23 May 1999. Thanks to Dan Geer senior strategist, CertCo.

[Remarks at the Smart Card Forum Symposium, "Enabling Privacy in a Virtual World"]

Privacy in the Real World

Smart Card Forum

Washington, D.C.

20 May 99

Dan Geer

Thank you for that introduction.

It is timely that we speak of privacy in the real world.

Privacy is the boundary condition between rights and privileges, a boundary evidently in dispute everywhere and forever.

If privacy is "The right to be left alone -- the most comprehensive of rights, and the right most valued by civilized men" [Brandeis] then its sanctity serves as a barometer on our civilization.

Because privacy is definitionally "the state of being free from unsanctioned intrusion" [AHD] it begs the question of by whose sanction intrusions may occur, if not merely by force.

As much as "Civilization is the process of setting man free from men," [Rand] privacy is its coin.

Privacy, beyond all other endowments, is the one more blessed to give than to receive as, save for love and water, privacy is the only gift that can be exchanged across any of humankind's divides.

Because privacy tolerates our differences with "Ain't nobody's business but your own" it creates us equal in ways nothing else can ever hope to do.

That "Philosophical and legal analysis has often identified privacy as a precondition for the development of a coherent self" [Agre] one must conclude that it is a mortal peril to give up privacy.

As "Privacy is the power to selectively reveal oneself to the world" [Hughes] in choosing what to reveal, however idiosyncratically, we demonstrate our liberty.

Yes, it is timely that we speak, that we speak plainly, that we in fact speak extremely for "Extremism in the defense of liberty is no vice." [BaH2O]

It is said that the wonderful thing about a small town is that you know everyone while the terrible thing about a small town is that they all know you.  Indeed, a coherent if nostalgic argument for a "transparent society" can be made, one where there are no secrets, where there is no privacy, where everyone knows everyone else's business, where unsolved crime is very nearly impossible, where neither need nor triumph is invisible, a place where everything that is not self-incriminating is therefore public.  Even were you able to craft the consensus that we all would each tell each other the contents of our hearts while leaving our cameras on at all times, I'm afraid that in such a utopian society you would soon find some were more equal than others.  In short, I reject the one extreme, that of glass houses for us all.

I have come to the conclusion that in all things it is bigness that is the enemy, neither ideology nor biology nor theology but bigness.  Big business, big government, big labor, big money, big crime, big media, big religion -- it is their bigness alone that predisposes them to predatory behavior.

The two economists Adam Smith and Ronald Coase described the nature of our economic interactions -- Smith with his millenial ideal of small producers trading amongst themselves in the mutual self-interest of wealth maximization, and Coase with his explanation of why the millenium does not arrive.  In particular, Coase observed that economically viable firms expand until intra-firm coordination costs exceed inter-firm transaction costs.  Putting it in biologic analogy, cells grow until their surface to volume ratio crosses a survivability threshold.  Despite the starry enthusiasm of many Internet devotees, it is now unarguably clear that although the Internet does spectacularly lower transaction costs, it lowers coordination costs more.  Any reading of the newspaper will show you that the Internet is driving the greatest economic concentration in world history -- the outscale prices of "Internet stocks" do not represent wealth creation, they represent wealth redistribution.

It is precisely this side effect of the global concentration of the control of wealth and economic power that must be the foundation of our thinking about privacy.  As the ever prescient Phil Agre put it,

The global integration of the economy is ... commonly held to decentralize political power by preventing governments from taking actions that can be reversed through cross-border arbitrage. But political power is becoming centralized in equally important ways: the power of national governments is not so much disappearing as shifting to a haphazard collection of undemocratic and nontransparent global treaty organizations, and the power to influence these organizations is likewise concentrating in the ever-fewer global firms.  These observations are not pleasant or fashionable, but they are nonetheless true.

If the reason I reject the transparent society is that I acknowledge my inability to sufficiently police its stronger members, then the most important thing I can do is to protect my privacy and, frankly, at all costs.  The loss of privacy is irreversible for information is never un-revealed.  Privacy is therefore the paragon of Hume's conjecture: Few liberties are lost all at once.  In the face of the snow-balling bigness of the institutions of globalized human life, we must reserve privacy rights explicitly so that we may misrepresent ourselves to those against whom we have no other defense, against those for whom our name is but a label on data collected without our consent.

Consider your own life.  Perhaps there is indeed no one fact about you that you wouldn't good-naturedly share with this audience if I asked you politely.  But by the time I got to twenty questions, few of you would still think this an amusing parlor game.  The risk to you grows as the product of the number of personal facts times the number of potential recipients, but it is hard to fabricate an example where the benefit grows as fast even if you are a politician or otherwise live by publicity alone. On purely risk management grounds, any finite tolerance for risk caps the amount of information you will want in play.  This has nothing whatsoever to do with whether you have anything to hide. If for no other reason, we must make it understood that just as "..there is nothing sinister in so arranging one's affairs as to [minimize] taxes" [Hand] neither is there anything sinister in maximizing privacy.  Naturally, the technologic tools of privacy can be misused, but what is it that is marvelous that can not also be misapplied?

A wise man of my acquaintance, a career man in Federal law enforcement, reacted to my arguments by telling me that I was typically naive.  He said that my choice is not between Big Brother or no Big Brother, rather it is between one Big Brother and lots of Little Brothers. He suggests that I think carefully before I choose.

I've thought about that a lot.  I've thought about the comfort of being taken care of against the unease of having to be.  I've compared the low cost of "one size fits all" to its correspondingly low benefit. I've thought hard about the proposition that the price of freedom is the possibility of crime.  I've accepted that there is no such thing as righteousness if there is no possibility of sin.  I conclude that privacy is worth its price, that near absolute privacy is indeed the worst of all social constructs, except for all the others.

Look around you.  The price of duplicating electronic information is zero to begin with and communications prices are dropping like a rock in hard vacuum.  Ten years of progress in network computing has delivered on its original charge -- location independence -- to such a degree that location irrelevance is more like it.  For the mass-less assets of an electronic world, jurisdictional legal boundaries are unutterably meaningless except where choice of law is pre-negotiated. The signal-to-noise ROI of a commercialized Internet dismisses personal differences as an error condition to be corrected with the aggregated data of surveillance.  Sans the Cold War, spooks everywhere are looking for commercial work and technology drives policy through the obduracy of its artifacts -- investments are sunk before democratic institutions detect their existence.  Do you actually imagine that within such a dynamic you will be consistently able to count on your fellow man respecting your privacy or that you would have enforceable recourse against its diminution?

Governments everywhere hate privacy because the efficiency of regulation is proportional to the perfection of its surveillance. Here at home, our government is relentlessly pursuing an anti-privacy track that would not be so dangerous were it not so outside the ken of the average person's intuition or we were not the world's presumed leader in matters of liberty.  Beyond all other lessons, history teaches us that wherever personal boundaries are not taboo, the seeds of totalitarianism find fertile ground.

If only it were so simple that embattled farmers could again assemble by that rude bridge that arched the flood and fire the shot heard round the world.  The citizenry, en-serfed to the demands of a culture of convenience, resplendent with glossy temptations to half the deadly sins and making entertainment of the rest, can hardly be counted upon to bite the hand that seems to feed them.  The rate of change in what is within the realm of the technically possible is too great to digest, and we can oh so easily return to a world of sorcerers, alchemy, and faith in powers in proportion to their mystery.

When the cost of failure is intolerable, security designers insist that what is not explicitly permitted be forbidden. Because privacy is that thing whose loss is intolerable, we must make all acquisition and use of personal information forbidden absent explicit permission to do otherwise. We do that in the law itself -- my attorney cannot act outside my permission and my personal information is sacrosanct.  We have to do that everywhere, or we have to let a globalized market take its course.

We already have many evidences of the market value of personal information.  The affinity card at the grocery store pegs the market price of privacy there at about 5%.  The cable television provider who will take a $100 deposit in lieu of a credit check establishes a market price for that form of privacy.  Many web merchants measure their profit in customer data more than dollars.  Anywhere the same price is charged for cash as for credit the merchant's credit-card discount rate is your premium for privacy. The foregone benefits of any frequent buyer plan are what you'll pay to avoid data fusion on your buying habits.  The extra time you spend at the gas station is the price you pay for withholding information from their computers.  The examples are legion, and many are far less prosaic than these.  To leap to the other end of the spectrum, the European Union is considering extending privacy protections to legal persons, which they evaluate as an essential bulwark against becoming an electronic colony of ours.

The question before you is not preservation of the status quo -- all hope of that is now lost.  The question before you is whether a fervent unity is worth the effort.  If by our non-negotiable demands we manage to harden the protections of privacy yet we are somehow ultimately shown to be wrong-headed, we have then merely to relax and enjoy it. If we fail to make privacy our hallmark and the effects are dire, we do not recover for to do so is to unwind history.

Demand privacy, while the question is still relevant.


[AHD] American Heritage Dictionary, 1993

[Agre] Phil Agre, "The Architecture of Identity," 1998

[BaH2O] Barry Goldwater, Nomination Acceptance, 1964

[Brandeis] Justice Louis Brandeis, Olmstead v. U.S., 1928

[Coase] Ronald Coase, The Nature of the Firm, 1937

[Hand] Judge Learned Hand, Commissioner v. Newman, 1947

[Hughes] Eric Hughes, "A Cypherpunk's Manifesto," 1993

[Rand] Ayn Rand, The Fountainhead, 1943

[Smith] Adam Smith, The Wealth of Nations, 1776