Privacy: Is it dead or just being renegotiated?

It would have been hard to find anybody at this past week's RSA conference who doesn't think privacy is a problem. The topic even had its own track, with more than six dozen sessions.

There is a bit less agreement, however, on how big a problem. It is not a large divide, but two presentations illustrated it well.

The first view is that the loss of privacy is reaching a catastrophic level. According to Theodore F. Claypoole, a partner at Wombie Carlyle, modern technology is not only eroding your privacy. It is eroding the legal standard for your "reasonable expectation" of it.

That unsettling message came with an equally unsettling title: "The gasping death of the reasonable expectation of privacy."

Claypoole offered stark examples. He said at present, the police cannot legally burst through your door unannounced, or even monitor what you are doing in your home through the use of heat and power signals - at least not without a warrant - because that would violate the current "reasonable expectation" standard.

"But the legal standard used by the government to protect your privacy is withering away," he said.

"What's making it wither? The things we're using, from a Hello Barbie doll to your car, smartphone and cell towers and more. What reasonable person would expect privacy when all this is around us?" he asked.

The withering of privacy, he said, is illustrated in things like the FBI taking the DNA of a person without consent or a warrant, like bosses reading the emails of their employees or police demanding to take a person's mobile phone.

The Fourth Amendment, which protects, "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures ..." provides a framework for privacy, he said, "but the Supreme Court hasn't come up with standard about what that means to your stuff."

And with ubiquitous tracking systems that not only collect metadata on where we are, who we call and our online life but also have improved facial and voice recognition, "there are better records of everything we do," he said, adding that there is, "constant pressure from law enforcement to get deeper and deeper into accessing that information.

Claypoole said it is at the point where the options are to lose privacy entirely, or for the nation's elected leaders to set a new standard for it. He called for, "certain acts, matters and behaviors to be declared private when they are done in a private space, and that government is excluded from collecting and viewing data about those behaviors without a warrant.

"Don't let Hello Barbie take away your rights," he said.

J. Trevor Hughes is also concerned about privacy. As president and CEO of the International Association of Privacy Professionals (IAPP), he ought to be.

But his message, in a talk titled "The Future of Privacy," is that we have been here before, many times.

Beginning with images of famous works of art - the first was a sculpture of the naked goddess Venus surprised while bathing - he said privacy is "baked into the DNA" of people. And it is constantly being "renegotiated" as culture and technology changes.

He noted that the late Supreme Court justice Louis Brandeis co-wrote one of the "seminal articles" for the Harvard Law Review while a student there called "The Right to Privacy," in which he argued that privacy was dead as a result of the flexible film camera, which allowed it to be small, portable and surreptitious, and helped the mass media to illustrate the activities of society's elites. And that was 126 years ago, in 1890.

Decades later, in the 1960s, with the advent of mainframe computers, there were again declarations that privacy was dead. Thirty years later, in 1997, the cover of Time magazine declared "The Death of Privacy." It declared basically the same thing in 2013 with a cover on, "The Surveillance Society."

The point, Hughes said, is that technology keeps raising the issue. "Smartphones have an average of 30 apps, and therefore service providers," he said, "which means that on any given day, you could have data relationships with hundreds of entities. That is a complex data ecosystem, and our laws are ill equipped to deal with it."

That issue needs to be addressed, he said, with laws and compliance standards, with accountability of organizations to their employees and customers and by building "privacy by design" into products.

"When we are being observed, we are not truly free," he said. "But to say privacy is dead," he said, "is to say what was being said more than 100 years ago.

"No, it isn't dead," he said. "What we see is an age-old process, where society renegotiates the boundary."

More on privacy:

• Security and privacy laws, regulations, and compliance: The complete guide
• Data privacy: Collect what you need, protect what you collect
• The metaverse brings a new breed of threats to challenge privacy and security gatekeepers