Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Squid Typo |
| Terrorist Bus Drivers »
March 19, 2007
Privacy Law and Confidentiality
Interesting article: Neil M. Richards & Daniel J. Solove, "Privacy's Other Path: Recovering the Law of Confidentiality," 96 Georgetown Law Journal, 2007.
The familiar legend of privacy law holds that Samuel Warren and Louis Brandeis "invented" the right to privacy in 1890, and that William Prosser aided its development by recognizing four privacy torts in 1960. In this article, Professors Richards and Solove contend that Warren, Brandeis, and Prosser did not invent privacy law, but took it down a new path. Well before 1890, a considerable body of Anglo-American law protected confidentiality, which safeguards the information people share with others. Warren, Brandeis, and later Prosser turned away from the law of confidentiality to create a new conception of privacy based on the individual's "inviolate personality." English law, however, rejected Warren and Brandeis's conception of privacy and developed a conception of privacy as confidentiality from the same sources used by Warren and Brandeis. Today, in contrast to the individualistic conception of privacy in American law, the English law of confidence recognizes and enforces expectations of trust within relationships. Richards and Solove explore how and why privacy law developed so differently in America and England. Understanding the origins and developments of privacy law's divergent paths reveals that each body of law's conception of privacy has much to teach the other.
Posted on March 19, 2007 at 6:39 AM
• 8 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The real question is, what have these guys got to hide, eh? They should be arrested as potential terrorists or, failing that, for trying to aid terrorism. Lock 'em up, throw away the key.
It is interesting to see how far back in time the concepts of privacy and confidentiality go. I'm not a lawyer, but, given the history, there would appear to be a large body of both traditional common law and more modern statute law, covering this treatment of an individuals 'inviolate personality'.
This historic concept and the modern English recognition of trust would appear to enforce our modern expectations of how our transactions and communications should be treated in the courts. There is still a considerable body of historic common law that is recognizable in the English, US, Canadian, and Australian courts as well as ex-(anglo)colonial law systems thoughout the world.
It is unfortunate that the financial community are fighting to void this expectation of trust when it comes to third party 'interference' in the on-line financial transaction relationship. English, US and Australian commercial systems have slightly different approaches to the treatment of on-line fraud and impersonation, but they are all trying to shift the responsibility back on to the individual.
Gone are the days when the transaction of a piece of paper was backed by the promise of the issuing bank to honour the paper with an appropriate amount of gold or silver. No questions asked. In those days, more inventive counterfeits led to more complex printing etc. as the issuing banks (and the controlling governments) recognised their responsibilities.
Now we have counterfeits within the EFTS, but the banking community is no longer leading the field in countering those counterfeits - they are trying to duck their historic responsibilities.
It may be that the only way we can get back to the situation when a transaction between two people (or a person and a commercial entity, or between two commercial entities) can be conducted in a state of trust is to enforce some of these old common law principles and force both sides of the transaction to recognise their responsibilities under law to be pro-active in providing (and accepting) the appropriate mechanisms to ensure that privacy and confidentiality.
It's not just the financial community having to provide more security, hardware or software, but individuals are going to have to recognise that thay are also part of the problem and MUST protect their systems from attacks from key loggers etc.
The concept of trust involves both sides of the expectation.
This reminds me, Bruce, of the few-years-old law article on contextualized privacy you linked to last year. As impractical as it was, contextual privacy really seemed to get to the heart of what information a person expects to remain private and why it feels like such a breach of trust when it's not, even if doing so is legal.
@Anonymous - When you think of your name, does the word "irony" come to mind?
@Dullard - Before your posts, does the phrase "subtle humour" come to mind?
I was struck by some of the technology issues in the section discussing American privacy torts.
"Warren and Brandeis framed their article around the intersection of the news media and new technology. The newspaper was undergoing an amazing growth during the second half of the nineteenth century. Between 1850 and 1890, the number of newspapers increased from 100 to 900 and the number of readers grew from 800,000 to 8 million. Warren and Brandeis complained that journalism had become sensationalistic and that the “press is overstepping in every direction the obvious bounds of propriety and decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery.��?
"Warren and Brandeis were particularly concerned about the new technology of “instantaneous photograph[y.]��? In 1884, the Eastman Kodak Company produced the “snap camera,��? a small inexpensive camera that the general public could afford. Before the snap camera, cameras had been expensive and heavy; they had to be set up and people would have to pose to have pictures taken. The snap camera enabled people to take candid pictures, and created a “craze��? for amateur photography by thousands of people who had previously not been able to afford a camera."
"They observed that with earlier photographic technology, “one’s picture could seldom be taken without his consciously ‘sitting’ for the purpose.��? Accordingly, photography required a relationship between photographer and subject. Warren and Brandeis argued that “since the latest advances in photographic art have rendered it possible to take pictures surreptitiously, the doctrines of contract and of trust are inadequate to support the required protection.��?"
"The invention of the telegraph in 1844 raised new issues for the law of confidentiality. As Thomas Cooley put it, “[t]here are  to every telegraphic dispatch three parties – the sender, the receiver, and the telegraph company.��? Employees of telegraph companies like Western Union had access to telegraph messages, raising concerns about confidentiality akin to those raised with the postal system over a century before. Throughout the second half of the nineteenth century, an extensive debate and numerous laws arose to address the confidentiality of telegraphic communications... Telegraph companies prohibited employees from disclosing telegrams and often resisted attempts to subpoena telegrams."
If you liked the article, you might find this interesting:
Does a church member need to declare confidentiality before his pastor, or is it assumed in a one on one discussion before his pastor?
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.