Information Technology Security and Privacy Discussion Privacy (LOOK AT FILES)

“I’ve got nothing to hide!” Daniel Solove said this statement, addressing several privacy issues. Do you agree or disagree with this statement?

And what do you think about making certain personal information (e.g. public employees’ salaries, phone numbers, etc.) publicly available?

PS: Solove’s paper can be found under Readings, in Files, and as an attachment to this post.

Live Got Nothing to Hide and Other

Misunderstandings of Privacy

DANIEL J. SOLOVE*

TABLE OF CONTENTS

1. INTRODUCTION…………………………………………………………………………………….. 745
2. THE NOTHING TO HIDE ARGUMENT………………………………………………………. 748

III. CONCEPTUALIZING PRIVACY…………………………………………………………………… 754

1. A Pluralistic Conception of Privacy……………………………………………….. 754
2. The Social Value of Privacy…………………………………………………………… 760
3. THE PROBLEM WITH THE NOTHING TO HIDE ARGUMENT…………………………… 764
4. Understanding the Many Dimensions of Privacy………………………………. 764
5. Understanding Structural Problems……………………………………………….. 768
6. CONCLUSION……………………………………………………………………………………….. 772
7. INTRODUCTION

Since the September 11 attacks, the government has been engaging in extensive surveillance and data mining. Regarding surveillance, in

December 2005, the New York Times revealed that after September 11,

the Bush Administration secretly authorized the National Security

Administration (NSA) to engage in warrantless wiretapping of American citizens telephone calls.1

As for data mining, this involves analyzing

© Daniel J. Solove 2007. Associate Professor, George Washington University

Law School; J.D., Yale Law School. Thanks to Chris Hoofnagle, Adam Moore, and Michael Sullivan for helpful comments, and to my research assistant Sheerin Shahinpoor. I develop some of the ideas in this essay in significantly more depth in my forthcoming book, Understanding Privacy, to be published by Harvard University Press in May 2008.

1. James Risen & Eric Lichtblau, Bush Lets U.S. Spy on Callers Without Courts: Secret Order to Widen Domestic Monitoring, N.Y. TIMES, Dec. 16, 2005, at A
2. SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

746 personal data for patterns of suspicious behavior, the government has begun numerous programs. In 2002, the media revealed that the Department of Defense was constructing a data mining project, called Total Information

Awareness (TIA), under the leadership of Admiral John Poindexter.

2. The vision for TIA was to gather a variety of information about people, including financial, educational, health, and other data. The information would then be analyzed for suspicious behavior patterns. According to Poindexter: the only way to detect . . . terrorists are to look for patterns of activity that are based on observations from past terrorist attacks as well as estimates about how terrorists will adapt to our measures to avoid detection
3. When the program came to light, a public outcry erupted, and the U.S. Senate subsequently voted to deny the program funding, ultimately leading to its demise.
4. Nevertheless, many components of TIA continue on in various government agencies, though in a less systematic and more clandestine fashion.
5. In May 2006, USA Today broke the story that the NSA had obtained customer records from several major phone companies and was analyzing them to identify potential terrorists.
6. The telephone call database is reported to be the largest database ever assembled in the world
7. In June 2006, the New York Times stated that the U.S. government had been accessing bank records from the Society for Worldwide Interbank Financial

Transactions (SWIFT), which handles financial transactions for thousands of banks around the world.

8. Many people responded with outrage at these announcements, but many others did not perceive much of a problem.

The reason for their lack of concern, they explained, was because: life got nothing to hide

9. The argument that no privacy problem exists if a person has nothing to hide is frequently made in connection with many privacy issues. When the government engages in surveillance, many people believe that there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it
10. John Markoff, Pentagon Plans a Computer System That Would Peek at

Personal Data of Americans, N.Y. TIMES, Nov. 9, 2002, at A12.

3. John M. Poindexter, Finding the Face of Terror in Data, N.Y. TIMES, Sept. 10,

2003, at A25.

4. DANIEL J. SOLOVE, THE DIGITAL PERSON: TECHNOLOGY AND PRIVACY IN THE

INFORMATION AGE 169 (2004).

5. Shane Harris, TIA Lives On, NATíL J., Feb. 25, 2006, at 66.
6. Leslie Cauley, NSA Has Massive Database of Americansí Phone Calls, USA

Today, May 11, 2006, at A1; Susan Page, Lawmakers: NSA Database Incomplete, USA

Today, June 30, 2006, at A1.

7. Cauley, supra note 6, at A1.
8. Eric Lichtblau & James Risen, Bank Data Sifted in Secret by the U.S. to Block

Terror, N.Y. TIMES, June 23, 2006, at A1.

9. See infra text accompanying notes 12ñ33.

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

747

remain private. Thus, if an individual engages only in legal activity, she

has nothing to worry about. When it comes to the government collecting

and analyzing personal information, many people contend that privacy

harm exists only if skeletons in the closet are revealed. For example,

suppose the government examines oneís telephone records and finds out

that a person made calls to her parents, a friend in Canada, a video store,

and a pizza delivery place. ìSo what?,î that person might say. ìIím not

embarrassed or humiliated by this information. If anybody asks me, Iíll

gladly tells them where I shop. I have nothing to hide.î

The ìnothing to hideî argument and its variants are quite prevalent in

popular discourse about privacy. Data security expert Bruce Schneier

calls it the ìmost common retort against privacy advocates.î10 Legal

scholar Geoffrey Stone refers to it as the all-too-common refrain.î11 The

nothing to hide argument is one of the primary arguments made when

balancing privacy against security. In its most compelling form, it is an

argument that the privacy interest is generally minimal to trivial, thus

making the balance against security concerns a foreordained victory for

security. Sometimes the nothing to hide argument is posed as a question:

ìIf you have nothing to hide, then what do you have to fear?  Others ask: ìIf you arenít doing anything wrong, then what do you have to hide?

In this essay, I will explore the nothing to hide argument and its variants in more depth. Grappling with the nothing to hide argument is important because the argument reflects the sentiments of a wide percentage of the population. In popular discourse, the nothing to hide argument’s superficial incantations can readily be refuted. But when the argument is made in its strongest form, it is far more formidable.

In order to respond to the nothing to hide argument, it is imperative that we have a theory about what privacy is and why it is valuable. At its core, the nothing to hide argument emerges from a conception of privacy and its value. What exactly is ìprivacyî? How valuable is privacy and how do we assess its value? How do we weigh privacy against countervailing values? These questions have long plagued those seeking to develop a theory of privacy and justifications for its legal protection.

10. Bruce Schneier, Commentary, The Eternal Value of Privacy, WIRED, May 18, 2006, http://www.wired.com/news/columns/1,70886-0.html.

11. Geoffrey R. Stone, Commentary, Freedom and Public Responsibility, CHI.

TRIB., May 21, 2006, at 11.

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

748

This essay begins in Part II by discussing the nothing to hide argument.

First, I introduce the argument as it often exists in popular discourse and examines frequent ways of responding to the argument. Second, I present

the argument in what I believe to be its strongest form. In Part III, I briefly discuss my work thus far on conceptualizing privacy. I explain why existing theories of privacy have been unsatisfactory, have led to confusion, and have impeded the development of effective legal and policy responses to privacy problems. In Part IV, I argue that nothing to hide argumentó even in its strongest formóstems from certain faulty assumptions about

privacy and its value. The problem, in short, is not with finding an answer to the question: ìIf youíve got nothing to hide, then what do you have to fear? The problem is in the very question itself.

1. THE ìNOTHING TO HIDEî ARGUMENT

When discussing whether government surveillance and data mining pose a threat to privacy, many people respond that they have nothing to hide. This argument permeates the popular discourse about privacy and security issues. In Britain, for example, the government has installed millions of public surveillance cameras in cities and towns, which are watched by officials via closed-circuit television.12 In a campaign slogan for the program, the government declares: ìIf youíve got nothing to hide, youíve got nothing to fear.î13 In the United States, one anonymous individual from the Department of Justice comments: ìIf [government

officials] need to read my e-mails . . . so be it. I have nothing to hide.

Do you?î14 One blogger, in reference to profiling people for national security purposes, declares: ìGo ahead and profile me, I have nothing to hide.î15 Another blogger proclaims: ìSo I donít mind people wanting to find out things about me, Iíve got nothing to hide! Which is why I support President Bushís efforts to find terrorists by monitoring our

phone calls!î16 Variations of nothing to hide arguments frequently appear in blogs, letters to the editor, television news interviews, and other forums.

Some examples include:

12. JEFFREY ROSEN, THE NAKED CROWD: RECLAIMING SECURITY AND FREEDOM IN

AN ANXIOUS AGE (2004).

13. Id. at 36.
14. Comment of NonCryBaby to http://www.securityfocus.com/comments/articles/

2296/18105/threaded (Feb. 12, 2003).

15. Comment of Yoven to http://www.danielpipes.org/comments/47675 (June 14,

2006, 14:03 EST).

16. Reach For The Stars!, http://greatcarrieoakey.blogspot.com/2006/05/look-allyou-want-ive-got-nothing-to.html

(May 14, 2006, 09:04 PST).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

749

ï I donít have anything to hide from the government. I donít think I had that much hidden from the government in the first place. I donít think they care if I talk about my ornery neighbor.17

ï Do I care if the FBI monitors my phone calls? I have nothing to hide. Neither does 99.99 percent of the population. If the wiretapping stops one of these Sept. 11 incidents, thousands of lives are saved.18

ï Like I said, I have nothing to hide. The majority of the American people have nothing to hide. And those that have something to hide should be found out, and get what they have coming

to them.19

The argument is not only of recent vintage. For example, one of the

characters in Henry Jamesís 1888 novel, The Reverberator, muses:

ì[I]f these people had done bad things they ought to be ashamed of

themselves and he couldnít pity them, and if they hadnít done them there

was no need of making such a rumpus about other people knowing.î20

I encountered the nothing to hide argument so frequently in news

interviews, discussions, and the like, that I decided to blog about the

issue. I asked the readers of my blog, Concurring Opinions, whether

there are good responses to the nothing to hide argument.21 I received a

torrent of comments to my post:

ï My response is ìSo do you have curtains?î or ìCan I see your

credit card bills for the last year?î22

ï So my response to the ìIf you have nothing to hide . . .î

argument is simply, ìI donít need to justify my position. You

need to justify yours. Come back with a warrant.î23

17. Comment of annegb to Concurring Opinions, http://www.concurringopinions.

com/archives/2006/05/is_there_a_good.html#comments (May 23, 2006, 11:37 EST).

18. Joe Schneider, Letter to the Editor, NSA Wiretaps Necessary, ST. PAUL

PIONEER PRESS, Aug. 24, 2006, at 11B.

19. Polls Suggest Americans Approve NSA Monitoring (NPR radio broadcast, May

19, 2006), available at 2006 WLNR 22949347.

20. HENRY JAMES, THE REVERBERATOR (1888), reprinted in NOVELS 1886ñ1880, at

555, 687 (1989).

21. Concurring Opinions, supra note 17 (May 23, 2006, 00:06 EST).
22. Comment of Adam to Concurring Opinions, supra note 17 (May 23, 2006,

16:27 EST).

23. Comment of Dissent to Concurring Opinions, supra note 17 (May 24, 2006,

07:48 EST).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

750

ï I donít have anything to hide. But I donít have anything I feel

like showing you, either.24

ï If you have nothing to hide, then you donít have a life.25

ï Show me yours and Iíll show you mine.26

ï Itís not about having anything to hide, itís about things not

being anyone elseís business.27

ï Bottom line, Joe Stalin would [have] loved it. Why should

anyone have to say more?28

Most replies to the nothing to hide argument quickly respond with a

witty retort. Indeed, on the surface it seems easy to dismiss the nothing

to hide argument. Everybody probably has something to hide from

somebody. As the author Aleksandr Solzhenitsyn declared, ìEveryone

is guilty of something or has something to conceal. All one has to do is

look hard enough to find what it is.î29 Likewise, in Friedrich D¸rrenmattís

novella Traps, which involves a seemingly innocent man put on trial by

a group of retired lawyers for a mock trial game, the man inquires

what his crime shall be. ìëAn altogether minor matter,í the prosecutor

replied . . . . ëA crime can always be found.íî30 One can usually think of

something compelling that even the most open person would want to

hide. As one comment to my blog post noted: ìIf you have nothing to

hide, then that quite literally means you are willing to let me photograph

you naked? And I get full rights to that photographóso I can show it to

your neighbors?î31 Canadian privacy expert David Flaherty expresses a

similar idea when he argues:

 

24. Comment of Ian to Concurring Opinions, supra note 17 (May 24, 2006, 19:51

EST).

25. Comment of Matthew Graybosch to Concurring Opinions, supra note 17 (Oct.

16, 2006, 12:09 EST).

26. Comment of Neureaux to Concurring Opinions, supra note 17 (Oct. 16, 2006,

14:39 EST).

27. Comment of Catter to Concurring Opinions, supra note 17 (Oct. 16, 2006,

11:36 PM EST).

28. Comment of Kevin to Concurring Opinions, supra note 17 (July 24, 2006,

12:36 EST).

29. ALEKSANDR SOLZHENITSYN, CANCER WARD 192 (Nicholas Bethell & David

Burg trans., Noonday Press 1991) (1968).

30. FRIEDRICH D‹RRENMATT, TRAPS 23 (Richard & Clara Winston trans., 1960).
31. Comment of Andrew to Concurring Opinions, supra note 17 (Oct. 16, 2006,

15:06 EST).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

751

There is no sentient human being in the Western world who has little or no

regard for his or her personal privacy; those who would attempt such claims

cannot withstand even a few minutesí questioning about intimate aspects of

their lives without capitulating to the intrusiveness of certain subject matters.32

Such responses only attack the nothing to hide argument in its most

extreme form, which is not particularly strong. As merely a one-line

utterance about a particular personís preference, the nothing to hide

argument is not very compelling. But stated in a more sophisticated

manner, the argument is more challenging. First, it must be broadened

beyond the particular person making it. When phrased as an individual

preference, the nothing to hide argument is hard to refute because it is

difficult to quarrel with one particular personís preferences. As one

commenter aptly notes:

By saying ìI have nothing to hide,î you are saying that itís OK for the

government to infringe on the rights of potentially millions of your fellow

Americans, possibly ruining their lives in the process. To me, the ìI have

nothing to hideî argument basically equates to ìI donít care what happens, so

long as it doesnít happen to me.î33

In its more compelling variants, the nothing to hide argument can be

made in a more general manner. Instead of contending that ìIíve got

nothing to hide,î the argument can be recast as positing that all lawabiding

citizens should have nothing to hide. Only if people desire to

conceal unlawful activity should they be concerned, but according to the

nothing to hide argument, people engaged in illegal conduct have no

legitimate claim to maintaining the privacy of such activities.

In a related argument, Judge Richard Posner contends: ì[W]hen

people today decry lack of privacy, what they want, I think, is mainly

something quite different from seclusion: they want more power to

conceal information about themselves that others might use to their

disadvantage.î34 Privacy involves a personís ìright to conceal discreditable

facts about himself.î35 In other words, privacy is likely to be invoked

when there is something to hide and that something consists of negative

32. David H. Flaherty, Visions of Privacy: Past, Present, and Future, in VISIONS

OF PRIVACY: POLICY CHOICES FOR THE DIGITAL AGE 19, 31 (Colin J. Bennett & Rebecca

Grant eds., 1999).

33. Comment of BJ Horn to Concurring Opinions, supra note 17 (June 2, 2006,

18:58 EST).

34. RICHARD A. POSNER, THE ECONOMICS OF JUSTICE 271 (1983).
35. RICHARD A. POSNER, ECONOMIC ANALYSIS OF LAW 46 (5th ed. 1998).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

752

information about a person. Posner asserts that the law should not protect

people in concealing discreditable information. ìThe economist,î he argues,

ìsees a parallel to the efforts of sellers to conceal defects in their

products.î36

Of course, one might object, there is nondiscreditable information

about people that they nevertheless want to conceal because they find it

embarrassing or just do not want others to know about. In a less extreme

form, the nothing to hide argument does not refer to all personal

information, but only to that subset of personal information that is likely

to be involved in government surveillance. When people respond to

NSA surveillance and data mining that they have nothing to hide, the

more sophisticated way of understanding their argument should be as

applying to the particular pieces of information that are gathered in the

NSA programs. Information about what phone numbers people dial and

even what they say in many conversations is often not likely to be

embarrassing or discreditable to a law-abiding citizen. Retorts to the

nothing to hide argument about exposing peopleís naked bodies to the

world or revealing their deepest secrets to their friends are only relevant

if there is a likelihood that such programs will actually result in these

kinds of disclosures. This type of information is not likely to be captured in

the government surveillance. Even if it were, many people might rationally

assume that the information will be exposed only to a few law enforcement

officials, and perhaps not even seen by human eyes. Computers might

store the data and analyze it for patterns, but no person might have any

contact with the data. As Posner argues:

The collection, mainly through electronic means, of vast amounts of personal

data is said to invade privacy. But machine collection and processing of data

cannot, as such, invade privacy. Because of their volume, the data are first

sifted by computers, which search for names, addresses, phone numbers, etc.,

that may have intelligence value. This initial sifting, far from invading privacy

(a computer is not a sentient being), keeps most private data from being read by

any intelligence officer.37

There is one final component of the most compelling versions of the

nothing to hide argumentóa comparison of the relative value of the

privacy interest being threatened with the government interest in

promoting security. As one commenter to my blog post astutely notes:

ìYou canít talk about how people feel about the potential loss of privacy

in any meaningful way without recognizing that most of the people who

donít mind the NSA programs see it as a potential exchange of a small

36. Id.
37. Richard A. Posner, Our Domestic Intelligence Crisis, WASH. POST, Dec. 21,

2005, at A31.

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

753

amount of privacy for a potential national security gain.î38 In other

words, the nothing to hide argument can be made by comparing the

relative value between privacy and security. The value of privacy, the

argument provides, is low, because the information is often not particularly

sensitive. The ones with the most to worry about are the ones engaged

in illegal conduct, and the value of protecting their privacy is low to

nonexistent. On the government interest side of the balance, security has

a very high value. Having a computer analyze the phone numbers one

dials is not likely to expose deep dark secrets or embarrassing

information to the world. The machine will simply move on, oblivious

to any patterns that are not deemed suspicious. In other words, if you

are not doing anything wrong, you have nothing to hide and nothing to

fear.

Therefore, in a more compelling form than is often expressed in

popular discourse, the nothing to hide argument proceeds as follows:

The NSA surveillance, data mining, or other government informationgathering

programs will result in the disclosure of particular pieces of

information to a few government officials, or perhaps only to government

computers. This very limited disclosure of the particular information

involved is not likely to be threatening to the privacy of law-abiding

citizens. Only those who are engaged in illegal activities have a reason

to hide this information. Although there may be some cases in which the

information might be sensitive or embarrassing to law-abiding citizens,

the limited disclosure lessens the threat to privacy. Moreover, the security

interest in detecting, investigating, and preventing terrorist attacks is

very high and outweighs whatever minimal or moderate privacy interests

law-abiding citizens may have in these particular pieces of information.

Cast in this manner, the nothing to hide argument is a formidable one.

It balances the degree to which an individualís privacy is compromised

by the limited disclosure of certain information against potent national

security interests. Under such a balancing scheme, it is quite difficult for

privacy to prevail.

38. Comment of MJ to Concurring Opinions, supra note 17 (May 23, 2006, 17:30

EST).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

754

III. CONCEPTUALIZING PRIVACY

For quite some time, scholars have proclaimed that privacy is so

muddled a concept that it is of little use. According to Arthur Miller,

privacy is ìexasperatingly vague and evanescent.î39 As Hyman

Gross declares, ì[T]he concept of privacy is infected with pernicious

ambiguities.î40 Colin Bennett similarly notes, ìAttempts to define the

concept of ëprivacyí have generally not met with any success.î41 Robert

Post declares that ì[p]rivacy is a value so complex, so entangled in

competing and contradictory dimensions, so engorged with various and

distinct meanings, that I sometimes despair whether it can be usefully

addressed at all.î42 ìPerhaps the most striking thing about the right to

privacy,î Judith Jarvis Thomson observes, ìis that nobody seems to have

any very clear idea what it is.î43

Often, the philosophical discourse about conceptualizing privacy is

ignored in legal and policy debates. Many jurists, politicians, and scholars

simply analyze the issues without articulating a conception of what

privacy means. However, conceptualizing privacy is essential for the

analysis of these issues. Those working on legal and policy issues all

have some implicit conception of privacy. In many cases, privacy issues

never get balanced against conflicting interests because courts, legislators,

and others fail even to recognize that privacy is implicated. It is therefore of

paramount importance that we continue to work on developing a conception

of privacy. But how? Why have existing attempts been so unsatisfying?

1. A Pluralistic Conception of Privacy

Many attempts to conceptualize privacy do so by attempting to locate

the essence of privacyóits core characteristics or the common denominator

that links together the various things we classify under the rubric of

ìprivacy.î I refer to this as the traditional method of conceptualizing.

This method seeks to understand privacy per genus et differentiamóby

looking for necessary and sufficient elements that demarcate what

privacy is.

39. ARTHUR R. MILLER, THE ASSAULT ON PRIVACY: COMPUTERS, DATA BANKS,

AND DOSSIERS 25 (1971).

40. Hyman Gross, The Concept of Privacy, 42 N.Y.U. L. REV. 34, 35 (1967).
41. COLIN J. BENNETT, REGULATING PRIVACY: DATA PROTECTION AND PUBLIC

POLICY IN EUROPE AND THE UNITED STATES 25 (1992).

42. Robert C. Post, Three Concepts of Privacy, 89 GEO. L.J. 2087, 2087 (2001).
43. Judith Jarvis Thomson, The Right to Privacy, in PHILOSOPHICAL DIMENSIONS

OF PRIVACY: AN ANTHOLOGY 272, 272 (Ferdinand David Schoeman ed., 1984).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

755

In my article, Conceptualizing Privacy, I discussed a wide range of

attempts to locate the common denominator of privacy.44 I examined

several different candidates for the common denominator in the existing

philosophical and legal literature. Some attempts to conceptualize

privacy were too narrow, excluding things we commonly understand to

be private. For example, several theorists have contended that privacy

should be defined in terms of intimacy. According to philosopher Julie

Inness: ì[T]he content of privacy cannot be captured if we focus

exclusively on either information, access, or intimate decisions because

privacy involves all three areas. . . . I suggest that these apparently disparate

areas are linked by the common denominator of intimacyóprivacyís

content covers intimate information, access, and decisions.î45 The

problem with understanding privacy as intimacy, however, is that not all

private information or decisions we make are intimate. For instance, our

Social Security number, political affiliations, religious beliefs, and much

more may not be intimate, but we may regard them as private. Of

course, intimacy could be defined quite broadly, though then it merely

becomes a synonym for privacy rather than an elaboration of what

privacy means. The purpose of defining privacy as intimacy is to

develop a bounded and coherent conception of privacy, but it comes at

the cost of being far too narrow.

On the other hand, some attempts to conceptualize privacy are far too

broad, such as Samuel Warren and Louis Brandeisís understanding of

privacy as the ìright to be let alone.î46 What exactly does being let

alone entail? There are many ways in which people are intruded upon

that they would not consider privacy violations. If you shove me, you

are not leaving me alone. You may be harming me, but it is not a

problem of privacy.

Ultimately, any attempt to locate a common core to the manifold

things we file under the rubric of ìprivacyî faces a difficult dilemma. If

one chooses a common denominator that is broad enough to encompass

nearly everything, then the conception risks the danger of being overinclusive

or too vague. If one chooses a narrower common denominator, then the

risk is that the conception is too restrictive. In Conceptualizing Privacy,

44. Daniel J. Solove, Conceptualizing Privacy, 90 CAL. L. REV. 1087, 1095ñ99

(2002).

45. JULIE C. INNESS, PRIVACY, INTIMACY, AND ISOLATION 56 (1992).
46. Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 HARV. L.

REV. 193, 193 (1890).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

756

I surveyed the various proposed conceptions and found all to suffer from

these problems.47

I argued that instead of conceptualizing privacy with the traditional

method, we should instead understand privacy as a set of family

resemblances. In Philosophical Investigations, Ludwig Wittgenstein

argued that some concepts do not have ìone thing in commonî but ìare

related to one another in many different ways.î48 Instead of being

related by a common denominator, some things share ìa complicated

network of similarities overlapping and criss-crossing: sometimes overall

similarities, sometimes similarities of detail.î49 In other words, privacy

is not reducible to a singular essence; it is a plurality of different things

that do not share one element in common but that nevertheless bear a

resemblance to each other.

In my work on conceptualizing privacy thus far, I have attempted to

lay the groundwork for a pluralistic understanding of privacy. In some

works, I have attempted to analyze specific privacy issues, trying to

better articulate the nature of the problems. For example, in my book,

The Digital Person, I argued that the collection and use of personal

information in databases presents a different set of problems than government

surveillance.50 Many commentators had been using the metaphor of

George Orwellís 1984 to describe the problems created by the collection

and use of personal data.51 I contended that the Orwell metaphor, which

focuses on the harms of surveillance (such as inhibition and social

control) might be apt to describe law enforcementís monitoring of citizens.

But much of the data gathered in computer databases is not particularly

sensitive, such as oneís race, birth date, gender, address, or marital

status. Many people do not care about concealing the hotels they stay at,

the cars they own or rent, or the kind of beverages they drink. People

often do not take many steps to keep such information secret. Frequently,

though not always, peopleís activities would not be inhibited if others

knew this information.

I suggested a different metaphor to capture the problems: Franz

Kafkaís The Trial, which depicts a bureaucracy with inscrutable purposes

that uses peopleís information to make important decisions about them,

yet denies the people the ability to participate in how their information is

47. Solove, supra note 44, at 1099ñ1124.
48. LUDWIG WITTGENSTEIN, PHILOSOPHICAL INVESTIGATIONS ß 65 (G.E.M. Anscombe

trans., 3d ed. 2001).

49. Id. ß 66.
50. SOLOVE, supra note 4, at 6ñ9.
51. GEORGE ORWELL, 1984 (Signet Classic 1984) (1949); SOLOVE, supra note 4,

at 7.

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

757

used.52 The problems captured by the Kafka metaphor are of a different

sort than the problems caused by surveillance. They often do not result

in inhibition or chilling. Instead, they are problems of information

processingóthe storage, use, or analysis of dataórather than information

collection. They affect the power relationships between people and the

institutions of the modern state. They not only frustrate the individual

by creating a sense of helplessness and powerlessness, but they also

affect social structure by altering the kind of relationships people have

with the institutions that make important decisions about their lives.

I explored the ways that legal and policy solutions were focusing too

much on the nexus of problems under the Orwell metaphoróthose of

surveillanceóand were not adequately addressing the Kafka problemsó

those of information processing.53 The difficulty was that commentators

were trying to conceive of the problems caused by databases in terms of

surveillance when, in fact, these problems were different. The way that

these problems are conceived has a tremendous impact on the legal and

policy solutions used to solve them. As John Dewey observed, ì[A]

problem well put is half-solved.î54 ìThe way in which the problem is

conceived,î Dewey explained, ìdecides what specific suggestions are

entertained and which are dismissed; what data are selected and which

rejected; it is the criterion for relevancy and irrelevancy of hypotheses

and conceptual structures.î55

In a subsequent article, A Taxonomy of Privacy, I developed a

taxonomy of privacyóa way of mapping out the manifold types of

problems and harms that constitute privacy violations.56 The taxonomy

is my attempt to formulate a model of the problems from studying the

welter of laws, cases, issues, and cultural and historical materials. The

taxonomy I developed is as follows:

52. FRANZ KAFKA, THE TRIAL 50ñ58 (Willa & Edwin Muir trans., Random House

1956) (1937); SOLOVE, supra note 4, at 8ñ9.

53. SOLOVE, supra note 4, at 27ñ75.
54. JOHN DEWEY, LOGIC: THE THEORY OF INQUIRY 112 (Jo Ann Boydston ed.

1991) (1938).

55. Id.
56. Daniel J. Solove, A Taxonomy of Privacy, 154 U. PA. L. REV. 477 (2006).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

758

Information Collection

Surveillance

Interrogation

Information Processing

Aggregation

Identification

Insecurity

Secondary Use

Exclusion

Information Dissemination

Breach of Confidentiality

Disclosure

Exposure

Increased Accessibility

Blackmail

Appropriation

Distortion

Invasion

Intrusion

Decisional Interference

The taxonomy has four general categories of privacy problems with

sixteen different subcategories. The first general category is information

collection, which involves the ways that data is gathered about people.

The subcategories, surveillance and interrogation, represent the two

primary problematic ways of gathering information. A privacy problem

occurs when an activity by a person, business, or government entity

creates harm by disrupting valuable activities of others. These harms

need not be physical or emotional; they can occur by chilling socially

beneficial behavior (for example, free speech and association) or by

leading to power imbalances that adversely affect social structure (for

example, excessive executive power).

The second general category is information processing. This involves

the storing, analysis, and manipulation of data. There are a number of

problems that information processing can cause, and I included five

subcategories in my taxonomy. For example, one problem that I label

insecurity results in increasing peopleís vulnerability to potential abuse of

their information.57 The problem that I call exclusion involves peopleís

inability to access and have any say in the way their data is used.58

57. Id. at 516ñ20.
58. Id. at 522ñ25.

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

759

Information dissemination is the third general category. Disseminating

information involves the ways in which it is transferredóor threatened to be

transferredóto others. I identify seven different information dissemination

problems. Finally, the last category involves invasions. Invasions are direct

interferences with the individual, such as intruding into her life or regulating

the kinds of decisions she can make about her life.

My purpose in advancing the taxonomy is to shift away from the

rather vague label of privacy in order to prevent distinct harms and

problems from being conflated or not recognized. Some might contend,

however, that several of the problems I discuss are not really ìprivacyî

problems. But with no satisfactory set of necessary or sufficient conditions

to define privacy, there is no one specific criterion for inclusion or

exclusion under the rubric of ìprivacy.î Privacy violations consist of a

web of related problems that are not connected by a common element,

but nevertheless bear some resemblances to each other. We can determine

whether to classify something as falling in the domain of privacy if it

bears resemblance to other things we similarly classify. In other words,

we use a form of analogical reasoning in which ì[t]he key task,î Cass

Sunstein observes, ìis to decide when there are relevant similarities and

differences.î59 Accordingly, there are no clear boundaries for what we

should or should not refer to as ìprivacy.î Some might object to the lack of

clear boundaries, but this objection assumes that having definitive

boundaries matters. The quest for a traditional definition of privacy has

led to a rather fruitless and unresolved debate. In the meantime, there are

real problems that must be addressed, but they are either conflated or

ignored because they do not fit into various prefabricated conceptions of

privacy. The law often neglects to see the problems and instead ignores

all things that do not fall into a particular conception of privacy. In this

way, conceptions of privacy can prevent the examination of problems. The

problems still exist regardless of whether we classify them as being

ìprivacyî problems.

A great deal of attention is expended trying to elucidate the concept of

privacy without looking at the problems we are facing. My goal is to

begin with the problems and understand them in detail. Trying to fit

them into a one-size-fits-all conception of privacy neglects to see the

problems in their full dimensions or to understand them completely.

59. CASS R. SUNSTEIN, LEGAL REASONING AND POLITICAL CONFLICT 67 (1996).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

760

Conceptions should help us understand and illuminate experience; they

should not detract from experience and make us see and understand less.

The term privacy is best used as a shorthand umbrella term for a

related web of things. Beyond this kind of use, the term privacy has

little purpose. In fact, it can obfuscate more than clarify.

Some might object to the inclusion or exclusion of certain problems in

the taxonomy. I do not advance the taxonomy as perfect. It is a bottomup

ongoing project. As new problems arise, the taxonomy will be revised.

Whether a particular problem is classified as one of privacy is not as

important as whether it is recognized as a problem. Regardless of whether

we label the problem as part of the privacy cluster, it still is a problem,

and protecting against it still has a value. For example, I classify as a privacy

violation a problem I call distortion, which involves disseminating false or

misleading information about a person. Some might argue that distortion

really is not a privacy harm, because privacy only involves true information.

But does it matter? Regardless of whether distortion is classified as a

privacy problem, it is nevertheless a problem. Classifying it as a privacy

problem is merely saying that it bears some resemblance to other privacy

problems, and viewing them together might be helpful in addressing them.

1. The Social Value of Privacy

Many theories of privacy view it as an individual right. For example,

Thomas Emerson declares that privacy ìis based upon premises of

individualism, that the society exists to promote the worth and the

dignity of the individual. . . . The right of privacy . . . is essentially the right

not to participate in the collective lifeóthe right to shut out the

community.î60 In the words of one court: ìPrivacy is inherently personal.

The right to privacy recognizes the sovereignty of the individual.î

61

Traditionally, rights have often been understood as protecting the

individual against the incursion of the community, based on respect for

the individualís personhood or autonomy. Many theories of privacyís

value understand privacy in this manner. For example, Charles Fried

argues that privacy is one of the

basic rights in persons, rights to which all are entitled equally, by virtue of their

status as persons. . . . In this sense, the view is Kantian; it requires recognition

of persons as ends, and forbids the overriding of their most fundamental

interests for the purpose of maximizing the happiness or welfare of all.62

60. THOMAS I.EMERSON,THE SYSTEM OF FREEDOM OF EXPRESSION 545, 549 (1970).
61. Smith v. City of Artesia, 772 P.2d 373, 376 (N.M. Ct. App. 1989).
62. Charles Fried, Privacy, 77 YALE L.J. 475, 478 (1968); see also INNESS, supra

note 45, at 95 (ì[P]rivacy is valuable because it acknowledges our respect for persons as

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

761

Many of the interests that conflict with privacy, however, also involve

peopleís autonomy and dignity. Free speech, for example, is also an

individual right which is essential to autonomy. Yet, in several cases, it

clashes with privacy. Oneís privacy can be in direct conflict with

anotherís desire to speak about that personís life. Security, too, is not

merely a societal interest; it is essential for individual autonomy as well.

Autonomy and dignity are often on both sides of the balance, so it

becomes difficult to know which side is the one that protects the

ìsovereignty of the individual.î63

Communitarian scholars launch a formidable critique of traditional

accounts of individual rights. Amitai Etzioni, for example, contends that

privacy is ìa societal license that exempts a category of acts (including

thoughts and emotions) from communal, public, and governmental

scrutiny.î64 For Etzioni, many theories of privacy treat it as sacrosanct,

even when it conflicts with the common good.65 According to Etzioni,

ìprivacy is not an absolute value and does not trump all other rights or

concerns for the common good.î66 He goes on to demonstrate how

privacy interferes with greater social interests and often, though not

always, contends that privacy should lose out in the balance.67

Etzioni is right to critique those who argue that privacy is an individual

right that should trump social interests. The problem, however, is that

utilitarian balancing between individual rights and the common good

rarely favors individual rightsóunless the interest advanced on the side

of the common good is trivial. Society will generally win when its

interests are balanced against those of the individual.

The deeper problem with Etzioniís view is that in his critique of

liberal theories of individual rights as absolutes, he views individual

rights as being in tension with society. The same dichotomy between

autonomous beings with the capacity to love, care and likeóin other words, persons

with the potential to freely develop close relationships.î); BEATE R÷SSLER, THE VALUE

OF PRIVACY 117 (R.D.V. Glasgow trans., Polity Press 2005) (2001) (ìRespect for a

personís privacy is respect for her as an autonomous subject.î); Stanley I. Benn, Privacy,

Freedom, and Respect for Persons, in NOMOS XIII: PRIVACY 1, 26 (J. Roland Pennock &

John W. Chapman eds., 1971) (ì[R]espect for someone as a person, as a chooser,

implie[s] respect for him as one engaged on a kind of self-creative enterprise, which

could be disrupted, distorted, or frustrated even by so limited an intrusion as watching.î).

63. Smith, 772 P.2d at 376.
64. AMITAI ETZIONI, THE LIMITS OF PRIVACY 196 (1999).
65. Id. at 187ñ88.
66. Id. at 38.
67. Id. at 187ñ88.

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

762

individual and society that pervades liberal theories of individual rights

also pervades Etzioniís communitarianism. Etzioni views the task of

communitarians as ìbalanc[ing] individual rights with social responsibilities,

and individuality with community.î68 The problem with Etzioniís

communitarian view is that individuality need not be on the opposite

side of the scale from community. Such a view assumes that individual

and societal interests are distinct and conflicting. A similar view also

underpins many liberal conceptions of individual rights.

In contrast, John Dewey proposed an alternative theory about the

relationship between individual and community. For Dewey, there is no

strict dichotomy between individual and society. The individual is

shaped by society, and the good of both the individual and society are

often interrelated rather than antagonistic: ìWe cannot think of ourselves

save as to some extent social beings. Hence we cannot separate the idea

of ourselves and our own good from our idea of others and of their

good.î69 Dewey contended that the value of protecting individual rights

emerges from their contribution to society. In other words, individual

rights are not trumps, but are protections by society from its intrusiveness.

Society makes space for the individual because of the social benefits this

space provides. Therefore, Dewey argues, rights should be valued based

on ìthe contribution they make to the welfare of the community.î70

Otherwise, in any kind of utilitarian calculus, individual rights would not

be valuable enough to outweigh most social interests, and it would be

impossible to justify individual rights. As such, Dewey argued, we must

insist upon a ìsocial basis and social justificationî for civil liberties.71

I contend, like Dewey, that the value of protecting the individual is a

social one. Society involves a great deal of friction, and we are

constantly clashing with each other. Part of what makes a society a good

place in which to live is the extent to which it allows people freedom

from the intrusiveness of others. A society without privacy protec

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

763

attempt to promote rules of behavior, decorum, and civility.72 Society

protects privacy as a means of enforcing a kind of order in the

community. As Spiros Simitis declares, ì[P]rivacy considerations no longer

arise out of particular individual problems; rather, they express conflicts

affecting everyone.î73 Several scholars have argued that privacy is

ìconstitutiveî of society and must be valued in terms of the social roles

it plays.74 Privacy, then, is not the trumpeting of the individual against

societyís interests, but the protection of the individual based on societyís

own norms and values. Privacy is not simply a way to extricate

individuals from social control, as it is itself a form of social control that

emerges from a societyís norms. It is not an external restraint on society,

but is in fact an internal dimension of society. Therefore, privacy has a

social value. Even when it protects the individual, it does so for the sake

of society. It thus should not be weighed as an individual right against

the greater social good. Privacy issues involve balancing societal interests

on both sides of the scale.

Because privacy involves protecting against a plurality of different

harms or problems, the value of privacy is different depending upon

which particular problem or harm is being protected. Not all privacy

problems are equal; some are more harmful than others. Therefore, we

cannot ascribe an abstract value to privacy. Its value will differ substantially

depending upon the kind of problem or harm we are safeguarding

against. Thus, to understand privacy, we must conceptualize it and its

value more pluralistically. Privacy is a set of protections against a

related set of problems. These problems are not all related in the same

way, but they resemble each other. There is a social value in protecting

72. Robert C. Post, The Social Foundations of Privacy: Community and Self in the

Common Law Tort, 77 CAL. L. REV. 957, 968 (1989).

73. Spiros Simitis, Reviewing Privacy in an Information Society, 135 U. PA. L.

REV. 707, 709 (1987). In analyzing the problems of federal legislative policymaking on

privacy, Priscilla Regan demonstrates the need for understanding privacy in terms of its

social benefits. See PRISCILLA M. REGAN, LEGISLATING PRIVACY, at xiv (1995) (ì[A]nalysis

of congressional policy making reveals that little attention was given to the possibility of

a broader social importance of privacy.î).

74. Julie E. Cohen, Examined Lives: Informational Privacy and the Subject as

Object, 52 STAN. L. REV. 1373, 1427ñ28 (2000) (ìInformational privacy, in short, is a

constitutive element of a civil society in the broadest sense of that term.î); Paul M.

Schwartz, Privacy and Democracy in Cyberspace, 52 VAND. L. REV. 1609, 1613 (1999)

(ì[I]nformation privacy is best conceived of as a constitutive element of civil society.î);

see also Ruth Gavison, Privacy and the Limits of Law, 89 YALE L.J. 421, 455 (1980)

(ìPrivacy is also essential to democratic government because it fosters and encourages

the moral autonomy of the citizen, a central requirement of a democracy.î).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

764

against each problem, and that value differs depending upon the nature

of each problem.

1. THE PROBLEM WITH THE ìNOTHING TO HIDEî ARGUMENT
2. Understanding the Many Dimensions of Privacy

It is time to return to the nothing to hide argument. The reasoning of

this argument is that when it comes to government surveillance or use of

personal data, there is no privacy violation if a person has nothing

sensitive, embarrassing, or illegal to conceal. Criminals involved in illicit

activities have something to fear, but for the vast majority of people,

their activities are not illegal or embarrassing.

Understanding privacy as I have set forth reveals the flaw of the

nothing to hide argument at its roots. Many commentators who respond

to the argument attempt a direct refutation by trying to point to things

that people would want to hide. But the problem with the nothing to

hide argument is the underlying assumption that privacy is about hiding

bad things. Agreeing with this assumption concedes far too much ground

and leads to an unproductive discussion of information people would

likely want or not want to hide. As Bruce Schneier aptly notes, the nothing

to hide argument stems from a faulty ìpremise that privacy is about

hiding a wrong.î75

The deeper problem with the nothing to hide argument is that it

myopically views privacy as a form of concealment or secrecy. But

understanding privacy as a plurality of related problems demonstrates

that concealment of bad things is just one among many problems caused

by government programs such as the NSA surveillance and data mining.

In the categories in my taxonomy, several problems are implicated.

The NSA programs involve problems of information collection,

specifically the category of surveillance in the taxonomy. Wiretapping

involves audio surveillance of peopleís conversations. Data mining

often begins with the collection of personal information, usually from

various third parties that possess peopleís data. Under current Supreme

Court Fourth Amendment jurisprudence, when the government gathers

data from third parties, there is no Fourth Amendment protection because

people lack a ìreasonable expectation of privacyî in information exposed

to others.76 In United States v. Miller, the Supreme Court concluded that

there is no reasonable expectation of privacy in bank records because

ì[a]ll of the documents obtained, including financial statements and

75. Schneier, supra note 10.
76. United States v. Katz, 389 U.S. 347, 360ñ61 (1967) (Harlan, J., concurring).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

765

deposit slips, contain only information voluntarily conveyed to the banks

and exposed to their employees in the ordinary course of business.î77 In

Smith v. Maryland, the Supreme Court held that people lack a reasonable

expectation of privacy in the phone numbers they dial because they

ìknow that they must convey numerical information to the phone

company,î and therefore they cannot ìharbor any general expectation that

the numbers they dial will remain secret.î78 As I have argued extensively

elsewhere, the lack of Fourth Amendment protection of third party

records results in the governmentís ability to access an extensive amount

of personal information with minimal limitation or oversight.79

Many scholars have referred to information collection as a form of

surveillance. Dataveillance, a term coined by Roger Clarke, refers to the

ìsystemic use of personal data systems in the investigation or monitoring

of the actions or communications of one or more persons.î80 Christopher

Slobogin has referred to the gathering of personal information in

business records as ìtransaction surveillance.î81 Surveillance can create

chilling effects on free speech, free association, and other First Amendment

rights essential for democracy.82 Even surveillance of legal activities can

inhibit people from engaging in them. The value of protecting against

chilling effects is not measured simply by focusing on the particular

individuals who are deterred from exercising their rights. Chilling

effects harm society because, among other things, they reduce the range

of viewpoints expressed and the degree of freedom with which to engage

in political activity.

The nothing to hide argument focuses primarily on the information

collection problems associated with the NSA programs. It contends that

limited surveillance of lawful activity will not chill behavior sufficiently

to outweigh the security benefits. One can certainly quarrel with this

77. 425 U.S. 435, 442 (1976).
78. 442 U.S. 735, 743 (1979).
79. SOLOVE, supra note 4, at 165ñ209; see also Daniel J. Solove, Digital Dossiers

and the Dissipation of Fourth Amendment Privacy, 75 S. CAL. L. REV. 1083, 1117ñ37

(2002).

80. Roger Clarke, Information Technology and Dataveillance, 31 COMM. OF THE

ACM 498, 499 (1988); see also Roger Clarke, Introduction to Dataveillance and

Information Privacy, and Definitions of Terms, AUSTRALIAN NATIONAL UNIVERSITY,

Aug. 7, 2006, http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html.

81. Christopher Slobogin, Transaction Surveillance by the Government, 75 MISS.

L.J. 139, 140 (2005).

82. Daniel J. Solove, The First Amendment as Criminal Procedure, 82 N.Y.U. L.

REV. 112, 154ñ59 (2007).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

766

argument, but one of the difficulties with chilling effects is that it is

often very hard to demonstrate concrete evidence of deterred behavior.83

Whether the NSAís surveillance and collection of telephone records has

deterred people from communicating particular ideas would be a difficult

question to answer.

Far too often, discussions of the NSA surveillance and data mining

define the problem solely in terms of surveillance. To return to my

discussion of metaphor, the problems are not just Orwellian, but

Kafkaesque. The NSA programs are problematic even if no information

people want to hide is uncovered. In The Trial, the problem is not inhibited

behavior, but rather a suffocating powerlessness and vulnerability created

by the court systemís use of personal data and its exclusion of the

protagonist from having any knowledge or participation in the process.

The harms consist of those created by bureaucraciesóindifference, errors,

abuses, frustration, and lack of transparency and accountability. One

such harm, for example, which I call aggregation, emerges from the

combination of small bits of seemingly innocuous data.84 When combined,

the information becomes much more telling about a person. For the

person who truly has nothing to hide, aggregation is not much of a

problem. But in the stronger, less absolutist form of the nothing to hide

argument, people argue that certain pieces of information are not something

they would hide. Aggregation, however, means that by combining

pieces of information we might not care to conceal, the government can

glean information about us that we might really want to conceal. Part of

the allure of data mining for the government is its ability to reveal a lot

about our personalities and activities by sophisticated means of

analyzing data. Therefore, without greater transparency in data mining,

it is hard to claim that programs like the NSA data mining program will

not reveal information people might want to hide, as we do not know

precisely what is revealed. Moreover, data mining aims to be predictive

of behavior, striving to prognosticate about our future actions. People

who match certain profiles are deemed likely to engage in a similar

pattern of behavior. It is quite difficult to refute actions that one has not

yet done. Having nothing to hide will not always dispel predictions of

future activity.

Another problem in the taxonomy, which is implicated by the NSA

program, is the problem I refer to as exclusion.

85 Exclusion is the

problem caused when people are prevented from having knowledge

about how their information is being used, as well as barred from being

83. Id.
84. Solove, supra note 56, at 506ñ11.
85. Id. at 522ñ25.

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

767

able to access and correct errors in that data. The NSA program involves a

massive database of information that individuals cannot access. Indeed,

the very existence of the program was kept secret for years.86 This kind

of information processing, which forbids peopleís knowledge or

involvement, resembles in some ways a kind of due process problem. It

is a structural problem involving the way people are treated by government

institutions. Moreover, it creates a power imbalance between individuals

and the government. To what extent should the Executive Branch and

an agency such as the NSA, which is relatively insulated from the

political process and public accountability, have a significant power over

citizens? This issue is not about whether the information gathered is

something people want to hide, but rather about the power and the

structure of government.

A related problem involves ìsecondary use.î Secondary use is the use

of data obtained for one purpose for a different unrelated purpose

without the personís consent. The Administration has said little about

how long the data will be stored, how it will be used, and what it could

be used for in the future. The potential future uses of any piece of

personal information are vast, and without limits or accountability on

how that information is used, it is hard for people to assess the dangers

of the data being in the governmentís control.

Therefore, the problem with the nothing to hide argument is that it

focuses on just one or two particular kinds of privacy problemsóthe

disclosure of personal information or surveillanceóand not others. It

assumes a particular view about what privacy entails, and it sets the

terms for debate in a manner that is often unproductive.

It is important to distinguish here between two ways of justifying a

program such as the NSA surveillance and data mining program. The

first way is to not recognize a problem. This is how the nothing to hide

argument worksóit denies even the existence of a problem. The second

manner of justifying such a program is to acknowledge the problems but

contend that the benefits of the NSA program outweigh the privacy

harms. The first justification influences the second, because the low

value given to privacy is based upon a narrow view of the problem.

The key misunderstanding is that the nothing to hide argument views

privacy in a particular wayóas a form of secrecy, as the right to hide

86. Risen & Lichtblau, supra note 1.

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

768

things. But there are many other types of harm involved beyond exposing

oneís secrets to the government.

Privacy problems are often difficult to recognize and redress because

they create a panoply of types of harm. Courts, legislators, and others

look for particular types of harm to the exclusion of others, and their

narrow focus blinds them to seeing other kinds of harms.

1. Understanding Structural Problems

One of the difficulties with the nothing to hide argument is that it

looks for a visceral kind of injury as opposed to a structural one.

Ironically, this underlying conception of injury is shared by both those

advocating for greater privacy protections and those arguing in favor of

the conflicting interests to privacy. For example, law professor Ann

Bartow argues that I have failed to describe privacy harms in a compelling

manner in my article, A Taxonomy of Privacy, where I provide a

framework for understanding the manifold different privacy problems.87

Bartowís primary complaint is that my taxonomy ìframes privacy harms

in dry, analytical terms that fail to sufficiently identify and animate the

compelling ways that privacy violations can negatively impact the lives

of living, breathing human beings beyond simply provoking feelings of

unease.î88 Bartow claims that the taxonomy does not have ìenough

dead bodiesî and that privacyís ìlack of blood and death, or at least of

broken bones and buckets of money, distances privacy harms from other

categories of tort law.î89

Most privacy problems lack dead bodies. Of course, there are

exceptional cases such as the murders of Rebecca Shaeffer and Amy

Boyer. Rebecca Shaeffer was an actress killed when a stalker obtained her

address from a Department of Motor Vehicles record.90 This incident

prompted Congress to pass the Driverís Privacy Protection Act of

1994.91 Amy Boyer was murdered by a stalker who obtained her

personal information, including her work address and Social Security

number, from a database company.92 These examples aside, there is not

a lot of death and gore in privacy law. If this is the standard to recognize

a problem, then few privacy problems will be recognized. Horrific cases

87. Ann Bartow, A Feeling of Unease About Privacy Law, 155 U. PA. L. REV.

PENNumbra 52, 52 (2006), http://www.pennumbra.com/issues/articles/154-3/Bartow.pdf.

88. Id.
89. Id. at 52, 62.
90. SOLOVE, supra note 4, at 147.
91. Id.
92. Remsburg v. Docusearch, Inc., 816 A.2d 1001, 1005ñ06 (N.H. 2003).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

769

are not typical, and the purpose of my taxonomy is to explain why most

privacy problems are still harmful despite this fact.

Bartowís objection is actually very similar to the nothing to hide

argument. Those advancing the nothing to hide argument have in mind

a particular kind of visceral privacy harm, one where privacy is violated

only when something deeply embarrassing or discrediting is revealed.

Bartowís quest for horror stories represents a similar desire to find

visceral privacy harms. The problem is that not all privacy harms are

like this. At the end of the day, privacy is not a horror movie, and

demanding more palpable harms will be difficult in many cases. Yet

there is still a harm worth addressing, even if it is not sensationalistic.

In many instances, privacy is threatened not by singular egregious

acts, but by a slow series of relatively minor acts which gradually begin

to add up. In this way, privacy problems resemble certain environmental

harms which occur over time through a series of small acts by different

actors. Bartow wants to point to a major spill, but gradual pollution by a

multitude of different actors often creates worse problems.

The law frequently struggles with recognizing harms that do not result

in embarrassment, humiliation, or physical or psychological injury.93

For example, after the September 11 attacks, several airlines gave their

passenger records to federal agencies in direct violation of their privacy

policies. The federal agencies used the data to study airline security.94

A group of passengers sued Northwest Airlines for disclosing their

personal information. One of their claims was that Northwest Airlines

breached its contract with the passengers. In Dyer v. Northwest Airlines

Corp., the court rejected the contract claim because ìbroad statements of

company policy do not generally give rise to contract claims,î the

passengers never claimed they relied upon the policy or even read it, and

they ìfailed to allege any contractual damages arising out of the alleged

breach.î95 Another court reached a similar conclusion.96

Regardless of the merits of the decisions on contract law, the cases

represent a difficulty with the legal system in addressing privacy problems.

93. SOLOVE, supra note 4, at 93ñ97, 100ñ01, 195ñ208; Daniel J. Solove, Identity

Theft, Privacy, and the Architecture of Vulnerability, 54 HASTINGS L.J. 1227, 1228

(2003).

94. SOLOVE, supra note 4, at 93.
95. 334 F. Supp. 2d 1196, 1200 (D.N.D. 2004).
96. In re Nw. Airlines Privacy Litig., No. 04-126, 2004 WL 1278459 (D. Minn.

June 6, 2004).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

770

The disclosure of the passenger records represented a ìbreach of

confidentiality.î97 The problems caused by breaches of confidentiality do not

merely consist of individual emotional distress; they involve a violation

of trust within a relationship. There is a strong social value in ensuring

that promises are kept and that trust is maintained in relationships between

businesses and their customers. The problem of secondary use is also

implicated in this case.98 Secondary use involves data collected for one

purpose being used for an unrelated purpose without peopleís consent.

The airlines gave passenger information to the government for an

entirely different purpose beyond that for which it was originally gathered.

Secondary use problems often do not cause financial, or even

psychological, injuries. Instead, the harm is one of power imbalance.

In Dyer, data was disseminated in a way that ignored airline passengersí

interests in the data despite promises made in the privacy policy. Even if

the passengers were unaware of the policy, there is a social value in

ensuring that companies adhere to established limits on the way they use

personal information. Otherwise, any stated limits become meaningless,

and companies have discretion to boundlessly use data. Such a state of

affairs can leave nearly all consumers in a powerless position. The

harm, then, is less one to particular individuals than it is a structural

harm.

A similar problem surfaces in another case, Smith v. Chase Manhattan

Bank.

99 A group of plaintiffs sued Chase Manhattan Bank for selling

customer information to third parties in violation of its privacy policy,

which stated that the information would remain confidential. The court

held that even presuming these allegations were true, the plaintiffs could

not prove any actual injury:

[T]he ìharmî at the heart of this purported class action, is that class members

were merely offered products and services which they were free to decline.

This does not qualify as actual harm.

The complaint does not allege any single instance where a named plaintiff or

any class member suffered any actual harm due to the receipt of an unwanted

telephone solicitation or a piece of junk mail.100

The courtís view of harm, however, did not account for the breach of

confidentiality.

When balancing privacy against security, the privacy harms are often

characterized in terms of injuries to the individual, and the interest in

security is often characterized in a more broad societal way. The security

97. Solove, supra note 56, at 526ñ30.
98. Id. at 520ñ22.
99. 741 N.Y.S.2d 100 (N.Y. App. Div. 2002).
100. Id. at 102.

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

[VOL. 44: 745, 2007] ìIíve Got Nothing to Hideî

SAN DIEGO LAW REVIEW

771

interest in the NSA programs has often been defined improperly. In a

Congressional hearing, Attorney General Alberto Gonzales stated:

Our enemy is listening, and I cannot help but wonder if they are not shaking

their heads in amazement at the thought that anyone would imperil such a

sensitive program by leaking its existence in the first place, and smiling at the

prospect that we might now disclose even more or perhaps even unilaterally

disarm ourselves of a key tool in the war on terror.101

The balance between privacy and security is often cast in terms of

whether a particular government information collection activity should

or should not be barred.

The issue, however, often is not whether the NSA or other government

agencies should be allowed to engage in particular forms of information

gathering; rather, it is what kinds of oversight and accountability we

want in place when the government engages in searches and seizures.

The government can employ nearly any kind of investigatory activity

with a warrant supported by probable cause. This is a mechanism of

oversightóit forces government officials to justify their suspicions to a

neutral judge or magistrate before engaging in the tactic. For example,

electronic surveillance law allows for wiretapping, but limits the practice

with judicial supervision, procedures to minimize the breadth of the

wiretapping, and requirements that the law enforcement officials report

back to the court to prevent abuses.102 It is these procedures that the

Bush Administration has ignored by engaging in the warrantless NSA

surveillance. The question is not whether we want the government to

monitor such conversations, but whether the Executive Branch should

adhere to the appropriate oversight procedures that Congress has enacted

into law, or should covertly ignore any oversight.

Therefore, the security interest should not get weighed in its totality

against the privacy interest. Rather, what should get weighed is the extent

of marginal limitation on the effectiveness of a government information

gathering or data mining program by imposing judicial oversight and

minimization procedures. Only in cases where such procedures will

completely impair the government program should the security interest

101. Wartime Executive Power and the National Security Agencyís Surveillance

Authority: Hearing Before the S. Comm. on the Judiciary, 109th Cong. 15 (2006)

(statement of Alberto Gonzales, Attíy Gen. of the United States).

102. Daniel J. Solove, Fourth Amendment Codification and Professor Kerrís

Misguided Call for Judicial Deference, 74 FORDHAM L. REV. 747, 775ñ76 (2005).

SOLOVE POST-AUTHOR PAGES (SUPER FINAL).DOC 2/7/2008 3:16:38 PM

772

be weighed in total, rather than in the marginal difference between an

unencumbered program versus a limited one.

Far too often, the balancing of privacy interests against security

interests takes place in a manner that severely shortchanges the privacy

interest while inflating the security interests. Such is the logic of the

nothing to hide argument. When the argument is unpacked, and its

underlying assumptions examined and challenged, we can see how it

shifts the debate to its terms, in which it draws power from its unfair

advantage. It is time to pull the curtain on the nothing to hide argument.

1. CONCLUSION

Whether explicit or not, conceptions of privacy underpin nearly every

argument made about privacy, even the common quip ìIíve got nothing

to hide.î As I have sought to demonstrate in this essay, understanding

privacy as a pluralistic conception reveals that we are often talking past

each other when discussing privacy issues. By focusing more specifically

on the related problems under the rubric of ìprivacy,î we can better

address each problem rather than ignore or conflate them. The nothing

to hide argument speaks to some problems, but not to others. It represents a

singular and narrow way of conceiving of privacy, and it wins by excluding

consideration of the other problems often raised in government surveillance

and data mining programs. When engaged with directly, the nothing to

hide argument can ensnare, for it forces the debate to focus on its narrow

understanding of privacy. But when confronted with the plurality of

privacy problems implicated by government data collection and use

beyond surveillance and disclosure, the nothing to hide argument, in the

end, has nothing to say.