Lang niet goed genoeg voor een peer reviewed wetenschappelijke publicatie, met een paar genante spellingsfouten, maar voor m'n blog vind ik het nog best gaan:
Privacy refers to many issues: the neighbours that peer into your garden, a surveillance society full of cameras and tracking devices, being forced to listen to somebody else lispling endearments into a phone, receiving targeted advertisements, and government using person-related data in the execution of their policies.
Recently public attention to privacy, especially digital privacy, has soared. Many authors have shown how companies and governmental organisations are insatiable in their gathering and use of personal data.
Such massive datamining is explained as a consequence of technical possibilities, together with the profitability of targeting as precisely as possible your customers, clients, or subjects.
In this essay, I’ll elaborate on the reasons why governments, or more precisely, governmental organisations, have such a hunger for data. I’ll argue that this is a function of three developments. All three developments come down to rationalisation of policy making.
The first is a quest for cost-efficiency, and the pervasive thinking of New Public Management (NPM). The second is the drive to make policy more evidence based. The third is securitization with the demand for preventive policy, thus increase of risk management policies.
These developments stimulate the use of information to make simple correlations, on which policy decisions can be made. Such decisions may have undesirable effects on both a macro and an individual scale, while making perfect sense at the intermediate level of en efficiently operating organisation.
Furthermore, policy decisions based on simple correlations cause information to be seen and used in separated chunks, so overview of the cumulative and general effects of data and information use is lost.
It is to be expected that undesirable effects of policy decisions, and lack of overview and thus intransparancy about the use of information, lead to dissatisfaction with government, and even distrust. Especially loss of control over personal information, and lack of privacy, induce paranoia from individuals against those who have power. If that happens, the snake bites its own tail: risk oriented public policy might cause great risks for effective public policy.
In order for public policy to be efficient and effective, most of the times an active, responsible citizenry is necessary. Government relies on individuals who not only comply spontanuously with rules and regulations, as well as behave in a desired manner. Policies that can only be executed through the use of force are highly inefficient and usually ineffective.
Active responsible citizenship is closely related to privacy. With every breach of privacy, a person is subject to some power over him or her: decisionmaking capacity is taken away from the person.
Put in other words: privacy is a form of freedom, and freedom is the main attribute of the citizen.
Therefore, respect for privacy on the one hand, and efficiency and effective policy on the other hand, are not really opposite values that demand a trade off. Respect for privacy is a necessary condition for effective, and efficient, policies.
The quest for cost-efficiency
After WWII and the drive in the sixties and seventies for more democratic, accountable and responsive governments, awareness has grown that good government involves being prudent with the expenditure of public money. In democracies, the procedures by which government receives its input: votes and taxmoney, should be fair, but that’s only half the story. On top of the organisation of fair input, governmental output should be effective and as cheap as possible.
Western governments took their cues from business, to learn what was involved with ‘good governance’. The concept of businesslike governance, rationalisation of production processes, is called New Public Management, NPM in short.
NPM aims at performance and cost-efficiency. Connected to NPM is the question how much value for money taxpayers are getting. At the same token, effective policy is about how much value for their vote the electorate is getting.
The shift of focus from input to output, related to NPM, includes a shift from rules, procedures and conditions to outcomes, products and services, measured, monitored and reported in quantifyable values.
When quantifyable values become more important, inevitably non-quantitative values recede to the background. Furthermore, rules and procedures are instruments supposed to protect rights and values of citizens. Put differently, rules and procedures are expressions of the way organisations should operate, the ‘how’ instead of the ‘what’.
A shift to results, cost-reduction and service to clients (‘what’) implies that duty and integrity, public service, protection of rights and the general good (‘how’) recede to the background. This rationalisation can be viewed as a good thing, but it’s harder for staff of (semi) public organisations to keep an eye on abstract and general values such as privacy and equality, while they are being rewarded for client satisfaction and efficient production.
New Public Management
NPM can be recognized in many different processes, mechanisms, values, products of current day government. I’ll select a few, with an eye to the effects on information-use.
Incentives instead of rules and procedures
When bureaucrats operate by the rules, they run the risk of forgetting what they are operating for. Compliance to rules can become a goal in itself, so rules come to work as inescapable ties. When people only have to comply with rules, they are not supposed to think for themselves, make decisions and be responsible for their actions.
Considering that both citizens and civil servants are adults, professionals, who will innovate and improve processes through which collective goals are reached, if only they receive the right incentives, NPM views rules as primitive tools to shape behavior. Instead, goals and targets are formulated, then incentives given, so the whole apparatus of government will work by itself.
As the incentives given to organisations and employees reward efficiency instead of the protection of privacy of citizens, privacy will be dropped off the goal list for public organisations.
Quantity instead of quality
Privacy is a qualitative value, it cannot be measured in numerical terms. It’s also something that, once lost, cannot come back. Once information about someone is exposed, that information can no longer be deleted from the memories or judgements of the people who received that information.
When measuring results, it is nearly impossible to include privacy in the measurements. NPM-organisations need to measure their effects, results, resources and costs in order to operate efficiently.
A consequence of NPM is that unmeasured values don’t exist. Privacy can be declared ‘a thing of the past’, ‘dead’, or otherwise explained away. Nobody is accountable for guaranteeing an invisible value.
Separation of public tasks
NPM involves separating tasks that can be distinguished from eachother, so specific targets can be set for each separate task organisation. Each organisation is supposed to operate as cost-efficient as possible. Cost-efficiency is reached through different mechanisms; either through marketmechanisms when task organisations are completely privatised, or through performance budgetting when they are merely set at a distance from politics and policy formulation.
Separate task organisations strive for cost-efficiency through rationalising their production processes. This implies a rationalisation of the use of information. On the one hand, the necessary information should be received as cheaply as possible. On the other hand, information should be used to target clients as accurately as possible, so no effort to gain satisfied clients gets wasted.
Separation and rationalisation incite semi-public and private organisations to gather data about their clients, targetgroups, and/or about risks to their own performance, just like commercial organisations do. It’s usually quite easy for such organisations to gather such data, as they can organise a check on the entitlements of individual citizens to their services in such a way, that clients ‘pay’ for these services with information. Giving information is usually either compulsory for citizens, or involuntary as it happens automatically through sensors and data transfers from other public organisations.
For example, someone who claims some social benefit will have to fill in forms with information about their identity, adress, education, bank account, marital status etc. Someone who uses public transport will have to provide information about their bank account, and movements while using public transportation.
The better the information, the better an organisation can provide services, bill the appropriate amounts to customers, inform clients. Furthermore, this is exactly what clients expect public organisations to do. Clients know that lots of information about them is available to ‘government’, so they won’t accept any excuses for mistakes (trying to communicate with a deceased parent), double questioning (having to write down name and adress over and over again), services that don’t fit (receiving a huge garbage bin while living in a small apartment on the second floor) etcetera.
To a service oriented, efficiently operating organisation, gathering and smart use of information are legitimate activities.
But the compulsory or involuntary aspect of this information, is a direct breach of privacy. Privacy involves control over ones’ information, meaning a person can decide which information to give to someone else.
Therefore, there’s an inherent discrepancy between the rationale of public task organisations on the one hand, and privacy on the other.
Private responsibility for public tasks
Apart from separating executive tasks from policy making, and rationalising production processes, some public tasks have been privatised alltogether. Many tasks that are important to society can be performed much better through private companies, because they have the expertise. They are stimulated through market incentives to provide cheap and good products and services.
With a focus on output, performance, products and services rather than procedures, collective interest and political rights and guarantees, it makes sense to use the market as a system for quality assurance.
The provision of products and services may get confused though, with the responsibility for the public good. The most prominent example are the communication and internet service providers (ISP’s), which sometimes are given a responsibility to prevent all kinds of undesirable or criminal communications. Such private companies are in some countries supposed to fight child pornography, drug deals or political terrorism. But those companies lack the tools and compentencies of the state, nor are they bound by guarantees and procedures of democracy and political rights. Their policy of crime prevention, and their execution of such policies, might therefore not be of the same standards as those of the accountable, democratic state.
In the example of the ISP’s, the methods through which they qualify customers as offenders, or the sanctions they deal out to offenders, are not publicly known or democratically decided. There is no audit of their performance in this particular field of the public good, so there will be no regular checks against public norms. A proud mother who posts pictures of her naked baby may thus be excluded from internet services for the offense of showing child pornography.
Public values as privacy, equality, access to neutral conflict solution, social cohesion etcetera may not be innate to private companies. Even when companies state they want to be socially responsible, their interpretation of the common good does not come about through democratic processes and rule of law institutions. Therefore, they are likely to find the most cost-efficient ways to fullfill their tasks, regardless of general public values.
Evidence based policy
Government is not only supposed to operate as cost-efficiently as possible, it should also deliver, which means: be effective. Furthermore, governments are accountable for their actions, which implies that what they do, and their results, should somehow be measured. Naturally, such demands are translated in the concept of evidence based policy. Since policy intervenes with peoples’ freedom, it should be founded on evidence, on the knowledge that a certain intervention has certain results. The same holds true for policy evaluation and accounting for policies of the past: inputs and results should be audited and reported.
The knowledge that policy should be based on, can take different forms. The most complete form is knowledge as policy theory. A slimmer version of policy evidence is found in statistical relations.
The concept of a policy theory refers to ideas about interventions and desired effects: what works, how does it work, what are the conditions for it to work, what might be side effects? A policy theory is a good reason to perform (scientific) research into causes and effects of problems or behavior, or into the costs and benefits of proposed interventions, or into the effects of policies.
On the other hand, statistics can be used to discover correlations, without any theory about the characteristics of such relations. Thanks to the enormous dataprocessing power of computers, it’s relatively easy to uncover correlations between, for example, certain characteristics of people, and certain behavior. The process of looking for such correlations is datamining: excavating remarkable relations that are hidden in a big amount of information.
No science, no reliability
A problem with datamining is that relations are found in a selective dataset, without a theoretic base for the selection. Datasets often come about through different means and purposes than the purpose of research. Many data are registered primarily for reasons of billing customers or taxpayers.
Therefore, relations are actually infused into the data, in an invisible way. Without a theory, the selection of data is quite random.
The selection may be biased, but not necessarily so, as there is no theory to assess the relevance of the data for the relations that are sought and found. If data are irrelevant, there is neither a bias nor a true relation, but one can get the impression there are correlations.
If correlations are found between datasets that no theory can plausibly relate, they might not point to a real relation and therefore not be found in a different dataset.
Statistics and errors of the first and second kind
Decisions based on statistical relations suffer from errors, because the relation never is absolute. Errors of the first kind will be made, meaning someone is included in a category, who in fact doesn’t belong in that category. Also errors of the second kind will be made, which means someone gets excluded who should have been included.
Including and excluding people in categories, has serious consequences if the category is a basis for entitlements or obligations. Everyone who is wrongly thought to be in a category, or not in a category, suffers injustice.
Risk management
New public management and the securitization of modern discours, have the effect of perceiving policy as an exercise in risk management.
Risk management is the identification and quantification of hazards, identification of damage control options, calculation of costs and benefits of these options and finally choice and application of the most efficient ones. Since risk is a combination of probability that an incident occurs, and scale of impact of such an incident, damage control measures can either focus on lowering the probability of the occurrence, or on decreasing the damage once such an incident occurs. Risk management is often perceived as a technical, value-neutral exercise, as it deals with numbers (probabilities, costs) and scientific knowledge (hazards, impact of certain incidents). In reality, value assessments are made through considering certain hazards and ignoring others, through defining certain things as hazards, and through evaluating the impact of an incident.
Many policy problems have been translated into risks. Since many policy problems are matters of human behavior, it’s certain behavior that has become a risk, or a risk factor. The knowledge then sought, is knowledge that may help in predicting such behavior, so it can be prevented or stopped. The most logical place to look for such knowledge, is characteristics of people that can be observed.
Surveillance technology, vast registers and fast computers have made the observable characteristics of people sheer endless. Furthermore, the technique of building profiles has been very helpfull – to advertising companies - in targeting individuals with custom-made policies.
Profiling
Any trait, behavior or behavioral pattern that is used to predict other types of behavior, is a characteristic of a person. Such characteristics, when collected, are data. Profiling is collecting, selecting, and (re)combining data in ways that have people fall into particular categories. A profile of someone, is a set of data that describe certain relevant characteristics of that person. Relevance is related to the purpose of making profiles, and to the underlying theories about correlations between characteristics and other behavior.
Advertising agencies use advanced profiling for targeted marketing. An old example is the age and gender profile that has been used for decades to market maternity products.
The use of profiles is also very interesting for border control purposes, as millions of people travel across borders while the purpose of border control is to seive out those with terrorist, immigration or smuggling intentions.
Most travellers are tourists or business travellers. The profile of a legitimate tourist might be: booked a return trip to a common destination some months ago; takes the cheapest or most comfortable route; carries non-formal clothes in his luggage; travels together with others; has a job to return to after the vacation.
Border control has limited resources, so it makes no sense to do thorough checks on all travellers who fit such a profile. Random reality checks might be performed though, in order to confirm the theory that travellers who fit such a profile, actually do travel for legitimate reasons.
Prevention and presumption of innocence
Within the rule of law, every individual is presumed to be innocent of any illegal act, unless proper evidence shows he/she actually committed such an act. Presumption of innocence implies government can only use it’s force against individuals, after some particular fact.
Prevention of course implies action before the facts. Preventive policy is based on the anticipation of certain behavior, and that anticipation is based on probabilities. If someone is very likely to become a victim, that person might be put under public protection. Not always will the potential victim perceive himself as such, and not always will he appreciate the efforts to protect him. In such cases, protection is a breach of his privacy.
If preventive policy targets potential perpetrators, the breach of privacy is more obvious. In such cases, people are treated unequally, based on the likelyhood of their breaching the law: their profile.
Self fulfilling prophecy
Apart from unfairness and privacy infringements, profile-based prevention may also cause people to behave in the way they are expected to behave. This would be a consequence of the selective, particular treatment they receive.
An example: the profile of young men from North-African descent is related to anti-social behavior. The result of that relationship is that people keep their distance from young North-African-looking men, and may not treat them in a friendly, sociable and inclusive manner. Not many behavior patterns are left to them, than acting in ways that are considered anti-social among the majority population.
Another example: pretty blond girls (the profile) are supposed to perform bad at mathematics. Instead of pushing them to outstanding performance, investing time and energy in explanations, challenging them to solve mathematics problems, teachers, parents and fellow schoolkids might accept from the start that the girls fit a particular profile and are not expected to perform excellent. The girls will usually conform to that image, and lag behind in mathematics performance.
Breaching privacy
Respecting privacy is a moral demand, but apart from that it’s also instrumental for legitimate and effective government. Legitimacy and effectivity of government are mutually dependent, and infringing on privacy might cause loss of either, or both.
Chilling effect
Being monitored, or even just the fact of having no control over who has what information about a person, can have a chilling effect. When someone thinks he might be observed, he’ll be more on his guard, even behave differently, then if he presumed not to be observed. Being on ones guard is in fact being less trusting.
Matters are made worse when information about people is gathered that they consciously don’t want to convey to others, or to government. In that case, disrespecting privacy equals a loss of individual liberty: the freedom to choose to keep some things private.
A third mechanism that might lead to loss of trust, is through the apparent distrust that government shows against its citizens, when it gathers information, targets preventive policies, and uses the language of security and risks. Government in this way makes itself an entity opposed to (certain) citizens, and every citizen could become one of those opposite government. Whether that happens, is a matter of judgement on the side of government, over which individual citizens have little control. Feeling powerless when facing an opponent, induces fear or anger. Those are not conducive to government legitimacy.
Fourth, people who receive differential treatment, based on their profiles, may feel they are being treated in an unfair manner.
When people lose trust, when they come to view government as an opposing entity, or when they feel government doesn’t act fairly, government loses legitimacy.
Ineffective policies – higher non conformity risks
Policies based on questionable theories or spurious correlations will only be effective by accident. Furthermore, good policies targeted at the wrong people, if errors of the first or second kind are made in executing the policies, lose efficacy also. Some policies might actually become self-fullfilling prophecies, when people behave in a way to fit their profile.
If policies are targeted at the wrong people, or if people feel certain policies have no legitimacy, the risk of non-conformity to rules and regulations increases. Non-conformity leads to less effectivity, unless the rules were superfluous in the first place.
Ineffective policies lead to further loss of faith in government, as citizens experience how government doesn’t protect their interests or their security in an adequate manner.
There is a risk that government, when losing legitimacy, tries to increase its control. Efforts to increase control involve gathering more information, intensifying surveillance, rationalising policies. As discussed previously, rationalising policies may put legitimacy at risk. Thus a vicious cycle may evolve, for which a radical shift of focus can be the only way out. Focus should shift to back to public values instead of governance with its financial focus, and to a horizontal relationship between government and citizens instead of policy-subjects.
Need for privacy
Trying to increase effectivity and efficiency, not squandering public resources and accounting for actions, all make good sense. Goals of government these are not though, and if efficiency becomes a goal in its own right, respect for privacy, citizens rights and ultimately government legitimacy may be lost.
Without legitimacy, and without the supportive and compliant behavior of the vast majority of citizens, it’s difficult for government to perform effectively and efficiently.
To the contrary, respect for, and protection of, privacy should be seen as condition for efficient and effective government.
Citizens actually need the government to help them protect their privacy vis a vis commercial enterprises, criminals, media and fellow citizens. If government re-takes its role as the citizens’ power that is organised in order to protect and defend individual basic rights, two birds are killed with one stone. It improves the relationship between government and citizens, and it keeps private infringements of privacy in check.
Abonneren op:
Reacties posten (Atom)
Geen opmerkingen:
Een reactie posten