband walked in as well, who then proceeded to give the reverend a severe beating.

[GRUNTING]

[MUSIC PLAYING]

When all of this got reported by the “York Gazette,” Reverend Runkle was furious at the prospect of having this ugly incident from his past revisited. So he sued the paper for libel– not on the grounds that the story was untrue. Even the reverend conceded that it was accurate– but because what happened that night was nobody’s business, and its publication had damaged his reputation.

A lengthy trial ensued with more than 40 witnesses. The lawyers for the newspaper were likely feeling pretty confident of victory. After all, freedom of the press was guaranteed right there in the First Amendment of the Constitution.

But in April 1803, the state supreme court ruled in favor of Reverend Runkle. In this case, the court decided, the article was clearly intended to cause emotional harm to the reverend by damaging his reputation, which the court described as the choicest jewel we enjoy. Protecting that jewel was considered more important than the public’s right to know what kind of man Reverend Runkle was. It didn’t matter that his reputation probably deserved to be tarnished or that the ruling restricted the right of a free press to publish the truth. The reverend was awarded damages plus costs, a cash payout of exactly $8.

Two things are worth noting about this ruling. First, it asserted a legal right to privacy more than 100 years before that right was actually enshrined in American law. And second, it shows just how deeply rooted in the American mind is the idea that a citizen has a right to keep certain information about themselves private.

Fast forward to today and Reverend Runkle would likely meet a different fate. As a public figure, his right to privacy would probably have been considered more limited than that of an ordinary citizen. And the “York Gazette” might have won a Pulitzer Prize for exposing his past wrongdoing.

Today, very little escapes the prying eye of the web. Privacy is often seen as a casualty of the digital age. Privacy is dead some of the lords of Silicon Valley have proclaimed, but if it is it’s clearly not going quietly. I’m Walter Isaacson, and you’re listening to “Trailblazers,” an original podcast from Dell Technologies.

[SIREN]

[MUSIC PLAYING]

MAN: It’s a secret. And the last time I told you one you told your mother, and your mother told me that you told her the secret I told you not to tell me.

MAN: Watching, listening.

MAN: Get more information.

MAN: I can’t tell you why.

MAN: Well, it’s kind of a secret.

GIRL: Cross my heart. I won’t say a word.

WALTER ISAACSON: Of course Reverend Runkle was hardly the first American to fight for his right to privacy. It’s a struggle that goes back well before the birth of the republic. Frederick Lane is the author of the book “American Privacy, The 400-Year History of our Most Contested Right.”

FREDERICK LANE: When you take a look at the way in which this country was founded and the legal principles that emerged, I think you see very clearly that a significant motivating factor for our founding fathers and really for much of the colonies was this idea of privacy, of being free from unreasonable search and seizure by the crown.

WALTER ISAACSON: Some of the earliest battles over privacy were actually directed at the postal system and the right to send correspondence through the mail without it being read by anyone else. It’s a struggle that went all the way back to 1624. That’s when William Bradford, the governor of the Plymouth Colony, followed a supply ship bound for England out to sea, boarded her, and opened the letters that the colony’s first minister had written to his associates back in England.

[MUSIC PLAYING]

FREDERICK LANE: Basically, Bradford was spying on this individual in an effort to find out what he was reporting back to people in England. So that was, you know, I think a fairly big thing to have done, but I don’t think they saw it as being particularly remarkable, in large part because the sanctity of those communications had not really been recognized in the same way.

WALTER ISAACSON: This may have been the first time that actual concern over national security was used to justify snooping on people’s mail. It would hardly be the last, but the movement to protect postal privacy was gaining momentum. In 1710, the British government passed the Post Office Act, which prohibited the opening of mail without a warrant, even by postmasters.

When Benjamin Franklin was appointed to run the colonial post office in 1753, he adopted the British law and pushed it even further. He ordered postmasters to place their mail in sealed bags and told them not to hand over mail unless the person picking it up could produce identification– Frederick Lane.

FREDERICK LANE: And he was actually the person largely responsible for making sure that mail was transmitted without being opened from point A to point B. Prior to Franklin saying this is a basic right of people sending correspondence, it was not uncommon for, you know, mail carriers to you know sit down at night in the tavern and kind of read through the mail that they were carrying, you know, oftentimes to the delight of the people who were there with them.

WALTER ISAACSON: Ensuring that things sent in the mail were kept confidential was an important step in the battle for personal privacy, but even greater challenges lay ahead. By the middle of the 19th century, Americans were using a new technology to send messages across the country and even overseas– telegrams.

[BEEPING]

Words were moving faster and farther than ever before, but there was no sealed envelope to protect those words from prying eyes. Telegraph signals could be intercepted, lines tapped. Cable operators who sent and received those telegrams were sworn to secrecy, but they could easily be paid off.

To ensure greater privacy, many businesses turned to the same solution that businesses use today– encryption. Messages already encoded in Morse code could be further encrypted with a cipher, an algorithm that turned plaintext into ciphertext.

Another potential threat to privacy at the time came every 10 years when the US government set out to gather information about its citizens. In the early years of the republic, census data was posted publicly for everyone to see. But over time, the number of questions on the census grew. And those questions became more personal, including strange-sounding questions like if the person taking the census was, and I quote, “idiotic” or “insane.”

By the time of the 1880 census, there was a $100 fine for failing to answer any of these questions. Americans did their civic duty. But in return for turning over all that information, they demanded that access to census data be severely restricted.

But there was a second problem with that census– how to process all that data. It took eight years to tabulate the result of the 1880 census by hand. The country’s population had continued to grow, and there were fears that the 1890 census might take a full decade to complete.

The solution to the problem came from a civil engineer and mathematician named Herman Hollerith. The Census Bureau had sponsored a contest looking for ways to make the counting of the census faster and more accurate. Hollerith won the contest with a suggestion that census takers enter their data on punch cards and then, using a tabulation machine that he had invented, those cards could be read, counted, and sorted electronically. Hollerith’s machine allowed the 1890 census to be completed in less than a year. Frederick Lane considers it to be a turning point in the history of American privacy.

FREDERICK LANE: The use of cards made it possible to collect, store, and tabulate data in quantities really never before contemplated. And the second main reason that I look at this as a turning point in privacy is that Mr. Hollerith went on to found a company that eventually became International Business Machines, which was then responsible for creating and selling the mainframe computers that in the 1950s began the whole concept of data mining. And the explosion in the collection of data can really be traced to that.

WALTER ISAACSON: The next new technology that posed a potential threat to Americans’ privacy was the portable camera.

[SHUTTER CLICKING]

George Eastman introduced his first camera, called the Kodak, in 1888. It used preloaded celluloid film and was inexpensive enough to appeal to the average consumer. It was also small and lightweight enough that for the first time cameras could be moved out of the photography studios and onto the streets.

That meant that people can now be photographed as they went about their daily lives. And those pictures could even show up in newspapers and magazines. It was a prospect that many Americans found quite horrifying.

[TYPING]

Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life, and numerous mechanical devices threaten to make good the prediction that what is whispered in the closet shall be proclaimed from the housetops.

[DINGING]

That’s an excerpt from an essay called “The Right to Privacy.” It appeared in the Harvard Law Review in December 1890. And it was written by two Boston law partners named Samuel Warren and Louis Brandeis.

It’s the single most important statement concerning the right to privacy in American legal history. It is the foundation upon which all privacy laws since then has been built. And it was motivated by the authors’ outrage over a new form of journalism that was taking root at the end of the 19th century in the United States.

Newspapers were competing over who could produce the most lurid headlines and publish the most sensational stories and pictures. They’d print anything if it meant selling newspaper, or so it seemed to establishment types like Samuel Warren and Louis Brandeis.

AMY GAJDA: I think that one of the reasons why Samuel Warren wanted to find a right to privacy against a too enterprising press was because he was troubled by coverage of his own family.

WALTER ISAACSON: Amy Gajda is a professor at the Tulane University Law School.

[MUSIC PLAYING]

AMY GAJDA: He had married a senator’s daughter, and that man had become Secretary of State under Grover Cleveland. And so, therefore, when this everyday Boston lawyer suddenly married into this political family, there was a lot of press interest in him and in his family. So, for example, the press covered his wedding to his wife.

So Samuel Warren’s wedding then was covered by newspapers in New York and Washington DC. And so, suddenly, he became a member of a politically-prominent family, and the press was very interested in what he was doing and in what his extended family was doing. And so, my theory is that that’s one of the reasons that the right to privacy as a law review article came to be, that Samuel Warren was really tired of what he thought was this very invasive press activity.

WALTER ISAACSON: Like Reverend Runkle nearly 100 years earlier, Warren and Brandeis were arguing for the right of citizens to establish a zone of privacy that neither the press nor their neighbors could invade. They wanted that right to be enshrined in law. It was a powerful argument, but it took years before American courts came around to accepting it. That’s because, as we’ve seen, there was no explicit right to privacy in American law at that point. And the authors’ desire to limit the power of the press to publish what it wanted could quickly run afoul of the First Amendment.

[MUSIC PLAYING]

But by the 1920s and ’30s, courts were beginning to issue rulings that reflected the position put forward by Warren and Brandeis. And in 1977, that position was formally codified into American law. It came in the form of what is known as a restatement. Lawyers and judges occasionally get together and issue opinions about various matters of law. In 1977, they turn their attention to the matter of privacy– Amy Gajda.

AMY GAJDA: The right to privacy then in 1977 was defined as four separate torts. One was something called misappropriation, which is the misuse of someone’s identity, generally in advertising. The second was something called intrusion into seclusion, which is the idea that when we are in private– for example, in a public bathroom– that others can’t peer in on us. So it’s the peeping Tom tort.

Another was called false light, which is simply like defamation, in some sense. But then to me the most important one and the one that mimics most the right to privacy law review article from 1890 is something called publication of private facts. And what it does is it suggests that individuals have the right to keep certain information private, despite the freedom of the press to report truthful information. And so, it was really in 1977 that we had this full definition for what the right to privacy means as against freedom of the press.

WALTER ISAACSON: 1977, the year that American lawyers and judges formally accepted a legal notion of privacy that had first been proposed 87 years earlier. But 1977 was also the year that Apple, RadioShack, and Commodore all introduced mass market personal computers. And two computer geeks named Dennis Hayes and Dale Heatherington developed the first modem for home use.

Just as the courts were figuring out how to deal with privacy in an analog world, the emerging digital world was about to pose challenges that few at the time could have contemplated. The worst fears of Samuel Warren and Louis Brandeis were about to be realized. What was whispered in the closets would now truly be proclaimed from the housetops and everywhere else.

Remember how Brandeis and Warren thought newspaper editors were irresponsible? Imagine how they would have felt about bloggers. The rules of privacy would have to be rewritten for the digital age. Pam Dixon is the founder and executive director of the World Privacy Forum, a nonprofit public interest research group.

PAM DIXON: I am old enough that I have watched the world move from analog to digital. And when the world first began going digital, I really did have a very lovely, idealistic notion that we could move the anti-discriminatory protections that we have in the analog world to the online world or the digital world. But that’s actually not the case.

I think that wisdom has taught me that as we have digitized the world, there are just very fundamental things that change. And there’s not a direct one-to-one correlation. We can’t just import the old rules that we’ve established for so many years about fairness, and human values, and dignity, and whatnot into the digital ecosystem.

WALTER ISAACSON: And as those rules change to conform to the digital ecosystem so too must our definition of privacy.

PAM DIXON: Privacy is not just about the right to be let alone. It really isn’t. That is a conception of privacy that is from quite a long time ago.

The world has changed so much. The way I see privacy is that privacy is really an idea of how to retain human choice, and human values, and human freedoms in a very digital age. That’s really what privacy is.

It’s not about trying to live in a different era where, you know, no one knows anything about us. That horse has left the barn, and that horse is out in the field and has had many foals. So you know – that’s an era that won’t be back anytime soon.

WALTER ISAACSON: So what are the threats to privacy in the digital age? In some ways, not much has changed since the Reverend Runkle and Samuel Warren railed against the invasion of their privacy by a press that was much too nosey for their liking. The debate over what’s in the public interest as opposed to what the public is interested in is still ongoing and will never reach a final resolution.

In the early years of the 20th century, journalists adopted codes of ethics to help them determine what should and should not be published. But those decisions will always be highly subjective and often controversial. And today, anyone can be a publisher on the web. And many of those publishers march to their own code.

But today, many would argue that the most disturbing threats to privacy come not from the press– not even the online press– but from sources that those two distinguished jurists could never have imagined. Think back to the census of 1880 when Americans first raised concern over the government finding out too much personal information about them. They wanted to make sure that access to that information was strictly limited.

Now, almost 140 years later, Americans turn over more personal data every day than any census taker could possibly ever want or need. And that data storing machine that Herman Hollerith invented now resides in the cloud, and its capacity is virtually unlimited. And the data isn’t just being collected by governments anymore, at least not directly. Most is being scooped up by private companies, the same companies we use to navigate the web, and access the internet, and shop online, and connect with our friends.

PAM DIXON: I’d like us to be able to use our technology and get the benefits and not have a downside.

WALTER ISAACSON: Pam Dixon.

PAM DIXON: And the balance really is, what are the back end rules or guidelines that companies, and businesses, and others are using to work with data? Are there practical steps and guidelines that businesses and governments can agree upon that would allow them to be able to make decisions– ethical decisions– consistently about how they’re handling data? I think this would really be helpful because as a person, as an individual, it’s absolutely not possible for a single individual or even groups of individuals to somehow protect their privacy all on their own. I mean, you just have to opt out of everything.

WALTER ISAACSON: Data protection is the new front line in the privacy war. Information about the tiniest of details is constantly being collected about us using methodology that most of us don’t ever think about. And one of the most surprising and contentious data gathering battlefields is your car.

That’s right, your car. It already collects more information about you than you may know. Since 2014, every car sold in America must contain a black box–

[BEEPING]

–a computer that records and stores crash data in the case of an accident. But many cars now also have telematics systems that can be linked to a driver’s smartphone and provide real-time data to insurance companies, who can offer cheaper rates in exchange for information on how fast you drive, how quickly you brake, how sharply you turn, and many other data points. There are already substantial privacy issues around who can access this data.

Will courts require a warrant to retrieve information stored on your cell phone? Will the Fourth Amendment restrictions on unreasonable search and seizure apply? But the real battles are still to come.

Over the next few years, self-driving cars may become a more familiar sight on our roads. These autonomous vehicles will need to collect, record, and store an enormous amount of data. And the number of companies with potential access to that data will increase substantially– everybody from the car manufacturers themselves to the companies that make the hardware and the software.

[MUSIC PLAYING]

Lauren Smith runs the Connected Cars Project at The Future of Privacy Forum in Washington DC.

LAUREN SMITH: Yeah, so we have sort of long thought of cars as these mechanical chassis that guarantee our autonomy and freedom. And that’s been enshrined in our lives as well as our laws with unique Fourth Amendment privacy rights around the car. But the reality is that cars are becoming more like computers on wheels. Data collection in a car isn’t entirely new, but there’s been a tremendous growth in the variety of data that cars generate, the volume and the connectivity of that data.

And that raises a lot of questions that we haven’t thought about in the car context before, such as who gets access to the data? Is it the car companies, insurers, law enforcement, marketers? And what is personal? What is the type of information in the car that could be linked back to an individual?

CORY DOCTOROW: Well, you know, there’s nothing intrinsic about a self-driving car that says that the data that it gathers has to be shared or who has to be shared with.

WALTER ISAACSON: Cory Doctorow wears many hats. He’s a science fiction writer, a research affiliate of the MIT Media Lab, and a consultant to the Electronic Frontier Foundation. He’s also a privacy activist and a fierce critic of companies that collect our data and then pay too little attention on how it’s stored and distributed.

CORY DOCTOROW: All of that stuff is stuff that, in theory, your computer could– you know, your car, which is a computer– could keep private and give you some control over. And so, if we had a regime in which firms had to convince you that if you shared your data it would be to your advantage, because they would use it to improve your personal safety or the safety of people you loved, then those firms would be disciplined. And if those firms had to bear the cost in the event that they over-collected the data, or they failed to adequately de-identify it, or they retained it for too long and eventually breached it, then those firms would be more cautious about what they did.

WALTER ISAACSON: It’s hard to argue with Cory Doctorow’s point that firms need to get better at handling our data. Hardly a week goes by without some company reporting a major cyber security breach. In 2017, the credit reporting agency Equifax announced that hackers had gained access to the highly sensitive personal data of 145 million Americans. That’s nearly half the country.

[MUSIC PLAYING]

CORY DOCTOROW: I think that as these breaches pile up, we get more and more of this. And, you know, I call this the race between peak indifference and the point of no return. There will come a moment– we may have even passed it– when the number of people who care about this issue only goes up, right, when the number of people who’ve had firsthand experience of the dangers of reckless data handling only starts to go up. And people, instead of being indifferent to these problems, become very concerned about it. And that point is the point at which you stop trying to explain to people why they should care about stuff and start trying to explain to people what to do about stuff. And if that point arrives after the point at which it’s too late to do something, we’re in real trouble.

WALTER ISAACSON: In the spring of 2018, the new European Union General Data Protection Regulation, or GDPR, will go into effect. It’s designed to give EU citizens more control over their personal data. And it’s not just the big, scary data that we know we want protected, like our financial and banking information, but also things that on the surface may seem smaller, things like our IP addresses, our web browsing history, or our health and biometric data.

The new regulation will impose stricter penalties on companies that allow data they’ve collected to be breached. It’s being hailed a great step forward by privacy advocates. Whether there will ever be an American version of GDPR remains to be seen.

[MUSIC PLAYING]

Americans tend to be less keen on regulatory solutions than the Europeans, but that doesn’t mean that they place less value on privacy. As we’ve seen, the right to keep private actions out of the public realm has been a core American value for more than 400 years. For Samuel Warren and Louis Brandeis, privacy meant the right to be left alone.

That’s almost impossible to achieve in the digital age. Today, privacy is more about the ability to control our personal data. And the challenges are enormous.

[MUSIC PLAYING]

I’m Walter Isaacson, and you’ve been listening to “Trailblazers,” an original podcast from Dell Technologies. Next episode, we’ll be talking about the history of fundraising, from the earliest days of passing around the hat, to the spectacle of Live Aid, to the incredible story behind the ice bucket challenge. And you can find out more information about privacy or anything we’ve talked about on the series at our website, DellTechnologies.com/trailblazers– next episode in two weeks. Thanks for listening.

[MUSIC PLAYING]