The Geek, Restraining Orders, and Theories of Privacy

restrainingorderI’ve been reading some work on privacy and social networks recently, and this combined with Ratliff’s “Gone Forever: What Does It Really Take to Disappear” has led me to think about whether a geek with a website that is clearly their own (e.g. Christopher-Parsons.com) should reasonably expect restraining laws to extend to digital spaces. I’m not really talking at the level of law necessarily, but at a level of normativity: ought a restraining order limit a person from ‘following’ me online as it does from being near me in the physical world?

Restraining orders are commonly issued to prevent recurrences of abuse (physical or verbal) and stalking. While most people who have a website are unable to track who is visiting their webspace, what happens when you compulsively check your server logs (as many good geeks do) and can roughly correlate traffic to particular geo-locations. As a loose example, let’s say that you were in a small town, ‘gained’ an estranged spouse, and then notice that there are regular hits to your website from that small town after you’ve been away from it for years. Let’s go further and say that you have few/no friends in that town, and that you do have a restraining order that is meant to prevent your ex-spouse from being anywhere near you. Does surfing to your online presence (we’ll assume, for this posting, that they aren’t commenting or engaging with the site) normatively constitute a breach of an order?

Privacy can be considered in many lights because it’s a multifaceted concept – depending on the situation at hand, people have differing expectations of privacy. Nissenbaum and Solove alike are presently engaged in trying to tease out what this contextually means in the the development of norms of privacy. In both cases, they tend to favor conservative legal understandings of the reasonable expectations of privacy, on the basis that alternate bases risk undermining the stability of privacy-related law. In Nissenbaum’s case, she argues that we need to evaluate the particularities of the situation in an effort to understand what the contextual privacy norms are, and adopts a micro-analysis of the situation to develop privacy norms contingent to that situation. Solove offers us a beautiful taxonomy, from which we can understand the harms and non-harms associated with infringements on our privacy.

If we adopt a reading from Nissenbaum, and we consider the context of a restraining order and the personalities involved (i.e. a person who is told to avoid another, and the other that is server-log savvy), then it would seem that the ‘stalking’ of someone’s blog would be a violation of the order. Further, in an instance where the person attempts to infiltrate the other’s social networking spaces (e.g friending my friend on Facebook to gain access to my personal information) you would also register a privacy infringement. In Solove’s case, we also register an infringement because surveillance is actively taking place. In addition, should information processing of any type take place (e.g. aggregating, developing correlations between data sets, insecurely holding that data, using for secondary purposes) a breach of privacy may be taking place. Now, in the latter example in particular it might seem strange to suggest that processing could take place, given that Solove states that “[i]nformation processing does not involve the collection of data; rather, it concerns how already-collected data is handled.” Should the person the order is issued against have already saved data during their surveillance efforts (say on their hard drives) and then subsequently work with that data then they could (arguably) be seen and engaging in information processing with their victim’s consent. As such, per Solove’s model there are two potential classes of privacy violation taking place: Information Collection and Information Processing.

Whereas in Nissembaum the ‘tech savvy geek’ is a (likely) required element of the privacy violation, in Solove’s this isn’t true. While a non-savvy website owner/blogger might not realize what is going on, Solove’s model registers a breach whether or not anyone realized what is happening. What is the basis for this difference? Officially, I would suggest that it really comes down to a difference in the underlying commitment to legal standards as the dominant basis for their models. Solove’s is very much grounded in legal norms, whereas legal norms form the outskirts of Nissembaum’s model (to prevent radical shifts in privacy law) while the model itself is founded on her principles of appropriateness and distribution.

My own take, however, is that Nissembaum is implicitly more aware of the complexities of ontological security in her article than Solove. Her model is cognizant of the various factors that influence the psychological and physical well-being of the individuals and the subsequent privacy norms that are thus necessarily implicated in a ‘healthy’ Western sense of Being. Efforts to shake the security in one’s environment and psychological well-being, for the purposes of disruption and snooping, are necessarily bad because of the consequences on the individual and, taken more broadly, on the impacts of such actions were they committed across society. Appropriateness and distribution can be linked to the ontological insecurity generated by breaches of privacy norms. Solove’s emphasis, in contrast, is on the impacts of certain actions on the more nuanced social norms that operate around a spectrum of people. In his words,”individual liberties should be justified in terms of their social contribution” rather than based on their contribution to a unique individuals’ well-being. He is more concerned that norms are acceptable to the community, and thus less concerned with the specificity of reasonable expectations of privacy in hyper-particular situation.

To understand this difference, it is helpful to consider Solove’s and Nissembaum’s respective projects. Solove, as I tend to read him, is trying to sort through the mess that is (American) privacy law and struggling (in many ways, successfully) to develop a legal-normative reading of privacy, whereas Nissembaum is playing the role of the philosopher and trying to develop a more nuanced understanding of privacy than is necessarily practical in a large legal context. Under her approach, I think that questions of damages can likely range more broadly than the victim in Solove’s world, but helpfully both would likely recognize a privacy violation should someone with a restraining order track or follow their victim throughout digital spaces.

This said, I’ve chosen to focus on Nissembaum and Solove because I think that they are the cutting edge of privacy discourse in the West. Were we to adopt a Brandeis and Warren approach – privacy is the right to the be left alone – then it might be somewhat more challenging to assert that where no visible harm is evidenced that a privacy violation is registered when a person with a restraining order ‘follows’ me online.

Christopher Parsons

I’m a Postdoctoral Fellow at the Citizen Lab in the Munk School of Global Affairs at the University of Toronto and a Principal at Block G Privacy and Security Consulting. My research interests focus on how privacy (particularly informational privacy, expressive privacy and accessibility privacy) is affected by digitally mediated surveillance and the normative implications that such surveillance has in (and on) contemporary Western political systems. I’m currently attending to a particular set of technologies that facilitate digitally mediated surveillance, including Deep Packet Inspection (DPI), behavioral advertising, and mobile device security. I try to think through how these technologies influence citizens in their decisions to openly express themselves or to engage in self-censoring behavior on a regular basis.