Who is Big Brother?

At 18.46 BST on Sunday 4 August, Jessica Chapman’s pay-as-you-go Nokia mobile phone sent a shutdown signal to a mast in Burwell. The hypothesised location of the phone, at the time of the signal, provided crucial evidence in the conviction of Ian Huntley in the Soham murder trials (1).

Experts believe that a laser beam aimed at the window of the United Nations Building, to detect minute vibrations in the glass, could have been the method employed by British intelligence services in their alleged bugging of Kofi Anan’s conversations (2).

No laser beam is required to discover intimate details about UK prime minister Tony Blair, the man fielding the bugging allegations from his former cabinet minister, Clare Short. Blair regularly shares intimate details about his private life – we know that he is a passionate Newcastle United fan (although sometimes a little hazy in his memories of St James’s Park), that he keeps a guitar in his loo, and that he once spent a night on the streets as a young wannabe rock star. But that’s mild, in comparison to what we know about former US president Bill Clinton.

Of course, the glare of the public spotlight has always revealed a little more about public figures than just their public lives. But now we can look in on the private lives of thousands of people who – aside from the fact that they’ve appeared on the telly, or on the internet – have no real claim to celebrity. They are just in a property chain, sending a passionate email to a lover, having an operation, making over their garden, or maybe they are just Kerry McFadden.

It’s a weekend, and it’s late in the evening as I write this article. But three of my colleagues from the office are online – I can see them in my Instant Messenger ‘buddy’ list. They might be working, or they might be relaxing – either way, after a while you get to know who spends a lot of time online. The unspoken – and surprisingly strictly observed – rule, that you don’t message a colleague outside of office hours unless you are pals, means that few go to the effort of using the blocking facility when they are at home.

The combined forces of technological innovation, and a culture that blurs the boundaries between the public and the private, seem to make any discussion about privacy redundant. Looking at the relationship between technology and privacy in the twenty-first century, you could be forgiven for thinking Sun Microsystems CEO Scott McNealy had a point, when he said of consumer privacy: ‘You have zero privacy anyway. Get over it.’ (3)

Yet McNealy’s view is a minority one. While most would agree that it is harder to protect privacy today than in the past, there is no shortage of indications that government and business are expending enormous amounts of energy on protecting, or being seen to protect, the privacy of consumers and the public. And yet while such initiatives are ostensibly about protecting our privacy, they have less to do with traditional conceptions of privacy than with security and data protection.

In the UK, the most well-known piece of privacy-related legislation is the Data Protection Act 1998, which came into effect in 2000, and enforces the eight principles of data protection that cover how data about individuals can be collected, stored and used (4). The Act hit the headlines recently, when its enforcement was given as the reason why previous allegations of sex offences against Ian Huntley failed to come to light during routine police checks, when he applied for a post as a school caretaker (this reason was later retracted). However, the Act is primarily there to prevent organisations from holding excessive or incorrect data about individuals, or from selling personal data without prior consent.

More recently, the European Commission’s Directive on Privacy and Electronic Communications, which came into force in the UK in 2003, places restrictions upon various forms of direct marketing, such as telemarketing (5). The term ‘direct marketing’ covers a wide range of activities, and applies not just to attempts to sell goods or services – it would include a charity or a political party making an appeal for funds or support, and an organisation whose campaign is designed to encourage individuals to write to their MP on a particular matter, or to attend a public meeting or rally. The Directive on Privacy and Electronic Communications also regulates the way that service providers store and process electronic traffic data – for example, location data from mobile phones – and the use of cookies on websites.

Together, the Data Protection Act and the Directive on Privacy and Electronic Communications have had a dramatic effect upon business. Yet business is still criticised by privacy lobbyists, for not doing enough to protect consumer privacy, and for not complying with legislation. In reality, business is arguably more concerned with consumer privacy than consumers are. Witness, for example, the emergence of the Chief Privacy Officer (CPO) among privacy-conscious organisations (6). The growth of CPOs, particularly within the legal departments of Fortune 500 companies, is partly a response to the new regulatory requirements and governmental scrutiny, and is partly driven by an idea that sensitivity in this area is essential to market survival.

The issue of privacy is also shaping technology itself, with many devices having built-in privacy features. For example, my copy of Internet Explorer, by default, will block so-called third-party cookies, and will restrict first-party cookies that use personally identifiable information without implicit consent. (A cookie is a small amount of data that is sent to a browser from a web server, and stored on the computer user’s hard drive. Third-party cookies are issued from a web domain that is not the domain of the website that the user is visiting.)

Ironically, users of software are surprisingly pragmatic about privacy features, as they are about technology in general. Who actually uses all those buttons on their remote control?

One writer tells the story of a focus group for the teen mobile service friendZone (7). Designers asked teenagers who had used friendZone for more than a year what they thought about protection, privacy, and tracking services, and whether they felt protected. The questioners were met with puzzled looks and the common response: ‘Why shouldn’t we feel protected? The only people who know our location are our friends – and we want them to know where we are.’ Quantitative usage statistics for the service confirmed that there was almost no use of friendZone’s built-in privacy management tools. Interestingly, the carrier with the most use of the privacy management tools was also the one in which the system was the least successful.

The legal theorist Amitai Etzioni, author of The Limits of Privacy, has pointed out the way pundits and policymakers can exaggerate the level of concern that the public feel about privacy. Etzioni debunks shock figures, such as ‘88 per cent of Americans are “concerned about general threats to their privacy today”’. He cites experienced survey analysts who describe these questions as ‘cost free’, akin to asking people whether they would like more beauty or freedom. A better test of people’s concerns comes when they are asked to give up something for greater privacy. Etzioni points out that ‘when asked about the acceptability of programmes that provide some freebies in exchange for requiring the person to divulge personal information, only a minority (on average 26 per cent) rejected this tradeoff’ (8).

Etzioni is right to be critical, but at the same time, it is important to acknowledge that privacy is an important right to defend. Genuine privacy is important, both for our personal wellbeing, and for the wellbeing of public life. We all need a boundary within which we are free to conduct our private affairs, without scrutiny.

The private sphere may be protected by walls and curtains, or by strong encryption and passwords, but what is important is that we have space for thought and action that cannot be encroached upon, by the state or by society at large. This is what privacy really means – a domain separate from our public life, where what we think and do is our own business. And while personal data may contain clues about our private life, private life cannot be reduced to personal data (9). Personal data is negotiable, but without a private life in which to exercise autonomy and develop personal relations, we really would be living the life of Winston Smith in George Orwell’s novel 1984.

The contemporary discussion about privacy, however, barely touches upon privacy in this fundamental sense. The spectre of Orwell’s Big Brother is still summoned up, but when privacy is discussed today, there are far more potent characters that occupy the public imagination – Big Business, the Spammer, the Pornographer, the Groomer. Today, the state is likely to be seen as the lesser of privacy-invading evils, and even as a source of protection for our privacy, rather than as an entity that should not be allowed to overextend its reach into our private lives. All too often, concerns about the need to protect individuals’ privacy from companies or other people lead directly to calls for greater intrusion and regulation by the state.

Paradoxically, privacy is undervalued today, while data protection is overvalued. There is personal data of mine that I really do not mind sharing – particularly if it can be used in my interest. I am not concerned that my loyalty card enables credit card companies and supermarkets to analyse my buying habits. They may come up with a useful new product, or they may just try and improve their advertising, to sell me existing products that I have no need for. As a rational adult, I am then free to make choices about what to buy and what not to buy. Likewise, if websites can use cookie data to improve their offerings, to the extent that I can actually find what I’m looking for, then that is all for the good.

The privacy debate will take new forms as technology throws up new challenges and new opportunities – biometrics, radio frequency ID tags, intelligent agents, online identity management, even the end of passwords! (10) If, however, we are to have any clarity in the discussion, the underlying questions ‘what is privacy?’ and ‘how must it be defended?’ need to be addressed, rather than us simply accepting the no-brainer response that greater regulation is required.

Jason Burton is an ebusiness consultant with cScape Strategic Internet Services. He is speaking at the spiked-seminar Big Brother and Me, in central London on the evening of Thursday 18 March 2004. For further details, email Sandy.Starr@spiked-online.com

Read on:

Monitoring the office, by Paul Reeves

Privacy: open up the debate, by Sandy Starr

Trusting technology, by Norman Lewis

spiked-issue: Privacy

(1) See Soham trial: ‘crucial’ phone evidence, BBC News, 6 November 2003

(2) See ‘This goes no further…’, BBC News, 2 March 2004

(3) Sun on privacy: ‘get over it’, Polly Sprenger, Wired News, 26 January 1999

(4) See the Data Protection Act 1998

(5) See Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communications) (.pdf 161 KB)

(6) See The Chief Privacy Officer: PricewaterhouseCoopers Surveys an Emerging Role, Ruth Nelson and Anne Ladd, PricewaterhouseCoopers, November 2000

(7) Solving Mobile Challenges with Psychology-driven IA, Oded Napchi, Boxes and Arrows, June 2003

(8) The Hyper-hyping of Privacy, Amitai Etzioni, Tech Central Station, October 2000

(9) See Privacy: open up the debate, by Sandy Starr; Privacy online: what’s the problem?, by Norman Lewis

(10) See Trusting technology, by Norman Lewis; Caught in the .NET, by Jason Burton