The expectation of privacy
The expectation of privacy is a legal concept used in U.S. jurisprudence and a key factor in determining the limits of privacy as enshrined in the Fourth Amendment to the US Constitution. It consists of two parts: one that is subjective, and which each individual understands differently; and another that is objective, legitimate, or reasonable, and which the courts understand to be widely accepted by society.
Hence, the way that we have come to understand the expectation of privacy is a question that is subject to the interpretation of judges in a given moment of established uses and customs, often based on a number of commonly cited legal precedents—for example, Katz v. United States or Smith v. Maryland.
Yesterday the media reported that Google has sought to defend its practice of automated scanning to filter spam and deliver targeted advertising to its users, arguing that “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” This was a clear statement that Gmail did not offer privacy, a clear lack of respect to its users, and reason for anybody who values their privacy to stop using the service.
Reporting of the story was somewhat sensationalist, ignoring as it did the obvious fact that Google’s statement was citing jurisprudence. Citing a legal precedent—in this case, one that defended the legality of storing telephone numbers without the need for a court order—to defend an argument is widely accepted, but it does not mean that you agree with the sense of the quote when it is taken out of context.
In reality, Google has terms of service, a privacy policy, and some clearly established self-imposed guidelines. The argument over whether these policies are reasonable or not, or over their relevance when we know that the NSA believes it has the right to access all our information, independent of theoretical legal protections, is no doubt very interesting, but using quotes out of context should be avoided.
It might be more useful to have a conversation about our expectations of privacy, and above all the need to draw a line in the sand . When Gmail appeared on April 1, 2004, it generated considerable and justified discussion as to what extent it was reasonable to accept the automatic scanning of a private message with the aim of finding any references in it that could be crossed with a database of potential advertisers. Discussion of this practice, which is carried out by machines, with no human involvement, and without the information being seen by any third party, was accepted at the time within the context of the conditions of use: accept the service, accept the practice, and if you don’t like it, go somewhere else.
Microsoft has recently raised the matter again by trying to promote its email services at Google’s expense, but the important aspect to this ongoing debate is for everybody to know the terms and conditions of their service. We send letters in an envelope so as to protect the contents from prying eyes. When we send a postcard, we do so with the knowledge that anybody can read it. Equally, we could, if we chose, accept our letters being scanned and advertisements placed on the envelopes in return for free postage.
But even this would not mean renouncing our right to privacy, a mass statement along the lines of: “Everything I write can be read by anybody.” Accepting that machines scan my mail doesn’t mean that I am renouncing my expectation of privacy.
The Snowden scandal and the revelations about the NSA’s mass spying highlight a fundamental problem: Some have tried to use these events to prove that there is no such thing as privacy on the internet. These kinds of fatalistic arguments are dangerous, because giving up our right to privacy online is to implicitly accept a panoptic world in which we are all under surveillance, all the time, unless, like Winston Smith, we resort to crouching in the one corner of our room that has been overlooked by the thought police’s cameras.
The NSA’s activities represent a situation that has gone from legal exceptions (surveillance authorized by the corresponding judicial order) to unjustifiable and widespread surveillance, and which to an extent can be interpreted as a generalized move away from the expectation of privacy. Bullying email service providers that guarantee their customers’ privacy, such as Lavabit or Silent Circle, aims to extend the idea that nobody using the web can expect privacy and serves to undermine our expectations. If the illegal excesses of a government agency that is out of control ends up making us accept that using the web implies no privacy, we have lost—a great deal.
