Richard Warner & Robert H. Sloan, Informational Privacy: Norms, Coordination, Hockey Helmets, and a Role for Legislation

Richard Warner & Robert H. Sloan, Informational Privacy: Norms, Coordination, Hockey Helmets, and a Role for Legislation

Comment by: Anita Allen-Castellitto

PLSC 2011

Workshop draft abstract:

Informational privacy consists in the ability to control what personal information others collect and what they do with it.  We value the control, as over twenty years of studies attest; but, other studies show that we readily trade very personal information for very small rewards.  We offer a solution to this puzzle—a limited solution since we restrict our inquiry to private-sector, commercial contexts.  Our solution provides a general perspective on informational privacy and suggests ways of ensuring sufficient control over personal information. The solution is that the seemingly contradictory attitudes are characteristic of conformity to suboptimal informational norms. This raises three questions.  What is a norm?  What is an informational norm?  And, what is it for a norm to be “suboptimal”?  We take our answers from a general theory of norms and market interactions in our forthcoming (Fall 2011) book, Unauthorized Access: the Crisis in Online Privacy and Security.  Setting informational privacy concerns in this general context reveals important commonalities with other current problems.

We focus on coordination norms.  A coordination norm is a behavioral regularity in a group, where the regularity exists at least in part because almost everyone thinks that he or she ought to conform to the regularity, as long as everyone else does.  Driving on the right is a classic example.  In mass markets, coordination norms promote buyers’ interests by unifying their demands.  A mass-market buyer cannot unilaterally ensure that sellers will conform to his or her requirements; coordination norms create collective demands to which profit-motive driven sellers respond.

The problem on which we focus is that rapid technological change has rendered existing norms “suboptimal.”  There are many optimality notions (Pareto optimality being perhaps the best known); the optimality notion we use is value-optimality.  A norm is value-optimal when (and only when) in light of the values of all (or almost all) members of the group in which the norm obtains, the norm is at least as well justified as any alternative.  We will use “suboptimal” for norms that are not value-optimal.  A classic example of a suboptimal coordination norm is the “no helmet” norm among pre-1979 National Hockey League players.  Not wearing a helmet was a behavioral regularity that existed in part because each player thought he ought to conform, as long as all the others did.  However, because of the value they placed on avoiding head injury, virtually all the players regarded the alternative in which they all wore helmets as better justified.  The players nonetheless remained trapped in the suboptimal “no helmet” norm until the league mandated the wearing of helmets in 1979.  Like the hockey players, we “play without a helmet” when we enter certain types of market transactions:  we are, that is, trapped in what are—now—suboptimal coordination norms.

Informational privacy is a case in point.  As Helen Nissenbaum and others have emphasized, informational norms regulate the flow of personal information in wide variety of interactions, including market transactions.  Informational norms are norms that constrain the collection, use, and distribution of personal information.  In a range of important cases, such norms are coordination norms that unify buyers’ privacy demands.  The norms are instances of the following pattern: consumers demand that businesses process—collect, use, and distribute—information only in role-appropriate ways.  The problem is that technological advances have so greatly increased the power and breadth of role-appropriate information processing that many norms are no longer value-optimal:  alternatives in which consumers have more control are better justified.  The consequence is an unacceptable loss of control over personal information.

Conformity to suboptimal norms explains the otherwise puzzling fact that consumers value control over personal information while they also surrender control for small rewards.  This is precisely the sort of behavior one sees when groups are trapped in suboptimal norms.  Recall the hockey players.  They did not wear helmets even though their values made “all players wear helmets” a far better justified alternative.  Similarly, consumers conform to suboptimal informational norms even though their values make “consumers have more control” a far better justified alternative.  Trading privacy for small rewards is just norm-conforming behavior; however, when asked about their values, consumers indicate that they value control.  Their problem is that, like hockey players, consumers cannot break free of the suboptimal norm.

The solution to the hockey players’ problem was “legislative”:  the league mandated that every player wear a helmet.  We offer a similar solution:  a model in which appropriate legislation gives rise to value-optimal informational norms.  The model applies in a wide variety of cases in which rapid change has outstripped the evolution of norms and thus underscores the fact that issues about informational privacy share important similarities with other types of suboptimal norms that currently govern various market transactions.

Helen Nissenbaum, Privacy in Context: Technology, Policy, and the Integrity of Social Life

Helen Nissenbaum, Privacy in Context: Technology, Policy, and the Integrity of Social Life

Comment by: Anita Allen

PLSC 2010

Workshop draft abstract:

Newly emerging socio-technical systems and practices, undergirded by digital media and information science and technology, have enabled massive transformations in the capacity to monitor behavior, amass and analyze personal information, and distribute, publish, communicate and disseminate it. These have spawned great social anxiety and, in turn, laws, policies, public interest advocacy, and technologies, framed as efforts to protect a right to privacy. A settled definition of this right, however, remains elusive. The book argues that common definitions as control over personal information or secrecy, that is, minimization of access to personal information, do not capture what people care about when they complain and protest that their right to privacy is under threat. Suggesting that this right may be circumscribed as applying only to special categories of “sensitive” information or PII does not avoid its pitfalls.

What matters to people is not the sharing of information — this is often highly valued — but the inappropriate sharing. Characterizing appropriate sharing is the heart of the book’s mission, turning to wisdom embodied in entrenched norms governing flows of personal information in society. The theory of contextual integrity offers “context-relevant informational norms” as a model for these social norms of information flow. It claims that in assessing whether a particular act or system or practice violates privacy, people are sensitive to the context in which these occur — e.g. healthcare, politics, religious practice, education, commerce — what types of information are in question, about whom it is, from whom it flows and to what recipients. What also matters are the terms of flow, called “transmission principles” that govern these flows, for example, with the consent of an information subject, whether in one direction or reciprocally, whether forced, given, bought and sold, and so on. Radical transformations in information are protested because they violate entrenched informational norms, that is, when they violate contextual integrity.

But not all technologies that induce novel flows are resisted, and contextual integrity would be unhelpfully conservative if it sweepingly deemed them morally wrong. The theory, therefore, also discriminates between those that are acceptable, even laudable, from those that are problematic. Inspired by the great work of other privacy theorists — past and contemporary — the theory suggests we examine how well novel flows serve diverse interests as well as important moral and political values compared with entrenched flows. The crux, however, lies in establishing how well these serve internal values, ends, and purpose of the relevant background contexts, ultimately, that is, how well they serve the integrity of society’s key structures and institutions.