You don’t know what you’ve lost till it’s gone? Privacy in a world gone Web2.0

Don’t it always seem to go
That you don’t know what you’ve got
Till it’s gone
They paved paradise
And put up a parking lot

Joni Mitchell, Big Yellow Taxi

I’ve had this Joni Mitchell song going round in my head since I read Damien Mulley’s apocalyptic post Privacy in a world of lifestreaming on Friday (and the song is relevant to my point even though Joni has sold out to Starbucks – say it ain’t so, Joni, say it ain’t so – she has signed a 2-album deal with Starbucks’ “Hear Music” label, and the first album, released in September, will contain a new version of Big Yellow Taxi).

Anyway, prompted in part by a story that UK police will soon have cameras in their helmets, Damien raises important questions about a world where our privacy is invaded – not so much by state surveillance or corporate cctv, which we all now recognise, tolerate, even accept (so the helmet cams are little more than portable cctv) – as by each other, as others post photos of us to flickr (or other photo sharing sites), or videos of us to YouTube (or other video sharing sites), or all this and much much more on bebo (or other social networking sites), to say nothing of what we reveal about others in the blogosphere. It is now more than technically possible for people to broadcast the details of their daily lives in various ways (I learned a new word Friday; Damien says this is called lifestreaming).

Now, it’s all very well for me to stream my data; I can control what I allow you to see on my blog, in my bebo account, in my flickr photos, in my YouTube videos, in my bookmarks. That’s the kicker: that control and choice are the essence of personal autonomy; they are my control, my choice; I decide what’s there. But I have no control at all in what you choose to put on your sites. And that is the problem. Because your lifestreaming might post something about me – an image, a video, a piece of information – that, if I had a choice, I would rather world at large not know. Or course, sometimes I might consent to this; but sometimes I might not; and there’s the rub: what happens if I do not consent or would not have consented? Because I have not been able to exercise my autonomy, has my privacy has been invaded? And, if so, what are the consequences of this? Damien puts the question this way:

Is it just “tough luck� if you are in a photo and want it removed from the web?

This is one of the key conundra of web2.0 applications. They make it easy for all this to happen. But just because they make it easy, that doesn’t necessarily make it right. By way of answer, one of the commentators on Damien’s post said:

It all comes down to “Reasonable expectations of Privacy”
By which I mean, If you are at home or in your back garden or in an enclosed private place then you have a reasonable expectation of privacy so your image can’t be used and distributed because it’s an invasion of privacy.
If you’re at a concert or walking down the street then anyone can take your image because you’re in a public place. …

Now, I tend to agree with the basic sentiments in this comment, but, unfortunately, the position is not quite so clearcut; it is not always clear whether somewhere is public or private, nor is that characterisation always the end of the matter. To take the commentator’s example of a concert, it will usually be held on private property (private), but it takes on a public character when there are several thousand people there (public); but they are there to enjoy the music (private), not to appear on the front cover of a magazine or the home page of a blog.

So it is easy to contest the characterisation of a space as public or private. But it doesn’t stop there. The issues with contested spaces can often turn on whether the subjects consent to loss of privacy; the mere fact of being in a public space is often taken as consent to such loss of privacy, all the more so when it is clear that privacy is going to be invaded by cctv and other surveillance techniques. To return to the concert example, even if – on balance, and so far – it is private, would that consideration change if it were clear that there were security cctv cameras covering the audience? A concert-goer might reasonably be taken to have consented to this surveillance, but what about surveillance by other concert-goers’ cameraphones? And even if there is implied consent to any such surveillance, is there consent to publication or broadcast of the cctv footage? of the cameraphones’ video-clips? Would it be different if the concert were being recorded for later tv broadcast, dvd distribution, and/or download?

And even these issues can be resolved, there are more possible complications: even if the activity is in a public place, and there is an implied consent to loss of privacy – and thus an implied consent to publication or broadcast or uplading of text, or images, or video-clips, and so on – it might not cover the particular activity in question. So, to take an admittedly far-fetched example, even if it could be said that a concert-goer has impliedly consented to a tv broadcast of her sitting on her boyfriend’s shoulders near the stage entusiastically mouthing the words to the songs in the hope of catching the lead singer’s or cameraman’s eye, has she given consent to the cameraman to capture and broadcast footage if she collapses off her boyfriend’s shoulder with a heart-attack? Recall the controversy when a football player’s shorts revealed more than they should have done in a photograph in a newspaper, or when Channel 4 broadcast some images of Princess Diana’s final moments: these were in public places, but they were intensely private matters.

The point is that “reasonable expectation of privacy” doesn’t really answer Damien’s question. It just provides the context in which it can be assessed. Moreover, the (interestingly, anonymous) commentator’s answer to Damien’s came perilously close to saying that because it is easy to stream both my life and yours, I have no reasonable expectation of privacy to prevent you streaming about my life when streaming yours. As I have said already, just because web2.0 applications make it easy for you to do so, that doesn’t necessarily make it right. And this is where Joni Mitchell comes in. Our privacy is dripping away in small steps, in little concessions, piece by piece, one after the other, each step perhaps justifiable or at least acceptable in itself, (one example: another prompt for Damien’s post was Piaris Kelly’s musing that a little less privacy for better customer service is not so bad). More generally, if it’s ok for the police to have cctv, then it’s ok for shops to have it too – we even expect it now. If it’s ok for the police to have fixed cctv, then it’s ok for them to have mobile cameras in their helmets. If it’s ok for newspapers to publish photos of celebrities in public places, then it’s ok for you to take a photo of me on our night out in the pub and put it on bebo. Pretty soon, it’s ok for my privacy to have gone. I won’t have seen it leech away; but once it’s gone, I can’t get it back. In many (most?) cases, we are unaware of the process, and of the technological ease with which it is occurring – lifestreaming is one example (Daithí has already blogged about the privacy implications of bebo (here) and facebook (here and here); while Lilian Edwards on panGloss has a terrific series of posts on the same issue (here, here, and here (reacting to this from Wired)); traffic data retention is a second; search engines archiving search histories is a third. And, as Joni Mitchell sings, you don’t know what you’ve got till it’s gone. Indeed, you don’t know what you’ve lost till it’s gone; and by then, it’s too late.

There are difficult questions here; and there are no easy answers; but, with Damien, we must keep asking the questions before it is too late and all we are left with is Joni Mitchell’s Starbucks’ version of Big Yellow Taxi.