Read an Excerpt

Privacy, Security and Accountability

Ethics, Law and Policy

Rowman & Littlefield Publishing Group, Inc.

The Duty to Protect Your Own Privacy

Anita L. Allen

What good might privacy do or represent for us? Philosophers, lawyers, political theorists, and policy makers are hard at work seeking to understand the value of privacy. They are asking, for example, "Whether and, if so, why privacy is valuable in a democratic society, and what implications privacy has for the ways we see and treat each other." As summed up by Annabelle Lever, "Proponents of privacy believe that it promotes people's freedom, equality, and happiness. ... [P]rivacy can help to protect people from unjustified scorn, humiliation and recrimination, as well as from bribery and coercion." Privacy is indeed valuable for democratic societies like ours, in which people need the capacity to think and act independently. Privacy has value for individuals, and in the words of Julie Cohen, "generate[s] large positive spillovers for society."

The question I take up in this chapter is not, however, the familiar one of whether privacy has value — intrinsic or instrumental, personal or collective. Instead, it is a broad question about the ascription of ethical responsibility: in addition to any moral obligation to protect others' information privacy, do individuals also have a moral obligation to protect their own information privacy? Moreover, could protecting one's own information privacy be called for by important moral virtues, as well as obligations or duties? I broached the issue of protecting one's own privacy as a requirement of ethics in a recent book about physical and information privacies. But limited space and a broad, ambitious agenda prevented me from fully examining the case for and against the ascription of ethical duties to protect one's own privacy to individuals. So, I return to it here.

Safeguarding others' privacy is widely understood to be a responsibility of government, business, and individuals. The "virtue" of fairness and the "duty" or "obligation" of respect for persons arguably ground other-regarding responsibilities of confidentiality and data security. But is anyone ethically required — not just prudentially advised — to protect his or her own privacy? If so, how might a requirement to protect one's own privacy and related ethical virtues properly influence everyday choices, public policy, or the law? I want to test the idea of an ethical mandate to protect one's own privacy, while identifying the practical and philosophical problems that bear adversely on the case.

THE GREAT INFORMATION PRIVACY GIVE-AWAY

With respect to information privacy, the question of a duty to protect one's own privacy is an especially timely and important one. I focus on information privacy — as opposed to decisional or physical privacy — for that reason. We are in the midst of an Era of Revelation. Our time is characterized by what I term the "Great Privacy Give-Away." People are giving away more and more personal data to intimates and strangers for a variety of self-interested, altruistic, or civic-minded reasons.

Some scholars and other commentators have expressed admiration and support for individuals who choose freely to share personal information, and some have concluded that it is good for society that individuals are choosing to share personal data. Indeed, there can be good reasons to share, even what is deemed highly sensitive personal data, as a recent report of the Presidential Commission for the Study of Bioethical Issues found with respect to individuals' sensitive whole genome sequencing data sought by biomedical researchers.

In the United States and most other parts of the world, contemporary modes of communication feature extensive, high-technology-aided personal-information sharing that is enjoyable, rewarding, often practically necessary, and publicly beneficial. The benefits of information disclosure are sufficiently numerous, in fact, that it may strike some as facially implausible that there could be any such thing as an ethical obligation not to disclose. How could we be duty-bound to withhold information about ourselves?

Of course, we all recognize special professional duties of confidentiality and secrecy, which are specific modes of legally and ethically mandated information privacy. Thus, in the usual case, a federal government employee cannot ethically reveal classified information without authorization. A lawyer cannot ethically share many of the secrets she discusses with her clients in the course of representation. But in the Era of Revelation, I surmise many would argue that there is no moral or ethical basis for disapproving if a government employee, a lawyer, or anyone else freely chooses to share intimacies about her own life. According to this perspective, without any moral or ethical shadow, a person can always reveal that she practices celibacy, has breast cancer, is burdened by a pile of unpaid debts, or dislikes foreigners. Only norms of tact, manners, and taste apply. (A philosopher might argue, building on Helen Nissenbaum's powerful descriptive account of information privacy, that there are ethical norms of appropriateness, not mere guidelines of taste and tact at stake here.)

A new, technophilic generation appears to have made disclosure the default rule of everyday life, and cannot imagine things any other way. Commentators excitedly claim that a new generation has rejected or redefined informational privacy. Some older people welcome the change. "Let us celebrate the insouciance of youthful privacy indifference!" one of my grey-haired legal colleagues asserts, ironically repeating market-economy efficiency arguments for transparency articulated more than fifty years ago, pre-Internet. The young and young at heart may indeed look back and snicker at the high-toned insistence of Judge Richard Posner in Haynes v. Alfred A. Knopf, Inc. that the mysteries of privacy universally extend to graphic details of the intimacies of the bedroom and toilet. "Big Brother" — not the Orwell character but the European and American reality TV show that places young adults on public display nearly 24/7 — is already vintage.

Yet, if we are to take normative ethics seriously — and I recognize that not everyone wants to or can — we have to be open to the possibility that some of what we do and enjoy doing may not be ethically good or best. We may have ethical reasons and obligations to do things differently. The fact that a new generation has rewritten the rules of privacy or abandoned privacy as a value altogether would not prove that privacy was or is mostly worthless. Admittedly, values do erode; values can outlive their times. In my lifetime, it was widely considered immoral — and illegal — for unmarried people and people of different races to cohabitate.

It is not especially problematic to say, with ethics in mind, that someone has an obligation to protect other people's privacy. That we can understand and agree with. We have no problem saying that people have a moral obligation not to make gratuitous, cruel, unconsented-to information disclosures about others. In 2010, Rutgers University student Dharun Ravi violated that ethical duty with horrendous consequences. He surreptitiously webcast his roommate Tyler Clementi being intimate with another man, which prompted a mortified Clementi to commit suicide. More than an excusable prank, it is plain wrong to secretly broadcast someone's date with a consenting adult in his own home.

Now, as to duties to protect your own privacy, can we sensibly ascribe these? With prudence in mind, it is fairly common to ascribe obligations of self-care relating to informational privacy and data protection. To protect my reputation and feelings, there are certain practical precautions I should take. Prudent self-interest demands that I password-protect electronic access to my banking accounts at Wells Fargo. If I download my medical records from www.myuniversitymedicine.com, I should use the password-protect option. I should periodically change my university.edu email password. I should think hard about what I put into Dropbox, about what I reveal about my location via Foursquare, and about the content of my Tumblr postings. But are self-regarding moral duties, as well as self-interested practical strategies, implicated in online life?

Sometimes people are so inattentive to their privacy that moral and ethical values do appear to come into play. Recall former congressman Anthony Weiner, a Democratic member of the U.S. House of Representatives from New York. Congressman Weiner sent sexually suggestive images of his pelvic region clad in tight-fitting underwear that revealed the outlines of his penis. He sent the images in Twitter messages to young women, ages twenty-one and seventeen, whom he did not know. As a consequence of this reckless behaviour, Weiner was forced to resign from office in 2011. Weiner disrespected himself, displaying little regard for the privacy of his body and sexual urges. The Weiner case shines a light on the specific question I want to explore in this chapter: whether anyone has a moral obligation to protect his or her own information privacy, and, if so, whether such an obligation ought to influence choice, policy, or the law.

If people have an ethical obligation to protect their own privacy, there are more than merely prudential grounds for privacy vigilance. If a person has a moral obligation to protect her own privacy, then, assuming moral obligations creates prima facie reasons for acting, she would have a reason over and above prudent self-interest to adopt measures to safeguard important privacies. To protect informational privacy, ethical goodness might require that she, for example, not aim sexy pictures at minors or the general public. Ethics might require that she secure financial information when transacting business online. Ethics might require that she keep secret whole-genome-sequencing data generated from clinical care or research. She might even have an obligation to moderate free speech and the use of social media that widely reveal her location, plans, activities, feelings, and beliefs.

Of major significance, if people have an obligation to protect their own privacy, there could be special "corporate responsibility" grounds for implementing meaningful and effective consumer privacy policies. We could praise firms who embrace strong privacy-protection policies and adhere to codes of "fair information practices," "generally accepted privacy principles," or "privacy by design" — these measures facilitate morally prescribed data management practices by individuals. (The analogy here is praising manufacturing firms for installing safety devices on dangerous products like guns, automobiles, and circular saws to help consumers meet their obligation to use products safely.)

The fact that Facebook offers ways for its globally popular social networking site to be used for restricted communications within intimate circles takes on ethical weight. Facebook makes it easier for users to comply with ethical duties by hosting less accessible secret pages than it would if it did not. While Facebook has greatly contributed to the culture of extreme self-revelation, I am suggesting that Facebook and other social media firms understand themselves as partners in our ethical goodness. The fact that computer rental companies extracted sensitive data from machines used by their customers has a two-fold unethical dimension. Not only did such firms malevolently engage in spying, but they also undermined their unsuspecting customers' abilities responsibly to protect personal data from falling into the hands of unwanted third parties.

If people have an obligation to protect their own privacy, we might applaud public laws and government entities which confer rights of anonymity, restrict wiretapping, and limit access to stored communications. Indeed, public law, rules, and judicial choices have implications for the ease with which persons can satisfy the moral duty I am probing. In 2012, a court in Minnesota found that a Facebook user had a reasonable expectation of privacy under the Fourth Amendment in her password-protected Facebook wall postings. The federal district court that made this finding honoured the choice many make, whether for moral or prudential reasons, to protect their own informational privacy. The court, like Facebook, functioned in the case as a partner in empowering Facebook users' moral compliance.

THE CHALLENGE OF MORAL THEORY

The complex question of whether and why privacy is an important ethical value is related to but distinct from the question of whether persons have a moral (or ethical) duty (or obligation) to protect their own privacy. Privacy could be a preeminent ethical good with widespread political and legal implications, and yet it still may be highly problematic to ascribe to individuals the ethical responsibility to protect their own privacy.

First, the ascription may be problematic because the very concept of duties or obligations of self-regard is analytically incoherent. Second, there could be normative problems. For instance, there might be a plenitude of practical reasons for a person to try as hard as he or she can to protect his or her own informational privacy without it making good normative sense to ascribe to him or her an ethical duty to do the same thing. For example, we should all try hard to eat vegetables to promote our health, but surely there is no moral duty as such to eat vegetables!

Let me suggest the schematic of an argument in favour of self-regarding information privacy duties. It goes like this. There are moral duties obliging moral agents to act in some ways rather than others. Moral duties include duties to others and duties to oneself. Among duties to self is a duty to protect one's own informational privacy. One ought to limit disclosures of information about oneself for utility reasons, pertaining to one's reputation and future opportunity; and/or virtue reasons, pertaining to modesty, reserve and temperance; and/or Kantian reasons, pertaining to dignity, self-respect, autonomy, and freedom. In addition to "first-order" duties to protect one's own privacy, there may also be "second-order," derivative duties to protect one's own privacy for the sake of specific others or the community. My genome is also my siblings' genome, so I have an obligation to protect the privacy of my genome. My checking account number is also my husband's checking account number, so I have an obligation to protect the privacy of my checking account number. Among duties to others (family, friends, community) is a second- order duty to protect one's own informational privacy.

The outlined argument starts with a distinction between duties to oneself and duties to others, and therefore immediately faces a challenge. The distinction embraces a controversial perspective whereby moral agents' moral obligations extend not only to the world but also to the moral agents themselves. Morality is in this sense both other-regarding and self-regarding. Though I am not a pure Kantian deontologist — I do not rule out that the moral grounds for obligations can be consequentialist as well as nonconsequentialist — I share with Kantians the controversial belief that moralists can ascribe coherently duties to — or at least duties regarding — the self.

Kant derived both duties to oneself and duties to others from the categorical imperative to "[s]o act that you use humanity, whether in your own person or in the person of any other, always at the same time as an end, never merely as a means," or alternatively — Kant advanced several formulations — to "act only in accordance with that maxim through which you can at the same time will that it become a universal law." For Kant a moral duty is "the necessity of an action from respect for [moral] law," the categorical imperative. Only actions performed from a good will, from the motive of duty, have true "moral worth" in Kant's special sense. Duties Kant recognized included the duty of honesty, the duty to preserve one's life, and the duty of beneficence.

Kant himself further divided duties to others and duties to self into "perfect" and "imperfect" duties. (He also distinguished between positive and negative duties.) Kant described "perfect" duties that are strict, narrow, and unremitting, such as the duty to tell the truth. He labeled "imperfect" the wide and meritorious duties, such as the duty of beneficence and the duty to develop one's talents.

---

Excerpted from Privacy, Security and Accountability by Adam D. Moore. Copyright © 2016 Adam D. Moore. Excerpted by permission of Rowman & Littlefield Publishing Group, Inc..
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

---