A reflective John Faulkner, Special Minister of State and Cabinet Secretary, mused about the principles underlying privacy while presenting the inaugural industry awards in August. Read the thoughts of the man who will be responsible for Australia’s new round of privacy, whistleblowing, transparency, governance and Freedom Of Information laws.
(Edited) Speech by Senator The Hon John Faulkner Cabinet Secretary and Special Minister of State, at the
Australian Privacy Awards and Privacy Medal 2008 Presentation Dinner
27 August 2008
Faulkner on privacy…and principles
As the Minister with responsibility for both Privacy and Government Accountability, I have in mind a quote from American author David Brin:
“When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.”
The importance of both privacy and accountability are generally accepted. There is far less consensus on what those words mean.
When it comes to privacy, there is a broadly-accepted idea that some things are, or ought to be, outside, and beyond the reach, of the public sphere. But even academic experts such as Judith Jarvis Thomson admit that:
“Perhaps the most striking thing about the right to privacy is that nobody seems to have any very clear idea what it is”.
Privacy is not secrecy, although it allows people to keep things to themselves. It is not concealment, although without it nothing can be concealed. Privacy is not solitude or seclusion, although American jurists Brandeis and Warren defined it, in 1890, as the right to be let alone. Nor is it intimacy, although many of the things we keep private are indeed intimate in nature.
In the 16th century French writer Michel de Montaigne divided human experience into two separate spheres – the interiority of the self, and the exteriority of the world. For him, the integrity of the inner world of the self depended on the possibility of separation from the world to think and reflect. His writing crystallised the concept of a personal space that did not belong to others, to the community or to the government. The idea of privacy depends on this conceptual distinction.
Such a private, personal space may be physical – as William Pitt recognised when he wrote that the poorest man in a ruined cottage can refuse entrance to the King and all his forces – or it may be intangible, as Queen Elizabeth I acknowledged when she declared she had "no desire to make windows into men’s souls" when it came to religion.
The right to privacy was included in the Universal Declaration of Human Rights in 1948, in the aftermath of World War II, with the grotesque abuse of government records by the Nazis fresh in the minds of international statesmen and human rights advocates.
The idea of privacy as a protection of the individual from the intrusive, invasive state gained strength from the use and misuse of surveillance and data collection in totalitarian states, given memorable fictional form in George Orwell’s 1984, and in Alexander Solzhenitsyn’s Cancer Ward. Solzhenitsyn wrote:
“As every man goes through life he fills in a number of forms for the record, each containing a number of questions … There are thus hundreds of little threads radiating from every man, millions of threads in all. If these threads were suddenly to become visible, the whole sky would look like a spider’s web, and if they materialized as rubber bands, buses; trams and even people would all lose the ability to move, and the wind would be unable to carry torn-up newspapers or autumn leaves along the streets of the city. They are not visible, they are not material, but every man is constantly aware of their existence…. [and] naturally develops a respect for the people who manipulate the threads.”
Solzhenitsyn’s description of the "chilling" effect on ordinary life of government data collection, written in 1968, pre-dates the information age, and should serve as a warning to anyone who thinks that the chief dangers to privacy are technical.
Technological developments have made it easier and cheaper to collect information and compile dossiers on individuals not only for those governments minded to do so, but also for businesses who find value or convenience in the collection and use of personal information.
But the single development that makes the "Panopticon society" possible, a society where, like the inmates in Bentham’s model prison, we are always potentially observed, is not the computer.
It is the growth of the modern state, with extensions into every crevice of the individual’s life, matched by the growth of corporate and commercial data banks that likewise contain extensive records of buying preferences, activities and behaviour, our health, our finances, our travel – and so on.
Today, the activities of both the public sector and the private sector raise challenges for privacy policy. A straightforward dichotomy between "private" and "public" is no longer an adequate framework for privacy in a world where the public interest and the execution of public policy depend on government scrutiny and analysis of information and data and where international commerce depends on the flow of information.
Nor does such a framework serve in an increasingly crowded and networked world where the world wide web reaches into many lounge rooms and people frequently carry out "private" actions in "public" spaces.
Professor Alan Westin defined privacy as the possibility of choosing freely the circumstances and the extent of exposure of oneself, one’s attitudes and one’s behaviour to others. This definition suggests that the importance of privacy and the right to privacy is not that it provides an absolute and universal barrier between the "public" and the "private", but that it ought to be the decision of the individual citizen where that line is drawn and how permeable or impermeable it should be.
An increasingly broad view of the legitimate role of government has emerged over the past century. Income redistribution through taxation and welfare, the provision of education, the pursuit of public health initiatives, the fight against climate change are just a few of the many public policy initiatives that depend on the government’s capacity to gain, analyse and deploy information, information that is often about what many people consider the "private" sphere.
As the Australian Law Reform Commission noted in its recent report, For Your Information, many areas of research have a strong public interest basis, such as health and medical research, sociology and criminology, with a “potential to lead to evidence-based policy development and significant positive outcomes for the community.”
Most Australians accept this need, and accept the use of their de-identified personal information for such a purpose, but that does not alter their perception of personal information as "private". The ability of the government to pursue important policy goals depends on the confidence Australians have in the security and appropriate use of the information they give government agencies and commercial entities.
The disclosure of some private matters can have serious consequences. The exposure of personal health information can leave someone vulnerable to covert discrimination. And, as the ALRC has pointed out, developments in "e-health" and increasing movement of information between public and private health providers has “the potential to achieve better public and private health outcomes by allowing health service providers better access to health information”. They also raise privacy concerns.
Health information can be literally life-saving, and can prevent serious threats to public health and public safety. But the inappropriate disclosure of health information can also be devastating to the individual concerned. A vast amount of important personal information is held within the health sector, often with no clear guidelines on the handling and transfer of that information.
This is one of the reasons the government will give priority to considering the ALRC’s recommendations on health, to tie in with COAG’s ambitious health and ageing reform agenda proposed for implementation from 2009 onwards, including the handling of personal health records.
Another priority will be to meet the challenges of new technology.
The ideal of digital libertarianism – often expressed as "information wants to be free" – has always had a strong hold among the developers and programmers, the coders, phreakers and hackers who pioneered the internet. As a result, the technological architecture of the internet makes the control or limitation of data transfer technically difficult. A single cyberspace data transfer may take place in numerous diffuse and geographically diverse locations, which raises serious issues of jurisdiction. Governments around the world are grappling with the difficulty of trans-jurisdictional co-operation, grappling with the normalisation of laws across borders.
As the ALRC pointed out in For Your Information:
" regulation of the internet and other developing technologies must be through measures additional to conventional law. Otherwise, the regulation through law can be circumvented or undermined”.
In many city centres around the world police forces are not limited by staffing resources anymore when it comes to surveillance – the combination of CCTV and facial recognition software makes it possible to keep an electronic eye on an ever-larger number of citizens.
Technology also makes data matching and data mining a matter of a few keystrokes. As the ALRC report points out, a great deal of personal information available in public sources such as electoral rolls and court records has previously been given "de facto" privacy protection because the only way to access it was to physically attend the location where it was stored and spend often many hours searching for and copying information.
Today, much of this information can be accessed and copied from any computer with an internet connection, expending no more effort than a couple of mouse clicks.
The fact that volumes of data can be put onto a single computer drive the size of your thumb and then can be transferred, searched and cross-referenced leaves open the possibility that three computer geeks with networked laptops could put the excesses of the Stasi in the shade.
People post personal, even intimate, details and photographs of their own lives – and, more seriously, the lives of others – on the internet, without considering that the "www" at the beginning of every internet address stands for " World Wide Web".
Just as technological changes at the beginning of the last century led to the extension of the concept of privacy to include actions by corporations as well as governments, these new developments mean that the law is now challenged by the very real possibility that a single action by an individual acting entirely as a private citizen can grossly breach the privacy of another.
The ALRC report For Your Information suggests the introduction of a statutory cause of action for a serious breach of privacy as a possible solution. If you’ve been reading the newspapers lately, you might be under the impression the government has already decided to accept the recommendation! In fact, like the rest of the government response to the three-volume, 74 Chapter, 4.8 kilogram ALRC report, this recommendation will be dealt with in a considered manner, in line with the "two stage" approach I outlined when launching the report.
No matter how often we might think that technology is limiting privacy in ways our parents could never have imagined, it is important to remember that there is nothing inevitable or inexorable about any of these changes.
The challenge for government is not to simply concentrate on the technical issues, or on the problems we perceive in isolation, but to develop policies that reflect our concept of privacy, our ideas of the way privacy interacts with other human rights and social imperatives, which are, as the ALRC phrased it, both technology aware and technology neutral.
How we use, and limit our use, of technology, to both protect and limit privacy, is a choice – or a series of choices.
The response to privacy concerns is often a dismissive "if you have nothing to hide, you have nothing to fear". There are two problems with this glib answer.
The first is, as Solzhenitsyn wrote in Cancer Ward:
"Something negative or suspicious can always be noted down against any man alive. Everyone is guilty of something or has something to conceal."
The second is that, even if Solzhenitsyn was wrong, privacy is not synonymous with secrecy.
The right – and need – of people for privacy is not predicated on "having something to hide". Our ability to define ourselves as separate from others – to conceive of an autonomous self, an "I" who is part of but not defined by "us" – depends on privacy. Our democracy, a society of individuals governed by the aggregate of our choices, depends on the existence of the privacy necessary to the formation of the individual self.
The right to privacy sits at an important juncture between different kinds of social needs, between autonomy and the democratic will, between individualism and the collective good, between public interest in accountability and the social need for boundaries. So while privacy is about the protection and security of personal information, it is also about much more.
Ladies and gentlemen, privacy may be indispensable, but it is also both nebulous and fragile. Just as Bentham’s Panopticon depended on inmates’ belief that they might at any time be under surveillance, our sense of privacy depends very much on our confidence in its existence.
That is why Privacy Awareness Week and the Australian Privacy Awards are important parts, not only of the protection of privacy in Australia, but the broader functioning of our society and economy. The work done by the organisations, business and agencies recognised tonight makes it possible for Australians to have faith that, when they hand over their personal information and agree to its use, it will be safely and appropriately handled – and their privacy will be respected.
As Minister, I am very aware that the Government’s approach to privacy will determine the confidence Australians have in their interactions with government and business, the quality of government program delivery and policy outcomes, and the growth and strength of the Australian data economy.
And I believe we will safeguard that essential and fragile confidence.