Code & Privacy
The first paper of the 'Code as Code' research project I'm working on is up for download at SSRN: 'Code' and Privacy - Or How Technology Is Slowly Eroding Privacy by Robert Leenes and Bert-Jaap Koops. My paper, 'Code and Speech', is to follow soon, but be sure to download this one now!
Here's the abstract:
Here's the abstract:
Reidenberg and Lessig have called attention to software 'code' increasingly being used to supplement, or even replace, traditional legal code as a mechanism to control behaviour. This idea of 'code as law' is often illustrated with examples in intellectual property and freedom of speech; the relationship with 'code' and privacy has so far received less attention.
In this paper, Leenes and Koops explore the impact of technology on privacy to see to what extent privacy-related 'code' is used, either to undermine or to enhance privacy. In other words, are privacy-affecting norms being embedded in technology? On the basis of eight case studies in the domains of law enforcement, national security, E-government, and commerce, they conclude that technology, in particular software and the Internet architecture, rarely incorporates specific privacy-related norms. The few existing exceptions concern building-in an option of privacy violation, such as interceptability of telecommunications. At the same time, however, technology very often does have clear effects on privacy as it affects the 'reasonable expectation of privacy'. In real-life applications, this influence is usually to the detriment of privacy: It makes privacy violations easier. Particularly information technology turns out to be a technology of control, much more than a technology of freedom. Privacy-enhancing technologies (PETs) have been devised and propagated, but they have yet to be implemented on any serious scale. The eroding effect of technology on privacy is a slow, hardly perceptible process. Because of the flexible, fluid nature of what is deemed privacy, society gradually adapts to new technologies and the privacy expectations that go with it. If one is to stop this almost natural process, a concerted effort is called for, possibly in the form of 'privacy impact assessments', enhanced control mechanisms, and awareness-raising.