I’ve been reading some work on privacy and social networks recently, and this combined with Ratliff’s “Gone Forever: What Does It Really Take to Disappear” has led me to think about whether a geek with a website that is clearly their own (e.g. Christopher-Parsons.com) should reasonably expect restraining laws to extend to digital spaces. I’m not really talking at the level of law necessarily, but at a level of normativity: ought a restraining order limit a person from ‘following’ me online as it does from being near me in the physical world?
Restraining orders are commonly issued to prevent recurrences of abuse (physical or verbal) and stalking. While most people who have a website are unable to track who is visiting their webspace, what happens when you compulsively check your server logs (as many good geeks do) and can roughly correlate traffic to particular geo-locations. As a loose example, let’s say that you were in a small town, ‘gained’ an estranged spouse, and then notice that there are regular hits to your website from that small town after you’ve been away from it for years. Let’s go further and say that you have few/no friends in that town, and that you do have a restraining order that is meant to prevent your ex-spouse from being anywhere near you. Does surfing to your online presence (we’ll assume, for this posting, that they aren’t commenting or engaging with the site) normatively constitute a breach of an order?
Privacy can be considered in many lights because it’s a multifaceted concept – depending on the situation at hand, people have differing expectations of privacy. Nissenbaum and Solove alike are presently engaged in trying to tease out what this contextually means in the the development of norms of privacy. In both cases, they tend to favor conservative legal understandings of the reasonable expectations of privacy, on the basis that alternate bases risk undermining the stability of privacy-related law. In Nissenbaum’s case, she argues that we need to evaluate the particularities of the situation in an effort to understand what the contextual privacy norms are, and adopts a micro-analysis of the situation to develop privacy norms contingent to that situation. Solove offers us a beautiful taxonomy, from which we can understand the harms and non-harms associated with infringements on our privacy.
If we adopt a reading from Nissenbaum, and we consider the context of a restraining order and the personalities involved (i.e. a person who is told to avoid another, and the other that is server-log savvy), then it would seem that the ‘stalking’ of someone’s blog would be a violation of the order. Further, in an instance where the person attempts to infiltrate the other’s social networking spaces (e.g friending my friend on Facebook to gain access to my personal information) you would also register a privacy infringement. In Solove’s case, we also register an infringement because surveillance is actively taking place. In addition, should information processing of any type take place (e.g. aggregating, developing correlations between data sets, insecurely holding that data, using for secondary purposes) a breach of privacy may be taking place. Now, in the latter example in particular it might seem strange to suggest that processing could take place, given that Solove states that “[i]nformation processing does not involve the collection of data; rather, it concerns how already-collected data is handled.” Should the person the order is issued against have already saved data during their surveillance efforts (say on their hard drives) and then subsequently work with that data then they could (arguably) be seen and engaging in information processing with their victim’s consent. As such, per Solove’s model there are two potential classes of privacy violation taking place: Information Collection and Information Processing.
Whereas in Nissembaum the ‘tech savvy geek’ is a (likely) required element of the privacy violation, in Solove’s this isn’t true. While a non-savvy website owner/blogger might not realize what is going on, Solove’s model registers a breach whether or not anyone realized what is happening. What is the basis for this difference? Officially, I would suggest that it really comes down to a difference in the underlying commitment to legal standards as the dominant basis for their models. Solove’s is very much grounded in legal norms, whereas legal norms form the outskirts of Nissembaum’s model (to prevent radical shifts in privacy law) while the model itself is founded on her principles of appropriateness and distribution.
My own take, however, is that Nissembaum is implicitly more aware of the complexities of ontological security in her article than Solove. Her model is cognizant of the various factors that influence the psychological and physical well-being of the individuals and the subsequent privacy norms that are thus necessarily implicated in a ‘healthy’ Western sense of Being. Efforts to shake the security in one’s environment and psychological well-being, for the purposes of disruption and snooping, are necessarily bad because of the consequences on the individual and, taken more broadly, on the impacts of such actions were they committed across society. Appropriateness and distribution can be linked to the ontological insecurity generated by breaches of privacy norms. Solove’s emphasis, in contrast, is on the impacts of certain actions on the more nuanced social norms that operate around a spectrum of people. In his words,”individual liberties should be justified in terms of their social contribution” rather than based on their contribution to a unique individuals’ well-being. He is more concerned that norms are acceptable to the community, and thus less concerned with the specificity of reasonable expectations of privacy in hyper-particular situation.
To understand this difference, it is helpful to consider Solove’s and Nissembaum’s respective projects. Solove, as I tend to read him, is trying to sort through the mess that is (American) privacy law and struggling (in many ways, successfully) to develop a legal-normative reading of privacy, whereas Nissembaum is playing the role of the philosopher and trying to develop a more nuanced understanding of privacy than is necessarily practical in a large legal context. Under her approach, I think that questions of damages can likely range more broadly than the victim in Solove’s world, but helpfully both would likely recognize a privacy violation should someone with a restraining order track or follow their victim throughout digital spaces.
This said, I’ve chosen to focus on Nissembaum and Solove because I think that they are the cutting edge of privacy discourse in the West. Were we to adopt a Brandeis and Warren approach – privacy is the right to the be left alone – then it might be somewhat more challenging to assert that where no visible harm is evidenced that a privacy violation is registered when a person with a restraining order ‘follows’ me online.
Technology, Thoughts & Trinkets 
How is visiting a website different than watching the subject on television, or listening to them on the radio?
When putting yourself in the public sphere, why does one medium need greater privacy than another?
LikeLike
Good questions (as usual).
I guess that I am thinking of ‘personal’ rather than ‘business’ websites – I’m perhaps incorrectly seeing a difference from where a person blogs about their life and their professional obligations as a talk show host (e.g. Oprah). With this, perhaps not helpful distinction, I see that ‘stalking’ and ‘following’ someone has moved beyond just a physical pursuit and entered a digital space; when I put myself into the ‘physical’ public sphere, the restraining order is meant to prevent someone from intruding on me in that space. Where they accidentally violate the sphere of protection, they are typically obligated to remove themselves. Why shouldn’t a similar process be expected online; if you know that I blog personal information at a particular location then you are expected to avoid touching on that space, as you would being around someone in a physical domain.
I guess that I’m not seeing a need for ‘greater protection’ online than in the physical world but actually see there being a similarity in degrees of privacy being accorded. At the same time, I feel that I’m doing something snakey in my argument, and that I’m not fully detecting just yet. I think that Nissembaum’s argument can be transposed to physical spaces, with similar conclusion, as can Solove’s – neither necessarily would offer ‘stronger’ protections online than in a physical space, at least as I’m reading them right now.
LikeLike
Some of the distinction may be between the active and the passive. Say yo had a restraining order against me. I read your blog, but go no further.
But then I comment. And you know its me (either through deduction or by my declaration). Because I have engaged you directly, I may be violating the terms or the intent of the order.
Take a radio call-in show for the closest example. You are a guest, not even the “famous” host. I listen to the show, but I doubt that would violate the terms.
But if I call in to question you the guest, I am likely crossing the line.
…
It could be argued that your blog, or Facebook page, or whatever, is akin to your home. Even though the street is public, I can be prevented from traversing that public thoroughfare. But all other people are free to visit when they wish (including annoying door-to-door salesmen, but I digress). But I think the parallels to other forms of media (could I not buy a book you published?) are more relevant. I wonder if there’s any case law on the books already as a guide?
LikeLike
I think that in the case of Solove, you’re if you’re intentionally engaging in some sort of surveillance (e.g. reading my clearly personal blog) then you’d be ‘guilty’ of breaching the order. Nissembaum, however, does require that ‘tech savvy geek’. While both might register a violation where you were to comment, only Solove would identify some kind of privacy breach regardless of commenting.
I like the idea of the radio call-in; I would tend to agree that you would unlikely be in breach per the law, and per norms because one cannot reasonably expect all (or even many) listeners to know who will be on the show. The same where one was presenting oneself and the person with the order accidentally or randomly came across one. Where there is intent to engage with whomever you have the order, then I would agree that you’re likely crossing the line. I guess I’m seeing ‘engaging’ (through this thinkers) as the act of intentionally surveying/cyber-stalking the person whom you are prevented from coming near.
I’m not aware of any case law around this, but I’m also definitely not a lawyer – I’m trying to puzzle out where I think this ought to fall, on the conditions of normativity, and then put it aside for later research that will certainly entail looking at present case law (or asking colleagues who are familiar with this area of the law to guide me grin)
LikeLike
IP Masking will make a cyber restraining order impossible to enforce. And even IF your IP address was recorded for visiting a blog or website your were restrained from, there is no way to actually Prove it was you doing it. All it takes for a defense from this type of restraining order is the fact others live with you, and have access to your computer.
LikeLike