Title Page Previous Next | Theories of surveillance and privacy
2.1. Threats to privacy / dangers of surveillance
2.2. The concept of privacy
2.2.1. Attempts to define 'privacy'
Values underlying or associated with privacy
2.2.2. Privacy in liberal-democratic theory
2.3. Positions sceptical of privacy and privacy law
2.3.1. Privacy as economic inefficiency
Less sophisticated variants
2.3.2. Technological defeatism / dystopianism
Technological counter-surveillance
2.3.3. Technological optimists - 'PET lovers'
2.3.4 Property rights approaches
2.3.5 'Private orderings' - leave privacy to contract
2.4. Theorists of surveillance
2.4.1. Panopticism and ‘data surveillance’ - Foucault’s influence
Foucault’s panopticism and data surveillance
Comments on ‘disciplinary society’
2.4.2. James Rule’s analysis of surveillance and social control
The ‘efficiency criterion’ - how do privacy laws control surveillance?
2.4.3. The techniques of ‘Dataveillance’ - Roger Clarke’s analysis

2. Theories of surveillance and privacy

Graham Greenleaf, 2001, last amended 1 August 2005
[Reading Guide for Privacy & Surveillance course - please do not cite without obtaining permission]
allprivacy00.jpg = Required reading

Objectives
The aims of this Reading Guide are to assist understanding of:

2.1. Threats to privacy / dangers of surveillance

Perhaps the most direct approach to an understanding of 'privacy' is to ask which acts and practices of governments and companies people consider are the most important threats to privacy.
What types of interferences with privacy concern informed observers at the turn of the 21st century? What forms of surveillance of our activities are regarded as the most objectionable?
How do we classify the particular activities that we regard threatening or objectionable?
Of course, just because something is threatening or objectionable does not mean there should be a law against it.
allprivacy00.jpg Read at least one of the following surveys of dangers to privacy (listed from briefest to lengthiest), and construct your own list of dangers.
Froomkin questions whether:
In light of the rapid growth of privacy-destroying technologies, it is increasingly unclear whether informational privacy can be protected at a bearable cost, or whether we are approaching an era of zero informational privacy, a world of what Roger Clarke calls "dataveillance."

2.2. The concept of privacy

2.2.1. Attempts to define 'privacy'

Is it possible to start with a definition of 'privacy' which may serve as the basis for a legal right?
The following approaches all assume the high value given to privacy in liberal-democratic theory, but put forward many different approaches to how it should be defined. As Colin Bennet says 'For the most part... the political theorization about privacy has operated within the basic liberal paradigm.'


Values underlying or associated with privacy

If 'privacy' is not itself easily defined, we may need to consider other values that we hold and which provide part of the justification for what we conveniently describe as 'protection of privacy'.
Here are some possible candidates as underlying values:


2.2.2. Privacy in liberal-democratic theory

2.3. Positions sceptical of privacy and privacy law

Not everyone supports attempts to protect privacy by law and/or to limit surveillance by law. The reasons for what we might call 'privacy scepticism' vary widely, ranging from pragmatism to principles.

2.3.1. Privacy as economic inefficiency

Colin Bennett summarises Richard Posner's influential 1978 article "The Right to Privacy," Georgia Law Review 12: 393-422:
"Posner's central point was that the application of the principle of information privacy has an unfortunate corollary, namely that it allows people to conceal personal information in order to mislead and misrepresent their character. Others, including government institutions, "have a legitimate interest in unmasking the misrepresentation" "
For an insight into Posner's moral position, including on privacy, see:

Less sophisticated variants

Many businesspeople and officials put forward less sophisticated variants of this argument, arguing that business and government should be able to do whatever it needs with personal information if this enhances business or government efficiency. 'The innocent have nothing to fear' is one of refrains of this approach that maximalises business/government interests in preference to any privacy interests (while not necessarily totally disregarding privacy interests).

2.3.2. Technological defeatism / dystopianism

Many argue that, whatever the merits of privacy as a value, it is futile to attempt to protect it in the face of technological developments in surveillance. This is caricatured in the sound-bite of Sun Microsystems CEO Scott McNealy 'You have zero privacy. Get over it.'

Technological counter-surveillance

A variant of this approach is principally associated with David Brin, who proposes the 'you can't beat them so join them' solution of maximising the surveillance of all those who have control over the surveillance and control mechanisms of society - 'watching the watchers' etc.
See:

2.3.3. Technological optimists - 'PET lovers'

There are others who accept that attempts by limit surveillance/protect privacy by law are futile, but they place considerable faith in the ability of technology to allow us to protect our privacy, and in particular to automate bargaining processes in cyberspace whereby we (or our software agents) decide how much of our digital privacy to surrender in return for benefits (eg 'P3P' - the 'platform for privacy preferences'). The jargon for this is 'PETs' - 'privacy enhancing technologies' - and some of these are examined later in the course.
Advocates of PETs as privacy solutions are particularly numerous in the USA, partly (in my view) because of the near-impossibility of comprehensive data protection law being enacted in the USA due to the effect of the First Amendment to the US Constitution.
This approach is sometimes coupled (in those with confidence in business intentions) in an emphasis on the value of self-regulation by business.
See:

2.3.4 Property rights approaches

Pamela Samuelson Privacy As Intellectual Property? (1999) provides one of the most detailed and cautious arguments in favour of a developing privacy as a property right (a new form of intellectual property) rather than along the European/Asia-Pacific lines of information privacy legislation. The article cites many other authors (mainly American) supporting a property rights approach.

2.3.5 'Private orderings' - leave privacy to contract

A more extreme approach is that privacy protection is best left to individual contracts. See Samuelson (1999) for a discussion of this position as well.

2.4. Theorists of surveillance

It is just as important to understand theories of surveillance as it is to understand justifications and definitions of privacy.
allprivacy00.jpg Colin Bennett IV. Privacy And The Politics Of Surveillance in The Political Economy of Privacy: A Review of the Literature (Center for Social and Legal Research, DOE Human GenomeProject, 1995) commences this survey of the literature of surveillance by explaining:
Some scholars have argued that the contemporary problem confronting advanced industrial states can only be imperfectly addressed and resolved if it is defined in terms of "privacy." Rather the problem is surveillance, or excessive and illegitimate surveillance. "Rather late in the day," David Lyon argues (1994: 219), "sociology started to recognise surveillance as a central dimension of modernity, an institution in its own right, not reducible to capitalism, the nation-state or even bureaucracy."
This section surveys some theoretical approaches to the nature of surveillance, particularly in relation to information surveillance. Bennett's survey is an excellent starting point.

2.4.1. Panopticism and ‘data surveillance’ - Foucault’s influence

Michel Foucault’s Discipline and Punish - The Birth of the Prison , Peregrine, 1975, is famous for its analysis of ‘discipline’ as a ‘technology of power’, and for its analysis of the mechanisms of ‘discipline’. .
Although Foucault wrote well after information technology became commonplace, he never mentions computers (or, for that matter, the twentieth century). Nevertheless, many of his insights seem very useful in analysing the way in which surveillance may operate in cyberspace. The article by James Boyle referred to below takes this approach .
Foucault’s central model of physical surveillance was Jeremy Bentham’s model prison, the Panopticon. (The only attempt to build a Panopticon took place in Sydney, at the original Sydney jail, according to Bruce Kercher of Macquarie Law School.) Take a tour of a virtual reality model of a Panopticon.
allprivacy00.jpg David Lyon From Big Brother to Electronic Panopticon (Chapter Four of David Lyon's The Electronic Eye: The Rise of Surveillance Society, Minneapolis: University of Minnesota Press, 1994 : 57-80) Canadian sociologist David Lyon surveys the history of theories of surveillance with emphasis on George Orwell’s vision in 1984, and Foucault’s interpretation of Bentham’s Panopticon
Read these sections:

Foucault’s panopticism and data surveillance

Lyon asks 'In what ways, and in what contexts, might electronic surveillance display panoptic features?'. One starting point is to ask ‘to what extent does Foucault’s model of the physical panopticon have parallels in the use of information for surveillance?’. Other ways we could ask this question are ‘Is data surveillance a ‘de-spatialised panopticon’? or (to take a more precise example) ‘Is cyberspace a 'panoptic space'?’. Here is one possible set of parallels.
Foucault’s physical panoptic space
Data surveillance
spatial unities
similar transactions
visibility
information
avoid ‘howling masses’
avoid an anonymous public
separated individualities
client histories
power independent. of operator
ditto (programs operate automatically)
power visible
constant taking of details
power unverifiable
random checking of details
no necessity for force
no necessity for legal coercion
self restraint by clientele
ditto
possible to measure differences
individual histories available
reform and training
rehabilitation and monitoring
democratic control / inspections
‘efficient’ data protection laws

Comments on ‘disciplinary society’

Some comments on Foucault's ‘disciplinary society’ as analysed in Discipline & Punish (GG):
allprivacy00.jpg James Boyle "Foucault In Cyberspace: Surveillance, Sovereignty, and Hard-Wired Censors" (pre-publication version) - Boyle’s paper is a valuable general analysis of the relationship between law and cyberspace and the centrality of ‘surveillance’ (in Foucault’s sense) to this relationship. Part I ’The Internet Trinity’ and Part II ‘Foucault & the Jurisprudence of Digital Libertarianism’ should be read now .

2.4.2. James Rule’s analysis of surveillance and social control

Written contemporaneously with Discipline and Punish, but completely unrelated to it, the work of American sociologist Rule in Private Lives & Public Surveillance, New York, Schocken, 1974, provided the first important analysis of the way in which modern information systems are used for social control. This work was later summarised in James Rule et al The Politics of Privacy , Elsevier Books, 1980
allprivacy00.jpg Colin Bennett Chapter IV. Privacy and The Politics of Surveillance of The Political Economy of Privacy: A Review of the Literature (see above) provides a useful summary of some of Rule's work.
Some of the points Rule makes include:

The ‘efficiency criterion’ - how do privacy laws control surveillance?

James Rule et al in The Politics of Privacy , Elsevier Books, 1980 identified what he called an ‘emergent consensus’ in the way in which the first generation of information privacy laws in Europe and the USA in the 1970s went about regulating surveillance. (The relevant extracts pgs 7-14 of the 1996 Course Materials #6, at the Law Library desk.) Rule identified an ‘emergent consensus‘ in the development of early data protection laws in the US and Europe in the 1970's, arising (he thinks) because of the lack of any frontal public confrontation with surveillance systems. Rule identified four characteristics of the ‘efficiency criterion’ in privacy protection legislation, which would legitimise increases in surveillance while ostensibly protecting privacy. In essence, Rule argued that these laws rarely attempted to limit the spread of information surveillance, they merely attempted to make surveillance mechanisms operate more ‘fairly’.
allprivacy00.jpg Graham Greenleaf Stopping surveillance: Beyond 'efficiency' and the OECD 3 PLPR 148 - This article explains the ‘efficiency criterion’, and takes Rule’s approach as the starting point for a critical analysis of development’s in international privacy regulation since the 1970s, including the OECD privacy Guidelines, the Canadian Standards Association’s Model Code and the EU privacy Directive (all of which are discussed later), and the Australian Privacy Charter. Read the introductory parts now, and the materials relating to the specific international instruments when needed.

2.4.3. The techniques of ‘Dataveillance’ - Roger Clarke’s analysis

Closer to home, Roger Clarke has made a significant international contribution to analysis of the techniques of data surveillance - or ‘dataveillance’ as he called it. Although this paper by Clarke predates the significance of the Internet for surveillance (1988) its analysis of the forms of dataveillance remains valuable.
Clarke’s 'Information Technology and Dataveillance' Comm. ACM 31,5, 1988 (Re-published in C. Dunlop and R. Kling (Eds.), 'Controversies in Computing', Academic Press, 1991.) is his most significant article on the topic, but many more can be found on his DATA SURVEILLANCE and INFORMATION PRIVACY pages.
Elements of Clarke’s analysis include: