Privacy, Masks and Religion
One of the most significant developments for privacy law over the past few years has been the rapid erosion of privacy in public. As recently as a decade ago, we benefitted from a fair degree of de facto privacy when walking the streets of a city or navigating a shopping mall. To be sure, we were in plain sight; someone could have seen and followed us; and we would certainly be noticed if we took off our clothes. After all, a public space was always less private than a home. Yet with the notable exception of celebrities, we would have generally benefitted from a fair degree of anonymity or obscurity. A great deal of effort, such as surveillance by a private investigator or team of FBI agents, was required to reverse that. [This, by the way, isn’t a post about US v. Jones, which I will write about later].
Now, with mobile tracking devices always on in our pockets; with GPS enabled cars; surveillance cameras linked to facial recognition technologies; smart signage (billboards that target passersby based on their gender, age, or eventually identity); and devices with embedded RFID chips – privacy in public is becoming a remnant of the past.
Location tracking is already a powerful tool in the hands of both law enforcement and private businesses, offering a wide array of localized services from restaurant recommendations to traffic reports. Ambient social location apps, such as Glancee and Banjo, are increasingly popular, creating social contexts based on users’ location and enabling users to meet and interact.
Facial recognition is becoming more prevalent. This technology too can be used by law enforcement for surveillance or by businesses to analyze certain characteristics of their customers, such as their age, gender or mood (facial detection) or downright identify them (facial recognition). One such service, which was recently tested, allows individuals to check-in to a location on Facebook through facial scanning.
Essentially, our face is becoming equivalent to a cookie, the ubiquitous online tracking device. Yet unlike cookies, faces are difficult to erase. And while cellular phones could in theory be left at home, we very rarely travel without them. How will individuals react to a world in which all traces of privacy in public are lost?
To begin with, they may seek legal redress for invasion of privacy. Yet I am not optimistic about their chances; indeed, some may argue that given available technologies, businesses and government should be mandated to monitor public spaces to help keep unscrupulous individuals at bay. Failure to do so may result in liability for negligence: “why did you not protect me if you could?”
Absent legal protection, individuals may embrace privacy enhancing technologies (PETs). One such (admittedly low-tech) PET is a mask. In a world with ubiquitous facial recognition, more and more people are likely to wear masks. After all, if a face is like an http cookie, a mask is like a “do not track” (DNT) header.
You might think that mask wearing in public will create a “market for lemons” – only the bad seeds will wear the masks; after all – the rest of us have “nothing to hide”. Yet as Dan Solove has shown, we need not have “something to hide” in order to care for our privacy. Privacy, solitude, freedom from an “unwanted gaze” – reflect a natural human need; it’s not even strictly human – as cat owners know, animals sometimes need privacy too.
This only complicates matters, since it means that the bad seeds will be able to blend into the mask-wearing crowd. Policymakers may respond by legislating anti-mask laws. They would reason that wearing masks in public is different than delivering a DNT signal online. A mask-bearing individual may intimidate passersby. (Although this is surely related to existing social norms and might change as masks become more common). Masks reduce accountability; but then again, so does online anonymity.
Anti-mask laws, in turn, may prove to be problematic given their infringement on religious freedom of, for example, Muslim women. Perhaps an exemption should be crafted for such purposes then. But who is to say that privacy is not a legitimate religion? In fact, I have argued elsewhere that privacy discourse today often takes on a religious zeal.