Mourning the Death of Privacy: The Law and Ethics of Privacy after Surveillance Technologies

By Hailemichael Teshome Demissie 

Science and technology are almost always ahead of the law and the politics that feeds it. Scholars refer to the resultant disconnect as ‘cultural lag’. Sometimes such disconnect   is conspicuously flagrant in rendering extant ethics and law irrelevant. Arguably, there can be no better example of such ‘cultural lag’ than the events surrounding the recent super-injunction fiasco. The injunction against the publication of the extra-marital affairs of footballer Ryan Giggs were widely tweeted effectively and efficiently flouting the court’s gagging order. A rather benign social media technology, Twitter, turned insidious stripping the law of its powers. Former Lord Chancellor, Lord Falconer, pointedly noted that the injunctions are becoming ‘pretty pointless’ while Conservative MP, Claire Perry, called for a fight back: ‘This is making a mockery of the existing law and we need to make sure that the law catches up with the technology.’  For Nicholas Negroponte this is a moment he described a long time ago where the law is ‘behaving like an almost dead fish flopping on a dock.’  

No sooner had we finished reading the stories on the Giggs super-injunction fiasco when the headlines were once again on the issue of privacy as revelation after revelation followed on the ‘endemic’ phone-hacking by the Murdoch papers. It appears there is no end in sight to the still unfolding saga perpetrated by the tabloid press. The technology to sabotage privacy has long evaded the law to the point where the law is incapable of meaningful intervention. While the phone hacking saga dominates the headlines, the airwaves and webpages, little has been said about the technology involved in the hacking process.  Apparently, that may be because, this time round, there is no particular technology other than the mobile phone itself. Reportedly, the hacking is done when the hackers somehow get hold of the PINs and access the targeted mobile phones. Other forms of hacking have also been used to intrude email accounts and online data and the full story of the hacking spree may not be fully known at least in the immediate future.

Privacy breaching technology is proliferating and it is questionable if the law can cope with the difficult task of tackling the issue in a timely fashion.  Many in the legal profession and in politics, like the MP quoted above, remain confident in the law’s reach to govern the situation. Such confidence, however, needs to be re-considered in light of the changes brought about by Big Brother mushrooming into distributed Little (presumably ugly) Sisters taking over the job with unprecedented efficiency deploying cheap sensors, processors and networks. As Manuel Castells astutely observed ‘[i]t is not Big Brother, but a multitude of little sisters, agencies of surveillance and processing of information that record our behaviour forever,...’  Similarly, Jonathan Zittrain captures this development in what he called ‘Privacy 2.0’. ‘The essence of Privacy 2.0’, Zittrain explains, ‘is that government or corporations, or other intermediaries, need not be the source of the surveillance.’  And the question is whether the law, designed for ‘Privacy 1.0’ with governments and corporations as the centre of focus, can catch up with the myriad modes of ever invasive sur-, sous- and ‘data-veillance’ with powder RFIDs and other cheap technologies. It is hard to dismiss out of hand the possibility of eavesdropping by a live human being clad in an invisible nano-cloak accompanying you wherever you happen to be  ̶  a phenomenon which we may call ‘Blagging 2.0’. The law’s reach needs to be re-examined in view of the changes in surveillance methods which now go beyond observing, viewing or following certain actors but are aimed at curtailing the physical and emotional autonomy of an individual by, for example, remote-controlling physical movements by triggering impulses to the nervous system.

Such developments are not far-fetched projections as they are with us today. There is now a technology that changes for good the sport of bull-fighting by manipulating the impulses of the charging bull inches away from the matador. The impulses of rats are manipulated in the same way to make them move in chosen routes and to chosen destinations and what is more they will be carrying secret cameras providing a ‘rat’s eye view’ of a situation.  The implications of extending the capability to rein in the charging bull or to manipulate the rat’s movement in applications on humans in ‘a scenario of remote controlled humans’ could not be lost for those who also note that a technology that enables to trigger female orgasm from a remote location is already patented.  Are we not passing a certain threshold that necessitates a new approach to privacy when surveillance technology powered by nanotechnology and other emerging technologies turns into an absolute omnipresent ubiquity with an added functionality to manipulate the physical and mental manoeuvres of an agent? As it may combine other functionalities, the term ‘surveillance technologies’ may not be an appropriate expression.

The scenarios we are dealing with are not merely scenarios where the question of privacy gets greater saliency and urgency as some have argued , but a scenario where a radical rethink of the very concept itself becomes compelling. Such scenarios definitely require more than an exercise in fixing some cracks in the legal apparatus or sorting out some loopholes in ethical considerations.

Current engagement on privacy issues is largely characterised by a wary approach short of declaring privacy dead. However, we are likely to hear more often the daring declarations by the likes of facebook founder, Mark Zuckerberg who famously said that privacy is no longer a ‘social norm’.  Zuckerberg must have observed what Zittrain observed about the ‘generational divide’ between the pre and post-Internet generations in the willingness to place personal information online.   It is certain that a critical threshold has been reached where the presumptions will have to change from the protection of privacy that assumes there is a privacy to protect (of course the laws are increasingly referring to data  ̶  and not privacy  ̶  protection) to the demise of privacy the effects of which have to be dealt with differently.  Some would take privacy to exist only in the thoughts of some thinkers as ‘it no longer exists in law and social life’.  Physicist Richard Jones predicts that, in a couple of decades, ‘privacy will be a quaint obsession of our grandparents’.  For Baroness Susan Greenfield, circa 2025, the ‘end of privacy’ will have come to its final stages.   

As one way of mitigating this tendency of technology in the area of data protection, it is suggested that there should be an early upstream engagement with information technology ‘when it is technology, and there is not yet information.’  Thus far, data-protection laws targeted information flow.  The gagging orders seek to contain the flow of information by preventing publication.  As the recent fiasco has profusely shown, that may no longer be possible with the ubiquity, omnipresence, multiple modalities and sheer power of upcoming technological capabilities especially in its miniaturised nanotechnological incarnations. It is at the design-level and by the production/creation of an equivalent countervailing technology that any meaningful protection of privacy or whatever is left of it can be achieved.   

The efficacy of such design based solutions is however obviously insufficient as long as there is the ever dynamic advance of technology that is always ready to provide a counter-move for every move. Disabling, overriding or evading a design based privacy protection is no brainer for the world of hackers and technology developers in general and is more likely to be commonplace with the ever increasing power of the technologies. The army of hacktivists who showed up to get revenge on those who took actions against Wikileaks have displayed the hacking arsenals at their disposal and the power they can unleash. This has made it abundantly clear that, if hackers choose to attack, no institution including the state is immune.  What is more, even the hackers themselves are not unassailable as they can be traced and unmasked and hacked into. The phone-hackers of the Murdoch media were daft to think that their act would remain a well-guarded (probably trade) secret. It is quite revealing that they were themselves hacked into following the scandals.

Besides the design based solutions, changes in the legal structure will be needed. Some presumptions may have to be discarded to give way to new ones.  In the celebrated case of Ridge v. Baldwin ([1963] 2 All E.R 66) in English administrative law, an important precedent was laid down about what facts the authorities can and cannot use as the basis of their decisions. They cannot use everything that has come to their knowledge. In this case the authorities were seen to be in the know about certain facts and did not try to pretend that their decision was not influenced by the facts that they came across in another unrelated hearing.  Nowadays and in the near future it may not be that easy to obtain disclosures about what facts are used in reaching particular decisions. This is to get worse in the dealings citizens have with private bodies as the case of building workers ‘blacklisted’ by construction firms demonstrates.  It will be virtually impossible for a building worker to find out why his/her application for a job is declined in view of the surreptitious practice of ‘blackisting’ by the employing firms or by firms supplying the information to other firms.

It is recognised as a matter of fundamental law that personal information held for one purpose cannot be used for another purpose.  It is also recognised that it is becoming increasingly difficult to give effect to this law.   It would be virtually impossible to know the full case against us for the government will know more about us than we know about ourselves. Similarly and more terrifyingly it will be impossible how much we are exposed to vigilantes, criminals or the private sector in general which according to a recent House of Lords report is in the forefront of the developments of surveillance technology – including the development of technologies having the functions of disabling or overriding privacy protection technologies.  This is a heavy dent to the argument proposing design-based solutions.

It is about time to declare privacy dead and deal with the aftermath even with the existing relatively crude technology available to governments and private actors alike. This should be taken even more seriously as nanotechnology puts the ubiquity and sheer power of the surveillance technologies at the disposal of governments and vigilantes who know everything and anything about everyone and anyone anywhere. We may need to presume right now that the government and other entities know everything and they should be required to bear the burden of proof that their decisions or acts are not vitiated by their knowledge of facts that should not be taken into account when making particular decisions. The admissibility clauses in the law of evidence or the right to know in the freedom of information law may not be sufficient to provide a comprehensive and effective protection given the tendency of technology development that seeks to elude existing legal limitations by always going ahead of the law. The helpless publics are made to stomach the loss of privacy and have to concede that they have nothing to hide anyway-the new evolving social norm á la Zuckerberg. But that is not the issue; the real issue is whether those who have the potential to access our data have something to hide from us. We should presume so and accordingly overhaul the ethical and legal engagement.

- Hailemichael Teshome Demissie is a PhD Candidate at King’s College London and can be contacted directly at this email address.

• Social Justice

There have been 0 replies to this Article. + Post your comment here.