Philip E. Agre and Marc Rotenberg (eds) Technology and Privacy: The New Landscape. Cambridge MIT Press 1997. 325 pages. Name index and subject index. Composed of 10 papers and introduction. ISBN 0262-01162-x LoC QA76.9.A25T43 $25.00

Table of Contents:

0. Philip Agre. Introduction

1. Philip Agre. Beyond the Mirror World: Privacy and the Representational Practices of Computing.

2. Victoria Bellotti. Design for Privacy in Multimedia Computing and Communications Environments.

3. Colin J. Bennett. Convergence Revisited: Towards a Global Policy for the Protection of Personal Data?

4. Herbert Burkert. Privacy-Enhancing Technologies: Typology, Critique, Vision.

5. Simon Davies. Re-Engineering the Right to Privacy: How Privacy Has Been Transformed from a Right to a Commodity.

6. David H. Flaherty. Controlling Surveillance: Can Privacy Protection Be Made Effective?

7. Robert Gelman. Does Privacy Law Work?

8. Viktor Mayer-Schonberger. Generational Development of Data Protection in Europe.

9. David J. Phillips. Cryptography, Secrets, and the Structuring of Trust.

10. Rohan Samarajiva. Interactivity As Though Privacy Mattered.

Reviewed by Bob Bruen, Cipher Book Review Editor

"Privacy is the capacity to negotiate social relationships by controlling access to information about oneself" (from the dust jacket) is a far cry from privacy as the "right to be let alone" as described by Louis Brandeis and Samuel Warren in their 1890 landmark paper "The Right to Privacy." But 107 years later the issue of privacy has moved just as far or even farther. In fact, in the past decade the issue has moved as far as in the last 100 years, mainly as a consequence of technology. As with the usual advances in technology, information moves faster, gets collected in larger quantities and is analyzed in more detail. This excellent collection of papers is right on the mark presenting the policy problem from various vantage points. Almost all the papers have useful references in the form of endnotes or bibliographies.

Agre's introduction starts off listing all the things the book is not, such as a source for genetic, medical, international, etc. privacy issues. Privacy is a big area for which there are other books that cover these issues. The New Landscape attempts to help "frame the new policy debate," which I think it does. The introduction not only summarizes the papers in the book, but also provides good insight into each topic.

What I took away from the book was a sense that the issues are international with important differences in approaches from the US. One can not ignore the potential difficulties inherent in fundamental approaches to privacy between our closet world partners in Canada and Europe. Nor can one ignore the potential threats in the Internet's lack of respect for international boundaries. The death of privacy was declared by Time Magazine on August 25 of this year, but since it was at the personal level we need to also look at the larger consequences at the international policy level. There are no end to the sources of problems as technology not only gets better, but more of it gets into the hands of more people. For what it is worth, people are pretty much the same. Technology just gives them better tools to do whatever it is that they do. A quick look at history shows a mixed bag of good, bad and indifferent.

While the range of the New Landscape is intended to be somewhat narrow, there is a still a broad enough range in the papers to be interesting and balanced. The best chapter is Cryptography, Secrets and Trust by David Phillips. The crypto summary was well done and interesting, but I especially liked his discussion of the structure of trust. He sets up a good baseline that makes the jump from technology to policy. His references contain the right choices for such a paper. He did not say it, be he gives cause for concern that not only will privacy disappear, but so will trust as we understand it.

Burkert's paper on privacy enhancing technologies (PET) provides another dimension in which personal identity is protected. He first lays out a starting point for a typology of interactions that could be subject to protections by technology, then critiques PET design as it exists today. The problems raised by him are well worth thinking about: anonymity, trust and identity.

The papers by Bennett, Davies and Mayer-Schonberg cover Europe in a helpful way. Europe's approach overall is to provide better individual privacy protection than the US where private information is a commodity to be bought and sold, which gives rise to strange notion that the right to privacy can be a commodity as well. Even though Europe is working towards a coherent privacy approach, the usual local differences are still making it a rocky road for them.

The Canadian contributions are from Flaherty and Samarajiva, both of which emphasize surveillance. Flaherty is an academic who became the first Information and Privacy Commissioner for British Columbia. He offers a unique perspective on the rules are being written today. He is critical of the US approach because the federal government seems to prefer being sued to making any real progress over taking the initiative to protect its citizens.

Samarajiva's paper discusses a project in Quebec called UBI (Universal, Bidirectional, Interactivity) which intends to create an electronic mall providing commercial services to the homes of subscribers. The service will be free to subscribers, but information will be easily collected about buying habits. The fears of private industry's surveillance should surpass those of government surveillance.

Bellotti's paper is also about surveillance in private industry at Apple. The work was done as research about how visual media affects people. Some of the first attempts seem clumsy, as in the public coffee stand and some of the attempts seem successful as in offices where users have some control.

Surveillance generally brings about thoughts of illegal activity, but as shown by this book, there is a fair amount of surveillance of legal and sometimes uninteresting activity. The law has its due in Gellman's paper which asks if it works. Privacy law does exist in the US, but it is a patchwork that is constantly under attack. How many people realize that the infamous "Deadbeat Dads" law passed in 1996 gave the FBI permission to gather up data on every person who gets a new job after October 1, 1997? Remember the CDA? Gellman does a good presenting some history as he tries to answer his question.

Lastly, Agre's chapter on the Mirror World is an historical look at privacy and PETs going back to the 1910 then progressing to today. He demonstrates effectively how the thinking of pre-computing days has been passed down to our current thinking and why it is important to understand it.

This is a well constructed, interesting and useful book. It helps to expand the notion the all that matters is the technical side of things to a more properly balanced approach that includes policy making and social change. Definitely recommended.