Daniel J. Weitzner
Principal Research Scientist
Decentralized Information Group
MIT Computer Science and Artificial Intelligence Laboratory
This document on the Web [http://dig.csail.mit.edu/2007/05/ic-home-weitzner.html]
A later version of this column appears in IEEE Internet Computing, March/April 2007
"The house of everyone is to him as his castle and fortress. In all cases when the King is party, the sheriff (if the doors be not open) may break [into] the party's house, either to arrest him or to do other execution of the King's process, if otherwise he cannot enter. But before be breaks [into] it, he ought to signify the cause of his coming and to make request to open the doors." 
The notion of "home" is a critical organizing metaphor for how we understand the relationship between individuals and society at large. A wide range of cultural and legal practices enshrine the home with various protections that ensure us a degree of privacy, security, solitude, and control over our lives there. Some of us are also "at home" on the Web; but what have the Web and networked communications done to our most basic notions of home and, with them, privacy and personal property? As our private papers migrate to the Web, activities that we could previously conduct in "private" have seemingly been thrown open to unfettered public view. Additionally, as increasingly powerful communication technologies reach into our homes, places that were private become more connected to public life.
Rights in general and privacy in particular are about boundaries: borders we erect around ourselves or those limitations that society is prepared to respect. The most fundamental of these demarcation lines are our home walls; the boundary of the home is often the principal dividing line between our public and private selves. Inside the home, we can expect to be free from arbitrary government intrusion, we have broad leeway in how we behave and use our property, and we can prevent others from entering and disturbing our solitude, even if they have strong reasons to communicate with us. To help make online environments in which we all feel more at home, we must look back at what home has meant in our most basic social rules.
Our notion of "home" transcends time, nationality, and individual legal traditions. Beginning early in recorded law, Hammurabi declared, "If any one break a hole into a house (break in to steal), he shall be put to death before that hole and be buried." Drawing inspiration from early English common law and from the brutal experience of 20th century totalitarianism, the United Nations put home at the center of modern international human rights law: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence" According to the US Supreme Court, "At the very core" of the Fourth Amendment "stands the right of a man to retreat into his own home and there be free from unreasonable governmental intrusion." Following this vast legal tradition, the home is a refuge in which we're entitled to be free from unauthorized (by a court) intrusion from the police or other government agents. So great is the commitment to individual control over what goes on in the home that the US Congress and the courts have extended the special protections beyond just government intrusion. Several years ago, Congress created a "do not call" list that let citizens avoid telemarketing calls at home by putting their phone numbers on a list maintained by the US Federal Trade Commission (FTC). Telemarketers would receive large fines for making sales calls to homes registered on this list. The marketers promptly sued the FTC, claiming that the law infringed on their First Amendment free speech rights by preventing them from communicating with potential customers. In a defense of individual privacy, the 10th Circuit Court of Appeals found that
The national do-not-call registry offers consumers a tool with which they can protect their homes against intrusions that Congress has determined to be particularly invasive. Just as a consumer can avoid door-to-door peddlers by placing a "No Solicitation" sign in his or her front yard, the do-not-call registry lets consumers avoid unwanted sales pitches that invade the home via telephone, if they choose to do so. The ancient concept that 'a man's home is his castle' into which 'not even the king may enter' has lost none of its vitality.
Much of the Internet and Web privacy debate over the past decade has been framed in the language of government regulation versus industry self-regulation. In comparisons between the European approach and the US approach to privacy, especially, the general view has been that European privacy law is more protective of individuals against corporate intrusion, although lax about protection against government intrustion. Often, US law is characterized as just the opposite. Whether these comparisons are apt (I consider them somewhat simplistic), it appears that the 10th Circuit opinion departs from this policy rhetoric and returns to venerable privacy principles that have deep historical roots that unite, rather than divide, a variety of legal cultures.
New technology, however, always poses a challenge when the law must define just what the boundaries of "home" actually are. In the early 20th century, when the US Supreme Court had to consider whether telephone wiretapping without a search warrant violated Fourth Amendment privacy rights, the majority determined that because wiretapping was conducted without an actual trespass into private homes (the tap occurring on phone lines outside the home) no privacy violation existed. That is, the protected home's boundary was established by the actual property line. If the police didn't cross onto private property, they weren't violating your privacy, regardless of what they learned about what you were actually doing in your home. One dissenting justice, however, wrote that
Ways may some day be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home. Can it be that the Constitution affords no protection against such invasions of individual security?
Some 60 years later, this view became the law when the Supreme Court determined that, contrary to their earlier ruling, wiretapping without a warrant actually violated the Fourth Amendment. With this ruling, the Supreme Court moved beyond the formalistic, property-based view of protecting the home to a more expansive notion that the Constitution protects "people, not places." In short, US law affirmed that privacy protection is based more on the intrusion's effect on the solitude, security, and individual autonomy the home represents than on whether intrusive activity crosses the property boundary.
Increasingly powerful and intrusive surveillance technology continues to raise privacy questions. Recently, the Supreme Court ruled that police use of infrared detectors to look for evidence of high-powered grow lights (used, in this case, to grow marijuana plants in someone's house) constituted a Fourth Amendment violation. Even though the police never entered the home, and the heat radiation was detectable outside the house, the court still considered this intrusion a privacy violation:
It would be foolish to contend that the degree of privacy secured to citizens by the Fourth Amendment has been entirely unaffected by the advance of technology. Where, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a "search" and is presumptively unreasonable without a warrant.
So, although new technologies' power to intrude on the home continues to expand, our legal tradition tends to respond by keeping privacy rules in line with the perceived threat level.
The Web and digital communication technologies present new challenges to our ability to maintain the home as a private place secure from unwanted intrusions. Consider, for example, the Internet-connected personal computer.
What does the average computer have on it? Aside from work, games, and perhaps a bit too much spyware, the average PC might well have digital photos, financial records, personal diary entries, and copies of music and videos. Assuming all these files are actually on this computer, and that this computer is actually in its owner's home, no unusual questions arise. The US Department of Justice realized relatively early in the PC era that home computers are really part of the home and can have lots of sensitive information on them. So, reasonable procedures are in place when federal law enforcement officers search home computer files to ensure that privacy protection is equivalent to what you'd have if the same officers were looking through your desk drawers.
However, if this PC's owner is making the most of available Web-based services, the legal situation is less clear. Photos that in a pre-Web era would have been in a photo album on the living room shelf, safely within your house's confines, could now be on a photosharing Web site such as Flickr or Shutterfly. Putting them there does-n't necessarily mean that you consider them less private or more open for anyone to see, but the law could well consider them available with much less privacy protection than if they were actually inside your house.
What about all your financial information? Perhaps you did your taxes through a Web-based service because of lower cost or greater convenience. Does that mean you consider your tax return's contents to be less sensitive? Probably not, but the law today might not match your expectations.
Finally, suppose you're a dedicated diarist but have decided to make your diary entries virtual through a blogging service. You might blog because you want to share your most intimate thoughts with the entire Web, but perhaps not. Perhaps you want to share with just a few dozen friends on a service such as Livejournal. Does that give your diary the same private status it would have if it sat on your shelf at home and you made it available to those same friends? Because you've handed over the information to a third party (the company hosting Livejournal's site), its legal status is somewhat different than if you kept the files on your home computer or a paper journal in your desk. How different? We're really not sure yet. What we can say is that the privacy boundaries that the pre-Web home used to provide might not extend to the home page.
Privacy isn't the only home-centric boundary that Web and communication technology has called into question. Reading, listening, and viewing patterns have changed profoundly due to the availability of Web documents and music and video from various Web-based services. Digital media services such as iTunes offer greater flexibility in some respects than more physically restrictive media such as LPs, CDs, or even DVDs. Now you can bring your entire music library to the gym and play just the tracks you want from the entire collection. Or, you can easily watch an episode of your favorite TV serial on the bus. Yet, in the past, once you bought music or a video, you could lend it out as you chose to a friend or easily pass it around to others in your household. New media formats and devices, however, reach into our homes and exercise substantial control over how we can use them. (From a purely legal perspective, a person's rights to use music on a CD, for example, were quite limited long before iTunes. In practice, however, those limitations weren't really enforced inside the bounds of the home or your own personal usage.)
Additionally, several media formats actually reach outside our homes, without our knowledge, and send information back to service providers about our reading, listening, and viewing habits. In the pre-networked home, curling up by the fire with a book was a purely private activity, beyond the reach or knowledge of the book's publisher. But if you curl up by the same fire today with your networked laptop and open a PDF document, it's quite possible that the PDF-reading software will "phone home" (to the document's creator) and send information to a remote server about who's reading the document. Very careful reading of PDF technical manuals or installing a network traffic monitor in your house would reveal this activity, but practically, this surreptitious monitoring of what most of us think is an entirely private activity (reading) goes on without our knowledge or control. iTunes software also tracks listening and browsing behavior, though it's possible for users who are aware of this to turn off the monitoring function. Of course, third-party tracking cookies have monitored browsing or reading habits for many years. Still, new services can reveal a higher level of detail and aren't as easy to notice or turn off.
Many of these new intrusions or vulnerabilities originate in devices and services that we voluntarily choose to bring into our homes. In some cases, we're aware that our personal information is more exposed, but in others, we're not. In all of these cases, however, new technologies are breaching our homes' existing boundaries, which we've historically depended on to demarcate our privacy and our personal property. As we've seen, though, the level of privacy and control we have in our homes will depend ultimately on a combination of what technology enables (or disables) and what the law recognizes as necessary to protect fundamental privacy notions.
We no longer live in castles, and our private lives no longer occur entirely within property confines. However, we still have the same needs for a reasonable mix of solitude and sociability. As technology designers, we can help people maintain this balance by giving users a high degree of control over how we collect and use their information, as well as the ability to signal when an intrusion has gone too far.
The views expressed here are purely the author's and don't reflect the views of the W3C or any of its members.
Weitzner is Principal Research Scientist at MIT Computer Scientist and Artificial Intelligence Laboratory and co-founder of the MIT Decentralized Information Group. He is also Technology and Society Policy Director of the World Wide Web Consortium. The views expressed here are purely his own and do not reflect the views of the World Wide Web Consortium or any of its members.
1. Semayne's Case, English Reports, vol. 77, 1604, p. 195 (Court of King's Bench).
2. Universal Declaration of Human Rights, 1948. See also The European Convention on Human Rights, article 8.
3. Silverman v. United States, 365 U. S. 505, 511 (1961).
4. Mainstream Marketing Services v. Federal Trade Commission (FTC), Federal Reporter, 358 F.3d 1228 (2004).
5. Olmstead v. United States, 277 U.S. 438, 467 (1928) (Brandeis, J., dissenting).
6. Katz v. United States, 389 U.S. 347 (1967).
7. Kyllo v. United States, 533 U.S. 27 (2001) (Scalia, J.).