Privacy, Power, and the Self

How can you condense the millions of words that have been written about privacy into a blog post? The answer is that you can’t; all you can do is point at a few landmarks, like a tour guide trying to show people Toronto in an afternoon.

What Privacy Is Not

Privacy is not a timeless natural right. As Sarah Igo describes in her history of privacy in America, what is and isn’t private has expanded in some directions and contracted in others over the past century with no consistent underlying principle. Sexual behavior between consenting adults was legally public well into the twentieth century, in the sense that it was criminally regulated. For much of the same time, medical records were routinely shared between physicians, employers, and insurers without patient consent. The expansion of legal privacy protection into both of these areas was the result of specific case-by-case struggles [Igo2020].

Similarly, financial transactions that were once private are now reported to governments under anti-money-laundering and tax-compliance measures, and communications that were once protected by the practical difficulty of interception are routinely monitored at scale [Snowden2020]. These shifts also do not reflect a coherent theory of what should be private. They reflect the outcomes of contests between specific interests, and the interests of states and large corporations have generally prevailed over the interests of individuals.

The concept of a private individual self—a zone belonging to a person rather than to a household, a clan, or a community—is also historically recent and unevenly distributed [Jenkins2024]. In pre-modern Europe, the unit of privacy was the household, not the person, and the head of household had authority over what happened inside it. Women and servants had no separate private sphere. In Ottoman law, the harim (from the Arabic haram, meaning forbidden or protected) designated the domestic sphere of the household as legally inviolable: not the “harem” of European fantasy, but a legal protection preventing state or community intrusion into the home without cause. This was a meaningful protection, but it applied to the household as a unit, not to the individuals inside it.

Japan’s traditional distinction between uchi (inside) and soto (outside) organized public and private behavior very differently from Western liberal individualism. The interior of the household was intensely private from outside scrutiny, but the expectation of individuals’ interior privacy—thoughts, feelings, and desires kept from family members—was much weaker. The communal interior of the family, not the individual self, was the protected unit.

Indigenous knowledge systems in many parts of the world operate through collective custodianship of sacred, medicinal, or ceremonial knowledge. This is a form of collective privacy: certain knowledge belongs to particular communities and is not available to outsiders. Colonial administrators and anthropologists treated this as obscurantism, and “freedom of information” in the colonial context often meant forced extraction: ceremonies documented, sacred objects removed, and genealogies recorded for administrative purposes. Privacy as extraction is the mirror image of privacy as protection.

Tiffany Jenkins’ history recounts how the boundary between public and private has been drawn and redrawn by courts, legislators, and social movements, always in someone’s interests [Jenkins2024]. The modern expansion of state intervention into domestic life with child protection laws, domestic violence legislation, and regulation of reproductive rights was often demanded by reformers and feminists against the privacy claims of male heads of household who wanted the state to stay out. The private sphere has not been progressively liberated from state interference; it has been a contested terrain in which some forms of privacy have been won and others have been imposed.

The Psychology of Private Space

The sociologist Erving Goffman argued in 1959 that everyday social interaction is a kind of performance [Goffman1959]. People present a “front stage” version of themselves when they know they are being observed: maintaining composure, managing impressions, and performing the role expected of them in a given context. The “back stage” is where the performance can relax: the kitchen before the dinner party, or the break room after the meeting.

People aren’t less authentic on one stage or the other; the back stage is just where contradictions can be worked out and where the next performance can be prepared. This is not dishonesty: everyone does it because social life requires it. But it means that privacy is not merely about concealment; it is about having space in which not every thought and action is subject to evaluation and judgment. A society without back stages is not one in which people become more authentic. It is one in which performance becomes continuous and exhausting, and in which mistakes cannot be made without permanent record.

To see how harmful this is, look at the lives of child stars. Its practical consequences are measurable. Surveillance changes behavior even when nothing being done is wrong. After Edward Snowden’s revelations in 2013 made the scale of the NSA’s surveillance clear [Snowden2020], researchers documented a measurable drop in Google searches for terms associated with terrorism, drugs, or other sensitive topics—not because fewer people were curious, but because curiosity became something that required calculation. This is the chilling effect: the awareness of being watched changes what people are willing to risk.

Anna Funder’s oral histories of Stasi survivors document what sustained surveillance does over time [Funder2011]. The East German Ministry for State Security employed roughly 90,000 full-time officers and had a network of approximately 180,000 informal informants in a country of 16 million people, a ratio of state surveillance capacity to population that has never been matched. Many of those informants were family members, recruited without one another’s knowledge. The files they produced recorded personal relationships, sexual behavior, political opinions expressed in private, and the contents of letters that were opened and resealed. The goal was not to prevent crime, but to map the population thoroughly enough to identify, isolate, and destroy anyone who might become a source of organized opposition.

What Funder’s interviews reveal is not only the accumulation of files, but the internalization of the watcher. Stasi survivors describe a permanent alteration: the habit of measuring every word before speaking it, the inability to stop even decades after the state that required it had dissolved. The surveillance state does not only operate while it exists; it rewires the people it surveils.

The developmental case for private space is equally compelling. Adolescents need to make mistakes without those mistakes being permanent. They need to try on political positions, personal identities, and beliefs, and then discard them without a record of the discarding. This isn’t culturally specific: all societies that have organized the transition to adulthood have had designated spaces and periods in which the normal rules of visibility and accountability did not apply. Initiation rites that occur outside community view, age-grade houses where elders could not enter, and periods of deliberate ambiguity before social roles were fixed were not privacy in the Western legal sense, but they served the same developmental function.

The harm of involuntary exposure is correspondingly real. The charivari was a public shaming ritual practiced across medieval and early modern Europe. It deployed community visibility as a disciplinary tool against people who violated social norms. The same mechanism operated in public “struggle sessions” during the Cultural Revolution in China, in the public confession practices of various religious traditions, and in the contemporary practice of doxxing. These vary in severity, but they share the same logic: exposure can be a weapon, so the ability to protect against exposure is not a luxury but a precondition for social participation.

The Freedom to Become

Mary Gray’s study of rural LGBTQ+ youth in the United States documents what happens when private space for identity exploration is not available in physical form [Gray2009]. Young people in small towns or religious communities where queer identity is dangerous or invisible used the early internet to try out identities and learn that they were not alone. The internet was not yet the optimized engagement machine it became; it was a relatively unmonitored space in which pseudonymity was normal and nobody was selling your search terms to your parents’ employer.

This was not specifically American. The same pattern has been documented in Malaysia, Uganda, Indonesia, Turkey, and other countries where same-sex relationships are criminalized or heavily stigmatized. Online anonymity functions as a prosthetic private space for people who have been denied physical private space. It does not solve the underlying problem, but it allows identity development to occur at all.

In the Soviet Union, hand-typed, passed-by-hand underground literature called samizdat was passed from person to person. Writing and circulating it was criminalized; it could only exist because private space existed, even under a surveillance state, in the gap between what the state knew and what it could actually monitor. Alexander Solzhenitsyn’s The Gulag Archipelago was first circulated as samizdat before being smuggled out and published abroad. The private space of one person’s typewriter was a form of speech protection that the absence of legal protection could not entirely eliminate.

The Hijra communities of South Asia—a third-gender identity category that existed for centuries before British colonization—survived partly because the British administrative apparatus never successfully catalogued them. The Criminal Tribes Act of 1871 attempted to classify and control gender and sexual nonconformity, but the practices, initiations, and knowledge that defined Hijra identity were not legible to census-takers and administrators. Collective privacy as survival is not the same as individual privacy as a right, but they share the property that control over what is known about you is also control over what can be done to you.

The double bind is consistent across these examples. The people with the greatest need for private space to develop and maintain identity are usually those whose identity is most criminalized, stigmatized, or surveilled. Simone Browne documents how oppression of Black people in the United States has always depended on making Black bodies, households, and movements visible to white authority, from the pass system of the antebellum South to stop-and-frisk policing and facial recognition [Browne2015]. The practical privacy available to Black Americans has always been substantially less than that available to white Americans, not because of individual choices but because of systems built to make them more visible to the state.

The “nothing to hide” argument—the claim that only those with something to hide need privacy—only makes sense from the position of someone whose identity, relationships, and beliefs are not criminalized. It is not a neutral observation about human behavior; it is the argument of someone who has never needed the protection they are asking others to give up.

The Moral Arguments

The first American legal argument for a right to privacy was made by Samuel Warren and Louis Brandeis in an 1890 law review article. They argued that the individual had a “right to be let alone”, i.e., a right to protection not just from physical intrusion but from unwanted publicity. Their immediate concern was sensationalist newspaper journalism. Both men were wealthy, socially prominent, and worried about gossip columns. Their argument was real and important, but its social location is worth noting: the first articulated right to privacy in American law emerged from the needs of the prominent to be protected from exposure, not from the needs of the powerless to be protected from the state.

This origin has never fully left the concept. Privacy arguments protect domestic violence abusers alongside their victims. They protect financial fraud alongside confidential medical records, and corporate malfeasance alongside personal correspondence. Privacy as a legal and political value does not come pre-sorted by who it helps.

The feminist critique made this plain. The slogan “the personal is political,” associated with the women’s liberation movement of the 1960s and 1970s, was a direct challenge to the liberal privacy argument. Women’s subordination was legally protected in the private sphere: for example, marital rape was not a crime in most US states until the 1970s and 1980s because marriage was treated as a private relationship outside legal scrutiny. Domestic violence of other forms was (and in practice still is) routinely treated as a private family matter. The claim that the state should not interfere in private relationships was, in practice, the claim that women had no recourse against husbands and fathers.

Jenkins argues that the twentieth-century expansion of state intervention into domestic life was not an erosion of privacy but a redrawing of its boundaries [Jenkins2024]. Feminists and child advocates demanded that the state enter spaces it had previously left to male authority. In doing so, they were not anti-privacy; they were arguing that the women and children in those spaces deserved privacy from the men who controlled them. The same concept, applied by different actors, produced opposite conclusions.

The communitarian critique of privacy takes a different shape. Communities can and do provide forms of accountability that states cannot, and privacy can be an obstacle to that accountability. But this argument has a history of being deployed most aggressively against communities that were not the ones making it. In British India, child marriage prohibitions and widow protection laws were introduced in a framework that described Hindu family privacy as barbaric and in need of civilizing intervention. The language of accountability to higher norms was used to justify intrusion into the domestic practices of colonized people by administrators who had no sustained interest in the well-being of the women and children they claimed to protect.

American privacy worked the same way domestically [Igo2020]. Poor families and immigrant families in the early twentieth century were subjected to social worker surveillance and home inspection regimes that middle-class families were not. The expansion of welfare services came with a corresponding expansion of state visibility into the households that received them. Privacy, like other goods, was distributed in proportion to social power.

Identity and Legibility

In 1879, a young police clerk in Paris named Alphonse Bertillon proposed a solution to a problem that had plagued law enforcement for decades: how do you know if the person in front of you is who they say they are? Before photographs were cheap to reproduce and before fingerprint databases existed, professional criminals could simply give a false name and walk free. Bertillon’s answer was anthropometry: measure the skull, the length of the forearm, and other bodily dimensions that, taken together, were statistically unlikely to be identical in any two people. The system spread across Europe, the United States, and colonies in Asia and Africa, and was the first large-scale attempt to use the body as a database.

Bertillonage had a fundamental weakness: measurements had to be taken correctly by trained operators. By 1900 fingerprinting was replacing it almost everywhere because fingerprints were more reliable and required less skill to record. But the desire of states and institutions to pin individuals permanently to a record did not die with the calipers.

The history of identity management is partly the history of states trying to solve what James C. Scott calls the legibility problem [Scott1998]. A state cannot tax, draft, or police people it cannot identify. Medieval English peasants might know themselves as “John the Miller’s son from the village by the ford”, but that description doesn’t survive a move to a city or a change of occupation. Surnames became standardized in Europe partly because governments needed them. The same logic produced house numbers in Paris and Vienna, censuses across the colonial world, and passports that began as occasional travel documents issued by monarchs and became, by the twentieth century, a requirement for crossing most international borders.

The problem is that the state’s desire for legibility doesn’t have a built-in limit. The state that registers births so it can provide schooling can use that register to conscript soldiers. The government that issues identity documents to allow people to vote can use those documents to deport people. Once a population register exists, every subsequent administration can use it for whatever purpose it finds useful.

Colonial governments exploited this systematically. The British introduced population registers, caste certificates, and tribal designations across India, Africa, and Southeast Asia that served double purposes: administration, taxation, and census on one hand, and identifying potential troublemakers and restricting movement on the other. South Africa’s pass laws, introduced gradually from the eighteenth century and formalized under apartheid after 1948, required Black South Africans to carry a reference book at all times. The book recorded their employer, their designated “homeland,” and their permission to be in urban areas. Police could stop anyone and demand the book; failure to produce it meant arrest. The pass system was one of the most sophisticated identity management infrastructure projects in history, and it was designed entirely to restrict freedom of movement and force labor into mines and factories at wages set by the government.

Keith Breckenridge’s history of South African biometrics traces a direct line from the pass system to the world’s first large-scale biometric population register, introduced in South Africa in 1986. Fingerprints were added to the passbook because fingerprints are harder to falsify than signatures and do not require literacy. A system designed to prevent forgery of internal passports became, almost automatically, one of the most comprehensive biometric databases in the world at the time [Breckenridge2016].

This creates a dilemma that does not have a clean solution. Democratic participation depends on being able to identify voters. Electoral systems need to verify that voters are eligible residents and prevent people from voting twice. This requires some form of voter registration, and voter registration requires identity documentation. In the United States, the history of voter registration is entangled with the history of voter suppression: poll taxes, literacy tests, grandfather clauses, and, since the 1990s, photo ID requirements that are nominally neutral but fall disproportionately on communities less likely to hold a driver’s license: the poor, the elderly, and people of color. The registration systems needed to enable political participation have been weaponized to prevent it.

But the dilemma goes deeper than that. Communities that have historically been targeted by state identity systems have rational reasons to distrust those systems. If the government has used population registers to intern Japanese-Americans or to deport undocumented immigrants in mass raids, people are right to be suspicious of any new identity system. Even if today’s government only intends to use it for good, it cannot bind the behavior of future governments.

This dilemma is now one of the biggest challenges facing democracy. The communities most harmed by identity management in the past have the best reasons to distrust registration systems, but that distrust keeps them from participating in the political processes that would let them constrain those systems. Fear of being rounded up is itself a tool of disenfranchisement.

India’s Aadhaar system, launched in 2009, has enrolled over 1.3 billion people in a biometric identity database based on fingerprints and iris scans linked to a twelve-digit number. Its designers argued that a universal, biometric identifier would eliminate fraud and exclusion in government benefit programs by making identity verification objective. The argument was partly correct: Aadhaar has reduced certain kinds of fraud and brought some previously excluded people into the formal economy. It has also created new forms of exclusion. People who cannot authenticate are cut off from food rations and pension payments, and the database itself represents a concentration of sensitive biometric information that, if breached, cannot be reset: you can change your password, but you cannot get new fingerprints [Khera2019].

What abusive identity management has been constrained, those constraints have been the result of organized political activity. South Africa’s pass system was not abolished because its administrators became enlightened; it was abolished because the resistance movement grew strong enough to make it unsustainable. The constraints on Aadhaar came from litigants and activists who brought cases, and the Voting Rights Act of 1965 in the United States came from marchers, organizers, and a political coalition that made the status quo more costly than change. The center always wants more information. The question is always whether the people most likely to be harmed by that information have enough power to say no [Cole2002,Torpey2000].

Paying for the Privilege

The surveillance economy that social media and AI have created goes far beyond anything the Stasi dreamed of. The irony is that the Stasi had to coerce their informants; we pay subscription fees for the privilege of being surveilled. Corporate data collection operates under a framework built largely around consent obtained through contracts that no one reads and that cannot meaningfully be refused by people who want to participate in modern life.

When a platform argues that its collection of behavioral data is voluntary and therefore not a privacy violation, it is making a legal argument, not a factual one. The legal distinction between state surveillance and corporate surveillance also ignores how governments now use corporate data collections to conduct surveillance they could not legally conduct directly.

When Privacy Protects Power

This asymmetry is most visible in the global system of financial secrecy. Nicholas Shaxson’s investigation of offshore banking documents how a network of tax havens in the Cayman Islands, the British Virgin Islands, Switzerland, Luxembourg, Ireland, and Singapore was constructed over the twentieth century through legislation specifically designed to allow wealth to evade the oversight of the countries where it was generated [Shaxson2011]. Switzerland’s banking secrecy law of 1934 was enacted partly to protect the assets of Jewish depositors from the Nazi government; within years it was also protecting the assets that wealthy Europeans were hiding from their own governments’, and then the money, art, and treasures that Nazis had looted from their victims.

Gabriel Zucman estimates that approximately $7.6 trillion in private wealth is held in offshore accounts, costing governments roughly $200 billion annually in lost corporate tax revenue and further amounts in lost personal income tax [Zucman2015]. This is money not available for schools, infrastructure, or healthcare in the countries where the underlying economic activity occurred. The offshore system is legal because wealthy individuals and corporations have the resources and political influence to make it legal.

The Panama Papers and Pandora Papers, published in 2016 and 2021, revealed how this system operated across the world:

• The Marcos family in the Philippines used shell companies in Switzerland and the Cayman Islands to hold an estimated $5–10 billion looted from the Philippine treasury during Ferdinand Marcos’s dictatorship.

• Mobutu Sese Seko of Zaire accumulated an estimated $5 billion in Swiss and other offshore accounts while the country’s public services collapsed.

• Augusto Pinochet of Chile, who tortured thousands in the name of fiscal discipline, was revealed after his arrest in London to hold $27 million in hidden offshore accounts that his family had denied existed.

Corporate secrecy operates the same way at a smaller scale. Non-disclosure agreements are legitimate legal instruments when they protect trade secrets or the terms of commercial negotiation. They become instruments of harm when used to prevent victims of sexual abuse and harassment from speaking. Harvey Weinstein’s non-disclosure agreements required victims’ silence as a condition of financial settlement. Both Weinstein and Jeffrey Epstein continued to harm additional people for years because the financial privacy of the settlement was used to suppress testimony that would have enabled legal action.

The tobacco industry’s internal documents provide a decades-long parallel. From the 1950s onward, tobacco company researchers produced evidence that cigarettes caused cancer and that nicotine was addictive. Those documents were treated as confidential corporate information— trade secrets, attorney-client privileged communications— while the companies’ public-facing research denied what their private research showed. The internal memos were finally produced in 1998 litigation. The deaths attributable to that gap between public claim and private knowledge are not a small number.

State secrecy operates the same logic at the largest scale. Classification systems and executive privilege have been used to prevent accountability for torture—the Abu Ghraib photographs were eventually published, but the legal memos authorizing enhanced interrogation were withheld for years. The Saudi government invoked sovereignty and confidentiality to slow accountability for the murder of journalist Jamal Khashoggi. Every authoritarian government that has committed atrocities has used state secrecy as its first line of defense, while using forced transparency—public trials, published confessions, exposed private lives— as a weapon against opponents. Privacy and exposure have always been deployed together, each in the direction of power.

Transparency and Its Limits

The apparent solution—require transparency from the powerful—is correct in theory but immensely complex in practice. The difficulty is not an argument against transparency, but does require advocates to be specific about who, what, and how.

Rob Jenkins and Anne Marie Goetz’s analysis of India’s Right to Information movement documents what organized civil society can achieve [Jenkins1999]. The RTI Act, passed in 2005, gave Indian citizens the legal right to request government documents and required agencies to respond within thirty days. It emerged from a sustained campaign by village-level activists in Rajasthan who were trying to verify whether public works funds were actually being spent on the roads and wells they were supposed to fund. The principle was simple: government is funded by citizens and accountable to them, and accountability requires information. The law was imperfect and inconsistently enforced, but still led to real change.

South Africa’s Truth and Reconciliation Commission, which operated from 1996 to 1998, made a different but related choice. Perpetrators of human rights violations under apartheid were offered amnesty in exchange for full public disclosure of what they had done. The logic inverted the usual logic of settlement: rather than silence as the condition of resolution, truth-telling was the condition. Perpetrators had to give up their privacy in order to receive amnesty; victims could give testimony publicly, which served both their dignity and the historical record.

The European Union’s General Data Protection Regulation, which came into force in 2018, includes a “right to be forgotten”: individuals can request that search engines remove links to information about them. This is a genuine protection for private individuals who have been stalked, defamed, or whose past mistakes have been permanently attached to their names by internet search. It is also a tool that has been used by politicians, business executives, and convicted criminals to suppress accurate reporting about their public conduct. The same legal instrument protects both the person whose private medical condition was published without consent and the politician who wants voters to forget a corruption conviction. Privacy law cannot easily distinguish between them.

What holds across these cases is the principle: privacy for persons, transparency for institutions. Private individuals acting in their private capacity have strong claims to be left alone. Public officials exercising public power, institutions affecting public life, and wealthy individuals whose private financial arrangements affect public resources all have weaker claims. This principle is never self-enforcing. The direction of institutional pressure is always toward the legibility of persons and away from the legibility of institutions. Maintaining the opposite—protecting the private lives of individuals while demanding transparency from power— requires organized political effort to sustain [Scott1998].

The platforms and governments that describe privacy as “dead” or as an obstacle to innovation are not making a neutral observation about changing social norms. They are making an argument that happens to be extremely convenient for their interests. The people arguing against that description are usually not doing so on behalf of people who want to post embarrassing photos without consequence. They are doing it on behalf of the people for whom privacy is the difference between safety and harm. What abusive privacy and identity regimes have been constrained, those constraints have come from organized political activity, not from enlightenment at the top [Igo2020].