Present Privacy Questions/Issues -- She said what? I can’t believe he posted that picture!

An excerpt from The Unwanted Gaze – The Destruction of Privacy in America by Jeffrey Rosen (2000):

At the beginning of the twenty-first century, new technologies of communication have increased the danger that intimate personal information originally disclosed to our friends and colleagues may be exposed to – and misinterpreted by – a less understanding audience. For as thinking and writing increasingly take place in cyberspace, the part of our life that can be monitored and searched has vastly expanded. E-mail, even after it is ostensibly deleted, becomes a permanent record that can be resurrected by employers or prosecutors at any point in the future. On the Internet, every Web site we visit, every store we browse in, every magazine we skim, and the amount of time we spend skimming it, create electronic footprints that increasingly can be traced back to us, revealing detailed patterns about our tastes, preferences, and intimate thoughts. …When intimate personal information circulated among a small group of people who know us well, its significance can be weighted against other aspects of our personality and character. By contrast, when intimate information is removed from its original context and revealed to strangers, we are vulnerable to being misjudged on the basis of our most embarrassing, and therefore most memorable, tastes and preferences. (7-9)

That is the essence of the privacy debate in today’s technological realm. The development of social networks and blogging have lead to more and more of ourselves being on display for others to see, in most cases willingly. Yet what about the times when your purchases or Internet habits are tracked unknowingly or information is shared without your consent? Consider the following:

  • A loved one is involved in a fatal accident. Days later, crime scene photos showing the lifeless body of your loved one are circulating via e-mail, going “viral”
  • You’re a young teenage girl, testing the limits to define yourself physically, emotionally and sexually as you experience puberty. As a treat for your significant other, you send him some risqué cell phone photos of you in the new lingerie you just bought. He shows them to his buddy who proceeds to forward them to everyone on the team, who forward them to their friends, and soon, everyone in school knows “Victoria’s secret”
  • You are a contestant in a national beauty pageant. You’ve worked hard to develop your image as a beautiful, poised, confident young woman. You wake up one morning to find photos from your MySpace page on the front page of the paper. Someone who you thought was a friend leaked the pictures to the media. You are now forced to explain your private actions with friends in a public forum. Worse yet, since the photos aren’t exactly “pageant friendly,” you lose your crown

All these cases have actually happened, and we will attempt to address them and others here, with particular attention to how (if possible) the incident could have been avoided and what can be done once the privacy wall has been breached.

Life after death/Death Remembered

The first incident is the real life story of the Catsouras family in Orange County, CA. Their 18-year-old daughter Nikki was killed in an automobile accident on Halloween day in 2006. “The accident was so gruesome the coroner wouldn’t allow her parents, Christos and Lesli Catsouras, to identify their daughter’s body” (Bennett, 2009, p. 38-40). Yet, nine photos of the accident scene, including one where “her nearly decapitated head is drooping out the shattered window of her father’s Porsche” (Bennett, 2009, p. 38-40) are making the viral rounds thanks to a pair of California Highway Patrol officers.

Three months after filing a formal complaint over the photos’ release, the family received an apology from the California Highway Patrol. Yet, an apology doesn’t prevent the spread of the images around the Internet. The family hired a lawyer and enlisted the services of Reputation Defender, a company that “works to remove malicious content from the Web” (Bennett, 2009, p. 38-40). The most they could do was issue cease-and-desist letters to the sites where the photos appeared and try to implement coding to make the images harder to find via a search engine. Neither approach proved to be very successful – “the family has no legal basis to compel Web sites to remove the photos, and no amount of programming magic could keep them from spreading to new sites” (Bennett, 2009, p. 38-40).

The Catsouras family filed suit against the CHP, with charges including negligence, privacy invasion and infliction of emotional harm. The case was dismissed in 2008, with the judge citing that privacy rights don’t extend to the deceased (Bennett, 2009, p. 38-40). The case is on appeal, referencing in particular the 2004 case of Vince Foster, where the Supreme Court “ruled that the government could deny Freedom of Information Act requests for the photos based on a family’s right to survivor privacy” (Bennett, 2009, p. 38-40).

The broader issue is how the laws have not caught up with the technology that made the spread of the images so easy. Section 230 of the Communications Decency Act, passed in 1996, gave Web sites immunity from liability for the conduct of individuals on their site, “under the rationale that companies like AOL shouldn’t be responsible for the actions of each user” (Bennett, 2009, p. 38-40). Victims are left to try to take action against the specific individuals responsible for the content, a difficult task in the age of anonymous postings. Even if the person responsible is tracked down, odds are the content has already spread beyond their specific site. “We have created a deck that is so stacked against the private individuals who want to protect their name and privacy that you don’t even have a fighting chance,” says [Michael] Fertik of Reputation Defender (Bennett, 2009, p. 38-40).

Sexy pictures + text messaging = child porn?

The second scenario has been played out multiple times in middle schools and high schools across the United States. The phenomenon is popularly known as “sexting” – sending risqué, sexually explicit or nude images via text messaging. In fact, “20 percent of teens said they had sent a sexting message, according to a 2008 study commissioned by the National Campaign to Prevent Teen and Unplanned Pregnancy and” (B., n.d., n.p.). This is typically one of the examples cited when speaking of changing social norms and generational differences in what one considers private, appropriate for sharing or open to everyone.

“When a photo or video is sent to another person, privacy is lost forever. The content can be broadcast to anyone. The original sender has no control once he or she presses ‘send’” (B., n.d., n.p.). Therein typically lies the problem. The sender only intends for the ‘sext’ to be seen by the original recipient, but they have absolutely zero influence over what that person does once they have the photo. “Explicit photos or videos forwarded from person to person can cause embarrassment for the original sender. Many teens don’t realize that once they hit “send,” control over who else sees that compromising photo is now completely up to the recipient. You may think you know your friend, boyfriend, or girlfriend, but can you trust them forever?” (B., n.d., n.p.).

Case in point, 18-year-old Floridian Phillip Alpert who “circulat[ed] nude pictures of his girlfriend (which she had sent him), by texting them to his friends, her friends, and her family” (B., n.d., n.p.). The tragic flaw in Alpert’s decision -- she was only 16. The innocuous (as innocuous as passing around naked pictures of your girlfriend to friends and family can be) incident becomes a case of child pornography, since technically, he was distributing explicit photos of a minor (B., n.d., n.p.), regardless of the fact that she supplied the images in question in the first place.

Another case of ‘sexting gone wrong,” one that took a tragic turn, is that of 18-year-old Jesse Logan. The Ohio teen was “mercilessly humiliated after explicit photos she had sexted to a boyfriend ended up circulating among her peers” (B., n.d., n.p.). Unable to escape the embarrassment, harassment and humiliation of having her peers see her in such a compromising situation, she committed suicide.

The National Center for Missing and Exploited Children (NCMEC) has entered the fray, releasing its “Policy Statement on Sexting,” one that poses questions including:
  • “Was the distribution of the photos done with no malicious regard or desire to harm another, or was it the result of malicious intent by one or more senders?
  • What was the intent behind the production of the photos, on a severity scale ranging from a benign reason to supporting a separate and malicious criminal purpose?
  • Will prosecution achieve a result which addresses the larger problem of ‘sexting’ adequately?” (Collier, 2009, n.p.)

The issue at hand is not so much the passing around of explicit content featuring teenagers, but how the law is failing to take into account the “changing social practices, mores and technology utilization” (Humbach, 2009, p. 37) of today’s online-living world. The definitions and standards used in “governmental policies and initiatives built on past truths and values” are running head-on into “new and unanticipated social phenomena” (Humbach, 2009, p. 37). The laws, as they are being used now, are essentially making child pornographers and sex offenders out of a large portion of America’s adolescent and teen population.

Prosecution of cases of ‘sexting’ and teen autopornography has been shifting away from the umbrella of obscenity – the LAPS test of Miller v. California (1973) (“the work, taken as a whole, appeals to the prurient interest, is patently offensive in light of community standards, and lacks serious literary, artistic, political, or scientific value”) and moving into the arena of child pornography, where “prosecutors can make a case with little more than proof that the defendant possessed or made of a visual depiction of sexual conduct by a minor” (Humbach, 2009, p. 9-10).

Courts are using the “categorical exclusion” of child pornography materials from First Amendment protection established in the cases of New York v. Ferber and Osborne v. Ohio as the foundation of many sexting and autopornography rulings, “even though Ferber and Osborne may not strictly speaking require a conclusion that sexting and other autopornography are unprotected speech” (Humbach, 2009, p. 37).

However, some argue that the “most significant different between teenage autopornography and “traditional” child pornography, … lies in the circumstances under which the two genres are, respectively, produced” (Humbach, 2009, p. 22). The variable at play is the condition of exploitation/coercion/force.

That in mind, the recent case of Ashcroft v. Free Speech Coalition is leading some in the legal profession to the notion “that the scope of the categorical exclusion for child pornography [will be] closely aligned with the government objectives that Ferber and Osborne relied on [the categorical exclusion should be limited to materials that are produced by means of criminal child abuse and exploitation]” (Humbach, 2009, p. 37). A shift if the criteria would mean that sexting teenagers wouldn’t “be confronted with the position … that the unprotected category includes any content that visually depicts sexual conduct by minors, i.e., much or most of teen autopornography” (Humbach, 2009, p. 22). The implications of this change in thinking, along with the application of the “current standards of strict scrutiny for content-based regulations” (Humbach, 2009, p. 37) would place sexting and autopornography done by the senders’ own actions under the safety of constitutional protection.

This brings to light an interesting point – laws adapting to the changing times. Courts and prosecutors are beginning to realize that the intention of the child pornography laws is not to criminalize most of the teenagers in America for personal behavior done during the process of growing up. In essence, if no crime has been committed, as in autopornography (pictures made by the subject themselves), then it should not be excluded from constitutional protection. While this shift is only in terms of child pornography prosecution, the legal system at large could take their cues from the attempt to adapt to the changing society found in the arena of child pornography prosecution.

Heavy is the head that wears the crown, especially if it is wearing little else

The third scenario has happened multiple times in recent years, one such case being that of Miss New Jersey 2007 Amy Polumbo. After being crowned Miss New Jersey, Polumbo and pageant officials received packages containing personal pictures posted online with the threat to make the photos public if she did not give up her crown. Polumbo released the photos herself on the Today show, photos described as “normal college pictures” (Giffen, 2008, p. 8-11) showing her in some “unladylike” poses and situations, but nothing explicit or scandalous. Nothing further came from the incident and some even suspected Polumbo staging the whole thing in a publicity stunt. In one of those ‘circle of life’ twists, Polumbo’s pageant platform was raising awareness and education of Internet safety issues to protect children from dangerous situations.

Another pageant incident involved the arguably polarizing Miss California Carrie Prejean. Lost in the debate over her answer during the pageant against the legalization of same-sex marriage is a racy photo controversy that was more likely the reason behind her losing her title. Following her finishing first runner-up in the Miss USA pageant where she articulated her stance against the legalization of same-sex marriage answering a question from famous Internet gossiper Perez Hilton, news surfaced of the existence of racy photos of the reigning Miss California. Prejean explained the photos were from her modeling swimwear and lingerie and claimed that they were being used to attack her based on her answer to Hilton’s question during the pageant (Duke, 2009, n.p.). Prejean was ultimately stripped of her title, with pageant organizers citing numerous breach of contract issues.

A final case to examine is that of Miss Nevada 2007 Katie Rees. Two months following her winning the Miss Nevada crown, photos from June 2004, showing her with friends “goofing off, posing in ways [she] wouldn’t want [her] parents to see, doing things [she] wouldn’t do off camera, not even thinking about it” (Rees, 2007, n.p.). For Rees, photos from her past saw the light of day on line, thanks to someone she had considered a friend. This case was lost in the news of Tara Conner, the reigning Miss USA who just days before was allowed to keep her crown, given a second chance following reports of underage drinking, drug use and making out with Miss Teen USA.

Again, here is a case of something from someone’s past surfacing later in life to cause problems – the same basic argument given for nearly everything people post on the Internet. “Digital information replicates, moves, transmits, and persists. The old joke: “what will survive the nuclear Armageddon?” Answer: cockroaches and Keith Richards. You can now add digital information. What you do, say, post, etc. is not only persistent, it is accessed by and available to the various companies that provide the services. As a result, a number of issues collide: privacy, participation, confidentiality, surveillance, protection, freedom of expression” (Ridley, 2009, n.p.).

Privacy isn’t just about racy photos

Issues of privacy in today’s world are not limited to risqué photos from one’s past resurfacing online:

  • “As of September 22, there have been 379 data breaches reported by the Identity Theft Resource Center in 2009, affecting more than 13 million records. Companies with data breaches included financial institutions, travel companies, health care operations and schools. … It’s a large-scale problem where industry norms of care are arguable not adequate to address the challenges of data security optimally” (Alban, 2009, n.p.).
  • According to a survey of “517 US and multinational IT security professionals who work on PCI compliance effort for their companies” released by Imperva and Ponemon Institute (Whitney, 2009, n.p.):
    • “around 55 percent of all businesses acknowledge that they secure credit card information but not Social Security numbers, bank account details, and other personal data … The survey was conducted to determine how many companies are complying with PCI DSS, the Payment Card Industry’s Data Security Standard” (Whitney, 2009, n.p.).
    • “71 percent acknowledged not making data security a top initiative, despite the fact that 79 percent of them said they’ve been hit by one or more data breaches. In fact, Ponemon and Imperva noted that since the PCI DSS standard was enacted in 2005, the number of breaches and cases of credit card fraud has actually risen” (Whitney, 2009, n.p.).
    • “Cost and lack of resources were the biggest factors cited …” along with organizational priorities (Whitney, 2009, n.p.)
  • “Doctors’ offices in Tennessee have been … sending patient information, including Social Security numbers and medical histories, [not] to the Tennessee Department of Human Services, [but instead] to Bill Keith, owner of SunRise Solar Inc. in Indiana” (Echegaray, 2009, n.p.)

Then there is the rocky two-year life of Facebook’s controversial Beacon service.

Released in November 2007, the service was designed to track the user’s activities on partner Web sites and report those actions on the user’s page to their friends, unless the user opted out. Right from the word go users took issue with the privacy implications of the service. “”Beacon was a disaster, not because it used people’s information for commercial marketing purposes,” said James Grimmelmann, an associate professor at New York Law School. “It was a disaster because it used people’s personal information commercially and then rubbed their faces in it, literally ”” (Vijayan, 2009, n.p.). At issue was the information being collected was being used to sell products, not help other users. “It interfered with people’s self-presentation, turning them into shills against their will,” [Grimmelmann] said” (Vijayan, 2009, n.p.). The Beacon battle is only the latest in a line of issues between Facebook and their users, often over privacy concerns (i.e. – when Facebook altered its terms of service, shifting the ownership of information posted away from the user).

So, we’ve gone from talking about birth control and the United States Supreme Court to teenagers texting naked pictures of themselves to pageant winners brought down by photos from their past. It comes down to the fact that it is far from easy to clearly define the concept of privacy. There are a multitude of situations where a breach of privacy for one is no big deal for the next.

Ultimately it comes down to a redefinition of what privacy is and can be done to protect it. Esther Dyson, in an article from Scientific American’s September 2008 issue highlighting the future of privacy, postulated that issues masquerading as questions of privacy should often be redefined by what they are actually concerning – typically matters of security, health policy/insurance or self-presentation. With regards to security, Dyson (2008) offers the following analysis:

  • “First, in defining some disclosure of information as a breach of privacy, it is useful to distinguish any objective harms arising from the disclosure – fraud, denial of a service, denial of freedom – from any subjective privacy harms, in which the mere knowledge by a second or third party of one’s private information is experienced as an injury. In many cases, what is called a breach of privacy is actually a breach of security or a financial harm: if your Social Security number is disclosed and misused … that’s not an issue of privacy; it’s an issue of security. As for breaches of privacy, the “harm” a person feels is subjective and personal” (p. 51).
  • “Second, as the borders between private and public are redrawn, people must retain the right to bear witness. When personal privacy is increasingly limited in a friction-free world of trackable data, the right of individuals to track and report on the activities of powerful organizations, whether governments or big businesses, is key to preserving freedom and to balancing the interests of individuals and institutions” (p. 51).
  • “The third point elaborates on the first: in assessing the changes in the expectations people have about privacy, it is important to recognize the granularity of personal control of data. Privacy is not a one-size-fits-all condition: Different people at different times have different preferences about what happens to their personal information and who gets to see it” (p. 51).

To reiterate from the last bullet point – “privacy is not a one-size-fits-all condition.” That is what makes privacy such a difficult animal to cage. One man’s privacy violation is another’s claim to fame. Any efforts to formulate some kind of universal privacy policy are over before they start because consensus is nearly impossible.

It is that last bullet point that we are going to examine closer. With respect to self-presentation, Dyson (2008) offers the following insights:

  • “Until recently, privacy for most people was afforded (though not guaranteed) by information friction: Information about what you did in private didn’t travel too far unless you were famous or went to extreme lengths to be public about your activities” (p. 54-55).
  • “Kids still have a sense of privacy, and they can still be hurt by the opinions of others. It’s just that more of them are used to living more of their lives in public than their parents are” (p. 54-55).
  • “The issue … is not privacy so much as presentation of self …. People know they cannot control everything others say about them, but they will flock to online-community services that enable them to control how they present themselves online, as well as who can see which of those presentations” (p. 54-55).

Here, Dyson’s points resonate more in the realm of social networks and new culture of overshare. A common argument made is that the younger generation today doesn’t care about privacy; they share just about everything with just about everyone. Even if that is the case, they still have at least a personal definition of privacy, and it can be violated. This speaks to the need to adjust the definition of privacy to match-up with the current and future direction of society at large. Here again, the idea of being able to control access to your information is what is being broached as they new face of privacy – being able to say who can see what when.

To reiterate the last pair of bullet points addressing young people and their relation to online behaviors and conceptions of privacy, “generation Google” (Solove, 2008, p. 101-102) is altering the very nature of what is considered private and what is considered public. “More and more people have cell phone cameras, digital audio recorders, Web cameras and other recording technologies that readily capture details about their lives” and that in turn means that “nearly anybody can disseminate information around the world” (Solove, 2008, p. 101). Individuals can “spread their ideas everywhere without reliance on publishers, broadcasters or other traditional gatekeepers. But that transformation also creates profound threats to privacy and reputation” (Solove, 2008, p. 102).

However, that technology has created a generational canyon with “high school and college students whose lives virtually revolve around social-networking sites and blogs” and “…their parents, for whom recollection of the past often remains locked in fading memories or, at best, in books, photographs and videos” on opposite sides (Solove, 2008, p. 101). For those who essentially live their lives as an open book on the web, “the past is preserved on the Internet, potentially forever. And this change raises the question of how much privacy people can expect – or even desire – in an age of ubiquitous networking” (Solove, 2008, p. 101). Sites like JuicyCampus and Don’t Date Him Girl don’t help the privacy cause any, allowing students to share intimate, sometimes scandalous, not necessarily true details about their classmates.

The social media tools of “generation Google” aren’t the only things putting privacy under attack. The everyday collection and use of our personal information by companies and government agencies places our individual privacy at risk (Solove, 2008, p. 103). Databases of our personal information can be amassed and searched, using the information for something beyond its intention. It is this widespread dissemination of our unique, personal information that “diminishes the ability to protect reputation by shaping the image that is presented to others. Reputation plays an important role in society, and preserving private details of one’s life is essential to it” (Solove, 2008, p. 103).

One side of the privacy issue praises the chipping away of privacy, theorizing that people might be “less inhibited and more honest” (Solove, 2008, p. 103). The flip side argues that the increasing decrease in privacy will make people more inhibited, since even the smallest past mistake, the fleeting youthful indiscretion will live on in infamy online, never allowing you to “overcome past mistakes” – the “digital baggage” of one’s past taking away their ability to “start over” (Solove, 2008, p. 103).

It is in examination Solove’s (2008) “Generation Google” that we can find arguably the strongest argument outlining the need to change the way we think about privacy in order to protect it. The notion that “privacy requires total secrecy: once information is revealed to others, it is no longer private … is unsuited to an online world” (Solove, 2008, p. 104). “Generation Google” has a more subtle understanding of what privacy means in today’s world:
  • “They know that personal information is routinely shared with countless others
  • they also know that they leave a trail of data wherever they go
  • … recognizes that a person should retain some control over personal information that becomes publicly available” (Solove, 2008, p. 104).

Bottom line, protecting privacy is not a lost cause, but in order to do it successfully, it “requires that we rethink outdated understandings of the concept … privacy does not always involve the sharing of secrets” (Solove, 2008, p. 104).