Re: [ietf-privacy] Is there an official working definition for Privacy Online?

Joseph Lorenzo Hall <> Thu, 23 April 2015 19:52 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 26B3F1B3209 for <>; Thu, 23 Apr 2015 12:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.501
X-Spam-Level: *
X-Spam-Status: No, score=1.501 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mNpm70ByE5K2 for <>; Thu, 23 Apr 2015 12:52:49 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5E3851B3218 for <>; Thu, 23 Apr 2015 12:52:31 -0700 (PDT)
Received: by lagv1 with SMTP id v1so20565477lag.3 for <>; Thu, 23 Apr 2015 12:52:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Zp5Rsg6RANi+xZkveE0zf8RDR+/BzwqqEhbf9T+wrzo=; b=M6JzrFrBW0el9+9EbMmuWf07xqOvqlPUXotr+eWWc5fSJ65a3zdzs2kGhIb3Z2G/bR h80LZhkm+XQG00toPQlhO4hwneil+PzQMYl9/9NiKf4rlRBqmGFmNTafZiCDvsXOXwey qdzdxa+ghfvm39P9FHTIF0pgiVh8BdhL/FKSB0aPOcgVt7eD0tbH0iSumN2rclvnC19L 6m+uglxXG1xpYtOBMluYxDtRz1qK3GZ/eNunvqYa8Jr0MU4tGXVNOM5CBRBsU3CVjF5h qJwdoRV6nlq3p5dx4+vYOZ9EXhlGFNtKiBQGOlbT+ikwBw5K9IMvWpaLfPx0Gd2HCdrd FJVA==
X-Gm-Message-State: ALoCoQm32o3LfOk3API844WYhbICYFFbYG9o7/zAOZ/6aodNOkv6YT+bY+Pjis/4y18tbQdIDQjI
X-Received: by with SMTP id kv3mr3970742lbb.101.1429818749657; Thu, 23 Apr 2015 12:52:29 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Thu, 23 Apr 2015 12:52:09 -0700 (PDT)
In-Reply-To: <015a01d0798d$509954c0$f1cbfe40$>
References: <> <> <> <> <> <> <> <015a01d0798d$509954c0$f1cbfe40$>
From: Joseph Lorenzo Hall <>
Date: Thu, 23 Apr 2015 15:52:09 -0400
Message-ID: <>
To: Christian Huitema <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc:, Dave Crocker <>, Josh Howlett <>
Subject: Re: [ietf-privacy] Is there an official working definition for Privacy Online?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Apr 2015 19:52:50 -0000

(not necessarily in response to Christian)

On Sat, Apr 18, 2015 at 12:08 AM, Christian Huitema <> wrote:
> On Friday, April 17, 2015, at 9:14 AM, Dave Crocker wrote
>> ...
>> This translates into "privacy relates to controlling disclosure of
>> information about a person or organization."  Then add the
>> scope-of-control portion.
> There is indeed some fuzziness in the definition of privacy. I like the
> analysis in this Pew Research Center study on "Public Perceptions of Privacy
> and Security in the Post-Snowden Era:"
> I think
> they do a good job relating threats to privacy and threats to personal
> security. To quote: "Beyond the frequency of individual words, when
> responses are grouped into themes, the largest block of answers ties to
> concepts of security, safety, and protection. For many others, notions of
> secrecy and keeping things 'hidden' are top of mind when thinking about
> privacy."

There is emerging academic work (not published yet, so I won't cite)
that discusses privacy as what philosophers call an "essentially
contested concept." The idea being that for some class of ideas and
concepts -- art, justice, freedom, etc. -- there is no single
definition and, instead, that the struggle around what they mean
defines them.

I realize that's some pretty non-technical and abstract thinking, but
for many folks (like some of us here) that have been involved for
decades in academic/industry/civil society kvetching on privacy and
defining it, the realization that the lack of a definition may in
itself define the thing is pretty important and profound.

I was a postdoc under NYU professor Helen Nissenbaum a while back and
at least in the academic privacy community, her notion of "contextual
integrity" is perhaps the biggest "definitional" thinking we've seen
in a decade or so. She has written a book on it, but I suggest anyone
interested read the following shorter article that hits the high

best, Joe

Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871