Not since the early 1970s, when computing pioneer Willis Ware chaired the committee that produced the initial Fair Information Practice Principles,10 has privacy been so much in the U.S. public eye. Edward Snowden's revelations, as well as a growing awareness that merely living our lives seems to generate an expanding "digital exhaust," have triggered many workshops and meetings.1,5,11,12 An alphabet soup of advisory groups—PRG,a PCLOB,b PCASTc—have produced privacy-related reports.2,6,7,89 The wheels are turning at NITRDd to produce a national strategy for privacy research, perhaps paralleling the federal strategy for cybersecurity research and development.3 I have participated in a number of these and have developed my own view of privacy and privacy research. My U.S. perspective may differ from those from different backgrounds; privacy views vary with culture.
Some characterize privacy in terms of harms: to have suffered a loss of privacy that is actionable, there must be some way to characterize the harm an individual suffers as a result of the privacy breach. This practical view motivates many privacy concerns: the data revealed may cause the loss of a benefit or service. However, this view runs into trouble where the damage seems primarily psychological—I really do not want my neighbor to know if I have unconventional sexual practices or have had cosmetic surgery, and I may suffer psychologically or emotionally from such revelations, but it may be difficult to characterize the loss in a way that can be compensated. Further, it may be difficult to know that a harm has occurred—I may be deprived of an opportunity to be employed by the disclosure of private information through a breach I am unaware of.