Privacy Manifesto
This manifesto is open source, and Creative Commons licenced as CC0: for the public domain. It is also forever a draft, and subject to improvement.
Preamble
For each of us operating in the digital world, privacy is the biggest issue of our time.
That's because we hardly have any. Not compared to what we've enjoyed in the natural world for many millennia.
Here in the digital world, we are stalked constantly. Tracking beacons, placed by others in our devices (which function as extensions of our selves), follow us everywhere. One purpose is to target us with "relevant" or "interest based" advertising, most of which is neither, and which in any case we never invited. Another is to re-engineer us into dependents of machines. Both are morally wrong and out of our control as individuals. We need to fix that.
The absence of personal privacy is a giant bug in the heart of digital life today. Our highest calling as technologists is to fix that bug—and to join others doing the same. Why:
- Because people also need their own ways to protect their privacy, and to participate in the social agreements that guide everyone toward respecting each others' privacy.
- Because it's still not clear to most of the world what privacy online actually is. That's because we still don't have it there.
It's also not clear why personal privacy matters just as much—if not more—in the digital world than it always has in the natural one. Just for starters, there are many more "attack surfaces" on our private selves in the online than there are in the offline one. Being attacked today online is also common, constant, hard to stop, and perpetrated by parties we don't know and are largely unaccountable, even though regulation of them is growing.
How much privacy matters online won't become clear until we have the full suite of technologies required for creating true personal privacy there, plus the social norms that will follow widespread adoption of those technologies.
That's why we're publishing this manifesto.
Manifesto
- Privacy is personal.
- Privacy is also social and legal, but it is personal first.
- We each experience privacy as a state: an essential feature of personal sovereignty, independence and agency.
- Privacy is also a possession as personal as one's own body organs, and just as essential.
- To control one's privacy is to selectively conceal, disclose or project information about one's self outward into the world.
- Our agency—the ability to act with effect in the word—depends on maintaining and managing our privacy. (We operate at full agency, for example, when we tie our shoes, ride a bike, write something down or drive a car.)
- Privacy outside our selves starts with what others don't know about us. To strangers we present first as human, but also anonymous—meaning, literally, nameless.
- Getting to know another person is to experience selective control of personal privacy by both parties.
- Through anonymity, personal privacy is a public grace. It's why we don't wear a name badge when we walk down a city street.
- It helps everyone not to know private information about everyone we each see or meet.
- Not knowing much about most other people is an economic and political grace as well as a social one.
- All social, economic and political graces arising from personal privacy require personal independence, sovereignty and agency over what others can know about us, even though our control is far short of absolute.
- Having control over what we selectively disclose to others, in ways we can generally trust, allows social norms to grow around how privacy works. Though these norms differ by culture, they exist in all cultures.
- Like nature, the Internet came without privacy.
- The first privacy technologies we invented in the natural world were clothing and shelter. We did this approximately when we first became human, dozens of thousands of years ago.
- The Internet we have today is barely more than two decades old, and we still lack the online equivalents of clothing and shelter. This is why most of us are still as naked and exposed on the Internet as we were in Eden. It's also why it has been easy for businesses and governments to exploit our exposed selves.
- It is now the norm—even in the presence of laws clearly forbidding it—for nearly every commercial website we visit to plant tracking beacons in our devices, so our lives can be examined and exploited by companies and governments that extract personal data and manipulate our lives for their purposes. This offends our privacy and diminishes our agency.
- These problems must first be solved at the personal level. For that we require technologies and methods for establishing private spaces for ourselves online, and ways to signal others about what is acceptable in respect to our privacy, and what is not.
- We each need to be able to operate privately at scale in the online world. This means we require standardized codes, protocols and practices that work the same for every entity we deal with. This shouldn't be hard. The common protocols of the Net and the Web (TCP/IP, HTTP/S, IRC, FTP, et. al.) give us a good base to build on, and a good model for how scale can work for each of us.
- New laws and regulations for protecting personal privacy online (e.g. the GDPR and ePrivacy in the E.U. and A.B. 375 in California) are being instituted in the absence of the personal privacy technologies and norms we need to have first. Thus they put the regulatory cart in front of the technology horse. Worse, they all rely on "notice and consent," a system by which the site or service is always the first party, issuing a "notice" to which the individual must "consent." This requires that the individual must always be the second party to all agreements involving consent. In addition to locking the individual to a subordinate role, this offends the peer-to-peer nature of the Internet itself.
- Worse, because these laws and regulations are being developed in the absence of personal privacy tech and norms, they presume that human beings have no personal agency beyond "choices" provided by others (usually persisting as a record only in the form of cookies they give our browsers to carry around, many communicating to sites that the individual has "consented" to some "notice"). As long as that remains the status quo, we will have no true personal privacy online.
- Even if today's online privacy laws are enforced, none will give us privacy, any more than laws against indecent exposure will give us clothing. We need tech of our own.
- Technologies and services that address corporate demand for claiming "GDPR compliance" (mostly obtaining "consents" through "this site uses cookies" notices that mask the site's true intent: to continue tracking people for marketing purposes), facilitate obedience to the letter the GDPR while still violating its spirit. That violation of the GDPR, as well as of our selves, will persist if the GDPR's spirit and letter are not both enforced. The same applies to similar privacy laws.
- "Privacy by Design" is good guidance for organizations, but doesn't address individuals' need to create privacy for themselves, using their own privacy tech. Specifically, it is "user-centric" but not driven by individuals who are more than mere "users."
- The United States Federal Trade Commission's fair information practice principles (FIPPs), which date back to this list of rights from a July 1973 U.S. Government report also provides good guidance, as does [EPIC.org https://epic.org/privacy/consumer/code_fair_info.html]: • There must be no personal data record-keeping systems whose very existence is secret. • There must be a way for a person to find out what information about the person is in a record and how it is used. • There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent. •There must be a way for a person to correct or amend a record of identifiable information about the person. • Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data. To those we add,
- There must be ways for individuals to secure and exercise all those rights, using standard and well-understood tools of their own.
- We do have some early forms of tech to work with, such as crypto, onion routing, PKI and VPNs. But those are too few, and (with the exception of VPNs) too hard for non-experts to use. None yet give us what clothing and shelter afford in the natural world: lots of ways, easily available to everyone, for concealing and exposing private spaces selectively, signaling how we want those private spaces respected, making clear what information we would like others to keep secret or to reveal (and to whom) — and for keeping track of agreements about all those things.
- The challenge then, for all tech developers, is to create personal privacy technologies, and means for establishing and enforcing norms based on those technologies.
- Those technologies need to be, at their base, free and open.
- When Archimedes said, "Give me a place to stand, and I can move the earth," he was talking about a place that did not exist in his time, but does in ours. That place is the Internet. TCP/IP, the free and open protocol at the Internet's base, is a fulcrum sturdy enough to make everyone an Archimedes, given the right levers. Our mission is to provide those levers.
- None of those levers can be imagined without standing on the side of the individual, and without personal privacy as the first consideration.
Calls to Action
As with all free and open source code, every word in this manifesto is provisional and subject to improvement. So we welcome and invite help with that.
Help began thanks to London Trust Media's hosting of this manifesto, here. The best way to contribute at this stage (in January 2019) is to post comments there through Coral, an open source commenting platform. Members of ProjectVRM with editing powers can also work on this copy of the manifesto, in this wiki, or by contributing through our mailing list.
— Doc Searls