from the time-for-a-gut-check dept
In Search Of A Grand Unified Theory Of Free Expression And Privacy
by Mike GodwinEvery time I ask anyone associated with Facebook’s new Oversight Board whether the nominally independent, separately endowed tribunal is going address misuse of private information, I get the same answer—that’s not the Board’s job. This means that the Oversight Board, in addition to having such an on-the-nose proper name, falls short in a more important way—its architects imagined that content issues can be tackled substantively without addressing privacy issues. Yet surely the recent scandals that have plagued Facebook and some other tech companies in recent years have shown us that private information issues and harmful-content problems have become intimately connected.
We can’t turn a blind eye to this connection anymore. We need the companies, and the governments of the world, and the communities of users, and the technologists, and the advocates, to unite behind a framework that emphasizes the deeper-than-ever connection between privacy problems and free-speech problems.
What we need most now, as we grapple more fiercely with the public-policy questions arising from digital tools and internet platforms, is a unified field theory—or, more properly—a “Grand Unified Theory” (a.k.a. “GUT”)—of free expression and privacy.
But the road to that theory is going to be hard. From the beginning three decades ago when digital civil-liberties emerged as a distinct set of issues that needed public-policy attention, the relationship between freedom of expression and personal privacy in the digital world has been a bit strained. Even the name of the first big conference to bring all the policy people, technologists, government officials, hackers, and computer cops reflected the tension. The first Computers, Freedom and Privacy conference was held in Burlingame California, in 1991, made sure that attendees knew that “Privacy” was not just a kind of “Freedom” but its own thing that deserved its own special attention.
The tensions emerged early on. It seemed self-evident to most of us back then that the relationship between freedom of expression (and freedom of assembly and freedom of inquiry) had to have some limits—including limits on what any of us could do with the private information about other people. But while it’s conceptually easy to define in fairly clear terms what counts as “freedom of expression,” the consensus about what counts as a privacy interest is murkier. Because I started out as a free-speech guy, I liked the law-school-endorsed framework of “privacy torts,” which carved out some fairly narrow privacy exceptions to the broad guarantees of expressive freedom. That “privacy torts” setup meant that, at least when we talked about “invasion of privacy,” I could say what counted as such an invasion and what didn’t. Privacy in the American system was narrow and easy to grasp.
But this wasn’t the universal view in the 1990s, and it’s certainly not the universal view in 2020. In the developed world, including the developed democracies of the European Union, the balance between privacy and free expression has been struck in a different way. The presumptions in the EU favor greater protection of personal information (and related interests like reputation) and somewhat less protection of what freedom of expression. Sure, the international human-rights source texts like the Universal Declaration of Human Rights (in Article 19) may protect “freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media regardless of frontiers.” But ranked above those informational rights (in both the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights) is the protection of private information, correspondence, “honor,” and reputation. This difference balance is reflected in European rules like the General Data Protection Regulation.
The emerging international balance, driven by the GDPR, has created new tensions between freedom of expression and what we loosely call “privacy.” (I use quotation marks because the GDPR regulates not just the use of private information but also the use of “personal” information that may not be private—like old newspaper reports of government actions to recover social-security debts. This was the issue in the leading “right to be forgotten” case prior to the GDPR.) Standing by themselves, the emerging international consensus doesn’t provide clear rules for resolving those tensions.
Don’t get me wrong: I think the idea of using international human rights instruments as guidance for content approaches on social-media platforms has its virtues. The advantage is that in international forums and tribunals it gives the companies as strong a defense as one might wish in the international environment for allowing some (presumptively protected) speech to stay up in the face of criticism and removing some (arguably illegal) speech. The disadvantages are harder to grapple with. Countries will differ on what kind of speech is protected, but the internet does not quite honor borders the way some governments would like. (Thailand's lèse-majesté is a good example.) In addition, some social-media platforms may want to create environments that are more civil, or child-friendly, or whatever, which will entail more content-moderation choices and policies than human-rights frameworks would normally allow. Do we want to say that Facebook or Google *can't* do this? That Twitter should simply be forbidden to tag a presidential tweet as “unsubstantiated”? Some governments and other stakeholders would disapprove.
If a human-rights framework doesn’t resolve the free-speech/privacy tensions, what could? Ultimately, I believe that the best remedial frameworks will involve multistakeholderism, but I think they also need to begin with a shared (consensus) ethical framework. I present the argument in condensed form here: "It’s Time to Reframe Our Relationship With Facebook.” (I also published a book last year that presents this argument in greater depth.)
Can a code of ethics be a GUT of free speech and privacy? I don’t think it can, but I do think it can be the seed of one. But it has to be bigger than a single company’s initiative—which more or less is the best we can reasonably hope Facebook’s Oversight Board (assuming it sets out ethical principles as a product of its work on content cases) will ever be. I try not to be cynical about Facebook, which has plenty of people working on these issues who genuinely mean well, and who are willing to forgo short-term profits to put better rules in place. While it's true at some sufficiently high level that the companies privilege profits over public interest, the fact is that once a company is market-dominant (as Facebook is), it may well trade off short-term profits as part of a grand bargain with governments and regulators. Facebook is rich enough to absorb the costs of compliance with whatever regimes the democratic governments come up with. (A more cynical read of Zuckerberg's public writings in the aftermath of the company’s various public writings, is that he wants the governments to get the rules in place, and then FB will comply, as it can afford to do better than most other companies, and then FB's compliance will be a defense against subsequent criticism.)
But the main reason I think reform has to come in part at the industry level rather than at the company level, is that company-level reforms, even if well-intended, tend to instantiate a public-policy version of Wittgenstein's "private language" problem. Put simply, if the ethical rules are internal to a company, the company can always change them. If they're external to a company, then there's a shared ethical framework we can use to criticize a company that transgresses the standards.
But we can’t stop at the industry level either—we need governments and users and other stakeholders to be able to step in and say to the tech industries that, hey, your industry-wide standards are still insufficient. You know that industry standards are more likely to be adequate and comprehensive when they’re buttressed both by public approval and by law. That’s what happened with medical ethics and legal ethics—the frameworks were crafted by the professions but then recognized as codes that deserve to be integrated into our legal system. There’s an international consensus that doctors have duties to patients (“First, do no harm”) and that lawyers and other professions have “fiduciary duties” to their clients. I outline how fiduciary approaches might address Big Tech’s consumer-trust problems in a series of Techdirt articles that begins here.
The “fiduciary” code-of-ethics approach to free-speech and privacy problems for Big Tech is the only way I see of harmonizing digital privacy and free-speech interests in a way that will leave most stakeholders satisfied (as most stakeholders are now satisfied with medical-ethics frameworks and with lawyers’ obligations to protect and serve their clients). Because lawyers and doctors are generally obligated to tell their clients the truth (or, if for some reason they can’t, end the relationship and refer the clients to other practitioners), and because they’re also obligated to “do no harm” (e.g., by allowing companies to use personal information in a manipulative way or to violate clients’ privacy or autonomy), these professions already have a Grand Unified Theory that protects both speech and privacy in the context of clients relationships with practitioners.
Big Tech has a better shot at resolving the contradictory demands on its speech and privacy practices if it aspires to do the same, and if it embraces an industry-wide code of ethics that is acceptable to users (who deserve client protections even if they’re not paying for the services in question). Ultimately, if the ethics code is backed by legislators and written into the law, you have something much closer to a Grand Unified Theory that harmonizes privacy, autonomy, and freedom of expression.
I’m a big booster of this GUT, and I’ve been making versions of this argument before now. (Please don’t call it “Godwin-Unified Theory”—having one “law” named after me is enough.) But here in 2020 we need to do more than argue about this approach—we need to convene and begin to hammer out a consensus about a systematic, harmonized approach that protects human needs for freedom of expression, for privacy, and for autonomy that’s reasonably free of psychological-warfare tactics of informational manipulation. The issue is not just false content, and it’s not just personal information—open societies have to incorporate a fairly high degree of tolerance for unintentionally false expression and for non-malicious or non-manipulative disclosure or use of personal information. But an open society also needs to promote supporting an ecosystem—a public sphere of discourse—in which neither the manipulative crafting of deceptive and destructive content nor the manipulative targeting of it based on our personal data is the norm. That’s an ecosystem that will require commitment from all stakeholders to build—a GUT based not on gut instincts but on critical rationalism, colloquy, and consensus.