Free speech and privacy


We are all entitled to a private life but should accept such scrutiny as is in the public interest.

Timothy Garton Ash
Timothy Garton Ash, director of Free Speech Debate, gives a personal introduction

Imagine that everything you express to the person closest to you, in your most intimate moments, is immediately posted online for all the world to see. This would not just be a nightmare of embarrassment; it would also mean that you would express yourself less freely. As anyone who has lived in a police state knows, if you fear that someone else might be listening, you no longer speak your mind. So privacy is not just an important, legitimate limit to free speech. Privacy is a condition for free speech.

Our eighth draft principle identifies the main good reason there is for intruding into what should otherwise be our own private affairs: the public interest. The question then becomes: what is privacy and what is the public interest? The answers are not simple.

All known human cultures have had some notion of privacy, but what is seen as private has varied enormously with time and place. The good citizens of the ancient Roman city of Ephesus sat together to defecate. In contemporary Germany, nudity in public parks is accepted, while it is not in most other countries. Click here to tell us what privacy means in your country.

On the whole, most European countries have a broader definition of privacy than the US has – and are more ready to curb free expression to defend it. A French court judgment from 1970 says expansively that the privacy article of the country’s civil code protects “the right to one’s name, one’s image, one’s intimacy, one’s honour and reputation, one’s own biography, and the right to have one’s past transgressions forgotten”. Dominique Strauss-Kahn might be pleased with that. But wasn’t there a genuine public interest in French voters knowing about their likely presidential candidate’s predatory record in relation to women?

Yet the definition of the public interest is also hotly contested. Editors of sensationalist tabloid newspapers and gossip-mongering websites invoke it to justify their latest revelations about the private lives of football players or pop stars. But the public interest is not the same as  “what interests the public” – and therefore sells newspapers or drives traffic to websites. If the two were equated, celebrities would have no privacy at all, since some members of the public are interested in every aspect of their lives. There’s a useful discussion of what the public interest does mean here. People who are public figures should obviously expect more scrutiny than purely private individuals. That still leaves you having to define who is a public figure.

As so often with freedom of expression, context is all. If I have sex with another adult who is not my publicly acknowledged life-partner, that is my own private matter. If, however, I am an influential preacher, constantly lauding the sanctity of marriage, it becomes a matter of public interest. If a defence minister has a lover, that is his or her own affair; if that lover is the agent of a hostile power, it is a matter of public interest. If I have shares in an oil company, that is my own business; if I am a government official, responsible for handing out lucrative contracts to oil companies, then my shareholding in that company becomes a matter of public interest – but my other investments may still not be. If I have a medical condition, which makes it difficult for me to do simple arithmetical sums, that is my problem; if I stand for the office of city treasurer, it becomes a matter of public interest (but perhaps only for people in that city, not the whole world). If I had bad grades at school or university, that is private; if I am standing for election as president of the US, it becomes a matter of public interest.

There are a thousand individual judgment calls to be made, not just by judges in courts of law, but by editors, teachers, employers, doctors and every one of us. Yet the basic principle is not complicated. From case to case, we balance privacy against the public interest.

The internet age has, however, transformed the conditions in which we strike this balance. Personal information which forty years ago would have been kept in one or two dusty paper copies is now stored electronically – and, unless you are careful, and technically savvy, accessible to many others. In addition, there are vast new troves of data which simply did not exist forty years ago: your online search history, your mobile phone tracking your location, your emails, your credit card history. A little-known American data storage company called Acxiom holds, on its giant servers in Conway, Arkansas, up to 1,500 individual items of personal data on 96% of American households and some half a billion people worldwide.

The sum total of personal information stored on computers about every ordinary citizen of a developed country exceeds the wildest dreams of George Orwell’s Big Brother. This data (sometimes partly anonymised) is routinely mined and shared by private companies to offer you personalised, customised advertising and services – but also to deliver you, as a commercial target, to advertisers and service providers. You are the user, but also the used. “If you’re not paying for something,” writes Andrew Lewis (under the alias Blue Beetle) on the website MetaFilter, “you’re not the customer; you’re the product being sold.”

The accelerating development of technology offers ever more Orwellian possibilities. Google Street View has captured women sunbathing on the roofs of their own apartment blocks, believing they were in private. Google and Facebook have developed face recognition technology, which might enable them to link together all an individual’s appearances online. The GPS location systems in mobile phones, and radio frequency identifier tags on things like London’s Oyster transport payment card, mean that your movements in the physical world can potentially be tracked alongside your online activity.

Even in the world’s freest countries, some or all of this data is also mined and shared by government agencies which have – in the name of keeping their citizens safe from terrorists, gangsters and paedophiles – arrogated to themselves extraordinary powers of covert intrusion. An official report by Britain’s interception of communications commissioner reveals that in 2010, 552,550 requests for communications data were submitted by public authorities ranging from the intelligence and security services to local councils. Oxford University internet security expert Ian Brown comments on this here.

Google has tried to reveal something about the range of such requests from governments around the world in its Transparency Report. But in the US, there is a category of national security order which compels internet service providers to divulge detail about specified users and simultaneously forbids them from revealing even the very existence of that order. “But can you at least tell me roughly how many of these you receive?” I asked, when I spoke to senior legal figures at Facebook and Twitter in summer 2011. No, they confessed with a mixture of embarrassment and frustration, they could not even tell me that.

In an important sense, these public and private powers can know more about you than you do yourself. For you will have forgotten or selectively re-remembered much of your own past – and especially, human nature being what it is, the more embarrassing bits. The computer coldly remembers it all. And that is even before we get to the photos and confessions that you have knowingly posted on Facebook, Renren, Vkontakte or other social media.

“Privacy is dead. Get over it.” Such was the drastic conclusion reportedly drawn by one Silicon Valley chief executive, Scott McNealy of Sun Microsystems. As with many famous quotations, he may not have said exactly that but this was certainly the spirit of his remarks.

Take a few examples of what this can mean. In America, an 18-year old student at Rutgers University, Tyler Clementi, was covertly filmed by his roommate as he became intimate with another man. The roommate streamed the video from his computer’s webcam online, for all the world to see. Distraught, Tyler jumped off the George Washington Bridge into the Hudson River and killed himself. (His farewell message on Facebook read: “Jumping off the gw bridge, sorry.”) In China, so-called “human flesh search engines” identified and hounded a woman called Wang Yu, who had been privately filmed by a friend crushing a kitten with her high heels. When Google launched its social network called Buzz, a woman known by the alias of “Harriet Jacobs”, who was living in hiding from a physically abusive parents and husband, found all her personal contacts from her Gmail account shared with all others. “My privacy concerns are not trite,” she wrote in her pseudonymous blog. “They are linked to my actual physical safety.”

Are we happy to settle for that? If not, what can we do about it? When you registered with an online or mobile service you almost certainly clicked an “Accept” button on a small-print legal document called something like Terms and Conditions. Did you stop to read it? I don’t. Even if we had, we would have found a lot of catch-all, legal wording. (I’m afraid that applies to this website too, but we have spelled out our Privacy policy as clearly as possible here [insert link].)

If we believe that free speech (and a good society altogether) requires some privacy, we need to understand better how much privacy we are giving away – and make a fuss about it if we think it’s too much. Even if these service providers have a dominant market position in your country, they are still dependent on your business. And some of them, some of the time, do respond to public pressure. A public outcry forced Google to suspend and substantially improve its Buzz network, and subsequently subsumed it in Google+, and Facebook to withdraw its Beacon targeted advertisement system.

There are relatively simple technical steps you can take to reduce the amount of data gathered on you both by state agencies and by what cyberheretic Jaron Lanier provocatively calls “spying/advertising empires” such as Google and Facebook. Partly responding to such criticism, Google and other search engines have made it simpler for people to switch to a more anonymous form of search. The Electronic Frontier Foundation, which is a pioneer in this field, has designed a Firefox extension called HTTPS everywhere, which encrypts your communications with a number of major websites. You can use free software called Tor to help protect your privacy online.

But what if you have in the past freely shared things about yourself, which you now wish you had not? Take your private photos on Facebook for example. (Facebook now has the largest photo collection in the world.) Suppose you are embarrassed by those teenage high jinks. Suppose you fear that you may be refused a university place or a job because of what’s up there. After all, we know that employers and universities do go trawling online to see what they can find about applicants. What can you do?

Facebook’s current Statement of Rights and Responsibilities says that your photos remain your intellectual property (IP), but “you grant us [Facebook] a non-exclusive, transferable, sub-licensable, royalty-free, worldwide licence to use any IP content that you post on or in connection with Facebook (IP Licence). This IP Licence ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.” (My italics.) So, yes, you can delete your past, but if those embarrassing photos were shared with your friends (in the extended, Facebook sense of the word), who shared them with their friends, then unless you can get them all to delete them, the embarrassing photos will still be up there. It would be easier to close Pandora’s box.

Should it be made easier? Should we have a more extensive “right to be forgotten”? If so, what should it cover? Who should or could enforce it? And how? Germany, for example, has a law, which says that after a certain period of time has elapsed, a person’s previous criminal convictions may not be reported. Like Germany itself after 1945, these individuals should have a chance to make a fresh start. Lawyers for German citizens tried to get Google to take down public reports of their prior convictions, even on the worldwide search engine. Google resisted.

The EU is one of the world’s most influential norm-setters in relation to privacy and data protection. Its Data Protection Directive has been described as setting the gold standard for privacy. In 2012, it will be coming up with a proposal for a revised data protection directive, taking account of many of the technical innovations discussed here – and perhaps also introducing elements of a “right to be forgotten”. We will be debating that as it emerges.

The most obviously damaging public exposures of private life are those which reach millions of people through the mass media. In summer 2011, Britain was convulsed by the revelation that newspapers owned by Rupert Murdoch had illegally hacked into the mobile phones of numerous celebrities, royalty and even crime victims to get these stories. But even if criminal means are not used, the routine intrusions into the private life of film stars, footballers and other celebrities – not to mention ordinary people who get caught up in a particular story – are not justified by the public interest. In the wake of the Murdoch hacking revelations, a line of celebrities, from the author J K Rowling to the film star Hugh Grant, but also the parents of murdered or missing children, queued up to tell public inquiries how their private lives had been grossly intruded upon by rapacious media. And Greg Miskiw, the former news editor of the Murdoch-owned tabloid News of the World, is reported to have told one of his reporters, “That is what we do; we go out and destroy people’s lives.” We say more about this under the (closely related) next principle, on defending your reputation [P9].

When those affected hire lawyers to block publication, citing their right to privacy, tabloid editors protest that these are attempts to strangle free speech. Sometimes this is true: rich, powerful people (and corporations) want to cover up facts that the public should know. Often it is humbug: what the editors call “the public interest” is nothing more than “what interests the public”. In Europe, the courts then have to make individual judgments, balancing the free speech rights enshrined in Article 10 of the European Convention on Human Rights against the privacy rights guaranteed by Article 8.

But why should addressing this problem be left to the courts, after the event? So long as we buy those newspapers or visit those scandal-mongering websites, we encourage their misbehaviour. If we disapprove in principle of such revelations, but read them with avid interest, we are hypocrites too. Michael Kinsley summarises his experience as editor of the online magazine Slate, where he received protesting emails about salacious detail on Bill Clinton’s sexual encounters with Monica Lewinsky: “Their emails say no no, but their mouse clicks say yes yes.”

So in this area of free speech, too, what happens does not just depend on what governments, courts or regulators do. It also depends on what we do. We can refuse to buy those papers, visit those websites and feed intrusive social media. We can tighten our privacy settings, and demand better ones. Even in a world transformed and opened up by new technologies of communication, a degree of privacy remains not only an important limit on but also a condition for freedom of expression.


Syndicate content