The meaning of privacy
1.31 It has been suggested that privacy can be divided into a number of separate, but related, concepts:
Information privacy, which involves the establishment of rules governing the collection and handling of personal data such as credit information, and medical and government records. It is also known as ‘data protection’;
Bodily privacy, which concerns the protection of people’s physical selves against invasive procedures such as genetic tests, drug testing and cavity searches;
Privacy of communications, which covers the security and privacy of mail, telephones, e-mail and other forms of communication; and
Territorial privacy, which concerns the setting of limits on intrusion into the domestic and other environments such as the workplace or public space. This includes searches, video surveillance and ID checks.
Privacy as a legally protected right is a relatively recent phenomenon. For example, in Australia our federal privacy legislation wasn’t passed until 1988. The concept of privacy has an even more complex history in the United Sates.
Now, with the advent of social media and the sharing economy, and the increasing focus on national security, any realistic expectation of privacy appears to have evaporated. But, contrary to popular belief, people still care about their online privacy, just feel powerless to protect it.
In many parts of the world privacy is a non-existent concept, and some governments engage in extensive and systematic monitoring of their populations.
In recent years privacy has become especially controversial across Western democracies with otherwise long-standing adherence to general principles of privacy, in the context of increasingly draconian national security legislation to combat the threat of terrorism.
In a recent report to the United Nations Human Rights Council, the Special Rapporteur on freedom of expression, David Kaye, explored whether ‘the rights to privacy and freedom of opinion and expression protect secure online communication, specifically by encryption or anonymity?’
Assuming an affirmative answer, he asked ‘to what extent may governments, consistent with human rights law, impose restrictions on encryption and anonymity?’
Discipline or techniques employed in protecting integrity or secrecy of electronic messages by converting them into unreadable (cipher text) form. Only the use of a secret key can convert the cipher text back into human readable (clear text) form. Cryptography software and/or hardware devices use mathematical formulas (algorithms) to change text from one form to another.
The report notes that ‘[t]he Internet has profound value for freedom of opinion and expression, as it magnifies the voice and multiplies the information within reach of everyone who has access to it … Encryption and anonymity, separately or together, create a zone of privacy to protect opinion and belief. For instance, they enable private communications and can shield an opinion from outside scrutiny, particularly important in hostile political, social, religious and legal environments. Where States impose unlawful censorship through filtering and other technologies, the use of encryption and anonymity may empower individuals to circumvent barriers and access information and ideas without the intrusion of authorities. Journalists, researchers, lawyers and civil society rely on encryption and anonymity to shield themselves (and their sources, clients and partners) from surveillance and harassment.’
The report also highlights that universal standards for the protection of privacy, opinion and expression are laid out in the International Covenant on Civil and Political Rights (see Articles 17-19), with 168 nations party to the Convention. Even for the remaining nations, which are not technically bound by it, the Covenant represents, at the very least, a standard for achievement and often reflects a customary legal norm. Further, nations that have signed but not ratified the Covenant are still bound to respect its object and purpose under article 18 of the Vienna Convention on the Law of Treaties. Many national legal systems also protect privacy, opinion and expression, in their constitution or under legislative provisions.
The report concludes that ‘[e]ncryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age. Such security may be essential for the exercise of other rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity. Because of their importance to the rights to freedom of opinion and expression, restrictions on encryption and anonymity must be strictly limited according to principles of legality, necessity, proportionality and legitimacy in objective.’
The report recommends, among other things, that:
- countries revise or establish, as appropriate, national laws and regulations to promote and protect the rights to privacy and freedom of opinion and expression;
- with respect to encryption and anonymity, countries adopt policies of non-restriction or comprehensive protection, only adopt restrictions on a case-specific basis and that meet the requirements of legality, necessity, proportionality and legitimacy in objective, require court orders for any specific limitation, and promote security and privacy online through public education;
- countries promote strong encryption and anonymity and national laws recognise that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online;
- legislation and regulations protecting human rights defenders and journalists should also include provisions enabling access and providing support to use the technologies to secure their communications;
- countries should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression; and
- the use of encryption and anonymity tools and better digital literacy should be encouraged.
Sadly, some of these highly principled recommendations directly contradict the current, and further proposed, direction of national security laws across a number of Western democracies, including in the United States and Australia.
Tim Cook, CEO of Apple, Inc., recently noted erosion of privacy represents a threat to the American way of life:
Like many of you, we at Apple reject the idea that our customers should have to make tradeoffs between privacy and security. We can, and we must, provide both in equal measure. We believe that people have a fundamental right to privacy. The American people demand it, the Constitution demands it, morality demands it.
Allowing for the constitutional differences, these words apply equally to Australia. Cook then went on to specifically address government efforts designed to weaken encryption:
There’s another attack on our civil liberties that we see heating up every day — it’s the battle over encryption. Some in Washington are hoping to undermine the ability of ordinary citizens to encrypt their data. We think this is incredibly dangerous. We’ve been offering encryption tools in our products for years, and we’re going to stay on that path … So let me be crystal clear — weakening encryption, or taking it away, harms good people that are using it for the right reasons. And ultimately, I believe it has a chilling effect on our First Amendment rights and undermines our country’s founding principles.
The conflict between privacy and security appears to be a difficult issue to resolve. Some players knowingly choose to cynically misrepresent the relevant concepts and exploit the issue for their own ulterior motives, often to amass influence and power.
Tony Jones interviewed journalist Glenn Greenwald on ABC’s Lateline on 4 June 2015 to discuss the issues of mass government surveillance, data retention, privacy and the threat of terrorism, and Glenn Greenwald had a few interesting things to say on the subject.
To combat these misinformation campaigns, and the resulting misperceptions, the Electronic Frontier Foundation prepared an informative fact sheet on mandatory data retention and TechDirt published an article which explains, in very simple terms, why the ‘If you’ve nothing to hide’ argument, often deployed in favour of anti-privacy legislation, is a fallacy which confuses ‘privacy’ with ‘secrecy’.
Nevertheless, if we stay true to the universal principles born out of previous man-made global catastrophes, and the resulting immeasurable human suffering, we will be able to find the proper balance. Admittedly, given the money and power at stake, that’s unlikely to happen without a fight.