Minimum Harm by Design: Reworking Privacy by Design to Mitigate the Risks of Surveillance
Particular applications of Privacy by Design (PbD) have proven to be valuable tools to protect privacy in many technological applications. However, PbD is not as promising when applied to technologies used for surveillance. After specifying how surveillance and privacy are understood in this paper, I will highlight the shortcomings of PbD when applied to surveillance, using a web-scanning system for counter-terrorism purposes as an example. I then suggest reworking PbD into a different approach: the Minimum Harm by Design (MHbD) model. MHbD differs from PbD principally in that it acknowledges that the potential harms of surveillance bear not only upon privacy but also values that define the very constitution of a society and its political character. MHbD aims to identify and systematise the different categories of such harms and links them to current theories on surveillance on the one hand and on possible design measures on the other.
KeywordsChilling effect Contextual integrity Data mining Discrimination Minimum harm by design Privacy Privacy by design Social sorting Surveillance
I am grateful to two anonymous reviewers and to Claudia Diaz and Maria Grazia Porcedda for their comments on earlier drafts of this article. I also gratefully acknowledge the comments made by the participants in the Third Dutch/German Workshop in Philosophy of Technology (Technische Universität Darmstadt, June 2014), the Delft Philosophy Colloquium (Technische Universitait Delft, March 2015), the State of the Union Conference 2015 (European University Institute, Florence) and the CPDP (Computers, Privacy & Data Protection) Conference 2016 (Brussels). Part of the research presented in this chapter was funded by the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no. 284725 as part of the SURVEILLE (Surveillance: Ethical Issues, Legal Limitations, and Efficiency) Project.
- Agamben, Giorgio. Homo Sacer: Sovereign Power and Bare Life. Stanford: Stanford Univ. Press, 1998.Google Scholar
- Albrechtslund, Anders. ‘Online Social Networking as Participatory Surveillance’. First Monday 13, no. 3 (2008). http://firstmonday.org/ojs/index.php/fm/article/view/2142.
- Balasch, Josep, Alfredo Rial, Carmela Troncoso, Christophe Geuens, Bart Preneel, and Ingrid Verbauwhede. ‘PrETP: Privacy-Preserving Electronic Toll Pricing’, In 19TH USENIX SECURITY SYMPOSIUM, 63–78. USENIX Association, 2010.Google Scholar
- Barocas, Solon, and Andrew D. Selbst, ‘Big Data’s Disparate Impact’. California Law Review 104 (August 14, 2015), http://papers.ssrn.com/abstract=2477899. Accessed March 24, 2016.
- Bennett, Colin J. ‘Review of Nissenbaum’s Privacy in Context’. Surveillance & Society 8, no. 4 (April 28, 2011): 541–43.Google Scholar
- Bier, Christoph, Pascal Birnstill, Erik Krempel, Hauke Vagts, and Jürgen Beyerer. ‘Enhancing Privacy by Design from a Developer’s Perspective’. In Privacy Technologies and Policy, edited by Bart Preneel and Demosthenes Ikonomou, 73–85. Lecture Notes in Computer Science 8319. Berlin Heidelberg: Springer, 2014.Google Scholar
- Bigo, Didier. ‘Globalized (In)Security: The Field and the Ban-Opticon’. In Terror, Insecurity and Liberty. Illeberal Practices of Liberal Regimes after 9/11, edited by Didier Bigo and Anastassia Tsoukala, 10–48. London and New York: Routledge, 2008.Google Scholar
- Cavoukian, Ann. ‘Privacy by Design’. 2009. https://www.privacybydesign.ca/content/uploads/2009/01/privacybydesign.pdf. Accessed March 24, 2016.Google Scholar
- ———. ‘Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era’. In Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, edited by George O.M. Yee, 170–207. Hershey: Information Science Reference, 2012.Google Scholar
- Cavoukian, Ann, and Khaled El Emam. ‘Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism’, September 2013. https://www.ipc.on.ca/images/Resources/pps.pdf. Accessed March 24, 2016.
- Cavoukian, Ann, and Jeff Jonas. ‘Privacy by Design in the Age of Big Data’, June 2012. https://privacybydesign.ca/content/uploads/2012/06/pbd-big_data.pdf. Accessed March 24, 2016.
- Cavoukian, Ann, and Marilyn Prosch. ‘The Roadmap for Privacy by Design in Mobile Communications: A Practical Tool for Developers, Service Providers, and Users’, December 2010. https://www.ipc.on.ca/images/Resources/pbd-asu-mobile.pdf. Accessed March 24, 2016.
- Coudert, Fanny. ‘Accountable Surveillance Practices: Is the EU Moving in the Right Direction?’ In Privacy Technologies and Policy, 70–85. Proceedings of the Second Annual Privacy Forum, APF 2014. Cham: Springer, 2014.Google Scholar
- Custers, Bart, Toon Calders, Bart Schermer, and Tal Zarsky, eds. Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases. Berlin, Heidelberg: Springer, 2013.Google Scholar
- Dandeker, Christopher. Surveillance, Power and Modernity: Bureaucracy and Discipline from 1700 to the Present Day. Cambridge: Polity Press, 1990.Google Scholar
- Danezis, George, Josep Domingo-Ferrer, Marit Hansen, Jaap-Henk Hoepman, Daniel Le Métayer, Rodica Tirtea, and Stefan Schiffner. ‘Privacy and Data Protection by Design—from Policy to Engineering’. Report/Study. ENISA, December 2014. https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design.
- De Hert, Paul, and David Wright. ‘Introduction to Privacy Impact Assessment’. In Privacy Impact Assessment, edited by David Wright and Paul De Hert, 3–32. Dordrecht; Heidelberg: Springer, 2012.Google Scholar
- Deleuze, Gilles. Foucault. Frankfurt am Main: Suhrkamp, 2001.Google Scholar
- ———. ‘Post-scriptum sur l es sociétés de contrôle’. L’autre Journal 1 (1990).Google Scholar
- Deleuze, Gilles, and Félix Guattari. A Thousand Plateaus: Capitalism and Schizophrenia. London: Bloomsbury, 2013.Google Scholar
- Finn, Rachel L., David Wright, and Michael Friedewald. ‘Seven Types of Privacy’. In European Data Protection: Coming of Age, edited by Serge Gutwirth, Ronald Leenes, Paul De Hert, and Yves Poullet, 3–32. Dordrecht: Springer, 2013.Google Scholar
- Foucault, Michel. Discipline and Punish: The Birth of the Prison. New York: Vintage Books, Alexander Street Press, 1979.Google Scholar
- Fried, Charles. ‘Privacy. [A Moral Analysis]’. In Philosophical Dimensions of Privacy: An Anthology, edited by Ferdinand David Schoeman, 203–22. Cambridge: Cambridge University Press, 1984.Google Scholar
- Galič, Maša, Tjerk Timan, and Bert-Jaap Koops. ‘Bentham, Deleuze and Beyond: An Overview of Surveillance Theories from the Panopticon to Participation’. Philosophy & Technology, May 13, 2016, 1–29. doi:10.1007/s13347-016-0219-1.
- Gandy, Oscar H. Coming to Terms with Chance: Engaging Rational Discrimination and Cumulative Disadvantage. Farnham: Ashgate, 2009.Google Scholar
- ———. ‘Data Mining, Surveillance, and Discrimination in the Post-9/11 Environment’. In The New Politics of Surveillance and Visibility, edited by Kevin D. Haggerty and Richard V. Ericson, 363–84. Toronto: University of Toronto Press, 2007.Google Scholar
- ———. The Panoptic Sort: A Political Economy of Personal Information. Boulder: Westview Press, 1993.Google Scholar
- Gürses, Seda, Carmela Troncoso, and Claudia Diaz. ‘Engineering Privacy by Design’, paper presented at the Conference on Computers, Privacy, and Data Protection (CPDP), 2011. https://www.cosic.esat.kuleuven.be/publications/article-1542.pdf. Accessed March 24, 2016.Google Scholar
- Haggerty, Kevin D. ‘Tear down the Walls: On Demolishing the Panopticon’. In Theorizing Surveillance : The Panopticon and beyond, edited by David Lyon, 23–45. Cullompton: Willan, 2009.Google Scholar
- Haggerty, Kevin D., and Richard V. Ericson. ‘The New Politics of Surveillance and Visibility’. In The New Politics of Surveillance and Visibility, edited by Kevin D. Haggerty and Richard V. Ericson, 3–25. Toronto: University of Toronto Press, 2007.Google Scholar
- Kamiran, Faisal, Toon Calders, and Mykola Pechenizkiy. ‘Techniques for Discrimination-Free Predictive Models’. In Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases, edited by Bart Custers, Toon Calders, Bart Schermer, and Tal Zarsky, 223–41. Berlin, Heidelberg: Springer, 2013.Google Scholar
- Kenner, Alison Marie. ‘Securing the Elderly Body: Dementia, Surveillance, and the Politics of “Aging in Place”’. Surveillance & Society 5, no. 3 (September 1, 2002): 252–69.Google Scholar
- Los, Maria. ‘Looking into the Future: Surveillance, Globalization and the Totalitarian Potential’. In Theorizing Surveillance: The Panopticon and beyond, edited by David Lyon, 69–94. Cullompton: Willan, 2009.Google Scholar
- Lyon, David, ed. Surveillance as Social Sorting: Privacy, Risk, and Digital Discrimination. London: Routledge, 2003.Google Scholar
- ———. Surveillance Studies: An Overview. Cambridge: Polity Press, 2009.Google Scholar
- Ma, Zhendong, Denis Butin, Francisco Jaime, Fanny Coudert, Antonio Kung, Claire Gayrel, Antonio Mana, et al. ‘Towards a Multidisciplinary Framework to Include Privacy in the Design of Video Surveillance Systems’. In Privacy Technologies and Policy, 101–16. Proceedings of the Second Annual Privacy Forum, APF 2014. Cham: Springer, 2014.Google Scholar
- Mann, Steve, Jason Nolan, and Barry Wellman. ‘Sousveillance: Inventing and Using Wearable Computing Devices for Data Collection in Surveillance Environments.’ Surveillance & Society 1, no. 3 (September 1, 2002): 331–55.Google Scholar
- Marthews, Alex and Catherine E. Tucker. ‘Government Surveillance and Internet Search Behavior’, SSRN Scholarly Paper (Rochester, NY: Social Science Research Network, 29 April 2015), https://papers.ssrn.com/abstract=2412564.
- Nissenbaum, Helen Fay. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford: Stanford Law Books, 2010.Google Scholar
- Orrù, Elisa. ‘Effects and Effectiveness of Surveillance Technologies: Mapping Perceptions, Reducing Harm’, European University Institute Working Papers, (2015), http://cadmus.eui.eu//handle/1814/37340.
- Panichas, George E. ‘An Intrusion Theory of Privacy’. Res Publica 20, no. 2 (May 1, 2014): 145–61.Google Scholar
- Penney, Jon. ‘Chilling Effects: Online Surveillance and Wikipedia Use’, Berkeley Technology Law Journal 31, no. 1 (2016): 117–82.Google Scholar
- Porcedda, Maria Grazia. ‘Public-Private Partnerships: A “Soft” Approach to Cybersecurity? Views from the European Union’. In Security in Cyberspace: Targeting Nations, Infrastructures, Individuals, edited by Giampiero Giacomello, 183–211. New York: Bloomsbury, 2014.Google Scholar
- Raab, Charles D. ‘Privacy, Social Values and the Public Interest’. Edited by Andreas Busch and Jeannette Hofmann. Politik und die Regulierung von Information’ [‘Politics and the Regulation of Information’], Politische Vierteljahresschrift, 46 (2012): 129–51.Google Scholar
- Raab, Charles D. ‘The Future of Privacy Protection’. In Trust and Crime in Information Societies, edited by Robin Mansell and Brian Collins, 282–318. Cheltenham: Edward Elgar, 2005.Google Scholar
- ———. ‘Surveillance: Extending the Limits of Privacy Impact Assessment’, in In Privacy Impact Assessment, edited by David Wright and Paul De Hert, 363–83. Dordrecht; Heidelberg: Springer, 2012.Google Scholar
- Regan, Priscilla M. Legislating Privacy. London: University of North Carolina Press, 1995.Google Scholar
- Rössler, Beate. ‘New Ways of Thinking about Privacy’. In The Oxford Handbook of Political Theory, edited by John S. Dryzek, 694–712. Oxford: Oxford University Press, 2006.Google Scholar
- ———. ‘Conceptualizing Privacy’. California Law Review 90 (2002): 1087–1155. doi:10.2307/3481326. Accessed March 24, 2016.
- Stalder, Felix. ‘Privacy Is Not the Antidote to Surveillance.’ Surveillance & Society 1 (2009): 120–24.Google Scholar
- Thomson, Judith Jarvis. ‘The Right to Privacy’. Philosophy & Public Affairs 4 (1975): 295–314.Google Scholar
- Walsh, James P. ‘From Border Control to Border Care: The Political and Ethical Potential of Surveillance.’ Surveillance & Society 8, no. 2 (December 18, 2010): 113–30.Google Scholar
- Zarsky, Tal. ‘Transparency in Data Mining: From Theory to Practice’. In Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases, edited by Bart Custers, Toon Calders, Bart Schermer, and Tal Zarsky, 301–24. Berlin, Heidelberg: Springer, 2013.Google Scholar
- Zuboff, Shoshana. ‘Big Other: Surveillance Capitalism and the Prospects of an Information Civilization’, Journal of Information Technology 30: 75–89, April 4, 2015. http://papers.ssrn.com/abstract=2594754.