Table Of Contents
In the world of blockchain technology and cryptocurrencies, the right to privacy is usually taken as a given. The entire sector stems from the cypherpunk group, which regarded privacy as one of its most important fundamental values. There is a whole offshoot of cryptocurrencies that is very specifically focused on financial privacy, and the Bitcoin development team is still working hard to add privacy features to the system.
Once you delve into this specific domain, after a while you will notice that a lot of attention is paid to the how and what with regards to privacy, but that there is virtually no explanation given as to why privacy is important. Most articles do not go much further than the necessity of privacy to keep the state at bay. Most articles or websites go so far as to give no reason for privacy at all, but apparently assume that everyone knows why privacy is necessary.
It was intuitively clear to me that privacy is important, but I could not substantiate it. That is why I started researching, and I hope that this personal research will provide material for others in our sector to build on.
While researching for this article, it quickly became clear to me that it is impossible to give a complete overview on this topic: it is too broad, and it is complex. It is therefore by definition not complete, and that is not my intention. My wish is that after finishing this article the reader has an idea of several not immediately obvious topics related to the subject of privacy, and that she can independently search for more information.
It is impossible to talk about privacy without talking about the flip side of the same coin: publicity. It is precisely the dividing line between what we consider private and what we consider public what we are talking about.
When is something public? When is something private? And who or what determines the dividing line and when it may be crossed?
Today, we are instinctively inclined to say what we determine this ourselves. At the same time, we live in a time when we are stimulated to disclose much more information and we also give in to this incentive to a great extent.
Of course, we may consider this a good trade. We receive something in return for disclosing certain personal information, such as what we eat, how we dress or what our political preferences are: likes, comments, attention. In that case, there may be no problem.
Yet we also know instances where personal data has been published inadvertently and shows up later and has consequences beyond what was expected. This can lead to job losses, reputation losses and worse.
It sometimes seems like we are living a celebrity cargo cult in which we sacrifice our private data to force fame from the gods. We forget that real celebrities generally regret the loss of their personal space and do everything they can to guard the scarce personal space they have left.
Technology enables us to share information on a large scale. It seems to be a rule that if information can be shared, it will be shared. We are constantly leaking information that is highly private, from our location to our purchasing habits, likes and dislikes. A good fifty years ago it would have been almost taboo to share this information in public. Today, we no longer even think twice about sharing it.
There is a risk there, and in this article, I want to map out a number of these risks in the tangible and intangible field.
Before I start with that, I think it is useful to delve deeper into the dividing line between public space and private space and to sketch a brief overview of the relatively short history of our current concept of privacy.
To get a grip on the fluid dividing line between private and public, I want to work with a relatively simple model to capture different concepts of private and public sphere. I will use a simple distinction between active and passive publicity and active and passive privacy.
The ideal situation that we want to strive for in a free society is that what you do in your private sphere does not affect your functioning in the public sphere, provided that what you do in your private sphere does not have negative consequences for someone else’s private sphere or the public sphere.
This means that privacy guarantees that your functioning in the public sphere, whether passive or active, is not hindered. The examples I will give later in this article of the risks of breaches of your privacy can all be described in this using this definition.
What do I mean by the active and passive forms of private and public, or more precisely, privacy and publicity?
The distinction is this: the passive forms refer to the situation that we can reasonably expect to encounter without having to perform further actions. The active forms refer to the situation where we (need to) take action to increase either our privacy or publicity.
Passive privacy refers to the state in which you isolate yourself and do not have to do anything else. As soon as I enter my home, I find myself in a state of passive privacy. I can reasonably expect that only my loved ones will have access to my body, my thoughts, and my emotions. The same situation arises when I enter a public toilet or enter a hotel room.
Passive publicity refers to the state in which I enter public space. As soon as I leave my home, I find myself in a state of passive publicity. In theory everyone could recognize me, but in practice only the people I regularly meet will do so. Paradoxically, the state of passive publicity is in many ways more anonymous than the state of passive privacy, as the intensity of the interactions are inversely proportional: my loved ones interact intensively with me, the people I meet on the street are superficial . Yet in the state of passive publicity, I can reasonably assume that no one will seek more than a superficial interaction with me, nor that I can claim it. In this state, everyone I meet has access to me, but they are kept at a distance by social norms.
Active publicity is the state that corresponds to the common usage of the term “publicity”. With active publicity I deliberately show more of myself, whether sincerely or not, in the public space. By public space I mean either the physical space, or the wider public space through other media such as the internet or TV. With active publicity I want to increase my visibility and recognisability to achieve a certain goal. That goal can be professional, such as when an actor or a politician advertises himself, or it can be personal, such as when I want to address a potential partner or send a signal that I am available as a partner. The most important distinction is that with active publicity I deliberately take steps to reveal several personal matters in the expectation of receiving something in return.
Active privacy is the state in which I make an effort to shield more of my personal qualities from the public space. Some of these methods are trivial and well known: I lock my doors at night, I close the curtains at night and I make sure that no one can read on my laptop or phone. However, I can also use more far-reaching methods to protect my privacy. Most of the methods known are mostly related to the online world: We can use technical means to make sure that our location is kept secret, and that our communication are only accessible by the recipient, but we can also choose not to reveal our real name, age and gender. All this belongs to active privacy. As with active publicity, it is distinctive that I deliberately take steps to make personal data inaccessible.
With both active forms we see that I can no longer reasonably expect that my data is public or private. That depends on my own efforts. There are, of course, differences of opinion as to what reasonably belongs to the passive states. This depends on social norms and conventions, and influences legislation about these conventions. Although we may not agree on the precise interpretation of these types of concepts, there is indeed a widely supported consensus that certain limits must be respected. That is what the vague concept of “reasonableness” refers to. Where this is unclear, discussion is needed to provide more clarity, with a judge in between where necessary.
In that same context, I would also like to point out that both active forms seem to be viewed with a certain degree of suspicion. Active publicity quickly leads to resentment in the environment for not asking for access to certain personal data, while active privacy is more likely to lead to suspicion.
I hope that this relatively simple model with two axes Private – Public and Active – Passive will provide a framework for working with these concepts.
Now, in addition to an understanding of these two extremes, it is also useful for a good understanding of privacy to have some insight into the development of the concept of privacy as we are now familiar with it.
Privacy as a theme is a recent development.
In the United States, it was first highlighted in a famous 1890 article entitled “The Right to Privacy” by Samuel D. Warren and Louis D. Brandeis[i].
The main thesis of their article is that the authors isolate a right that amounts to “the right to be left alone”. This was a new idea because previously the law only recognized breaches of privacy where direct harm, either through reputational or property damage, was at stake. Warren and Brandeis were the first to identify a broader right to privacy, with associated penalties and indemnities.
It then took at least another sixty years until Edward J. Bloustein in his article “Privacy as an aspect of human dignity – An Answer to Dean Prosser”[ii] further explored the subject, and defined invasion of privacy as a separate category of tort, distinguished from, for example, defamation, libel and unlawful use of image rights.
Bloustein argues in his article that the damage caused by an invasion of privacy is not material, but spiritual in nature: violation of privacy destroys individual dignity and integrity and is an attack on individual freedom and independence.
The man who is compelled to live every minute of his life among others and whose every need, thought, desire, fancy, or gratification is subject to public scrutiny, has been deprived of his individuality and human dignity. Such an individual merges with the mass. His opinions, being public, tend never to be different; his aspiration, being known, tend always to be conventionally accepted ones; his feelings, being openly exhibited, tend to lose their quality of unique personal warmth and to become the feelings of every man. Such a being, although sentient, is fungible; he is not an individual. (Bloustein, 1964, p. 188)
What makes Bloustein’s article interesting is that he explicitly refers to the rise of mass media as the reason why privacy had to be explicitly defined as a right for the first time in the days of Warren and Brandeis.
Even before 1890, there were, of course, invasions of privacy, but these had much less impact, because the dissemination of the disclosed facts was much smaller and mostly remained local. Until then, the mutual social control of these types of violations had also been an inhibiting factor. After all, if you yourself can expect such an infringement from your neighbours, then the threshold for making your infringement public is a lot higher than if you can do this relatively anonymously and without consequences.
The right to privacy is therefore intertwined with the emergence of new technological means that enable the dissemination of disclosures on a large scale and within a short period of time.
In the Netherlands, this discussion was conducted in the context of the reform of the Constitution, which was finally completed in 1983. This sweeping constitutional change added a series of fundamental rights. The discussion about the how and why of these fundamental rights is very interesting and is freely accessible online[iii].
The subject of privacy, particularly in the context of increasing technological means to infringe it, is also extensively discussed. We cannot go into this too deeply in the context of this article, but I invite everyone who is interested to read the discussions held in parliament about the topic.
I will limit myself here to the cited definition that is used in these texts and which therefore forms the basis of the constitution as we know it in the Netherlands. Privacy is defined here as “the right to live one’s own life with as little outside interference as possible. ”
This is essentially a paraphrase of the definition used by Warren and Brandeis in their 1890 article.
Furthermore, the text explicitly states that privacy is the foundation of our legal order:
"Respect for privacy is rightly regarded in our society as an essential condition for a dignified existence and as one of the foundations of our legal order."
It is this last observation that we will encounter later in this article about the risks of an invasion of privacy.
In the remainder of this article, I would therefore like to delve deeper into the consequences that breaches of our privacy can have, both directly materially and for our society as a whole.
I cited a quote from Edward Bloustein earlier, which I believe is central to me when we talk about the consequences of invasions of our privacy.
Bloustein argues that when our actions and thoughts are constantly public and visible, then we lose our individuality. We lose our uniqueness and blend in with the crowd. When you are seen, you adapt, both in behaviour and in thoughts.
We all know the risk of coming forward: all your actions are under a magnifying glass, and you will be held accountable for them.
It is not without reason that we have the proverb in Dutch: “Whoever sticks his head above ground level, his head will be chopped off”. We also come across similar proverbs in other languages, such as the “Tall Poppy Syndrome” in English.
The above examples are about people who voluntarily step forward, such as artists, politicians, and business leaders. Even though we see examples where they clearly suffer from unwanted breaches of privacy, we can at least say that they went into this situation voluntarily.
That is different when it concerns the average person. What happens when it ends up in the public eye in a similar way, without being asked to do so?
For that we must go back in time a few centuries.
In 1787 the British philosopher Jeremy Bentham wrote the book “Panopticon, or The Inspection House”[iv]. In this book Bentham describes a new design for a prison. This new prison is circular, and all cells are transparent on the side facing the centre of the building. This way it is possible to have only one guard in the middle who can keep an eye on all the prisoners. In Bentham’s design, it is not possible for the inmates themselves to see the guard, eliminating the need to have a guard present at all. The mere fact that they think they are being watched is enough to achieve the same effect as actually being observed.
The philosopher Michel Foucault in 1975 in his work “Discipline and Punish”[v] explains the panopticon as a metaphor. Foucault describes how our society displays more and more characteristics of a panopticon: we know that we are constantly being observed and therefore start to behave as if we are being observed. This makes our behaviour more uniform and we tend to conform even when we are not actually perceived. Foucault sees the panopticon and panoptic society as a disciplining force that ensures that exceptionally large control can be exercised by a small group.
The panopticon is a useful metaphor for the kind of society we find ourselves in today. We live in glass houses, and we can be constantly observed.
This concludes my general overview about privacy. I hope it provides, at least in part, a clearer theoretical framework for the most common concepts around privacy.
The above is certainly not an exhaustive treatment of this theme, but space is simply too limited. At the end of this article there is a short bibliography for those who want to read more.
In the remainder of this article I will use the article “ Driving to the Panopticon, A Philosophical Exploration of the Risks to Privacy Posed by the Highway Technology of the Future ”[vi] by Jeremy H. Reiman, a political philosopher who worked, among other things, in the fields of privacy and identity .
The underlying question I ask is: what are the risks when our privacy is infringed upon? What is actually lost?
The most obvious damage, and the one most visible, is material damage. Material damage can be done to your body, your personal property or it can be related to limiting your physical freedom of movement. All these forms overlap with privacy.
For example, if your private data becomes public, you are exposed to several dangers that you would otherwise not encounter. Think of the most direct forms: burglary, robbery, kidnapping, rape, and other violence. In all these forms, someone enters your private sphere, either of your material possession or that of your body.
In the event of a burglary, someone literally breaks into your private space and can then do what they wish there. Your property can be stolen, or your property can be damaged.
The theft of your private data such as bank account numbers, passwords, physical keys does not seem directly material, but usually has direct material consequences. These things are not directly valuable, but they do provide direct access to value. For example, it may happen that no objects are stolen from your home, but that the burglary does cause financial or material damage.
Today, hackers often steal private data online. Sometimes because someone leaves their digital door wide open, sometimes through tricks to talk themselves in (phishing and spear-phishing, sometimes by guessing the key (brute force attacks) and sometimes by forcing the door. These immaterial thefts usually end up causing material damage, either by directly looting bank accounts, or by placing orders in someone else’s name, or else by asking for a ransom to release acquired accounts.
These material breaches of our privacy or private domain are understandable to most people. When there is a theft, we can immediately see what has been taken from us. Nor would I be surprised that most people would agree that these types of privacy breaches, whether physical or digital, are harmful and should be countered.
However, it becomes more difficult when the discussion turns to intangible damage to privacy.
However, in addition to material damage from invasions of privacy, there are many other ways in which people can be harmed.
These forms of damage are not directly measurable, but they are real and have more far-reaching effects than the aforementioned forms of material damage. What makes it even more difficult is that with property damage, it is usually clear that we are dealing with criminal behaviour.
The intangible damage privacy breaches are on the contrary not only caused by criminals, but also by people of whom we expect services or who we trust to protect us: our government and its officials.
This is one of the problems surrounding the immaterial damage in privacy breaches: it is difficult to repair the damage. If information about your life becomes public knowledge, it cannot be returned to a state of privacy. This is the difference between data and possession. You can return a stolen car, but not stolen facts.
This is precisely why it is especially important to protect the intangible matters that affect our privacy, both from malicious parties and those from whom we request services.
In the discussion about these types of privacy breaches, we often quickly hear the mantra “I have nothing to hide”. However, this sentence does not get to the heart of the problem.
Firstly, this sentiment incorrectly refers to purely one’s own life that should be kept private. However, we never live in a vacuum. If we know something about you, we also know something about the people you interact with. This can be family, but also something about your friends, your business relations, or your neighbours.
Second, the misconception is that privacy is all about hiding things. Hiding tends to have a negative connotation. If you have something to hide, there is a chance that it is illegal or at least not socially acceptable. But privacy is also about being able to lock your toilet door, keeping what is happening in your bedroom to yourself, and keeping your conversations confidential. Here too there is a social component. Maybe you do not have a problem with your relationship being known, but does that also apply to your partner?
Third, “Having nothing to hide” is simply incorrect. You do have things to hide, but you may never have found yourself in the situation where it is relevant. I can claim that I do not have to learn to swim because I do not live near water, but that doesn’t help me if I unexpectantly fall into the water.
In his article, Jeremy Reiman describes four consequences that go far beyond a loss of possession, which I would like to list here.
Reiman, following Bloustein as well as Warren and Brandeis, argues that a loss of privacy leads to a loss of Self.
Below is a brief overview of the dangers that a loss of privacy can lead to, according to Reiman.
A lack of privacy makes people vulnerable to the influence of others on their behaviour.
This includes blackmail and extortion, or the denial of privileges based on behaviour that is unpopular or unconventional. This may sound like a far-off show, but for many minorities this is still a daily reality. Think religious minorities, LBGTQI, political opponents and so on. Even in the Netherlands there are people who are better off keeping certain behaviours private in connection with social stigma. Think of sex workers, who risk loss of job, benefits, home and social contacts even though sex work is legal in the Netherlands.
Reiman further argues that even the suspicion that their actions might be known and that others might punish them for them can create fear in people that limits their freedom of action. We need only look at how many people still struggle to openly declare their sexual orientation to understand this example.
A lack of privacy per se limits our freedom. Privacy stands or falls with our personal control over who has access to our private information.
In one definition of privacy, this control itself is called privacy. Here I call it, with Reiman, a secondary and necessary addition to privacy, where “privacy” is the state of being shielded from the public space.
If we are not in control of this private space ourselves, then we are denied privacy, for privacy is essentially the control of ourselves, be it the mental and spiritual or the physical side. The fundamental right to domestic safety is no less important than the fundamental right to physical integrity or freedom of thought.
The moment everyone would have free access to our body, home, or to our private data, we are de facto denied the freedom to make decisions about these ourselves. We can then no longer decide whether we want to withhold certain information from certain persons and thus lose an inner freedom that precedes the external freedom mentioned before.
Privacy is a right, but privacy is also a social ritual. When we are in a public space, we still observe rules that respect the privacy of others in this space: we do not touch people without permission, we do not read what is on their screens, and we do not listen in on their conversations.
These boundaries are not formal but are informal social boundaries that we learn at a young age. These rules are also fluid; when we walk on a busy shopping street, our personal space is smaller, and we are less likely to feel uncomfortable when people come closer. Our personal space in an open square, on the other hand, is much larger.
When we do not respect privacy, we break this ritual. Reiman points out that it is not without reason that the Panopticon is a design for a prison. In a prison, your rights to personal space is abrogated or limited because you have committed a crime.
The Panopticon, and the accompanying undisturbed “view from the outside”, symbolizes the disappearance of our individual sovereignty. We lose the idea of ourselves as a being that owns itself and has the right to make decisions about itself. In the Panopticon, the idea that we are at all times available to an authority outside of ourselves is confirmed time and again.
When time and again, not in words, but in the actual lived situation, a certain self-image is confirmed, then there is a good chance that someone will adopt this image for himself. When a child is told over and over that they are worthless and incompetent, they can start to take this as a given. Likewise, when we are constantly affirmed that it is normal for an outside party to see our innermost thoughts and feelings, we run the risk that we will start to see this as the norm.
Not for nothing Reiman ends his discussion on this theme with the biblical admonition:
"For what shall it profit a man, if he shall gain the whole world, but lose his soul?"
When, by using technology for convenience, we lose our self-image as a being that can dispose of itself, then we lose far more than we gain.
The last risk that Reiman cites has a description that he himself concedes is a vague mouthful.
To make it more concrete, let me start with the observation that an action done in public is different from the same action in a private setting.
If I have a conversation with a good friend, this conversation in a closed space will have a different charge than when I have the same conversation on a full terrace. Likewise, an argument between two people will be different than when this argument takes place on the street. We act differently in private than in public.
What is important to note is that this difference in charge does not depend on our actually being in public. This difference is also present when we think we are being perceived. When I have a conversation, and think that this conversation is being recorded, that conversation will be different than when I think it is not. Imagine thinking your bedroom is equipped with cameras and microphones. You will then behave differently in this space than if you think you are unobserved.
This is what Reiman points to when he says that our psychopolitical being changes by being perceived or by thinking that we are being perceived.
I think, more than 20 years after Reiman’s article has been written, we have a better idea of this risk than he had. For him it was speculation about the future, for us it is becoming more and more lived reality.
People who think they are perceived tend to display conformational behaviour. They act less risky, and generally express opinions that involve the least risk.
Action and thinking are linked and mutually influence each other. In this way, socially conventional behaviour can lead to socially conventional thinking, to the point that deviating from the norm becomes difficult even in thoughts.
In this context, Reiman quotes a quote from Edward Bloustein, who clearly states this danger and the resulting consequences:
The man who is compelled to live every minute of his life among others and whose every need, thought, desire, fancy, or gratification is subject to public scrutiny, has been deprived of his individuality and human dignity.
Brandeis, Bloustein and Reiman link privacy directly with human dignity, individuality, and a mature inner life. Because of this link, privacy lies at the root of democracy in the best sense: a society where everyone is free to think and feel what he or she wants and to express this.
A loss of privacy not only leads to a loss of freedoms, but it also leads to a situation in which people can no longer use these freedoms for themselves. It is then no longer necessary to abolish freedoms because a freedom that cannot be used is no freedom at all.
This is what the image, or reality of the Panopticon refers to: the prisoners become their own guards.
Given the above, it is not surprising that people want to protect themselves against invasions of their privacy. We can divide the defence mechanisms in different ways, for example into social and technical mechanisms, or as they are called in Reiman: formal and material means.
I have already discussed some of these mechanisms in the section dealing with public and private spheres. In the context of passive privacy, we are talking about the social conventions where we can reasonably expect to be observed. With active privacy we are talking about the social and technical means with which we actively ensure that our privacy is safeguarded.
Jeremy Reiman elaborates the resources as follows:
The formal means constiture the rules that protect the right to privacy. Such rules can be legal (laws) or based on customs and current morals (such as the rule that you do not disturb someone in the toilet, or that you do your best in public places not to hear about the conversations that taken to you.)
Material means are the physical means that prevent others from learning about your private information and circumstances. Think of fences, doors, locks, and curtains, but clothing also falls under this definition. I would like to add digital resources, such as encryption, to this list.
We can see an overlap of the various means here, because a door is a material means of demarcating and protecting the private sphere, but we count on the formal means of the social convention that you do not open a locked door without knocking to make it effective. Again, all of this has to do with what we think we can reasonably expect under passive privacy.
Formal and material means do not necessarily need to go together. In the example of not listening to conversations in a public space, there is no material protection, but formal protection alone usually ensures privacy.
It also works the other way around: Formally, the police sometimes have the right to search your computer. However, if you have encrypted your data and you do not hand over the key, there is no way to assert that formal right.
The above also shows a particularly important point: material protection of privacy is stronger than formal protection.
Any agreement can be broken and, outside social and legal norms, there is no protection against such an infringement. It is of course possible to receive compensation afterwards through the legal system for such a breach, but at that point the damage has already been done.
In the light of the above, it may be more understandable why there are groups of people who want to put more effort into material means to protect their privacy both physically and digitally. Relying solely on formal protection is relying on unwritten rules, or in the case of the government, on a paper shield. Especially in an increasingly digitized world where data can be disseminated at great speed and infinitely duplicated, this is not such a strange attitude at all.
At this point, I want to come back to the beginning of this long article: it is precisely in this area that the movement from which cryptocurrencies originated had a lot to offer. The cypherpunk movement was driven by providing material means to ensure privacy.
To quote from “A Cypherpunk’s Manifesto”[vii]:
We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information.
We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.
When I started this article, my plan was to devote about three pages to this topic. It soon became clear that even beginning an overview of this topic needed a lot more space than I expected.
One of the first things I discovered when studying this topic was that the concepts of privacy and mass communication cannot be separated from each other. Precisely because the possibility of sharing information quickly and widely has arisen and grown in the last century, the concept of privacy was also necessary. Before this time, it simply was not possible to harm people in the ways available to us today.
A second discovery was that privacy goes hand in hand with an image of humanity in which the individual is valuable in itself. I am not talking about a form of individualism, but about a recognition of the worth of a person, with all the associated rights that this person has a right to go through life without harm and that any damage to one person harms society itself.
A third discovery was that privacy goes hand in hand with an appreciation of independent thinking. A positive appreciation of independent thought underlies all concerns about a loss of privacy as described above. Without this valuation, these concerns would have no foundation.
Not a discovery, but more of an affirmation of the things I have already dealt with is that while formal privacy protection is a great asset, it depends on the good faith of the person who promises to respect your privacy. Material privacy protections are legitimate and understandable protections that we should not compromise but should rather protect.
The main conclusion that I wish to draw myself is that privacy as a concept is a political-philosophical choice, and as such is also mentioned in the articles and legislative proposals that I have consulted. Privacy is the basis of our ideal democratic society. Without this privacy, and the accompanying freedom of thought, feeling and action, provided the latter does not infringe on the same for other members of society, it cannot survive. I therefore regard democratic governments that violate privacy as acting against the spirit of their own foundations.
This research started out of a surprise why there was so little material available on this topic within the blockchain world. That surprise remains. Due to its one-sided fixation on purely financial services, the industry seems to have lost sight of the fact that Bitcoin was based on financial surveillance being a problem in a much broader sense. Privacy coins seem to reflect this narrow view that just defending financial data is enough and lose sight of the fact that it is part of a larger issue.
On the other hand, blockchain technology, with all the possibilities to make data easily traceable and thus subject to control, is incredibly worrisome from a privacy point of view, and projects seem to be putting themselves in service to the companies that are premised on just this kind of control.
I hope this article inspires and gives some people food for thought, and that they can use it as a basis for their own thoughts.