If you're in public, you have no expectation of privacy.
People keep saying that in this debate, as if it's some sort of self-evident principle that must not be questioned, but is it anything more than a meaningless tautology? Aren't you in public by definition in places where you have no privacy? If so, then being in public is defined by how we define privacy.
The public/private distinction has never been absolute, such that everything about you and what you're doing is either in public or in private at any given time. We're sharing our thoughts on a public forum on the Internet, but at least one of us is physically sitting in his own home while doing so. I have different expectations of privacy for what I'm saying on HN vs. the conversation I just had with someone in this room.
The lines are similarly blurred if we go out. For example, in most jurisdictions you do not give up all rights to privacy just because you went out your front door. If a guy follows you around with a video camera and tries to watch you enter security details when you're paying for stuff at a shop, he's probably going to get in trouble. If a public venue installs video cameras in its bathrooms or changing rooms, it's probably going to get in trouble. If some pervert tries to film up your or your wife's/sister's/daughter's skirt, he's probably going to get in a lot of trouble. These things are all easily possible with technology, and all happen in a "public place", yet I think almost everyone would still consider them unacceptable invasions of privacy and the law in many places would prohibit such behaviour.
Maybe as technology that can be used for surveillance and data mining evolves, we need to evolve our understanding of what should be considered private as well, in order to maintain effective protection of the same underlying values. If metadata alone can now be used to determine sensitive details about us that we would consider to be private if collected directly, then perhaps the collection and use of that metadata should be controlled in the same ways as direct collection and use of the implicit data. If sensitive data is collected for one purpose with consent but can now be repurposed more easily for additional uses, maybe there need to be explicit safeguards to control that risk.
People keep saying that in this debate, as if it's some sort of self-evident principle that must not be questioned, but is it anything more than a meaningless tautology? Aren't you in public by definition in places where you have no privacy? If so, then being in public is defined by how we define privacy.
The public/private distinction has never been absolute, such that everything about you and what you're doing is either in public or in private at any given time. We're sharing our thoughts on a public forum on the Internet, but at least one of us is physically sitting in his own home while doing so. I have different expectations of privacy for what I'm saying on HN vs. the conversation I just had with someone in this room.
The lines are similarly blurred if we go out. For example, in most jurisdictions you do not give up all rights to privacy just because you went out your front door. If a guy follows you around with a video camera and tries to watch you enter security details when you're paying for stuff at a shop, he's probably going to get in trouble. If a public venue installs video cameras in its bathrooms or changing rooms, it's probably going to get in trouble. If some pervert tries to film up your or your wife's/sister's/daughter's skirt, he's probably going to get in a lot of trouble. These things are all easily possible with technology, and all happen in a "public place", yet I think almost everyone would still consider them unacceptable invasions of privacy and the law in many places would prohibit such behaviour.
Maybe as technology that can be used for surveillance and data mining evolves, we need to evolve our understanding of what should be considered private as well, in order to maintain effective protection of the same underlying values. If metadata alone can now be used to determine sensitive details about us that we would consider to be private if collected directly, then perhaps the collection and use of that metadata should be controlled in the same ways as direct collection and use of the implicit data. If sensitive data is collected for one purpose with consent but can now be repurposed more easily for additional uses, maybe there need to be explicit safeguards to control that risk.