What does cognitive science say about privacy and the Net?

Here’s what one dictionary says:

World English Dictionary
privacy (ˈpraɪvəsɪ, ˈprɪvəsɪ) [Click for IPA pronunciation guide]
1. the condition of being private or withdrawn; seclusion
2. the condition of being secret; secrecy
3. philosophy the condition of being necessarily restricted to a single person

Collins English Dictionary – Complete & Unabridged 10th Edition
2009 © William Collins Sons & Co. Ltd. 1979, 1986 © HarperCollins
Publishers 1998, 2000, 2003, 2005, 2006, 2007, 2009

I especially like that last one: restricted to a single person. In the VRM community this has been our focus in general. Our perspective is anchored with the individual human being. That’s our point of departure. Our approach to privacy, and to everything else, starts with the individual. This is why we prefer user-driven to user-centric, for example. The former assumes human agency, which is one’s ability to act and have effects in the world. The latter assumes exterior agency. It’s about the user, but not by the user. (Adriana Lukas unpacks some differences here.)

But this is a post about privacy, which is a highly popular topic right now. It’s also the subject of a workshop at MIT this week, to which some friends and colleagues are going. So talk about the topic is one thing that makes it front-burner for me right now. The other thing is that it’s also the subject of a chapter in the book I’m writing.

My argument is that privacy is personal. That’s how we understand it because that’s how we experience it. Our minds are embodied, and we experience privacy through our bodies in the world. We are born with the ability to grab, to hold, to make and wear clothing, to build structures that give us boundaries and spaces within which we can isolate what are our concerns alone.

Privacy requires containment, and concept of a container is one of our most basic, and embodied. Here’s George Lakoff and Mark Johnson in Philosophy in the Flesh:

Our bodies are containers that take in air and nutrients and emit wastes. We constantly orient our bodies with respect to containers—rooms, beds, buildings. We spend an inordinate amount of time putting things in and taking things out of containers. We also project abstract containers onto areas in space, when we understand a swarm of bees being in the garden. Similarly every time we see something move, or move ourselves, we comprehend that movement i terms of a source-path-goal schema and reason accordingly.

I don’t think privacy itself is a container, but I do think the container provides a conceptual metaphor by which we think and talk about privacy. I also think that the virtual world of the Net and the Web—the one I call the Giant Zero—is one in which containment is very hard to conceive, much less build out, especially for ourselves. So much of what we experience in cyberspace is at odds with the familiar world of physical things, actions and spaces. In the absence of well-established (i.e. embodied) understandings about the cyber world, there are too many ways for organizations and institutions to take advantage of what we don’t yet know, or can too easily ignore. (This is the subject, for example, of the Wall Street Journal’s What They Know series.)

That’s where I am now: thinking about containers and privacy, but not with enough help from scholarly works. That’s why I’m looking for some help. One problem I have is that the word privacy appears on every Web page that has a privacy policy. There are too many false radar images in every search. Advanced searching helps, but I can’t find a way to set the filter narrowly enough. And my diggings so far into cognitive science haven’t yet brought up privacy as a focus of concern. Privacy shows up in stuff on ethics, politics, law and other topics, but is not a subject in itself — especially in respect to our embodied selves in this cyber world we’re making.

So, if anybody can point me to anything on the topic, I would dig it very much. Meanwhile, here’s a hunk of something I wrote about privacy back in September:

Take any one of these meanings, or understandings, and be assured that it is ignored or violated in practice by large parts of today’s online advertising business—for one simple reason (I got from long ago): Individuals have no independent status on the Web. Instead we have dependent status. Our relationships (and we have many) are all defined by the entities with which we choose to relate via the Web. All those dependencies are silo’d in the systems of sellers, schools, churches, government agencies, social media, associations, whatever. You name it. You have to deal with all of them separately, on their terms, and in their spaces. Those spaces are not your spaces. (Even if they’re in a place called . Isn’t it weird to have somebody else using the first person possessive pronoun for you? It will be interesting to see how retro that will seem after it goes out of fashion.)

What I’m saying here is that, on the Web, we do all our privacy-trading in contexts that are not out in the open marketplace, much less in our own private spaces (by any of the above definitions). They’re all in closed private spaces owned by the other party—where none of the rules, none of the terms of engagement, are yours. In other words, these places can’t be private, in the sense that you control them. You don’t. And in nearly all cases (at least here in the U.S.), your “agreements” with these silos are contracts of adhesion that you can’t break or change, but the other party can—and often does.

These contexts have been so normative, for so long, that we can hardly imagine anything else, even though we have that “else” out here in the physical world. We live and sleep and travel and get along in the physical world with a well-developed understanding of what’s mine, what’s yours, what’s ours, and what’s none of those. That’s because we have an equally well-developed understanding of bounded spaces. These differ by culture. In her wonderful book , Polly Platt writes about how French —comfortable distances from others—are smaller than those of Americans. The French feel more comfortable getting close, and bump into each other more in streets, while Americans tend to want more personal space, and spread out far more when they sit. Whether she’s right about that or not, we actually have personal spaces on Earth. We don’t on the Web, and in Web’d spaces provided by others. (The Net includes more than the Web, but let’s not get into that here. The Web is big enough.)

So one reason that privacy trading is so normative is that dependency requires it. We have to trade it, if that’s what the sites we use want, regardless of how they use whatever we trade away.

The only way we can get past this problem (and it is a very real one) is to create personal spaces on the Web. Ones that we own and control. Ones where we set the terms of engagement. Ones where we decide what’s private and what’s not.

For a bonus link, here’s a paper by Oshani Seneviratne that was accepted for the privacy workshop this week. It raises the subject of accountability and proposes an approach that I like.

9 responses to “What does cognitive science say about privacy and the Net?”

  1. Dear Doc,

    I think privacy is an enormously tricky concept. I understand and respect your concerns about the automatic appropriation of one’s person by greedy corporations or territory-grabbing Web operators. But what strikes me as especially difficult is the tension between privacy and social meaning. We can really only understand ourselves in relation to others; and so we need to share a little of ourselves in order to get back some navigational or positional recognition about our own lives. And I don’t think that this works if we seek total control over our own ‘information release’, since it can be the unexpected comparisons that can give us the most insight. Like when we hear in another’s voice who does or says something that we disapprove of, an unexpected echo of ourselves, and discover how prone we are to the same fault.

    So I would not want to advocate an entirely closed, rational and orderly privacy-management system. But this raises a further challenge: how to establish a safe environment to experiment with and learn with others? This, as you know, is one of the underlying questions with what you suggested be called the Grokkery.

    On a related privacy question, I have tried following your advice around blogging. But I have repeatedly found that what I want to say is addressed to a particular rather than a general audience, and that the trade-offs required in publishing to the world seem unattractive to me. But maybe I just haven’t found the right groove.

    I believe that your VRM fight is an important one: things seem way out of balance at present. There is, however, another angle to all this. There is a kind of conversation that most people are unaware of as a practical possibility, that is central to a growing community of relational skills practitioners. Bit by bit, we are penetrating the mainstream of public life. Here there is a code of conduct that enables a much broader idea of privacy to flourish (I have written about this at practicaltrust.com). At present these are mostly offline conversations: but for many reasons, they will need to acquire the reach and persistence offered by the Net. And in doing so, they will add new twists and subtleties to the question of privacy. It would be interesting to explore these with you in due course (the work of Lakoff and Johnson is one window into some of these).

    Best regards, Theodore

  2. Hey, Ted. Great to see you here.

    All good points. I should add two things.

    One is that we are not seeking total information control by the individual with VRM. We are trying to build new tools for information control where few or none exist: on the individual’s side. One might look at it as filling a market hole or gap.

    The other is that what I’m looking for in particular here is scholarship from the cognitive science (especially linguistics) community on the subject of privacy itself. This is apart from our work on VRM.

  3. As a long term privacy advocate, it’s good to see the whole issue getting so much attention, especially as USA now seems to be on the way to joining the countries with a fairly high regulatory bar.

    That said, I think the real solution is not regulation; it is the evolution of the personal data store concept. Quite simply, if ‘I’ own and give access to the best view of me (richest, deepest, least expensive to access, most accurate, with verification where required) there is much less incentive for an organisation to use the current privacy invading approaches. So my view is that the privacy issue will become much less of a problem as PDS’s gain traction. Organisations will HAVE to/ WANT to be more respectful of privacy in order to gain access to the rich fuel they need, i.e. only those accepting the individuals terms and conditions will get in the door. Those that don’t, won’t, and can continue to scrape along with poor quality fuel – until they go out of business/ get flattened by those competitors now running on the premium stuff.

  4. Hey Doc. How about establishing a balance between actors, something along the lines of this (David Brin, Transparent Society):

    “Can we stand living our lives exposed to scrutiny … our secrets laid out in the open … if in return we get flashlights of our own, that we can shine on the arrogant and strong?”




  5. Very interesting concept. I think you can only create a totally private space for yourself if you buy your own server and hook that to the internet. Than you can be really sure that no one checks out your stuff. But even than you can be hacked. Total privacy is only possible if we shut down our internet connection.

  6. Doc, I had a great time with the two talks about privacy I gave this summer. Forgive me if you have already seen them and/or they are not relevant to your search for a metaphor but just in case, here it is: http://www.mediainfluencer.net/2010/07/privacy-aint-dead-yet/

  7. Thanks, Iain. Good points.

    Adriana, thanks as well, and I’ll check those out right after breakfast this morning. (This is my brief visit to the computer before getting the rest of the morning going.)

  8. Hello,

    Interesting paper: thank you for sharing it.

    English isn’t my mother tongue, so I’d like to emphasise there’s no French word for “privacy”. Instead, we use “la vie privée” or “Protection de vos informations personnelles” or “ceci ne vous regarde pas”.

    With that example, I want to say is “privacy” might be culturally linked to a given country and culture, let’s say USA.

    I’m not surprised other countries and cultures don’t have the words because they haven’t dealt with those issues before, and thus haven’t elaborated the related concepts.

    So an appropriate method would be to look what’s behind privacy and find the principle behind the phenomenon.

    Once the principle is found, we may them study how it is translated into different countries and cultures.

    Best regards,

Leave a Reply

Your email address will not be published. Required fields are marked *