Privacy inquiry is both philosophical and scientific, and comes with the problems associated with each type of investigation. Using a formal model to measure privacy and create a scientific theory is based on Popper’s work on scientific contributions (Popper, 1967). Popper sets out structural requirements for scientific theories, such as I propose for privacy, including that a theory must be falsifiable.
Each example in my formalization stands as an attempt to test it.
The formal model structure makes clear the boundaries for which privacy may be tested in its very definition. Any theory must also be simple, so that it has the highest possible testability. If the formal model fails, it will be clear that either a more complex model is required or privacy cannot be formalized. The theory must be repeatable with the same results. Results from experiments carried out to test the model – both theoretical and practical – can be easily reproduced using the details provided in the respective chapters.
Finally, the theory must be capable of evolution (in keeping with the principle of falsifiability). The formal model presented here is intended to continually be in flux. Not only is it in need of refinement, but also the factor set is not completely identified. This is not a flaw, rather, it is intended to be subject to further refinement to enhance its strength and applicability.
There is indeed a distinction between the process and outcome: the contribution herein is to the understanding of privacy.
Without a formal model to examine and question there would be no further understanding. The dichotomy of an unfinished formal model is a risk, albeit a very necessary one in the pursuit of scientific inquiry. The contribution of the formal model for the theory of privacy is thus: simple, repeatable and flexible (or perhaps, finitely infinite).
As part of the theory and to help the discussion about privacy, I use measurement as the core scientific principle. Measurement is the act of assigning value in a given range to decrease uncertainty. It lends itself to repeatable, scientific processes that can be proven. Measurement is about codification, it can lead to institutionalization of processes and procedures. Measurement enables evaluation, duplication and replication for the purposes of growth, accuracy and comparison. Thus, measurement meets the objectives and requirements set out by Popper’s rules for scientific theory.
When there are no real numbers measurement is harder.
The value of privacy is like any other psychological or sociological value, it can be measured but those measurements are more likely than not representational (Thurstone, 1954). For example, if you have 3 units of privacy, that number is meaningless. However, if I were able to suggest that you had 3 units of privacy in a given context, and when that context changed you had more or less units of privacy that may begin to illuminate meaningful scientific principles.
I base my formal model on the theory of representational measurement for that reason, to highlight privacy impacting choices and the changes that occur as a result. Representational theory is used when numbers are correlated (no cause) to other numbers, assigned by rules, such as a finite state machine. In the case of representation, for the purposes of expressing uncertainty in measurement, the unit is called a measurand.
A measurand has two parts: (1) an object being measured, and (2) a quantity intended to measure (Kacker, Sommer, & Kessel, 2007). For privacy, the measurand is the ‘state’ of privacy any given data subject is in at the moment.Using measurement for privacy goes beyond considering it as a problem to be solved. It provides the basis for a theory for privacy that can be applied across disciplines.
Traditional policy mechanisms fail in privacy enforcement because they neglect consideration of computational requirements, e.g., a policy may require informed consent but understanding the computational requirements of information management architecture is arguably more complex than such a mechanism may allow.
Measurement also makes privacy knowledge acquisition easier for both the organization and the data subject.