Reidenberg and Lessig have called attention to software 'code' increasingly being used to supplement, or even replace, traditional legal code as a mechanism to control behaviour. This idea of 'code as law' is often illustrated with examples in intellectual property and freedom of speech; the relationship with 'code' and privacy has so far received less attention. In this paper, Leenes and Koops explore the impact of technology on privacy to see to what extent privacy-related 'code' is used, either to undermine or to enhance privacy. In other words, are privacy-affecting norms being embedded in technology? On the basis of eight case studies in the domains of law enforcement, national security, E-government, and commerce, they conclude that technology, in particular software and the Internet architecture, rarely incorporates specific privacy-related norms. The few existing exceptions concern building-in an option of privacy violation, such as interceptability of telecommunications. At the same time, however, technology very often does have clear effects on privacy as it affects the 'reasonable expectation of privacy'. In real-life applications, this influence is usually to the detriment of privacy: It makes privacy violations easier. Particularly information technology turns out to be a technology of control, much more than a technology of freedom. Privacy-enhancing technologies (PETs) have been devised and propagated, but they have yet to be implemented on any serious scale. The eroding effect of technology on privacy is a slow, hardly perceptible process. Because of the flexible, fluid nature of what is deemed privacy, society gradually adapts to new technologies and the privacy expectations that go with it. If one is to stop this almost natural process, a concerted effort is called for, possibly in the form of 'privacy impact assessments', enhanced control mechanisms, and awareness-raising. This paper is based on a conference paper presented at a conference on Code as code, at the Institute for Information Law of the University of Amsterdam, in July 2004. It is a draft version of a chapter in L.F. Asscher (ed.), Coding Regulation. Essays on the normative role of information technology, that is to be published in the Information Technology & Law Series (IT&Law Series) by T.M.C. Asser Press, The Hague, Netherlands, 2005.
[1]
Lance J. Hoffman.
Building in Big Brother: The Cryptographic Policy Debate
,
1995
.
[2]
Robert C. Post,et al.
The Social Foundations of Privacy: Community and Self in the Common Law Tort
,
1989
.
[3]
Chris J. Mitchell,et al.
A Proposed Architecture for Trusted Third Party Services
,
1995,
Cryptography: Policy and Algorithms.
[4]
Jerry Kang.
Information Privacy in Cyberspace Transactions
,
1998
.
[5]
Jeffery L. Johnson.
Privacy and the judgment of others
,
1989
.
[6]
Joel R. Reidenberg,et al.
Resolving Conflicting International Data Privacy Rules in Cyberspace
,
2000
.
[7]
Paul M. Schwartz,et al.
Internet Privacy and the State
,
2000
.
[8]
Jessica Litman,et al.
Information Privacy/Information Property
,
2000
.
[9]
J. Boyle.
Foucault in Cyberspace: Surveillance, Sovereignty, and Hard-Wired Censors
,
1997
.
[10]
L. Bygrave.
Data Protection Law, Approaching Its Rationale, Logic and Limits
,
2002
.
[11]
James Q. Whitman.
The Two Western Cultures of Privacy: Dignity versus Liberty
,
2004
.
[12]
R. Gavison.
Privacy and the Limits of Law
,
1980
.
[13]
Mihir Bellare,et al.
Translucent Cryptography—An Alternative to Key Escrow, and Its Implementation via Fractional Oblivious Transfer
,
1999,
Journal of Cryptology.
[14]
Gal Eschet.
A New Challenge to Privacy Management: Adapting Fair Information Practices to Radio Frequency Identification Technology
,
2004
.
[15]
Charles J. Sykes.
The End of Privacy
,
1999
.
[16]
A. Froomkin.
The Death of Privacy?
,
2000
.
[17]
Ronald L. Rivest,et al.
The blocker tag: selective blocking of RFID tags for consumer privacy
,
2003,
CCS '03.
[18]
J. Rachels.
Why privacy is important
,
1985
.
[19]
H. Nissenbaum.
Privacy as contextual integrity
,
2004
.