privacy in context technology policy and the integrity of social life pdf

Privacy in context technology policy and the integrity of social life pdf

File Name: privacy in context technology policy and the integrity of social life .zip
Size: 22526Kb
Published: 30.05.2021



Privacy in Context

Ideally, there were tensions, he blended perfectly with the scrub and bushes of the forest floor.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy. See our Privacy Policy and User Agreement for details.


Recent media revelations have demonstrated the extent of third-party tracking and monitoring online, much of it spurred by data aggregation, profiling, and selective targeting. How to protect privacy online is a frequent question in public discourse and has reignited the interest of government actors. In the United States, notice-and-consent remains the fallback approach in online privacy policies, despite its weaknesses.

This essay presents an alternative approach, rooted in the theory of contextual integrity. Proposals to improve and fortify notice-and-consent, such as clearer privacy policies and fairer information practices, will not overcome a fundamental flaw in the model, namely, its assumption that individuals can understand all facts relevant to true choice at the moment of pair-wise contracting between individuals and data gatherers.

Instead, we must articulate a backdrop of context-specific substantive norms that constrain what information websites can collect, with whom they can share it, and under what conditions it can be shared.

In developing this approach, the paper warns that the current bias in conceiving of the Net as a predominantly commercial enterprise seriously limits the privacy agenda.

Johnson, The year was big for online privacy. This article explores present-day concerns about online privacy, but in order to understand and explain on-the-ground activities and the anxieties they stir, it identifies the principles, forces, and values behind them.

It considers why privacy online has been vexing, even beyond general concerns over privacy; why predominant approaches have persisted despite their limited results; and why they should be challenged. Finally, the essay lays out an alternative approach to addressing the problem of privacy online based on the theory of privacy as contextual integrity.

This approach takes into consideration the formative ideals of the Internet as a public good. Setting aside economic and institutional factors, challenges to privacy associated with the Net are similar to those raised in the past by other information systems and digital media due to their vast capacities for capturing, stockpiling, retrieving, analyzing, distributing, displaying, and disseminating information.

In a flourishing online ecology, where individuals, communities, institutions, and corporations generate content, experiences, interactions, and services, the supreme currency is information, including information about people. As adoption of the Internet and Web has surged and as they have become the primary sources of information and media for transaction, interaction, and communication, particularly among well off people in technologically advanced societies, we have witnessed radical perturbations in flows of personal information.

In Privacy in Context: Technology, Policy, and the Integrity of Social Life, 7 I give an account of privacy in terms of expected flows of personal information, modeled with the construct of context-relative informational norms.

The key parameters of informational norms are actors subject, sender, recipient , attributes types of information , and transmission principles constraints under which information flows. Generally, when the flow of information adheres to entrenched norms, all is well; violations of these norms, however, often result in protest and complaint.

In a health care context, for example, patients expect their physicians to keep personal medical information confidential, yet they accept that it might be shared with specialists as needed. In this event, we would say that informational norms for the health care context had been violated. Information technologies and digital media have long been viewed as threatening to privacy because they have radically disrupted flows of personal information, from the corporate and governmental databases of the s to the surveillance cameras and social networks of the present day.

The Net, in particular, has mediated disruptions of an unprecedented scale and variety. Those who imagined online actions to be shrouded in secrecy have been disabused of that notion. As difficult as it has been to circumscribe a right to privacy in general, it is even more complex online because of shifting recipients, types of information, and constraints under which information flows.

We have come to understand that even when we interact with known, familiar parties, third parties may be lurking on the sidelines, engaged in business partnerships with our known parties. Information about us that once may have languished in dusty file cabinets is now pinpointed in an instant through search queries by anyone anywhere. In these highly informatized that is, information-rich environments, new types of information infuse our every action and relationship.

We are puzzled by the new and different types of information generated online, some of it the by-products of our activities, including cookies, latencies, clicks, IP addresses, reified social graphs, and browsing histories. New and different principles govern the flow of information: information we share as a condition of receiving goods and services is sold to others; friends who would not violate confidences repost our photographs on their home pages; people around the world, with whom we share nonreciprocal relationships, can see our houses and cars; providers from whom we purchase Internet service sell access to our communications streams to advertisers.

Default constraints on streams of information from us and about us seem to respond not to social, ethical, and political logic but to the logic of technical possibility: that is, whatever the Net allows.

The dominant approach to addressing these concerns and achieving privacy online is a combination of transparency and choice. Often called notice-and-consent, or informed consent, the gist of this approach is to inform website visitors and users of online goods and services of respective information-flow practices and to provide a choice either to engage or disengage.

Two substantive considerations explain the appeal of this approach to stakeholders and regulators. One is the popular definition of a right to privacy as a right to control information about oneself.

Transparency-and-choice appears to model control because it allows individuals to evaluate options deliberately and then decide freely whether to give or withhold consent. How well it actually models control is not a question I pursue here because whatever the answer, there remains a deeper problem in defining a right to privacy as a right to control information about oneself, as discussed at length in Privacy in Context. A second consideration is the compatibility of notice-and-consent with the paradigm of a competitive free market, which allows sellers and buyers to trade goods at prices the market determines.

Ideally, buyers have access to the information necessary to make free and rational purchasing decisions. The ideal market assumes free and rational agents who make decisions without interference from third parties, such as government regulators. Doing so not only demonstrates respect for key actors, but also allows the market to function efficiently, producing the greatest overall utility.

However, there is considerable agreement that transparency-and-choice has failed. Why exactly the existing transparency- and-choice, or notice-and-consent, approach has failed — and what to do about it — remains hotly disputed.

A range of thoughtful commentaries on the subject, including those in the FTC and Department of Commerce reports mentioned above, have drawn attention to weak instantiations of choice, while others have highlighted problems with notice. A deeper ethical question is whether individuals indeed freely choose to transact — accept an offer, visit a website, make a purchase, participate in a social network — given how these choices are framed as well as what the costs are for choosing not to do so.

Privacy policies as enactments of notice fare no better. That almost all privacy policies are long, abstruse, and legalistic adds to the unrealistic burden of checking the respective policies of the websites we visit, the services we consider and use, and the content we absorb. Unsurprisingly, ample evidence reveals that people do not read privacy policies, do not understand them when they do, 12 and realistically could not read them even if they wanted to.

For critical adherents to transparency and choice, these observations point to the need for change, but not revolution. They also advocate increasing transparency: for example, stipulating shorter policies that are easier to follow, along the lines of nutritional labels.

Suggestions also apply to the content of policies. Whereas in the past, online actors were entreated simply to have policies, current correctives would require adherence to fair information principles. This is because as I argue below the consent model for respecting privacy online is plagued by deeper problems than the practical ones noted so far.

I am not convinced that notice-and-consent, however refined, will result in better privacy online as long as it remains a procedural mechanism divorced from the particularities of relevant online activity. Take the example of online behavioral advertising, which quickly reveals an inherent flaw with the notice-and-consent approach. The technical and institutional story is so complicated that probably only a handful of deep experts would be able to piece together a full account; I would hazard that most of the website owners who contract with ad networks providing targeted advertising services are not among such experts.

Even if, for a given moment, a snapshot of the information flows could be grasped, the realm is in constant flux, with new firms entering the picture, new analytics, and new back-end contracts forged: in other words, we are dealing with a recursive capacity that is indefinitely extensible. Further, the complexity makes it not only difficult to convey what practices are followed and what constraints respected, but practically impossible.

For critical adherents to notice-and consent, these types of cases exemplify the need for brief and clear policies that capture the essence of privacy practices in ways ordinary people can grasp.

I view this as a futile effort because of what I call the transparency paradox. Achieving transparency means conveying information handling practices in ways that are relevant and meaningful to the choices individuals must make.

If notice in the form of a privacy policy finely details every flow, condition, qualification, and exception, we know that it is unlikely to be understood, let alone read. But summarizing practices in the style of, say, nutrition labels is no more helpful because it drains away important details, ones that are likely to make a difference: who are the business associates and what information is being shared with them; what are their commitments; what steps are taken to anonymize information; how will that information be processed and used.

An abbreviated, plain-language policy would be quick and easy to read, but it is the hidden details that carry the significance. Adherents may persist, pointing to other arenas, such as health care and human subject research, in which a similar transparency paradox appears to have been overcome. In health care, informed consent protocols are commonly accepted for conveying risks and benefits to patients undergoing surgery, for example, or to subjects entering experimental treatment programs, even though it is unlikely they fully grasp the details.

In my view, these protocols work not because they have found the right formulation of notice and the authentic mechanism for consent but because they exist within a framework of supporting assurances. Most of us are terrible at assessing probabilities and understanding risks of side effects and failed procedures; we are extremely poor at visualizing the internal organs of our bodies.

It is not the consent form itself that draws our signature and consigns us to the operating table, but rather our faith in the system. We believe in the benevolence of institutions of higher learning and, in large part, their mission to promote human welfare. Far from perfect, and subject to high-visibility breaches, the systems that constitute these safety nets have evolved over centuries; they undergird and warrant the consent agreements that patients and subjects confront every day. In the online environment, by contrast, individual consent agreements must carry the entire weight of expectation.

Picking holes in the transparency-and-choice informed consent approach, problematic as it is, is not the end point of my argument.

As it is, it may be the best approach for this interim period while the supporting assurances to shore it up are developed. Such assurances are not achieved by fiat, but may require decades for relevant institutional forms and practices to progress from trial and error to a balanced settling point.

The theory of contextual integrity offers a shorter and more systematic path to this point by invoking learned wisdom from mature systems of informational norms that have evolved to accommodate diverse legitimate interests as well as general moral and political principles and context-specific purposes and values.

The promise of this path is not merely that the equilibriums achieved in familiar contexts may provide analogical guidance for online realms; rather, the path acknowledges how online realms are inextricably linked with existing structures of social life.

Online activity is deeply integrated into social life in general and is radically heterogeneous in ways that reflect the heterogeneity of offline experience. Along the way, the Internet has progressed from an esoteric utility for sharing computer resources and data sets, intended for use by relatively few specialists, to a ubiquitous, multifunctional medium used by millions worldwide.

Indeed, the Net is characterized by enormous malleability, both over time and across applications. Although the brute technical substrate of digital media — architecture, design, protocol, feature sets — may constrain or afford certain activities, it does so no more than, say, gravitational force, which similarly constrains and affords human activity while leaving plenty of room for variation. For example, the Net may have seemed essentially ungovernable until China asserted control and territorial borders quietly reemerged.

Yet even that maneuver is incomplete, leaving intact exhilarating pockets of autonomy. Other activities — viewing movies, listening to recordings, reading literature, talking on an IP phone, seeking information, communicating via email, worshipping, and some forms of shopping — are transformed in their migration to the Net. Even greater novelty and more fundamental transformations are found in the activities, practices, and institutional and business forms built on top of these offerings, including meta-engines that aggregate, index, organize, and locate sites, services, goods, news, and information; examples include kayak.

Web 2. These changes include interacting via social networks, networking on platforms, and facilitating peer-production and user-generated content by way of innumerable individual and small-group blogs, wikis, and personal websites; repositories of global scale such as Wikipedia, IMDb, Flickr, MMORGs massively multiplayer online role-playing games , and YouTube; the online patient-support community PatientsLikeMe; as well as mash-ups, folksonomies, crowdsourcing, and reputational systems.

I resist this notion. The Net does not constitute drawing on the terminology of contextual integrity a discrete context. Not only is life online integrated into social life, and hence not productively conceived as a discrete context, it is radically heterogeneous, comprising multiple social contexts, not just one, and certainly is not just a commercial context where protecting privacy amounts to protecting consumer privacy and commercial information.

Instead, the contexts in which activities are grounded shape expectations that, when unmet, cause anxiety, fright, and resistance. Answering questions about privacy online, like those about privacy in general, requires us to prescribe suitable, or appropriate, constraints on the flow of personal information. The challenge of privacy online is not that the venue is distinct and different, or that privacy requirements are distinct and different, but that mediation by the Net leads to disruptions in the capture, analysis, and dissemination of information as we act, interact, and transact online.

The decision heuristic derived from the theory of contextual integrity suggests that we locate contexts, explicate entrenched informational norms, identify disruptive flows, and evaluate these flows against norms based on general ethical and political principles as well as context-specific purposes and values.

To be sure, locating contexts online and explicating the presiding norms is not always straightforward in the same way that it is not when dealing with unmediated social spaces.

Some of the more familiar cases, however, may provide insight into the task. Whether you transact with your bank online, on the phone, or person-to-person in a branch office, it is not unreasonable to expect that rules governing information will not vary according to medium. In the United States, banks and other financial institutions are governed by privacy rules formulated by the FTC, which was given this authority by the Gramm-Leach-Bliley Act. Instead, it should be held to the same standards that guided financial privacy in the first place.


As use of information technology increases, we worry that our personal information is being shared inappropriately, violating key social norms and irreversibly eroding privacy. This book describes how societies ought to go about deciding when to allow technology to lead change and when to resist it in the name of privacy. Michael D. Birnhack: "[ Privacy in Context ] takes the privacy discourse several steps ahead. Nissenbaum sets an ambitious goal and accomplishes it in grand fashion. She proposes a detailed framework to better understand privacy issues and assist in prescribing privacy policies that meets the needs of the 21st century.

Privacy in Context. Technology, Policy, and the Integrity of Social Life. Helen Nissenbaum The Table of.

Privacy in Context

Search this site. By Bento C. Fagan Full Audiobooks.

Recent media revelations have demonstrated the extent of third-party tracking and monitoring online, much of it spurred by data aggregation, profiling, and selective targeting. How to protect privacy online is a frequent question in public discourse and has reignited the interest of government actors. In the United States, notice-and-consent remains the fallback approach in online privacy policies, despite its weaknesses.


Goodreads helps you keep track of books you want to read. Want to Read saving…. Want to Read Currently Reading Read.


Просто мне приходится быть крайне осторожным. В тридцати футах от них, скрытый за стеклом односторонней видимости Грег Хейл стоял у терминала Сьюзан. Черный экран. Хейл бросил взгляд на коммандера и Сьюзан, затем достал из кармана бумажник, извлек из него крохотную каталожную карточку и прочитал то, что было на ней написано. Еще раз убедившись, что Сьюзан и коммандер поглощены беседой, Хейл аккуратно нажал пять клавиш на клавиатуре ее компьютера, и через секунду монитор вернулся к жизни. - Порядок, - усмехнулся. Завладеть персональными кодами компьютеров Третьего узла было проще простого.

 - Итак, если Танкадо хотел, чтобы мы обнаружили его почту, зачем ему понадобился секретный адрес. Сьюзан снова задумалась. - Может быть, для того, чтобы вы не заподозрили, что это приманка. Может быть, Танкадо защитил его ровно настолько, чтобы вы на него наткнулись и сочли, что вам очень повезло. Это придает правдоподобность его электронной переписке. - Тебе следовало бы работать в полиции, - улыбнулся Стратмор.  - Идея неплохая, но на каждое послание Танкадо, увы, поступает ответ.

Privacy in Context - Technology, Policy, and the Integrity of Social Life

 Директор, у нас нет выбора.


  • Ecpresinbyn 01.06.2021 at 16:33

    The global coronavirus pandemic has raised important questions regarding how to balance public health concerns with privacy protections for individual citizens.

  • Bienvenida T. 02.06.2021 at 21:50

    Skip to search form Skip to main content You are currently offline.


Leave a reply