Is privacy possible in a digital age?

Europe has a principle that says that information disclosed for one purpose can't be disclosed for another without the consent of the individual concerned. The rather dreary US policy debate that's going on is between Opt-in and Opt-out. Opt-out says that the baseline is that companies can collect your data, and if you don't want them to, you click the little boilerplate and they don't collect it. I am not persuaded by the virtues of that approach. People click past the legal gobbledygook as quickly as teenage boys click past the adult certification screens on adult Web sites. Because of the counter-intuitive nature of privacy, that in fact it's just hard for people to realize exactly why it's important until it's too late -- my sense is that there should be a heightened degree of consent, something along the lines of Opt-In.

Opt-In says that they can't collect your data unless you affirmatively give consent. Opt-In is especially important when we are talking about personally identifiable data. I am saying to you that we want a high degree of consent before personally identifiable dossiers are collected, because once these dossiers exist, there's really no telling what will happen to them. This is why creation of property rights for personal data may not be as effective as we might think, because people can alienate or sell their property rights, and then they can't get them back. Once I sell them it may be much harder for me to maintain some kind of limited control.

Next, there's technology. I like technological solutions a lot. Self-help is a great thing, so Scribble is a way of protecting ourselves. We can all go back and cover our tracks. I told the New York Times Magazine the story of my student. He didn't want to be identified, so I called him by his first initial, K. K is the rational man in this brave new world. He's a paranoid. He's absolutely mad. He wears green army fatigues and black boots and he spends all his time covering electronic tracks. He uses Scribble. He uses a Kremlin total delete program, which puts X's and O's all over his hard drive. He encrypts his e-mail. He has firewalls that tell any company that sends him a cookie, "Keep your cookies off my hard drive".

And there are others -- the technology is so interesting, and changing every day. A new company called Tacit Knowledge Systems has just said, well, let's architect a system so that all e-mail you send is presumptively private. It's put in a folder that can only be accessed with your personal password, not by your employer. If you want to make it public, you have to affirmatively give consent and put it in a public place. And then there are funky things that they do, like word searches of even the private folders that can enable you to send e-mail on related subjects to people who have written about what you are writing about, but people can refuse to accept this if they don't want it. So there are many ways of reconstructing in cyberspace the architecture that property used to ensure in real space, and we can be creative about this.

However, ultimately I would feel that it would be a defeat for the team of reticence if all of us had to live like K. That would put us in the same category as citizens in the Soviet Union, who responded to constant surveillance by making telephone calls from public phone booths and paying in cash and basically exhibiting a bovine surrender to technological determinism.

So where does that leave us? It leaves us with politics. Politics turns out to be a great thing in protecting privacy. Let's think about the recent responses to the really intrusive efforts of the surveillers

I bought a Sprint Web phone. I resisted for a long time because I didn't want to be accessible. I didn't want to have to answer the cell phone. But I bought it so I could browse my new book on Amazon, and this Sprint promptly disclosed my phone number to Amazon. The thing was architected so that they had my phone number. Outrageous! You don't have to do that in real space. There was a mini-outcry, and the result was that Sprint, in a week, promised to change the wireless web phones and re-architected it not to do that.

Intel was putting globally unique identifiers on its Pentium chips, making it possible to link every single word processing document I write with my actual identity. People got angry about that and they promised to disable those as well. These are all examples of the beautiful effectiveness of politics. It was politics that forced Intel to back down. And my strong counsel to you and to all of us is to remain vigilant in the face of these new threats to privacy, never to surrender to technological determinism, and to insist on maintaining, against the odds in this brave new world of virtual exposure, the same privacy in the 21st century that we've long taken for granted in the 18th, 19th, and 20th.