Philosophical Analysis (Journal of the Korean Society for Analytic Philosophy) Vol. 31 (2014) pp. 151-181 31 (2014) pp.151-181 8]gUhhYbXUV]`]hm  7]j]` =bUhhYbh]cb  UbX h\Y 9d]ghYac`c[m cZ Df]jUWm ,FZXPSET 152 Axel Gelfert It is something of an oddity that the concept of privacy which hinges on epistemological concepts such as information, knowledge, and its communication has, for the longest time, been discussed not by philosophers, but by legal scholars. Partly as a result of this, there seems to have been less emphasis on providing a rigorous analysis of the concept of privacy, and more interest in developing a cluster of somewhat imprecise, but ‘serviceable’ legal considerations. In recent years, philosophers especially those with an interest in social epistemology have begun to redress this imbalance (see, e.g., [Fallis 2013] and [Matheson 2007], and references therein), yet philosophy still has a long way to go if it is to catch up with the legal tradition of thinking about privacy. This paper is intended as a contribution to this philosophical project and is organized as follows. In Section 2 (‘Models of Privacy’), after briefly rehearsing the origins of the privacy debate in legal theorizing, I will quickly turn to two contrasting classes of philosophical approaches, which I shall refer to as the liberal and informational models of privacy, respectively. Their validity will be tested against several scenarios (Section 2.3.), and we will see that their shortcomings motivate a third type of account (the immunity model), which posits that privacy seeks to protect us from the judgments of others (Section 3). In Section 4, I will introduce an alternative account, which takes as its starting point Erving Goffman’s twin notions of disattendability and civil inattention. In a nutshell, while the principle of disattendability demands that, in public settings, I am not to be obtrusive, civil inattention requires of us to suspend specific attention to others and their behaviours in various circumstances. As I shall argue, a model of privacy based on these twin Disattendability, Civil Inattention, and the Epistemology of Privacy 153 concepts is explanatorily superior to its competitors and holds out the promise of being able to account for both cultural diversity and the changing face of privacy in an age of electronic surveillance. I will conclude (Section 5) by commenting on some remaining issues, notably the worry that the proposed disattendability/civil inattention model of privacy might seem to unduly privilege social conservatism, and by reflecting on the prospects of privacy as context-dependent and domain-specific phenomenon. As mentioned in the Introduction, the legal tradition of thinking about privacy predates its philosophical analysis. (See, for example, [Solove 2008] and [Wacks 2010], and references therein; for an early philosophical treatment of the topic, see [Thomson 1975], who argues that violations of privacy are reducible to violations of other, more fundamental rights.) More specifically, the legal tradition can be traced back to an influential essay by Samuel Warren and Louis Brandeis, published in the Harvard Law Review in 1890, under the title ‘The Right of Privacy’. Warren and Brandeis’s essay attempts to give substance to privacy as the legal ‘right to be let alone’ and was motivated by the intrusions of the yellow press into the lives of (often famous) individuals. More specifically, Warren and Brandeis reacted to the then novel technology of photography, arguing that ‘the law must afford some remedy for the unauthorized circulation of portraits of private persons’ (Warren and Brandeis 1890: 195). In spite of its considerable influence in the legal domain, Warren and Brandeis’s essay makes for a somewhat disappointing read, at least for 154 Axel Gelfert the philosophically inclined reader, since its authors are not so much concerned with the concept of privacy, but instead aim to derive a generalized right to informational privacy from elements they take to be implicit in the common law tradition that had always afforded persons and property some degree of legal protection. Robert Post voices a similar sense of dissatisfaction: The prestige and enormous influence of the [Warren and Brandeis] piece creates expectations of sweeping vistas and irresistible arguments. But, setting aside the rhetorically powerful (and often quoted) passages of complaint against the irresponsibility of the press, the article offers instead a technical and rather dry exposition of the legal rights of unpublished authors and artists. (Post 1991: 647) Although ostensibly aimed at overcoming a narrow focus on property right by establishing a broader right to privacy, Warren and Brandeis nonetheless remain indebted to the property-based conception of rights for example, when they argue that the ‘fiction of property’ can be preserved by recognizing that ‘it is still true that the end accomplished by the gossip-monger is attained by the use of that which is another’s, the facts relating to his private life, which he has seen fit to keep private’ (Warren and Brandeis 1890: 205). It should be clear that such conceptual contortions are largely the result of trying to shoehorn a complex and novel question how to regulate the flow of information in an age of sensationalist reporting into a legal tradition which, at the time, was lacking in descriptively and normatively adequate conceptual resources. For this reason, in the remainder of this section, I will not be looking towards the legal tradition for guidance, but instead will draw on two sets of considerations that emerge from political liberalism and the Disattendability, Civil Inattention, and the Epistemology of Privacy 155 epistemology of information, respectively. Broadly speaking, liberal models of privacy seek to identify a domain of individual behaviours, beliefs, and activities, which in virtue of their private character should be protected from regulation (or persecution) by the state and, more generally, from unwarranted intrusion by others. The classic expression of the general sentiment underlying liberal models of privacy can be found in John Stuart Mill’s On Liberty, who already recognized in a manner that must surely seem prescient to any 21st-century reader familiar with such phenomena as cyberbullying that society can be more oppressive than state regulation: But reflecting persons perceived that when society is itself the tyrant society collectively over the separate individuals who compose it its means of tyrannising are not restricted to the acts which it may do by the hands of its political functionaries. Society can and does execute its own mandates: and if it issues wrong mandates instead of right, or any mandates at all in things with which it ought not to meddle, it practices a social tyranny more formidable than many kinds of political oppression, since, though not usually upheld by such extreme penalties, it leaves fewer means of escape, penetrating much more deeply into the details of life, and enslaving the soul itself. (Mill, Complete Works 18:219) On the one hand, liberalism calls for real protection from substantial interference; on the other hand, it also calls for self-restraint in our interactions with others, even in matters that stretch the notion of what should be considered the private realm, such as conflicting fundamental beliefs that arise from competing conceptions of the good. As Joshua 156 Axel Gelfert Cohen notes, ‘cultural liberalism requires that, as a general matter, we steer clear of controversial topics about which we cannot expect to reach agreement and that do not demand a collective decision’ (Cohen 2009: 318). This, as Cohen recognizes, gives rise to the thorny question of how to delineate a genuinely private realm from that which is fit for public deliberation and scrutiny, given that it is hard to see ‘how we could possibly identify the private arena with the family, or with the economy, or with any arena of social life, identified either spatially or institutionally prior to normative political argument’ (Cohen 2009: 312). Since the present paper focuses on the epistemology of privacy, I shall not delve any deeper into its normative and political dimensions, important though these are. It is worth noting, though, that an epistemological analysis of the concept of privacy is bound to have repercussions for the substantive normative debate, insofar as we first need to develop a theoretical understanding of when the possession of certain types of information constitutes a breach of privacy in the first place. Unlike the liberal model of privacy, informational models are not primarily concerned with substantial interference with individual liberties, but instead link breaches of privacy more directly to the possession of private information (which may or may not have been illegitimately obtained). A good illustration of the informational model is this definition of privacy, given by W. A. Parent: Privacy is the condition of not having undocumented personal knowledge about one possessed by others. A person’s privacy is diminished exactly to Disattendability, Civil Inattention, and the Epistemology of Privacy 157 the degree that others possess this kind of knowledge about him. (Parent 1983: 269) Parent immediately points out that this definition pertains to ‘the condition of privacy, not the right to privacy’ (ibid.) and, indeed, it is the assumption of epistemological primacy of the former that is, of the conditions that need to be in place for privacy to obtain which distinguishes the informational model from the liberal model (whose epistemological underpinnings are often left implicit, even while its proponents aim to establish a right to privacy). For a breach of privacy it is not required that personal knowledge about a person be used against him, but rather that such information is obtained by an unauthorized party without his consent. Klemens Kappel makes a similar observation when he writes: ‘According to the generic epistemic theory of informational privacy, privacy depends inversely on epistemic access.’ (Kappel 2013: 185). However, the generic theory cannot be the full story. For one, there is some ambiguity in how we should understand the term ‘access’. If access is equated with mere availability that is, if it is understood in dispositional terms the generic theory would likely overgenerate cases of privacy being breached. For example, when a file containing a patient’s medical history is left unattended, so that in principle anyone could access it, we may not wish to speak of a privacy breach unless someone actually accesses the patient’s information. (Having said that, there may be good practical reasons for defining ‘privacy’ in such an inclusive manner, not least because it might encourage good data protection habits.) Furthermore, it does not sound quite right to say that one’s condition of privacy is compromised exactly in proportion to the 158 Axel Gelfert number of individuals who either have access to it, i.e. inversely to epistemic access (as the generic theory asserts), or ‘exactly to the degree that others possess [the information in question]’ (as Parent puts it). Even on the informational model, the term ‘privacy’ should amount to more than just a convenient label for the degree to which other individuals have access to, or possess, certain types of information that is, privacy should be more than a mere ‘numbers game’. This last point is echoed by Masahiko Mizutani who notes that a purely dichotomous division between public and private would overlook the fact that privacy need not be compromised if information is willingly shared with select confidants. For example, ‘with regard to certain types of information about myself’, I may ‘convey everything to my wife, only the summary to my friends, and nothing to strangers’; yet, ‘in reality there may be things I am willing to tell my friends but not my wife, or secrets I am willing to reveal to passersby during my travels precisely because they are strangers who do not know me’ (Mizutani 2012: 610). It seems to me that, in the event that I share a (perhaps embarrassing) personal story with, say, a fellow train passenger whom I will never meet again not only is it the case that, a fortiori, my right to privacy is not violated (given that it was my free decision to tell the story), but my condition of privacy is not compromised either, even though the number of individuals with access to the embarrassing information has increased. Any account of privacy should be able to explain why access sometimes compromises privacy, and sometimes doesn’t. If in-principle access sufficed to undermine privacy, then it would seem that we would have to restrict ‘true privacy’ to those private mental items to which only the individual cognizer has access. Lest we opt for such a restrictive usage, which would be needlessly revisionist of social, linguistic and legal Disattendability, Civil Inattention, and the Epistemology of Privacy 159 practice, we should reflect on which kinds of access undermine privacy and which do not. Let us consider a few cases that will illustrate the limits of the (access-based) informational model. Jeffery Johnson (1989) offers two instructive scenarios, which will form the basis for the discussion in this section. Bugged phone. ‘You place a bug on my phone in order to overhear the most intimate details of my conversation with my mistress. We are too smart for you; we have already agreed to never discuss intimate things on the telephone [...]. Your tap reveals nothing; you have gained no new personal information. You certainly have, however, violated our privacy. Such cases cannot plausibly be dismissed as mere attempted violations of privacy.’ (Johnson 1989: 161) As Bugged phone makes vivid, actual acquisition of personal knowledge is not required for a breach of privacy to have occurred since, as the case has been described, no personal information is passed on. Perhaps whoever intercepted the phone line was hoping for more, but intentions on the part of third parties have no place in the informational model. To the extent that an instance of unauthorized access has occurred, this pertains to the mode of communication wiretapping into someone else’s phone line not to any sensitive information itself. Perhaps, then, what undermines the condition of privacy in the case at hand is the fact that, had it not been for the unusual precautions taken by the two lovers, personal information might have easily been acquired. This, too, however, is not easily accommodated by the informational 160 Axel Gelfert model, at least not in its ‘generic’ formulation (see previous subsection). But even when no new personal information can be acquired for example, because the intruder already has all the information she could possibly hope to obtain this does not preclude the possibility of a breach of privacy. Consider the following case: Voyeuristic Sarah. ‘Sarah peeks through my bathroom window in order to admire my naked body. [ ] Suppose that Sarah is both my physician and a frequent guest in my home. As a guest she knows all about the vivid rose paint job in my bathroom; and as my physician she knows only too well about the sorry state of my waistline. She nevertheless clearly violates my privacy when she peers in my window.’ (Johnson 1989: 161) In the case as described, Sarah does not and, indeed, could not hope to gain any new information: as a frequent house guest, she knows all about the bathroom, and as her target’s physician she has probably seen more of him than she could reasonably expect to glimpse through the bathroom window. No new information is being accessed, not even potentially, yet the manner in which Sarah accesses (known) information clearly constitutes a breach of privacy. One attempt to amend the informational model might be by positing control over one’s personal information as a desideratum of privacy. On what one might call the control model of privacy, privacy would be determined by the extent to which we can control what others come to know about us. As an example of a control-based account, consider this statement by Charles Fried: Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves. To Disattendability, Civil Inattention, and the Epistemology of Privacy 161 refer for instance to the privacy of a lonely man on a desert island would be to engage in irony. The person who enjoys privacy is able to grant or deny access to others. (Fried 1984: 209 10) The ability ‘to grant or deny access to others’, however, depends on many contingent factors, and it is far from clear that we should only speak of ‘privacy’ when such control can be reasonably assumed. Consider this example discussed by Martijn Blaauw: Diary. ‘John is a very private person. All the truths about himself that he finds important are not known to any others. Yet today, before leaving for work, he left his diary open on his desk. His cleaning lady could open the diary and read its contents, thus acquiring knowledge of John’s personal propositions. And being in meetings all day, John has no means to go home and prevent this.’ (Blaauw 2013: 175) As Diary makes clear, John, because he has failed to place his diary under lock and key, could not possibly prevent his cleaning lady from reading what he has written and, in this sense, is unable to grant or deny access to it. His (temporary) inability to control who has physical access to his diary, however, does not in and of itself undermine the condition of privacy at least ‘so long as the cleaning lady hasn’t perused his diary’ (Blaauw 2013: 175). It would seem, then, that the control model of privacy ends up collapsing into the generic informational model according to which privacy is a matter not of access or control, but of the actual possession of information in which case, however, it would also inherit the latter’s problems. Alternatively, we may wish to shift the focus from the ability to restrict access to information to the basis on which granting or denying access, 162 Axel Gelfert though not always successfully, may be deemed legitimate. In other words, perhaps we should inquire into what it is that (attempted) restrictions on the flow of private data and personal knowledge aim to achieve. One idea, to be developed in the next section, will be that restrictions on the spread of personal knowledge serve the purpose of shielding an individual from the judgment of others. Before turning to this account, however, it will be useful to reflect briefly on what we mean by ‘personal’ information given that, in common parlance, this label suggests that we are dealing with sensitive issues which may, for example, be important to a person’s self-image or sense of identity. As Kappel notes, we usually ‘think of sensitive facts as including facts about our religious denomination, health, sexual preferences and certain parts of our lifestyle’. In addition, ‘sometimes one’s political views are regarded as sensitive, as are facts about one’s financial affairs’, or even ‘one’s true views about colleagues and friends’ (Kappel 2013: 183). Even within societies that are culturally similar (say, Western Europe and the United States), there is often considerable variation in what is conventionally regarded as private information revealing one’s salary may be taboo, whereas political affiliations may be freely volunteered by most people, and vice versa in another country and this diversity increases as one crosses cultural boundaries. (On this point, see [Mizutani, Dorsey, and Moor 2004].) Thus, Parent argues that a full explication of the notion of privacy requires that we clarify the concept of personal information. My suggestion is that it be understood to consist of facts about a person which most individuals in a given society at a given time do not want widely known about themselves. (Parent 1983: 269-270) Disattendability, Civil Inattention, and the Epistemology of Privacy 163 While the notion of ‘personal’ (or ‘sensitive’) information retains much of its significance, recent technological trends such as the rise of ‘Big Data’, involving the ‘mining’ of (individually insignificant) user data for clues as to, say, an internet user’s personal (e.g. sexual) preferences may force us to rethink what kinds of data are relevant to the issue of privacy. What matters, of course, is not the mere existence of such technology, but its actual deployment as a way of gathering, collating, and aggregating otherwise highly distributed data points concerning individuals and their preferences. Much of the data that is being collected online, by social networks and advertisers, is individually mundane and boring, and not something that we would usually regard as constitutive of our personality, yet it may provide sufficient clues for an algorithm to make powerful inferences about some very personal aspects of individuals. As Mizutani puts it, ‘many of the problems relating to privacy in our current age are problems of a more latent nature; that is, regardless of whether privacy is actually or violated or not, what matters is the way in which our behavior is influenced by the mere feeling someone might be watching’ (Mizutani 2012: 610). As I will argue in Section 4, this idea can be made more rigorous by attending to the relational character of one person attending to another’s actions, preferences, and characteristics. Towards the end of the preceding section I argued that we should inquire into what it is that attempts to restrict the flow (or accessibility) of private data and personal knowledge aim to achieve. As we saw in the various cases discussed above, privacy can be breached even when no 164 Axel Gelfert personal knowledge is made accessible (Bugged phone), or when no new personal knowledge is acquired (Voyeuristic Sarah), yet no such breach needs to happen even when extensive personal knowledge is in plain view (Diary). It may be preferable, therefore, to focus not on the flow of information itself but on the uses to which it is put. Johnson has suggested that one reason why we are especially concerned about personal information is that it may lead to unfavourable opinions that others form about us, due to their disapproval of certain types of behaviour (or certain facts about ourselves) that we normally try to hide from public view. As Johnson argues, all examples of privacy have a single common feature. They are aspects of a person’s life which are culturally recognized as being immune from the judgment of others. (Johnson 1989: 157) The basic idea is that, wherever there are cultural norms of privacy in place, societies have implicitly agreed to treat the requisite information as not fit for the purpose of assessing others on its basis. (Such collective normative agreement, of course, does not imply that no one will judge another person on the basis of personal information about him or her; indeed, it is precisely because many people are judgmental that personal information stands in need of protection!) Johnson’s immunity model of privacy according to which privacy is a matter of being immune from the judgment of others echoes Mill’s point about the oppression that comes with the experience of social disapproval. Where Mill argued that society ‘practices a social tyranny more formidable than many kinds of political oppression’, Johnson pinpoints the social mechanism by which society achieves this pervasive influence: through the judgments of others. Johnson claims that his account fares better in explaining cases not Disattendability, Civil Inattention, and the Epistemology of Privacy 165 covered by the liberal and informational models of privacy. Consider the following case: Golf on Sunday. ‘I routinely play golf on Sunday mornings. I do not take precautions to hide this information. My neighbor in seeing me leave for the course every weekend does not violate my privacy. If, however, she takes it into her head to lecture me on my heathen ways and how my time on Sundays could be better spent in more spiritual pursuits, she has now intruded into a sphere of my life that is private. Her possession of personal information is not the issue; her negative judgment very much is.’ (Johnson 1989: 161) On the informational model, there is little that would mark out this case as a breach of privacy: no attempt is made by me to hide the information that I routinely play golf on Sundays, and my neighbour’s gaining that information by looking out the window does not by itself breach privacy. Yet, it seems to me that, in the scenario as described, it is the neighbour’s lecturing me, not her negative judgment per se, which infringes upon my privacy. In this sense, the Golf on Sunday case appears to be covered by the liberal model, and the specific contribution of judgments on the neighbour’s part (except as the psychological cause of her unwarranted interference) remains unclear. The immunity model (or, as Johnson prefers to call it, judgment-of-others model) also becomes implausible when applied to certain clear cases of privacy violations. Consider the case of Bugged phone, where the intercepted interlocutors had devised an elaborate system of rule to make it impossible to extract information. As Johnson recognizes, 166 Axel Gelfert [t]here is a sense in which this counter-example to the information model could be marshalled against the judgment-of-others model. If the tap reveals no new information about our relationship, it is not immediately apparent how the eavesdroppers have formed any new judgment about us. They have certainly not, however, remained emotionally neutral. The very acts of monitoring my phone conversations implies a great deal of (emotional) interest in this aspect of my life. (Johnson 1989: 166) This defence of the role of judgments on the part of the eavesdropper strikes me as deeply implausible. For the wiretapping of the phone to constitute a breach of privacy, no emotional investment on the part of the interceptor needs to be posited: Imagine the phone conversations were being recorded by a jaded surveillance specialist who ‘has seen and heard it all’ and who is deeply bored by (or, lest boredom be counted as an ‘emotional investment’, totally indifferent to) the affair, no matter how ‘juicy’ (or upsetting to others) its details may be. Surely, this would still count as a severe breach of privacy. Indeed, it seems to me that violations of the condition of privacy do not require the involvement of any human judgment. For example, the gathering of information could be outsourced to physical instruments (such as recording devices), and whatever analysis is performed may be carried out entirely by algorithms which, as the whistleblower Edward Snowden has revealed, is the standard mode of operation of the United States’ security agencies and their allies. Its automated nature, however, does not render such interception any less of a breach of privacy. Two further worries about the immunity model merit attention, both of which concern the extent to which we can reasonably demand not to be judged by others. When discussing the Golf on Sunday scenario, Johnson argued that, whereas my neighbour’s possession of personal information Disattendability, Civil Inattention, and the Epistemology of Privacy 167 about my golfing habits ‘is not the issue[,] her negative judgment very much is’ (Johnson 1989: 161). To the extent that negative judgments may often form the basis of unwarranted interference by others as in the case of the fundamentalist neighbour liberal models of privacy may be able to accommodate such cases. Perhaps in order to distance his own position from liberal models, Johnson elsewhere argues that immunity is not limited to negative judgments only: One should not infer, however, that the concept of privacy only addresses the negative judgments of others. The professional model, who has no reason to fear a negative evaluation of her body, can still have her privacy violated by the voyeur. [...] When we claim immunity from the judgment of others, this applies to all judgments, positive, negative or neutral. (Johnson 1989: 163) Yet, this notion of immunity seems too expansive by far: Surely it can neither apply to all areas of life, given that robust judgments concerning others are required in many contexts not least for practical projects that depend on social cooperation for their success nor can the mere subjective expectation of immunity from judgment be sufficient to ground privacy. In connection with the hypothetical case of a married couple’s public embrace being plastered all over the front page of a newspaper, Johnson writes: It is also, at least in this case, an area of your life in which you have a right to expect immunity from the judgments of others, even if the data had been correct. (Johnson 1989: 162) Most of us, no doubt, would concur that the newspaper’s publication would constitute not only a violation of the right to privacy, but would 168 Axel Gelfert also undermine the legitimate expectation that a state of privacy about a couple’s personal matters be respected. But the case only serves to raise another question: Which are the areas of our lives where we can legitimately appeal to immunity from the judgments of others? One response would be to say that any answer to this question must be based on normative agreement about which areas of individuals’ lives society deems worthy of protection in which case we find ourselves back at Cohen’s point that, ‘prior to normative political argument’, there is no telling which areas of life should enjoy privacy and which should be available for scrutiny. Beyond political and legal ways of managing privacy, however, the underlying question ‘What is it about certain ways of judging others that makes them (as opposed to other types of judgment) intrusions into other people’s privacy?’ still awaits elucidation. A second, related worry concerns Johnson’s conclusion that all judgments that others form about us ‘without our consent’, as it were, are illegitimate. For this contradicts the core enlightenment idea of testing one’s judgments against those of others and, by extension, having one’s judgments contested by others. (Immanuel Kant provides us with a clear expression of this idea when he remarks in his discussion of testimony as a source of knowledge that ‘Man always wishes to test his judgment on others’ and that it would be a form of ‘logical egoism’ to dismiss the need ‘to compare one’s opinions with those of other people’; see the discussion in Gelfert 2006.) Importantly, such a willingness to at least consider criticism should also extend to (some) unsolicited judgments: we would deprive ourselves of much useful criticism if we were to dismiss all unsolicited judgments of others as an illegitimate assault on privacy. Disattendability, Civil Inattention, and the Epistemology of Privacy 169 Delineating the areas of life in which one can legitimately appeal to privacy in order to ward off unwarranted intrusion, unwanted attention, and unsolicited judgments of one’s behaviour by others should be a central part of any philosophical account of privacy and cannot be relegated to an afterthought. Importantly, such an account should not only list the areas of life that various societies have deemed worthy of protection, but should also aim for some degree of unification, for example by identifying a common feature or mechanisms that tells us what would be objectionable about privacy intrusions in the various cases. (The immunity model proposes one such feature the formation of unsolicited judgments on the part of others but fails for the reasons discussed in the previous section.) In order to develop an alternative model of privacy, I shall help myself to Erving Goffman’s notion of disattendability. Disattendability, on Goffman’s understanding, correlates with a form of civil inattention that we accord others in public places, across a range of acceptable behaviours. Unpacking this suggestion, as we shall see, will lead to important questions regarding the notion of acceptability as well as the nature of publicity. For the moment, however, let us follow Raymond Geuss in characterizing a public place as a place in which I can expect to be observed by ‘anyone who happens to be there’, i.e., by people whom I do not know personally and who have not necessarily given their explicit consent to entering into close interaction with me. (Geuss 2001: 58) Precisely because, in public settings, we cannot rule out the possibility 170 Axel Gelfert of our being exposed to others, we need to regulate the ways in which attention is being deployed in our dealings with each other. Civil inattention towards others is a way of recognizing that they have an equal claim to making use of public space and that our being co-present in the same space neither requires justification nor incurs special responsibilities towards each other. According to Goffman, it is through routine markers of civil inattention e.g., temporary (brief) eye contact between strangers that ‘individuals exert respectful care in regard to the setting and treat others present with civil inattention’ (Goffman 1971: 331), so that public order can be maintained. At the same time as we accord civil inattention to others, public space is governed by a norm of disattendability: Since, in many public settings, we find ourselves surrounded by others who did not specifically choose to associate with us, their co-presence imposes on us the demand ‘not to make undue claims on people’s fears or trigger their embarrassment and disgust’ (Miller 1997: 1999). Elevating this demand to the level of a behaviour-guiding maxim, we may then speak of the principle of disattendability, which is aptly described by Geuss as follows: The principle of disattendability states that in such contexts and places I am to be unobtrusive. That is, I am to allow the other whom I may encounter to disattend to me, to get on with whatever business they have without needing to take account of me. I am not to force myself on their attention. (Geuss 2001: 58) The principle of disattendability can be made even more vivid by reflecting on some of its more blatant violations. Thus, Geuss recounts the story of Diogenes of Sinope, who Disattendability, Civil Inattention, and the Epistemology of Privacy 171 was in the habit of masturbating in the middle of the Athenian market place. He was not pathologically unaware of his surroundings, psychotic, or simple-minded. Nor was he living in a society that stood fairly low on what we take to be the scale of our cultural evolution [...]. Rather, we know that the Athenians objected to his mode of life in general and to this form of behavior in particular. We know this because the doxographic tradition specifically records Diogenes’ response to a criticism of his masturbating in public. He is said to have replied that he wished only that it were as easy to satisfy hunger by just rubbing one’s belly. (Geuss 2001: 57) Evidently, Diogenes’ masturbating in public being difficult to ignore when confronted with it violated the principle of disattendability. Clearly, Diogenes should have limited this activity to a more private space. Perhaps, then, what motivates a distinction between the public and private realm and, in turn, creates a need for shielding the latter from intrusion is the fact that certain morally permissible actions and activities (and information pertaining to them) would violate the principle of disattendability if they were to be dragged into the public realm. Can the principle of disattendability form the sole basis for an account of privacy? Recall that, as Goffman puts it, the principle serves to transform ‘normative expectations into righteously presented demands’ (Goffman 1963: 2) on others. This should raise some alarm bells for anyone who cares about protecting the private realm from undue moralization by others. After all, the principle of disattendability presents itself, in the first instance, as an imposition of a duty of restraint on the individual, who ought to behave in such a way as not to attract undue attention to himself. Yet, what is regarded as ordinary, routine, and normal in a given setting is heavily dependent on contingent cultural factors and conventions. It might seem, then, that privacy needs to be 172 Axel Gelfert ‘earned’ by behaving in a conformist fashion. And indeed, critics have pointed out that disattendability is a socially problematic notion. As Margaret Urban Walker puts it: Civil disattendability shades off rather too readily into norms of ‘respectability’ that load hierarchical social arrangements, sheer prejudice, and socially sanctioned contempt for and exclusion of certain groups or their ‘ways’ from specific social locales. (Walker 2006: 124) This is a legitimate worry, which I will address in the final section of this paper. It would be hasty, however, to dismiss the relevance of disattendability (and its correlate, civil inattention) to the project of developing a robust account of the notion of privacy. For, as we have previously seen, other proposed models of privacy also have their share of problems, and it will be instructive to see how the disattendability/civil inattention model fares by comparison. For one, it is important to keep in mind that disattendability is only one element of the model, civil inattention being its correlate: Where the disattendability principle demands that we behave ourselves so as to be civilly disattendable, civil inattention requires that we suspend specific attention to others and their behaviours or characteristics. It is this second demand that we should accord others, who are simply going about their business and living their lives, the requisite degree of civil inattention, so as to not disrupt their routines, or the routines of public order in general which may provide at least a tentative starting point for an alternative model of privacy. In order to better assess the prospects of an account of privacy based on disattendability and civil inattention, let us turn to some of the test cases discussed in Section 2.3. Consider Voyeuristic Sarah, the case of the voyeuristic family friend and doctor. As we saw earlier, Sarah gains Disattendability, Civil Inattention, and the Epistemology of Privacy 173 no information by watching her target getting undressed in his bathroom, since she is already well-acquainted with all the relevant facts. And, as Johnson notes, even if new information were to be gained ‘my outrage at this violation of my personal privacy is not focused on the knowledge Sarah gained’ (Johnson 1989: 161). Johnson concludes rightly, in my view that the informational model fails to adequately account for this breach of privacy. How does Johnson’s immunity model fare? In line with its guiding idea, according to which privacy is a matter of being immune from the judgments of others, one would expect that, what constitutes the breach of privacy in the present case, would be the formation of unsolicited (and potentially negative) judgments by Sarah. But this seems implausible: After all, which new judgments could Sarah form, given that no new information has become available? If, in the Voyeuristic Sarah case, the informational model fails, as Johnson argues, then so does his immunity model, and for the same reason: where all information has been properly taken into account, there is simply no room for new judgments. By contrast, on the disattendability/civil inattention model I am proposing, Sarah’s voyeurism is a breach of privacy, not because of any new information she gains or any judgments she forms, but in virtue of her paying undue attention to a routinized aspect of her target’s everyday life: although her target has done nothing to attract her attention, his reasonable expectation not to be attended to as he goes about his business is being violated. Similar considerations apply to the Bugged phone case: Engaging in everyday phone conversations is a routine part of modern communication; when I speak to my secret lover on the phone, both of us are operating in a way that neither intrudes upon others nor, all else being equal, should attract the attention of a third party. Indeed, enabling two and 174 Axel Gelfert only two interlocutors to engage in conversations without intruding on, or being intruded upon by others, is arguably part of the proper function of telephony as a technology. (Things would be quite different if both of us were to engage in intimate conversation by shouting from the rooftops!) For a third party to intercept such a conversation would be to pay undue attention to what is, in essence, a properly disattendable activity on our part. Finally, in the Golf on Sunday scenario, what constitutes the invasion of privacy is not the neighbour’s acquisition of information about me per se, nor the fact that she forms a negative judgment concerning my lack of spirituality (which she would form in any case, even if she had chosen not to confront me). Rather, according to the disattendability/civil inattention model, it is the obtrusiveness of her intervention the fact that she lectures me on matters of morality, when I have done nothing out of the ordinary that renders it a violation of my privacy. (Note that, by contrast, it would hardly constitute a violation of privacy if she had volunteered, say, an unsolicited but unobtrusive comment about the weather ‘looks like a fine day for golfing’ small talk being an example of a culturally specific way of acknowledging one’s neighbour without violating the norm of civil inattention.) In other respects, too, the disattendability/civil inattention model is explanatorily superior to its rivals the explanandum, of course, being the various culturally specific ways in which human societies allow their members to negotiate their social interactions with one another. First, it accounts for a class of cases which, as Johnson himself realizes, ‘seem to present great difficulty for the judgment-of-others [=immunity] model’. For example, Disattendability, Civil Inattention, and the Epistemology of Privacy 175 in spite of the well-known variation in sexual practices around the world, anthropological data indicates that sexual matters, in the main, belong to the private sphere. Societies have rules for concealment of the genitals, and restrictions on the time and manner of genital exposure; only a handful of societies practice complete nudity. (Schneider 1977: 57) This poses a problem for the immunity model: ‘The problem here is that our concern with nudity, sexuality, and other cultural taboos does not seem to be a desire for immunity from the judgment of others, as much as, the simple desire not to be observed.’ (Johnson 1989: 165; italics added.) In defence of his immunity model, Johnson argues that such cases still involve ‘a concern with judgment, rather than mere observation’, and he points to the use of sexual taboos in the language we use and the ‘talk of shame and embarrassment’ (ibid.) in this regard. The connection between linguistic taboos and our desire for privacy in sexual matters, however, is shaky at best, and it is far from clear that the latter would disappear in less judgmental societies. By contrast, the disattendability/ civil inattention model takes the ‘simple desire not to be observed’ as basic: Rather than treating our desire, in intimate situations, not to be attended to by third parties who have no legitimate claim on our attention (and vice versa) as standing in need of explanation, I propose that it be seen as a core expression of the twin principles of disattendability and civil inattention. The disattendability/civil inattention model also holds out the promise of accounting for the historical contingency and cultural diversity of privacy as a social practice, while at the same time identifying a common underlying mechanism. In an article on Japanese conceptions of privacy, Masahiko Mizutani, James Dorsey and James Moor point out that traditional living arrangements make the spread of personal information 176 Axel Gelfert virtually inevitable. Japanese homes are separated into rooms by sliding lattice-work doors (called ‘shooji’), often covered with nothing more than paper. Because sound travels through these doors quite easily and as Japanese homes are rather small, there is almost surely someone in an adjoining room most of the time. In spite of this, convention has long held that conversations overheard through closed shooji are not to be repeated or acknowledged in any way. One can amae (presume indulgence) from anyone who might overhear the conversation; those who do hear will exercise enryo, restraint, and not act on or repeat what was overheard. (Mizutani, Dorsey, and Moor 2004: 124) In such living conditions, it is virtually impossible to create conditions ‘of not having undocumented personal knowledge about one possessed by others’ (Parent 1983: 269), as the informational model would demand, nor does it seem we can suppress judgments of others, which they might privately form about us. What we can demand, though, is that we be treated with a certain level of civil inattention. (While the concept of civil inattention was initially proposed for the public realm, there is no difficulty to conceive of it as coming in degrees and as extending also to, say, individuals living under the same roof, where it would serve to give each other some ‘private space’.) This appears to be exactly the function of the Japanese concept of enryo, restraint, which, as Mizutani et al. note, ‘does much to maintain the privacy of individuals within groups’ and is accompanied by an ‘“as if” convention for protecting privacy’ (Mizutani, Dorsey, and Moor 2004: 126). It should count in favour of the disattendability/civil inattention model of privacy that it can explain the functional point of conventions such as enryo, which emerge even in situations that are empirically not amenable to either the Disattendability, Civil Inattention, and the Epistemology of Privacy 177 containment of information per se (as the informational model would require) or the prevention of other people’s judgments (as the immunity model would demand). In this paper, I have argued for an alternative to traditional models of privacy, which either have tended to emphasize access to (or control over) information per se, or have aimed at preventing the formation of (potentially negative) judgments by others. By contrast, the disattendability/civil inattention model I am proposing emphasizes the relational aspect of privacy, which is reflected in our reasonable expectation to be accorded civil inattention by others as we go about our daily lives, without drawing undue attention to ourselves. A state of privacy, on this account, is a state of affairs where disattendability on the part of an individual is matched by the civil inattention the social environment accords him or her. This need not be limited to how an individual can expect to be treated in a public setting, but also extends to other aspects in life. For example, in the workplace we can reasonably expect that colleagues refrain from attending to, say, our love life, political orientation, or family issues. Which degree of attention is legitimate is clearly context-dependent and domain-specific, and the proposed model can accommodate such variation across contexts and domains. A nagging worry remains, however, and stems from the earlier criticism of disattendability as an oppressive means of enforcing (often dubious) standards of ‘respectability’, ‘civility’, or the like. (See Section 4.) By linking privacy to civil inattention which, in turn, has to be 178 Axel Gelfert ‘earned’ through exhibiting disattendability, the proposed account might seem to encourage the ‘hiding’ of aspects of an individual’s behaviour, or way of life, which are merely deemed unacceptable by the majority, when in fact privacy should serve to protect individuals from unwarranted intrusion by others. If this worry sounds rather abstract, consider the following example. In many socially conservative societies, a gay couple holding hands or exchanging public displays of affection would no doubt attract attention and might be frowned upon; by definition, such behaviour would thereby not conform to the norm of disattendability. Yet, most proponents of a right to privacy (this author included) would deem such public disapprobation unjustified. Does the disattendability/civil inattention model then merely serve to enshrine existing (and potentially oppressive) social norms, by declaring any behaviour that might attract a significant degree of attention as ‘fair game’ and not worthy of privacy protection? Not quite. This is because the proposed model, while aiming to clarify the concept of privacy, is largely explanatory in character; as such, it does not pass judgment on which actions or behaviours are, or aren’t, deserving of privacy. Clearly, we must leave open the possibility that there are a great number of things that ought not to attract attention, even if, in fact, they do. The existence of double standards for public displays of affection between heterosexual and same-sex couples is a good case in point. In short, not every violation of disattendability is a moral violation, and not every suspension of civil inattention is justified. (It is important to note that this works both ways: as we know only too well, some moral outrages such as child abuse are often allowed to persist because those in the know wrongly perceive them to be a ‘private’ matter.) A number of authors have pointed out that privacy is an essentially Disattendability, Civil Inattention, and the Epistemology of Privacy 179 cultural notion. As Johnson aptly puts it: What is considered private is socially or culturally defined. It varies from context to context, it is dynamic, and it is quite possible that no single example can be found of something which is considered private in every culture. (Johnson 1989: 157) The proposed disattendability/civil inattention model acknowledges this contingency of our privacy conventions, while at the same time identifying a common mechanism. It is flexible enough to accommodate both cultural variation and technological change, insofar as gratuitous (unwarranted) attending may take many forms (including, say, the algorithimic monitoring of electronic communications). But the model should not be misunderstood as providing a moral justification for conformism, let alone for the suppression of minority viewpoints and uncommon ways of life, in the name of maintaining ‘disattendability’. On the contrary, it brings into sharper focus the need for a vigorous defence of the ‘visibility’ of minority practices and behaviour, given that a defence on the grounds of privacy alone is unlikely to be sufficiently robust and might even run the risk of downplaying the significance of public exclusion or of trivializing the much larger moral struggles to be won. Acknowledgments. I am grateful to the participants of the Episteme conference ‘The Epistemology of Privacy and Secrecy’, held at TU Delft in May 2012, and of the NUS-Kyoto Applied Philosophy Workshop in February 2014, especially Masahiko Mizutani, for useful discussions. I would also like to thank Luke O’Sullivan (Singapore) and two anonymous reviewers for their comments on an earlier draft of this paper. 180 Axel Gelfert Martijn Blaauw. (2013) “The Epistemic Account of Privacy”, Episteme 19 (2), pp. 167-177. Joshua Cohen. (2009) Philosophy, Politics, Democracy: Selected Essays. Cambridge, Mass.: Harvard University Press. Don Fallis. (2013) “Privacy and Lack of Knowledge”, Episteme 19 (2), pp. 153-166. Charles Fried. (1984) “Privacy [a moral analysis]”, in Philosophical Dimensions of Privacy: An Anthology in Ferdinand D. Schoeman (ed.), Cambridge: Cambridge University Press, pp. 203-222. Axel Gelfert. (2006) “Kant on Testimony”, British Journal for the History of Philosophy 14 (4), pp. 627-652. Raymond Geuss. (2001) Public Good, Private Goods. Princeton: Princeton University Press. Erving Goffman. (1963) Stigma: Notes on the Management of Spoiled Identity. Englewood Cliffs: Prentice-Hall. Erving Goffman. (1971) Relations in Public: Microstudies of the Public Order. New York: Basic Books. Jeffery L. Johnson. (1989) “Privacy and the Judgment of Others”, The Journal of Value Inquiry 23, pp. 157-168. Klemens Kappel. (2013) “Epistemological Dimensions of Informational Privacy”, Episteme 10 (2), pp. 179-192. David Matheson. (2007) “Unknowability and Information Privacy”, Journal of Philosophical Research 32, pp. 251-167. John Stuart Mill. (1963-1991) The Collected Works of John Stuart Mill in John M. Robson (ed.), Toronto: University of Toronto Press. William Ian Miller. (1997) The Anatomy of Disgust. Cambridge, Mass.: Disattendability, Civil Inattention, and the Epistemology of Privacy 181 Harvard University Press. Masahiko Mizutani. (2012) “Privacy, Ethics of” in Encyclopedia of Applied Ethics (Second Edition) in Ruth Chadwick (ed.), San Diego: Academic Press, pp. 609-615. Masahiko Mizutani, James Dorsey, and James H. Moor. (2004), “The Internet and Japanese Conception of Privacy”, Ethics and Information Technology 6 (2), pp. 121-128. W. A. Parent. (1983) “Privacy, Morality, and the Law”, Philosophy & Public Affairs 12 (4), pp. 269-288. Robert C. Post. (1991) “Rereading Warren and Brandeis: Privacy, Property, and Appropriation”, Case Western Reserve Law Review 41, pp. 647-680. Carl Schneider. (1977) Shame, Exposure, and Privacy. Boston: Beacon Press. Daniel J. Solove. (2008) The Future of Reputation. Gossip, Rumor, and Privacy on the Internet. New Haven: Yale University Press. Judith Jarvis Thomson. (1975) “The Right to Privacy”, Philosophy and Public Affairs 4 (4), pp, 295-314. Raymond Wacks. (2010) Privacy: A Very Short Introduction. Oxford: Oxford University Press. Margaret Urban Walker. (2006) Moral Repair: Reconstructing Moral Relations after Wrongdoing, Cambridge: Cambridge University Press. Samuel D. Warren and Louis D. Brandeis. (1890) “The Right to Privacy”, Harvard Law Review 193 (4), pp. 193-220. Department of Philosophy, National University of Singapore phigah@nus.edu.sg