1
Privacy Cases: Being Suborned

"Well . how did I get here?"

-David Byrne, "Once in a Lifetime"

To discuss the relative merits of personal privacy, it's worth reviewing historic rationales and justifications for security processes and programs. Privacy and security have become linked to the point where the ideas are almost inextricable, and it is valuable to understand how this came to happen.

Security Through Trust

One of the concepts that relates to privacy is security through trust- an institution, government, or company is considered more trustworthy if the personnel working in or for it are themselves trustworthy. To determine whether a person is trustworthy, it's important to learn certain things about the person: their behavior, tendencies, condition, mindset, and so forth. Trust is established based on past performance; we tend to believe that someone will act more or less in a manner similar to how they already have. The assumption is: a lying junkie will continue to be a lying junkie; a person who has worked diligently and honorably for their entire adult life will continue to behave diligently and honorably. There are, of course, outliers and changes in circumstance where predictions are wildly unhinged from the past; the junkie might change overnight and become a paragon of virtue and a hard worker, whereas the model employee might turn into a depraved murderer in a moment. Human beings are fickle, unpredictable, irrational creatures. But if you have to trust someone, you will generally tend to use their past actions as an indicator for what you expect of them in the future.

The Historic Trust Model Creates Oppression

Not so long ago, many organizations had some rather bizarre criteria programmed into their trust models-metrics that we would find ridiculous, offensive, stupid, and/or downright evil today. These have included gender, race, religion, ethnicity, and national origin.

For instance, at the outset of World War II, American President Roosevelt considered people of Japanese descent, including American citizens with Japanese parents and grandparents, untrustworthy, to the point where he believed they might aid Japan in its war against the United States. He therefore ordered them to be forced into concentration camps.1 The rationale was: this would make the United States more secure. Personal privacy, in that circumstance, was not an aspect of the trust model; significant physiognomic traits, combined with birth and immigration records, allowed the US government to enforce this horrible decision. There was not much room for question as to the ethnicity of the prisoners.

Privately Trustful

Another awful aspect of the personnel trust model was, however, larger a facet of what is generally considered "private" life: whether that person engaged in same-gender sexual activity.

NOTE For purposes of discussion in this book, I'll use the term gay to mean the full spectrum of what we now often call LGBTQ-lesbian, gay, bisexual, transgender, queer-sometimes with additional descriptors.

There were two main (ugly and horribly flawed) rationalizations for this type of policy.

• Gay people are untrustworthy because of their very nature; sexual orientation is a choice, gay people engaging in sexual acts is an indicator of character, and only depraved people would choose to do so.
• Gay people are untrustworthy because they are susceptible to coercion; anyone learning of a person's sexual interactions or desires could use that knowledge against the person-a gay person could be blackmailed for being gay.

The first "reason" is so tragically stupid that it's hard for people today to realize that people in the past actually believed ideas like this. It almost certainly had origins in religious and cultural biases and misanthropic tendencies tantamount to evil. The second rationale is insidious in a different way and is a perfect of example of how privacy and security can become conflated to the point of causing true harm to the very things they purportedly are meant to protect.

NOTE At the time the laws/policies discussed in this chapter were created/implemented/enforced, there were other terms used to describe any sexual activity that did not conform to heteronormative standards, typically unnatural acts and sodomy, when included in statutes or other written mandates.

The historical personnel trust model is based on some simple premises: institutional trust is linked to personal trust, personal trust is based on using past behavior to predict future action, and personal behavior outside the workplace (such as sexual activity) is linked to personal behavior in the workplace. For the institution to trust the individual for a particular job, the institution must learn and know about the person's behavior outside the workplace, in their personal life. That's the institution's perspective.

Generally, from the individual's perspective (instead of the institution's), we like to think of a person's home life and work life as two separate, distinct contexts: I act in accordance with my employer's needs during the hours I'm working, because that's what I'm getting paid for, but when I am not working, I am free to live my life in the manner I see fit, without my employer's oversight. I might wear a uniform in the workplace, but I take it off when I'm not working; I associate with colleagues and customers while I'm working, but I might have a totally different set of friends and acquaintances when I'm not working, and I might not interact with the workplace colleagues/customers until I'm back in the workplace.

In reality, this construct often breaks down in actual practice. Colleagues and customers share information about their nonwork activities in workplace discussions, and actions a person takes outside the workplace can seriously affect their employment, be it acquiring a college degree or running someone over with a car while driving drunk. Even so, we often like to think of ourselves as having a bifurcated existence.

In order for the dated trust model, which discriminated against gay people to have existed, the institution had to breach the employee's private life-sex is generally (with very, very few exceptions) an activity that happens outside the workplace. This intrusiveness was seen as necessary in order to ensure that the person placed in a position of trust by the institution was, indeed, trustworthy.

This, of course, makes absolutely no sense, when exposed to even the barest logical scrutiny. Were gay people subject to blackmail/coercion because of their same-gender sexual activity? Yes-but only because the institutional trust model created that situation. The person who is given employment or promotion only under the condition that they act in a prescribed manner (or, more to the point, do not act in a proscribed manner) is under the threat of losing something of value (a job, a promotion, etc.) if their unapproved behavior becomes known.

Disarmed Forces

Here's a historic example: the US military has its own laws and court system; this is known as the Uniform Code of Military Justice (UCMJ). Not too long ago, the UCMJ prohibited same-gender sexual activity; violations could be punished with demotions, dismissal, or even imprisonment.2 The government had similar, if more vaguely worded, restrictions in Executive Order 10450, "Security Requirements for Government Employment." In both the military and other government positions, a security clearance (the documented verification of a person's trustworthiness) was (and still is) considered extremely valuable-a person with a security clearance could get employment and other opportunities that a person without a clearance could not. A person in the military/government service could lose their security clearance if the military/government learned that the person was gay.3

So, the military/government (and institutions who had similar anti-gay policies) had created a situation where certain people had something to lose (the clearance, and the benefits that come with a clearance) if information about them (personal information, from their "private" life) was disclosed. That, therefore, put those people at risk of coercion and put the institution at risk overall (a trusted person might be coerced into causing harm to the institution). If, however, the anti-gay rules/policies did not exist, then the entire possibility for coercion would not exist, and trust would not be in question.

NOTE Within reason, and taken in context, a person might not be subject to coercion only because of their employment status and situation, and that employer's policies-there might be other aspects of a person's life that could be used to coerce them into harming their employer. At the time the UCMJ had rules against same-gender sexual activity, there were also social mores and prejudices that might make someone gay subject to coercion as well; a blackmailer might threaten the target with outing them to their family as opposed to their employer and might therefore get the victim to do something harmful to the employer. "I will show these photos of...