Introduction
Privacy, internet pioneer Vint Cerf suggested while describing the pervasive data collection enabled by the internet, is an artifact of a modern age nearing its end.Footnote 1 Privacy was, he said, an “accident” of “the urban revolution”—an “anomaly” created by a certain technological and architectural moment: “the industrial revolution and the growth of urban concentrations that led to a sense of anonymity.”Footnote 2 Indeed, according to Cerf, privacy did not exist in small towns like the one from which he hailed, where “[e]verybody knows what everybody is doing.” And in the age of big data,Footnote 3 privacy will be “increasingly difficult for us to achieve” going forward.Footnote 4
To be sure, technology has enabled pervasive public and private surveillance as a “way of life.”Footnote 5 The discourse of privacy, rooted in notions of individual rights to “be let alone,”Footnote 6 and “informational self-determination,”Footnote 7 offer weak sauce against rampant data collection and aggregation. The legal regimes informed by the language of individualism broadly replace the substantive promise of privacy as a fundamental right with illusory procedural safeguards of “notice” and “consent”—manipulable protections by which individuals “agree” to privacy terms, often with little understanding of the bargain, awareness of future uses of information,Footnote 8 or power to opt out.Footnote 9 Jurisprudence struggles to comprehend the effects of surveillance and information collection, as the task of shoehorning unprecedented circumstances into existing doctrine leads to cramped understandings of harms.Footnote 10
The rubric of informational self-determination, moreover, disguises the reality that individual lives are enmeshed with broader society.Footnote 11 In the new “small town” of the big-data age, privacy rights are waived as a condition of participation in society, both online and in real life.Footnote 12 Through a technological determinism rooted in a language of “expectations,” if a human (or digital) eye can “see” you, or scrape records about you, or use the resulting knowledge to make inferences about you, privacy interests are often deemed not to exist.
Framing privacy as an individual interest, moreover, often ignores the interconnected nature of human behavior and human interests. Surveillance of one individual can reveal a great deal about others, slicing away at their privacy without any pretense of consent in the waiver of their rights and interests.Footnote 13 Yet because of collective action problems, relying on individuals is a poor means of protecting privacy as a public good.Footnote 14
In the absence of anonymity, then, the modern discourse of individualism masks a post-modern technological capacity for near-ubiquitous surveillance of our behaviors, interactions, locations, and personal spaces—often by entities with financial incentives to manipulate our data for their own purposes.Footnote 15 Contemporary concepts of privacy thus fail to sufficiently capture the harm that pervasive surveillance wreaks on individuals and social relations, or to offer a countervision for the technological power of the big-data age.
Yet if Cerf's comments reflect the failures of the dominant articulations of privacy rooted in “the familiar pair of anonymity and informed consent,”Footnote 16 his association of privacy with modernity fails descriptively.Footnote 17 Specifically, his claim is undermined by a robust millennia-old Jewish legal tradition that has long protected privacy by mandating protective architectures and appropriate behaviors, often in tightly knit and transparent communities like those of Cerf's youth.
Jewish legal sources root the importance of privacy not only in the protection of the individual but also in the values prerequisite for a vibrant, functioning, and good society. Through narratives and doctrine, Jewish sources animate what is at stake in protecting privacy and how privacy harms can rend the social fabric.
The Jewish vision departs radically from the building blocks of current privacy discourse. It locates neither the meaning of privacy nor the mechanism for its legal vindication in individual rights. Rather, reflecting the principal character of Jewish law as a system of obligations, it establishes a set of prior commitments that guide appropriate behavior, rejecting technological determinism and the expectations it imposes as delineators of privacy.Footnote 18 Moreover, privacy in the Jewish system does not depend on anonymity: rules of behavior largely presume its absence and apply even when it exists. Privacy rules depend neither on confidentiality nor on later use of knowledge, and they apply irrespective of concrete or personal harm. Jewish sources often reject consent or a waiver of privacy as a basis for intrusion, and protective mandates on both the surveilled and the surveillor may remain binding regardless of consent. Finally, even when certain types of sensitive information are publicly known or available, Jewish law prohibits its use or sharing. Together, these doctrinal elements offer a framework for privacy protection and a language about privacy's meaning—and a promise for combatting big-data abuses—that are missing in current discourse.
In this article, we explore this line of Jewish jurisprudence from the Talmud through medieval and modern sources and construct the vision of privacy it animates.Footnote 19 This exploration stands on the shoulders of important recent work by scholars who have mined a diverse set of sources describing basic Jewish legal doctrines regarding privacy.Footnote 20 Yet we diverge from their approaches and the debate over whether Jewish law is the historical source of a “right to privacy.”Footnote 21 We instead seek to bring the range of Jewish doctrine into a united conceptual landscape to explore its value for contemporary privacy debates.
To that end, we identify five pillars of Jewish privacy law in terms familiar to contemporary scholarship:Footnote 22
1. Jewish law views privacy as an element of a good society and protects it through reciprocal duties rather than through individual rights.
2. Jewish law understands (and links) the inherent harms of visual intrusion, eavesdropping, and information collection and dissemination.
3. Jewish law rejects expectations and technological determinism as metrics of what should be protected.
4. Jewish law posits the inherent dignity of every individual, recognizes that surveillance may constrain free choice by modifying individual behavior, and creates space for individual transformation.
5. Jewish legal and philosophical-theological sources recognize that privacy doctrines can create harms, and they struggle with how to negotiate their limits.
In identifying these pillars, we draw from a range of Jewish doctrines to flesh out the importance of the framework of Jewish privacy; the Jewish understanding of privacy harms; the ways that privacy's meaning is determined; and the Jewish vision of the private individual. We also address the negative implications of privacy revealed by the Jewish tradition. Each pillar arises from Jewish law's understanding of privacy as a religious and communitarian value protected by multilateral obligations rather than as the principles of individual rights, consent, and technological capacity that undergird current thinking about privacy.
We close the article with an exploration into the ways that Jewish understandings of privacy “in society” might offer pre-modern insights for privacy protection in Vint Cerf's surveillance age.Footnote 23 We do not claim that historic Jewish law doctrines should be applied directly to modern digital life. Yet, in four important ways, these sources offer conceptual foundations that challenge dominant liberal paradigms lacking the vocabulary to comprehend the full scope of privacy interests. First, they suggest the importance of framing individual privacy as a social commitment—the responsibility of every member of society, personal and organizational. The focus shifts from privacy as a negative right to the ways it positively enhances communal value,Footnote 24 and it offers a language for private relations and the bilateral behaviors they require rather than placing the individual in opposition to society with privacy as a shield.Footnote 25 Such a move has not just rhetorical but practical significance. Paradoxically, most Americans express deep concern about privacy but are practically prevented from protecting it because participation in society leaves them open to nearly unfettered surveillance. Shifting the protection of privacy from the individual to other members of society alleviates the anxiety and confusion arising from this “privacy paradox.”Footnote 26
Second, Jewish law offers important language for appreciating the totality and severity of harms wrought by pervasive surveillance and data analytics. Current legal doctrine too often severs informational from spatial and emotional harms, leaving their respective regulation fragmented. It excuses violations of privacy by removing protection from activities and knowledge deemed to be public. Jewish law protects privacy even in public and links spatial intrusion, information collection and use, and visibility. Jewish tradition suggests a move away from formal legal categories (inside versus outside the home; public versus secret) to a focus on behaviors that should be prevented and values that should be promoted. This move is particularly important in extending privacy protection to online spaces and new data contexts.
Third, Jewish law suggests that debates over national and state privacy legislation should focus on categorical rules and prohibitions—both architectural and behavioral—as the mechanisms for protecting privacy. Policies based on individual rights have been overtaken by technology. Objective approaches rooted in consumer or reasonable expectations face the danger of collapsing into technological determinism, as scientific advances alter understandings of what is possible and therefore anticipated. By contrast, categorical obligations mandating privacy-protective practices and behaviors provide a backstop against ever-increasing technological surveillance.
Finally, Jewish law embraces an important vision of the individual in society. Current regulatory regimes largely degrade a purported right to privacy into a procedural guarantee of largely ineffective notice about the collection and use of information and fictive consent to that use. Jewish law, by contrast, recognizes the power imbalances of such agreements, prohibiting the waiver of many privacy protections or requiring explicit waiver in the case of others. Moreover, it recognizes the ways that surveillance can modify behavior—inappropriately, in light of Jewish commitment to free choice. In particular, many Jewish mandates recognize that surveillance, and the judgments it allows others to make, can trap individuals in constraining narratives, inhibiting the fundamental Jewish value of teshuvah—personal growth and change. Through universally applicable, nonwaivable privacy protections in the service of free choice and growth, and its concept of the individual formed in the divine image and deserving a private life, Jewish law serves an “expressive” legal function.Footnote 27 In this sense, Judaism's regime of obligation may best reflect the aspiration toward a fundamental human right—“to which a person is inherently entitled simply because she or he is a human being.”Footnote 28
Framing a Jewish Privacy Project
In a similar moment of transformational intrusive technology—namely, the advent of photography—Samuel Warren and Louis Brandeis in 1890 performed a lasting feat of legal archaeology.Footnote 29 Alarmed by development of photography and “gossip-monger[s]” in the press who publicize “the facts relating to. . . [one's] private life, which he has seen fit to keep private,”Footnote 30 Warren and Brandeis mined common law for what they termed a principle of “inviolate personality”Footnote 31 to weave a coherent modern legal vision of privacy protection. This protection, framed as an actionable “right” of the individual “to be let alone,”Footnote 32 gave the individual authority to determine “the extent to which his or her written work, thoughts, sentiments, or likeness could be given to the public.”Footnote 33
Scholars, courts, and policy makers have debated the contours of this framing as well as the interests a privacy right should protect and the harms it should prevent. Commentators from many disciplines have documented the shortcomings of this approach in the face of the even greater technological rupture of the digital age. Yet the fundamental elements of the formulation—designating the individual as both the determinant of the contours of privacy and the mechanism for its legal protection—have wielded powerful normative and legal force for more than a century.
Jewish legal scholar Mark Washofsky has explained that reading Jewish law through the modern lens of privacy requires a kind of legal reverse engineering very much like that of Warren and Brandeis.Footnote 34 Indeed, the Jewish tradition lacks a distinct category that looks exactly like the privacy of Western law.Footnote 35 Much of the exhaustive legal archaeology, Washofsky notes, has been achieved by Nahum Rakover and others, whose monumental work gathers diverse sources to argue that what we now understand as privacy is an essential value in the Jewish tradition. These sources include the following:
1. The well-developed doctrine against hezek re'iyah (harm from seeing) and prohibitions on hezek shemiya (harm from hearing)—the closest analogs in the world of the Talmudic sages to surveillance. While this doctrine includes rules governing information collection, its initial mandates concern walls between neighbors’ properties and laws limiting doorways and windows in a shared courtyard to prevent persons from gazing into others’ domains.
2. The takkanah or “enactment” of Rabbenu Gershom (ca. 960–1028),Footnote 36 a famed medieval ruling that prohibits, among other things, opening mail belonging to another. Perhaps initially enacted to protect trade secrets, the takkanah has been applied to prohibit harvesting information from all kinds of personal communications.
3. A range of speech rules regarding what information about others—whether publicly accessible or not—may be shared. These rules include a biblical prohibition against talebearing (rekhilut), which has implications for both collecting and sharing information. Possibly compromising information about a person's background, family status, or religious status, even when known by some, is barred from public discourse.
While Rakover's work provides a remarkable resource for categorical redefinition, it does not seek to bring Jewish law doctrines into a united conceptual landscape. Jewish law is, in a sense, a conversation across generations, spurred by specific questions and cases but driven by jurisprudential dialogue across time and geography.Footnote 37 This legal discourse is grounded in the foundational texts of rabbinic literature—the Mishnah (ca. 200 CE) and, to a lesser degree, the Tosefta—though rabbinic sources ground halakhah in the Hebrew Bible. The discourse is developed further in the Babylonian Talmud (ca. 500 CE) and the Jerusalem Talmud (ca. 400 CE), which interpret the Mishnah and search for its legal, moral, and theological foundations.Footnote 38 Medieval Jewish authorities sought to systematize the various rulings in the Talmud, sparking a dialectic of codification and commentary that continues. These codes are complemented by responsa (called teshuvot in Hebrew)—rabbinic opinions about specific questions arising from historical situations of Jews. We draw on all of these strata of Jewish legal discourse.
We go further, however, in reading the Talmud and its interpretations in a broader narrative, ethical, and doctrinal context. In doing so, our goal is to develop a conceptual framework relevant not just for current Jewish legal interpretation but also for broader discourses about privacy in the face of widespread surveillance. Many Jewish law doctrines might appear to have analogues in Western jurisprudence, but their animating principles reveal very different understandings of the aim of privacy, possible harms to it, methods for protecting it, and the role of privacy in society.
We are thus hardly seeking to enact legislation based on these ancient and medieval sources.Footnote 39 Rather, the goal is to “think with” the sources of Jewish law, allowing them to enrich and challenge a liberal mindset that has neither the values nor the vocabulary to deal with contemporary threats to privacy. Rather than passive archaeology, this project is one of active construction.
We recognize that Jewish law originated in pre-Enlightenment social settings, reflecting different concepts of subjectivity. Translating Jewish jurisprudence to contemporary contexts involves drawing new paradigms from legal sources.Footnote 40 At the same time, not all jurisprudential strands can—or should—be brought into this dialogue. For instance, the category of tseniy‘ut (modesty and humility), provides one doctrinal basis for privacy that has also been mobilized as a force of oppression against women.Footnote 41 Moreover, Jewish law recognizes the negative implications of privacy.Footnote 42 Our project requires us to grapple with this legacy, reading the tradition with attention to potential pitfalls.
Yet the pre-modern roots of Jewish law permit us to mount a powerful challenge to paradigmatic hegemony. The Jewish legal tradition precedes liberalism and thus predates conceptions of the individual that undergird modern thinking about privacy, even as Jewish jurisprudence embodies a deep commitment to protecting individuals. We seek not to supplant liberalism but to present an ethical framework that can work within and enrich post-Enlightenment Western discourse. Moses Mendelssohn (1729–1786), a Jewish philosopher at the heart of the Jewish Enlightenment, understood these ideals: “every individual is obliged to use a part of his capacities and of the rights acquired through them for the benefit of the society of which he is a member.”Footnote 43
In that light, and acknowledging anachronistic aspects of rabbinic sources, we identify five pillars of Jewish law along axes that will nevertheless be familiar to contemporary concerns about privacy.
Five Pillars of Jewish Privacy Law
Pillar 1: Privacy's Framework
Jewish law views privacy as an element of a good society and protects it through reciprocal duties rather than through individual rights.
Dean William Prosser, in his foundational 1960 article, “Privacy,”Footnote 44 recounts a well-known origin story in the American privacy narrative: it was the “highly personal and embarrassing” public coverage of the wedding of Samuel Warren's daughter that motivated Warren to join Brandeis in locating a right to privacy in common law.Footnote 45 While this story is likely apocryphal,Footnote 46 the vision of a remedying “right to privacy” reflects certain understandings about the purpose of privacy and the potential harms that a right to privacy is intended to address.
As Priscilla Regan explains,Footnote 47 privacy has largely been defined as a civil liberty—in particular, an individual's right over against others and the state.Footnote 48 The emphasis of subsequent policy discussion, accordingly, “has been on achieving the goal of protecting the privacy of individuals rather than curtailing the surveillance activities of organizations.”Footnote 49
Scholars of privacy have identified a range of important values that privacy rights protect, including personal autonomy, emotional release, self-evaluation, and the ability to limit and protect personal communication.Footnote 50 Privacy helps us manage intimate relationships without interference and protects “our reading, our communications, and our expressive dealings with others.”Footnote 51 By contrast, the inability of individuals or entities to determine how information about them is used undermines their individuality and “core self,” exposing them to ridicule and shame and to the threat of control by others who possess their secrets.Footnote 52 Compounded by digital aggregation of information, such exposure threatens ongoing harm by limiting choices and permitting stereotyping.
Arming individuals with privacy rights can create profound social value by permitting “individual activities that contribute to the greater social good.”Footnote 53 Privacy, argues Ruth Gavison, is “essential to democratic government because it fosters and encourages the moral autonomy of the citizen.”Footnote 54 More broadly, Julie Cohen explains, “shelter[ing] dynamic, emergent subjectivity” can promote an “informed and reflective citizenship.” Freedom from surveillance thus promotes the “continuing vitality of the political and intellectual culture.”Footnote 55 Individual privacy, then, can be a vehicle for social welfare.
Even these accounts, however, perceive the social value of privacy as arising from the creation of a protected sphere of “individual interest and choice,”Footnote 56 framing privacy “in terms that emphasize separateness and self-interest.”Footnote 57 Individual privacy is conceived over and against societal intrusion: as a protective tool that individuals can marshal,Footnote 58 and as a value that must often yield to competing social interests.Footnote 59
The origin story of the Jewish understanding of privacy is far different. Regarding the doctrine of hezek re'iya (harms from seeing), the Talmud asks how such concerns arose. In answer, Rabbi Yohanan points to the biblical story of Balaam, a seer employed by the king of Moab who, though their enemy, delivered a divinely inspired blessing on the Israelites after he “lifted up his eyes” and “saw Israel dwelling tribe by tribe”Footnote 60 (Numbers 24:2). “What did Balaam see that inspired this blessing?” asks the Talmud. “He saw that the entrances of their tents were not aligned with each other . . . . And he said: ‘These [people] are worthy of having the divine Presence rest upon them.’”Footnote 61 The ancient Israelites structured their society to protect the privacy of the individual or familial unit. The openings of their tents were offset, preventing voyeuristic intrusion and passive or unintentional glances. Privacy was built in to the design of their communities.
If Warren and Brandeis's origin story rested on shielding individuals from paparazzi, Jewish privacy's narrative points to an ideal, even divine, social ordering that prevents visual intrusions.
Privacy as a Social Value
Grounding privacy protection in social ordering reflects a broader rabbinic understanding that the laws of damages are critical to a stable society. The Talmud refers to the order (or volume) of the Mishnah titled Nezikin (damages or harms) as the “Order of Redemption.”Footnote 62 A community that lives according to the moral principles and legal precepts of the laws of damages, say the rabbis, will be closer to God's vision. In more earthly terms, human beings flourish only when their lives and property are protected from harm.Footnote 63
The categorization of laws of hezek re'iya, moreover, suggests their nature. They are not included in the Talmudic tractate Bava Kamma, which discusses most forms of damage and their compensation. Rather, these laws appear in Bava Batra, a tractate that largely deals with zoning.Footnote 64 As Arye Schreiber describes, in its Talmudic form hezek re'iya constitutes rules “required for peaceful coexistence between neighbors, and as part of a system of laws enabling civilized urban living.”Footnote 65 Cities are meant to be livable, and the rabbinic sources seek to balance economic productivity with human flourishing.
Later Jewish sources further refine the question of “what privacy is for,” in Julie Cohen's words.Footnote 66 Moses Maimonides (1138–1204)—whose Mishneh Torah provided the first full post-Talmudic codification of Jewish law—included the laws of hezek re'iyah in his book of kinyan, which contains laws governing contracts and acquisitions and, more specifically, hilkhot shekhenim, the laws of “living as neighbors.”Footnote 67 Preventing hezek re'iyah, then, constitutes one of a variety of rabbinic laws setting up society “so that people can live together.”Footnote 68
Jurisprudence reflects a similar understanding of Rabbenu Gershom's ban on reading personal communications and the prohibitions against revealing information, even when it does not formally violate a trust.Footnote 69 As Rabbi Hayim Palagi (1788–1868), a jurist in Smyrna (present-day Turkey), explained, opening another person's mail not only constitutes thieveryFootnote 70 but also transgresses the biblical commandment to “love your neighbor as yourself” and its Talmudic interpretation, “that which is repugnant to you, do not do unto others.”Footnote 71 Surveillance is repugnant and distasteful and injures the social fabric.
Jewish Privacy's Mechanism: Multilateral Duties, not Individual Rights
Grounding privacy in neighborly love, behavioral reciprocity, and divine social ordering reflects the broader framework of Jewish law, which is structured around legal obligations (mitzvot) rather than rights. Warren and Brandeis's menace was intrusion into the personal sphere; their response was a defensive mechanism of individual rights. Jewish law's archetype is the end goal of a good society; its means are legal duties that mandate behavior and bind all citizens—both surveillers and the surveilled.
Approaching privacy from a vantage of obligations has certain important implications. As Robert Cover comments, “to be one who acts out of obligation is the closest thing there is to a Jewish definition of completion as a person within the community.”Footnote 72 “This conception,” Bill Eskridge explains, “provides a richer understanding of the relationship between the individual and the community than does liberal theory,” for “individual rights, without more, are a thin way to express or normalize” that relationship.Footnote 73 Thus, Cover continues, while a jurisprudence of rights possesses profound rhetorical heft “when the issue is restraint upon power,” it “has proved singularly weak in providing for the material guarantees of life and dignity flowing from community to the individual.” By contrast, “in a jurisprudence of mitzvoth [obligations], the loaded, evocative edge is at the assignment of responsibility.”Footnote 74
Judaism places the responsibility for privacy on all members of society, both potential privacy violators and those violated. This approach can be seen in rulings about collecting and sharing information. An oft-cited Talmudic passage expansively states that “anything told to another person is included [in the prohibition] of ‘do not tell’ until [the original speaker] explicitly says, ‘Go and tell it.’”Footnote 75 Later exegetes understood this to mean that information is meant to remain private unless stated otherwise.Footnote 76 Rabbi Yom Tov ben Avraham Asevilli (ca. 1260–1320) argues that even statements made aloud fall within the category of “do not tell.”Footnote 77
Similarly, the medieval ethical treatise Sha‘arei Teshuvah, attributed to Rabbi Yonah ben Avraham Gerondi (1200–1263), notes that revealing secrets can be intensely and inherently destructive. “One is obligated to conceal a secret that has been revealed to him confidentially,” even when revealing that secret would not technically violate the biblical injunction against talebearing or cause explicit harm.Footnote 78 The sources underscore that revealing any information meant to be private falls within a broader reading of the interdiction of talebearing in Leviticus 19:16. Even sharing positive information can have negative results.Footnote 79
The obligation to protect privacy, however, also falls on the individual whose privacy is to be protected. As Rabbi Yonah interprets, “If you see that a person does not rule over his spirit and does not guard his tongue against revealing secrets, even if exposing the secret does not count as talebearing . . . do not deposit your secret with him.”Footnote 80 The demands of tseniy‘ut, or privacy, require that one be exceedingly careful about how and with whom to share information. Individuals who cannot refrain from sharing are not to be entrusted with sensitive facts.
While contemporary jurisprudence places the remedy for privacy harms in the hands of individuals empowered to prosecute their rights, Jewish law understands that the responsibility for privacy is nested in a vision of society and a constructive fabric where all individuals have obligations to self and to community. This is not to say that Jewish privacy is not focused on individual harms or lacks a vision of the individual; to the contrary, the whole community is responsible for upholding the dignity of the individual. Privacy is a mutually constructed dimension of society, necessary for individual flourishing.
The Value of Tseniy‘ut (Privacy)
The sense of multilateral obligation of all citizens to preserve privacy is reflected in the universal moral value of tseniy‘ut —the moral core of privacy.Footnote 81 While that word and its cognates are used in modern Hebrew by many Jewish law scholars to translate the English word privacy, its historical meaning in the sources evokes the particular nuance of a divinely inspired demand for personal humility.
Definitions of tseniy‘ut as privacy, humility, quietness, concealment, and lack of ostentatiousness have roots in biblical verses. Micah 6:8 defines “what is good, and what God requires of you: only to do justly, and to love mercy, and to walk humbly (hatsene‘a) with thy God.” Proverbs 11:2 states, “When arrogance appears, disgrace follows, but wisdom is with those who are unassuming (tsenu‘im).” Both verses underscore a sense of studied modesty as the inverse of haughtiness and pretentious displays of achievement or piety. Jewish commentators on these verses accent the personal, individual dimension of the root tsana‘ to refer to an ethical modality of interior devotion and piety contrasted to public or external exhibitions. Similarly, Rabbi Shlomo Yitzchaki (1040–1105), the preeminent eleventh-century French biblical commentator, associates the shattering of the first tablets of the Ten Commandments to the fact that they were “given to an assembly along with noise and voices.”Footnote 82 Rabbinic sources and mystical teachings note that only individuals who demonstrate the quality of tseniy‘ut by practicing thoughtful discretion are permitted to receive certain religious secrets.Footnote 83
Talmudic sources use words related to the Hebrew tseniy‘ut or the Aramaic tseniy‘uta to refer to ordinary acts that demand privacy.Footnote 84 They extoll the greatness of religious deeds performed in hiddenness, not immediately attributable to the performer.Footnote 85 Rabbinic sources also apply the term to those who behave ethically by going beyond the letter of the law or being extremely conscientious in religious obligations.Footnote 86 One passage applies the term to pious individuals who “cover up” (matsni‘im) materials potentially damaging to others—in this specific case, thorns and broken glass, an illuminating physical analog for the demand to cover up what should be concealed.Footnote 87
According to the prominent twentieth-century rabbi Joseph Dov Soloveitchik, tseniy‘ut is an act of imitatio dei:
[T]he Sages taught (b. Pesahim 50a), the most sacred [divine] name is concealed. This is the blessed Holy One's quality of tseniy‘ut. He dwells in concealment, hidden in darkness, and for this reason gazes from amid the lattices. He hides Himself from His world . . . concealed from everything and not revealed in public before the eyes of all. And this comportment is a kind of piety, of which this tseniy‘ut is part. All the sages of Israel conducted themselves with this quality. . . . And so it was with all the great people of Israel—the tannaim, the earlier and later authorities—the study of Torah took place before all in public, but their private lives, the better for them to be private (tsanua), like the qualities of the blessed.Footnote 88
Soloveitchik even linked this theological quality to modern privacy protection, concluding that, in light of the doctrine of tseniy‘ut, “the idea of publishing announcements in the newspapers and the notion of publicity—all of this is totally against the outlook of Judaism.”Footnote 89
Framing tseniy‘ut as a universal and divine value undergirds much of Jewish legal doctrine discussed below. Promoting tseniy‘ut is the end goal. Thus, Jewish law imposes detailed obligations on potential surveillers but also mandates certain behaviors by individuals to protect their own privacy. These obligations are, generally, not waivable or contingent on the intent of the intruding party, the use of information collected, or case-specific assessment of damages.
Pillar 2: Privacy Harms
Jewish law understands (and links) the inherent harms of visual intrusion, eavesdropping, and information collection and dissemination.
Even as scholars struggle for a language that comprehends the depth and scope of privacy harms, the law's contemporary grammar of injuries remains impoverished. To be sure, existing legal claims comprehend the core dignitary harms of embarrassment, shame, and emotional distress. Commentators and regulators have expanded the list of privacy wrongs to include loss of control of one's own public presentation through appropriation of personal information,Footnote 90 as well as violation of expectations about social and transactional normsFootnote 91 and the “creepy” feelings that may result.Footnote 92
Yet scholars have also identified ways the law fails to recognize the corrosive effects of technological advances—notably, the “dehumanizing effects”Footnote 93 of aggregating personal information into databases, the way pervasive surveillance changes the human experience and human choice by turning the “subject” into an “object,”Footnote 94 and the ways such aggregation can lead to categorization of individuals and increase the power of others over them. Contemporary privacy protection has been particularly cramped by requirements that—even when regulatory norms have been violated—those wronged fall into certain categories, such as consumers in financial relationships,Footnote 95 or must demonstrate specific concrete and familiarly cognizable harm.Footnote 96 Jewish privacy law operates differently in two ways. First, reflecting its understanding of privacy as a divine value rooted in social welfare, and its use of a network of duties to protect this value, Jewish law is more capacious in comprehending how privacy invasions harm both individuals and social relations. Jewish legal sources and their background narratives capture the devastating combined effects of the intertwined activities of surveillance, information collection, and information use and dissemination.
Second, as a doctrinal matter, Jewish law seeks to prevent privacy harms through categorical commands and prohibitions; it considers a violation of those rules as harmful per se. Its prohibitions do not require additional proof that violating them would cause specific demonstrable harm. In this sense, Jewish privacy law operates similarly to the common-law tort of physical trespass, which constitutes harmful behavior even when no damages ensue.
The Jewish Articulation of Privacy Harms
Sources identify a related cluster of harms to be avoided through privacy protection. Nahmanides, a leading thirteenth-century Talmudic commentator, presents an influential listing of three intertwined values that explain why hezek re'iyah falls into the legal category of “interpersonal harm.”Footnote 97 Not surprisingly, he lists the promotion of tseniy‘ut —the divine value of discretion and humility—as a key driver of the laws of hezek re'iyah. A principal harm from seeing, then, is the denigration of that ideal.
Yet Nahmanides also identifies two additional harms that provide a framework for the Jewish understanding of privacy more broadly. First, he explains that the damage from seeing implicates the “evil eye” (‘ayin ha-ra‘), suggesting inherent harms of illicit looking. Second, he states that illicit looking leads to “wicked speech” (lishna bisha), pointing to the logical consequences of seeing: the harmful sharing and use of information.
Associating these distinct but interrelated dangers brings together discussions from the entire range of Jewish privacy doctrines. It explicitly links the harm of intrusive behavior with the use or sharing of information that the intruder gains. Below, we explore further the intertwined harms wrought by these behaviors.
The Inherent Harms of Privacy Invasions and Information Collection
Nahmanides's first harm of the “evil eye” points to the inherent injury of the transgressive gaze. The evil eye in Jewish tradition often evoked untoward demonic forces, a framing taken seriously by medieval commentators. At the same time, the concept provides contemporary readers a forceful understanding of the harm from surveillance—both to the object of the gaze and to the transgressor.
At the core of the notion of the evil eye is that visual surveillance (even an ill-timed glance) can alter the attention focused on its object and the information gleaned thereby.Footnote 98 The penetrating power of another's gaze may be piercing and deeply unsettling for the surveilled individual. The evil eye, moreover, can enhance jealousy and negative feelings in the watcher. Some medieval sages represented the hurt caused by the evil eye as a negative energy emanating from a person's gaze.Footnote 99
The noted Lithuanian Talmudist Rabbi Ya‘akov Yisrael Kanievsky (1899–1985), identifies more specifically two elements of the harm to the “watched”: bodily or personal damage and property damage.Footnote 100 Harm to the person is manifest when one individual observes another engaging in private matters and embarrasses the surveilled party. Examining the nature of that injury, he discusses the consensus legal rule that someone observed in their courtyard or home is by definition harmed, because they cannot help but do personal things in those areas. Where private activities are unavoidable, visual intrusions inherently involve “bodily” harm. This understanding, moreover, leads to “property” damage. Knowing that one will be watched, Kanievsky writes, one cannot fully enjoy the physical space. Visual trespass damages surveilled property and results in one of two eventualities. Either the surveilled party will feel deeply uncomfortable whenever they step foot into that space even to use it for innocuous—though private—pursuits. Or, alternatively, they will refrain from using it and thus modify their own behavior in an attempt to avoid the surveillance, dramatically reducing the use of one's own property.
Kanievsky reflects the historic understanding that surveillance changes both human emotions and behavior. This understanding is reflected as early as the Talmud, which ruled that one may not sleep in the same room with a married couple on the grounds that the presence of a voyeur or eavesdropper would alter their behavior, preventing the conception of future children and otherwise harming the intimacy necessary for a healthy marriage.Footnote 101
Foundational jurisprudence derived similar understandings about the inherent harms of privacy intrusions from a different doctrinal source: the biblical commandment against talebearing. Both Maimonides and Nahmanides agreed that a person who transgresses that prohibition (a ban on information sharing) is someone who actively seeks to collect information.Footnote 102 As Rabbi Ya'akov Hagiz (1620–74) explained, the biblical interdiction against talebearing prohibits seeking out another person's “private matters.”Footnote 103 The prohibitions do not pivot on the use of that information or resulting harms from gossip or slander.Footnote 104 Simply collecting information is a problem—even if it has not been entrusted as a secret and is not communicated to another.Footnote 105 In this vein, many Jewish sources counsel avoiding places where one might hear secrets.Footnote 106
Whether in doctrines about seeing, information collection, or information sharing, Jewish law understands harms to commence at the moment when one might begin to see or gather information about another.
Consequent Harms of Privacy Invasions: Sharing and Use of Information
The second type of harm from seeing that Nahmanides recognizes—wicked speech (lishna bisha in Aramaic, or leshon ha-ra in Hebrew)—extends the harms of privacy intrusions to their behavioral consequences. While ‘ayin hara points to the harms of watching and collecting knowledge about individuals, lishna bisha points to the consequent negative potential: the spread of private or personal information, a damaging act even when the information is true.
The sources comprehend a variety of harms from sharing information about others. Fundamentally, Rabbi Yonah Gerondi notes, revealing someone else's information inherently injures that person's ability to live consistent with divine value of tseniy‘ut: it “is a departure from the way of privacy, and [the sharer] transgresses the will of the secret's owner.”Footnote 107 Moreover, Gerondi notes, revealing information damages the owner of the information, “for it frustrates his plans, as it says, ‘plans are frustrated when not kept secret’ (Proverbs 15:22).”Footnote 108 Even when the information disclosed is not sensitive, its revelation is a form of damage precisely because it changes behavior and prevents autonomous decision making.
The harms of evil speech were codified by Maimonides, who defined the biblically prohibited activity of talebearing as the collection and spreading of information, even true information, from person to person. Indeed, Maimonides defined leshon ha-ra as anything that “causes damage to his friend's body or property, or even to cause him anguish or fear.”Footnote 109 The true harm Maimonides perceived from the spread of information was dire; he likened the human toll of leshon ha-ra to deathFootnote 110
The association between talebearing and murder arises frequently in the sources from the juxtaposition of the two prohibitions in the same biblical verse. “[G]reat is concealing a secret,” one Midrash notes, “for one who reveals another's secret it is as if he has spilled blood, as it says ‘do not go as a talebearer [and do not stand by the blood of your brother]’” (Leviticus. 19:16).Footnote 111 The Talmud reinforces the link between talebearing and murder by a number of well-known stories that caution against indiscrete information sharing. One tells of three famous sages debating the virtues—and evils—of the Roman occupation of Palestine.Footnote 112 One of them, Rabbi Yehudah ben Gerim, related the contents of the conversation to his family, and eventually the information got back to the Roman government. One of the sages who had remained silent was exiled, and another was marked for death by the Romans. Thus, sharing sensitive information can have catastrophic results.
Another narrative recalls a story about Rabbi Yohanan and Resh Lakish.Footnote 113 The latter had been either a gladiator or a highway robber but had changed his ways and become an accomplished Torah scholar, and the two had become intellectually inseparable study partners. During a heated debate over the point at which weapons may become ritually impure, Rabbi Yohanan remarks, “A robber knows his tools”—bringing up uncomfortable information about Resh Lakish's past. This quip is evidently too much, and Resh Lakish dies.
Even when past deeds are publicly well known, revealing them can cause metaphoric death—their harm is manifest in the power to undo personal transformation. Rabbi Asher ben Yehiel (1250–1327) wrote that “even the things that have been spoken before you not in the way of a secret, hide them away in the walls of the heart. If you hear them from another, do not say, ‘I heard such a thing.’”Footnote 114 Maimonides underscores the destructive nature of collecting nonsecret information in his definition of a person who violates the biblical commandment against talebearing: “One who loads himself up (to‘en) with words and goes from place to place, and says, ‘thus said so-and-so, and such have I heard from so-and-so.’ Even though it is true, this destroys the world.”Footnote 115 Prohibited talebearing, then, involves “loading up” (to‘en) on truthful, nonsecret information—to'en being the same Hebrew word used for laying a burden upon an animal. Simply seeking out truthful nonsecret information, collecting and aggregating data, is harmful and prohibited.
Categorical Rules: No Required Showing of Specific Harm
In addition to identifying two types of harms wrought by seeing—bodily/personal damage and property damage—Kanievsky identifies a third important aspect of hezek re'iya doctrine: under rabbinic law, those obligations are enforceable as categorical prohibitions (issura), without a required showing of specific damages. Individuals are universally obligated, for example, to erect sight-limiting fences. This requirement, Kanievsky explains, arises from the obligation to save oneself from sin, since it is forbidden to gaze upon what your friend owns.Footnote 116
This understanding draws on a long jurisprudential tradition that categorically prohibits privacy intrusions. There is no shi'ur, or threshold amount of damages, necessary for visual trespass,Footnote 117 because, as Nahmanides explains, “the eyes are like arrows,” and even a tiny invasion shatters personal well-being and tears at the societal fabric.Footnote 118 Incidental and unintentional gazing into the private domain of another is forbidden,Footnote 119 because it is like theft,Footnote 120 and care must be taken to avoid such intrusions.Footnote 121
Jerusalem-born Rabbi Hayim David Azulai (1724–1806) underscored that the laws of hezek re'iyah are not bound by usual limits of traditional tort law, including a showing of damages. He quotes rulings that if two parties establish buildings with facing doors or windows at the same time, then the mutual injury is not legally actionable because both parties have equal claims and liabilities. But, he notes, this arrangement is still prohibited by the laws of hezek re'iya. At heart, the very idea of hezek re'iyah is not solely about actionable tort to remedy individual harm—it is about sanctity, about moving away from licentiousness, about invitation to the dwelling place for God.Footnote 122
Absolute behavioral prohibitions also characterize the ban on reading others’ communications. Rabbi Hayim Palagi (1788–1868) makes clear that reading another's mail is prohibited even when the information is not spread further, and even when tradition does not mandate monetary restitution for damages.Footnote 123 The very act of data extraction is prohibited: even one who receives a letter from a friend may not reveal the words of the letter to others until being told explicitly that you may share.Footnote 124
In the words of Tzvi Hirsh Spitz, a modern rabbinic scholar: “This prohibition [of reading others’ mail] exists even if the reader does not take the papers into his own custody[, or] does not intend to use the information . . . for his own personal needs or to pass it on to third parties.” Applying Rabbenu Gershom's ban on reading another person's mail to spoken communications, Spitz continues: “This prohibition [against eavesdropping] applies even if knowing the information does not cause any damage to the speaker or listener.” Matters are worse if the eavesdropping causes monetary damage to the speaker or reveals personal information about the speaker.Footnote 125 Reading another person's mail—or eavesdropping on conversations—is absolutely forbidden.
The upshot of these rules is captured by nineteenth-century Rabbi Eli'ezar Papo in the Pele Yo'ets. He explains that, while the prohibition against reading communications certainly protects trade secrets or business practices, such intrusion constitutes theft even when no financially sensitive information is present. There “are many kinds of intellectual thievery,” he writes, but the “essential principle” of the law “is that one who strives to know that which abides in another's heart, in various matters, in such it is [also] called genavat ha-da'at [the theft of ideas],” and reading another's communications for that purpose is illegal.Footnote 126
Pillar 3: Privacy's Meaning
Jewish law rejects expectations and technological determinism as metrics of what should be protected.
The first two pillars of Jewish privacy law reflect how it differs significantly from U.S. privacy law. Framing privacy as societal obligations rather than as a personal right leads to a system of duties that make the meaning and enforcement of privacy less subjective. Yet Jewish law also rejects contemporary analyses that ground a social component of privacy in objective expectations as the metric for privacy.
While much contemporary discourse sounds in the register of the individual, some scholarship has pointed to the role of society in defining privacy, its doctrine, and its possible harms. Notably, Robert Post has located important “social foundations” in privacy torts.Footnote 127 Drawing on the work of sociologist Erving Goffman, Post sees privacy torts as examples of “rules of conduct which bind the actor and the recipient together” and constitute “the bindings of society.” In particular, privacy tort “safeguards rules of civility that in some significant measure constitute both individuals and community.” Quoting philosopher Jeffrey Reiman, Post explains that “privacy is an essential part of the complex social practice by means of which the social group recognizes—and communicates to the individual—that his existence is his own.” The domain of privacy torts is mapped by social norms “that govern the flow of information in modern society.” Those variable norms reflect customs and usages—what the “reasonable man” would expect, rather than “‘objective’” facts of visibility, secrecy, anonymity, and solitude. For Post, the right to privacy inheres in an individual's ability to “press” or “waive” societally defined boundaries, a power critical to the individual's sense of autonomy.Footnote 128
Helen Nissenbaum expands on Post's insights regarding the social context of privacy. For Nissenbaum, understandings about privacy arise in particular social settings, or “institutions,” shaped by roles, relationships, power structures, and enforcement mechanisms. Such understandings can change as culture, society, and technology change. Nissenbaum posits that “we have a right to privacy, but it is neither a right to control personal information nor a right to have access to this information restricted.” Rather, privacy is “a right to live in a world in which our expectations about the flow of personal information are, for the most part, met”—expectations shaped by confidence that the flow accords with “key organizing principles of social life, including moral and political ones.”Footnote 129
Post's description of privacy as a means to maintain rules of civility and the obligations that community members owe each other has important resonances with the Jewish approach. Nissenbaum's shifting of the focus from individual control of information to the mutual support consonant with moral and political life resonates even further.
Yet Post's conclusion takes him in a different direction. A jurisprudence rooted in “the customs of the time and place,” he laments, points to the “fragility of privacy.” While privacy can exist “where social life has the density and intensity to generate and sustain” rules of civility, it holds little power when social and technological transformation upends expectations. Nissenbaum, too, recognizes the contingency of expectations on technological change. In the end, Post's account converges with Vint Cerf's narrative of privacy contingent on technology, social context, and architecture.
Jewish law, by contrast, rejects a notion of privacy as determined by technological capacity and the expectations it fosters. Instead, Jewish rules reflect stable commitments in the face of architectural choices and shifting expectations. A millennium and a half before Lawrence Lessig highlighted the capacity of physical and digital architecture to regulate,Footnote 130 and policy makers adopted it as a tool for governance “by design,”Footnote 131 Jewish law embraced design purposefully to protect privacy. Indeed, the entire doctrine of hezek re'iyah is derived from zoning rules and building codes.
Yet Jewish law goes further. It rejects technological determinism and affirms duties among both watchers and the watched to protect privacy even when architecture would make intrusions technically possible.
Below, we discuss two doctrinal examples to illustrate this point: the specific rules of hezek re'iyah and the related doctrine of “harm from hearing” (hezek shemiyah); and the rejection of hazakah, or “preexisting conditions,” as a defense for not performing privacy obligations.
Hezek Re'iyah Doctrine's Design and Behavior Obligations
Designing for Privacy
From its inception, Talmudic privacy law embraces architecture as a tool in service of privacy. The Talmudic tractate Bava Batra, which develops the law of hezek re'iyah, begins with a discussion of a Mishnah setting forth a straightforward building law: “Partners who wish to make a partition in a [jointly held] courtyard,” the Mishnah rules, must “build the wall in the middle [of the space].”Footnote 132 The Talmudic interpretation of this Mishnah specifically links the rule to privacy concerns. It concludes that a wall dividing a commonly held area must not only demarcate space but also prevent visual intrusion. “This implies,” the Talmud concludes, “that hezek re'iyah is hezek [cognizable harm].”Footnote 133
From this design requirement, Jewish law defined visual intrusions as a category of legal injury. As the medieval scholar Rabbi Yaakov ben Asher (1270–1340), summarized: “The law is that hezek re'iyah is indeed damage. Therefore, two people who share a courtyard . . . may force one another to divide it and even to build a partition between them so that they cannot look upon each other's property.”Footnote 134
The Talmud continues by explicating another Mishnah: “One may not make a window that opens toward a jointly held courtyard. . . . One may not open an entrance opposite [another person's] entrance, nor a window opposite a window, in a jointly held courtyard.”Footnote 135 Maimonides explains: “[t]he reason for all of this is to prevent one person from looking at the other.”Footnote 136
The Talmud applies the rule not only to a courtyard but also to places where it is customary to erect walls, such as around a garden. An exception is possible: “in a valley where there is no custom to build a wall, one cannot be obligated.”Footnote 137 Later commentators, however, make clear that privacy trumps custom. Although walls are not required in a valley, where interaction may be infrequent and the terrain may limit sight, custom is no defense against categorical building duties where people live alongside one another. Rabbi Moshe Isserles (1530–1572), the most influential legal codifier for much of European Jewry, ruled that “even when a city has a custom not to build [a wall], we do not follow it and we compel [them] to build it.”Footnote 138
Behavioral Mandates in the Absence of Design
While architecture is a key tool for protecting privacy, Jewish law makes clear—contrary to Vint Cerf's suggestion—that although physical design may allow visual intrusions, that alone does not justify surveillance. Jewish law imposes both affirmative duties and prohibitions to prevent visual trespass. The Mishnah and Talmud both hold that one is prohibited from keeping open a window (which, of course, is built to be openable) that allows for an unobstructed line of sight into another's home.Footnote 139 The legal code Shulhan ‘Arukh ha-Rav, printed posthumously from the writings of Rabbi Shneur Zalman of Liady (1745–1812), the founder of Chabad Hasidism, explains, “[I]t is forbidden to open an opening or a window set against the window [of another person]. . . . Even if both of them are happy [with this arrangement], it is forbidden since it violates the quality of tseniy‘ut for another person to observe his deeds throughout the entire day.”Footnote 140 Architecture should reflect not only the subjective experience of persons but the communally and societally held virtue of tseniy‘ut as the ideal.
Moreover, Shneur Zalman continues, one cannot take advantage of a lack of architectural barriers to visual intrusions. In their absence, one must adjust behavior: where architecture does not offer privacy, looking is still prohibited. These prohibitions are quite expansive: “There are those who say that one must take care not to stand against (the opening) of another's home or courtyard and gaze into it with even an inconsequential glance that is totally unintentional and not an attempt to know his friend's business. Rather, one should turn aside his face when he stands next to (the opening) of his friend's house so that his friend will not suspect him of intending to look in and find out his business and become like a thief, since there is no [other] reason for him to be looking in.”Footnote 141 Shneur Zalman recalls the evil eye as a damaging force on objects, people, or property when undue or illicit attention is paid to them. But all private matters deserve protection against intrusion. We should assume that persons wish to have their conduct remain out of sight. Simply gazing upon a person's conduct in their home is already unwelcome and harmful.
A parallel phenomenon is reflected in the law of hezek shemiya'h (harms of listening).Footnote 142 That doctrine imposes architectural and behavioral obligations on both the listener and the speaker. It demands that walls be built between private spaces—that is, that technology and architecture must be marshalled for privacy. But it also recognizes that architecture will not prevent all the harms of overhearing—walls need not be built so thick as to be entirely soundproof. Thus, speakers have a duty to speak in normal tones,Footnote 143 and hearers a duty to avoid listening.
Finally, Shneur Zalman explains, even anonymity of the person viewed cannot excuse the harms of visual intrusion. It makes no difference whether one knows the identity of the one seen, or whether the one seen knows that he or she is being viewed. The prohibition remains even if the voyeur is seeing the back of an unmarked house. Even in the example of total anonymity—the very technology that Cerf posited is the modern handmaiden of privacy, presumably because it permits watching without identification—watching is prohibited. Hezek re'iyah remains problematic and equally prohibited whether or not the surveillor or the surveilled knows the identity of the other.
Preexisting Conditions Are Not a Defense against Privacy Duties
Jewish law rejects expectations that “facts on the ground” determine when privacy should be protected, and it also rejects a hazakah, or “presumption,” in favor of preserving preexisting conditions—somewhat akin to the old common law “coming to the nuisance” doctrine.Footnote 144 Explaining this rejection, Nahmanides compares harms from seeing to smoke damage and the smell of a nearby latrine.Footnote 145 In those contexts, a presumption in favor of preexisting conditions applies only when nuisances do not impose bodily or personal harms. Because protecting tseniy‘ut is analogous to preventing personal harm, the historic absence of a protective sight wall cannot be excused, and the duty to take steps to prevent harms from seeing is not waived. As Rabbi Meir Abulafia (1170–1244) explained, “it does not matter if there is a [preexisting] custom to exempt one party; even in a place where the custom is not to set up a fence he is obligated, since there is also a [categorical] prohibition.”Footnote 146 The connection between smoke damage, the smell of a latrine, and hezek re'iyah is drawn even more tightly in Maimonides's code: “The four kinds of damages described in this chapter—smoke, the smell of a latrine, dust and things like it, or shaking of the ground—there is no hazakah for any of these. . . . And so, too, with hezek re'iyah in a place that requires a wall, we force him to make a wall anytime he wishes, as we have explained. Why are these damages singled out from the other kinds of damages? Because a person's mind cannot handle these sorts of damages; one is assumed not to forgive them, since the damage is constant.” Paralleling other doctrines recognizing the reasonable limits of design as a regulatory tool, the sources discussing a hazakah for hezek re'iya emphasize both architectures and behaviors as levers for protecting privacy.
Authorities do agree that a hazakah might permit one to keep a preexisting window, even if it allows one to surveil another.Footnote 147 Windows have multiple uses—they allow one to see outside but also permit light to enter, and the law should not demand that everyone sit in the dark. Therefore, in select cases one might be able to claim a hazakah as a defense against being forced to close one's light source.Footnote 148
Yet the absence of architectural barriers does not end the matter; for even if someone is not compelled to cover up their damage-permitting window or door, this does not give them carte blanche to surveil.Footnote 149 Many medieval authorities note that even if a window is allowed to remain, looking into another's private property is still forbidden.Footnote 150 Rabbi Moshe Isserles confirms this ruling in his comments to the Shulhan ‘Arukh.
Pillar 4: Privacy's Conception of the Individual
Jewish law posits the inherent dignity of every individual, recognizes that surveillance may constrain free choice by modifying individual behavior, and creates space for individual transformation.
As the sources reveal, grounding Jewish privacy as a building block of a good society does not exclude the individual from focus. Rather, the language of obligation in lieu of individual rights establishes a social system that protects the dignity of each individual and places the burden on the community for that protection. To be sure, the Jewish approach rejects, in Robert Cover's words, a baseline where “the first and fundamental unit is the individual and ‘rights’ locate him as an individual separate and apart from every other individual.”Footnote 151 But because its ultimate aim is universal “material guarantees of life and dignity flowing from community to the individual,”Footnote 152 the Jewish approach offers a robust vision of the humans who comprise the community, and the substance of the dignity they should be accorded.
Three elements of relevant Jewish law convey important messages about the individual: (1) the doctrine disfavoring waiver of privacy protection or consent to privacy intrusions, which reflects a commitment to both human dignity and the prevention of exploitation; (2) belief in the possibility of individual growth and change (teshuvah) and the use of privacy law in facilitating it; and (3) commitment to free will and individual choice, balanced with a vision of the individual in society. Together, these elements underscore a commitment to universal and equal application of privacy protections, a refusal to ratify power imbalances, and a grounding for individual choice and change.
Limiting Waiver and Consent
The Doctrine of Mehilah (Forgiveness or Waiver)
The doctrine of “forgiveness” (mehilah) governs the extent to which individuals may waive privacy protections or consent to sharing their information with third parties. While consent, consistent with “informational self-determination,” plays a significant part in contemporary privacy and data protection law,Footnote 153 Jewish law views an individual's ability to waive protections with far more skepticism.Footnote 154
Jewish law recognizes the importance of behavior in determining whether a domain, communication, or piece of information should be deemed protected in the first place. Acts consistent with participation in society, such as inviting another into one's private or business space, communicating with others, or sharing information widely, can alter the otherwise private nature of information. Based on a biblical text in which God “called unto Moses” before speaking to him from within the Tent of Meeting, Jewish law demands that consent be required to enter someone else's property.Footnote 155 While the law puts numerous restrictions on what types of information may be shared, the Talmud cautions that one should assume a statement uttered before three people will travel farther.Footnote 156 Yet, while the doctrinal contours vary by context, on the whole Jewish law restrains—and sometimes prohibits altogether—the ability of individuals to waive obligations to protect their privacy.
The most categorical precedents against waiving privacy protections arise in the context of hezek re'iya Footnote 157—even when parties are understood to clearly wish to waive obligations. Rabbi Shlomo ben Aderet ruled that “even if one explicitly forgives [the right], it has no effect, since one can say ‘I thought I could accept it but I cannot.’”Footnote 158 Rabbi Joseph Karo (1488–1575), citing Shlomo ben Aderet and Nahmanides, explains, “Even if the injured party forgives and suffers, we say to the owner of the window it is forbidden for you . . . , since every moment that you gaze upon him and damage him with your sight you transgress, and you cannot always guard yourself from looking.”Footnote 159
Thus, one cannot consent to being the possible subject of constant surveillance. One reason is societal: the desire of Judaism to create a good society, a sacred society, in which privacy is a value reflected in communal organization and its architecture. Another reason reflects the promotion of appropriate behavior; even if the injured party—the surveilled individual—disavows any claims to remuneration, the surveillor would still be behaving improperly. Finally, though, it is about one's fundamental obligation to comport oneself with tseniy‘ut. Where the level of surveillance makes that impossible, the obligation to protect tseniy‘ut is, according to many Jewish sources, inalienable.
The sources’ treatment of consent to information sharing and use is more complicated. The waivability of privacy protections depends on whether sharing and use of information would violate the lodestar value of tseniy‘ut. Rabbi Yisrael Meir Kagan (the Hafetz Hayim, 1838–1933), for example, distinguishes between consent to reveal financially damaging material, on one hand, and potentially embarrassing information on the other. While one may, in theory, consent to revealing information that may damage one's fiscal position, one may not consent to releasing discomfiting data, even when it relates only to them.Footnote 160
Finally, the question of waiver applies differently to reading letters. While Ya'akov Kanievsky evidently ruled that the recipient may grant permission to a third party to read a letter,Footnote 161 contemporary Rabbi Shammai Gross limits that ruling to contexts in which sharing the letter's contents would cause no harm—and no aggravation—to the author.Footnote 162 He derives this conclusion from the enactment of Rabbenu Gershom, from the Talmudic discussion in Yoma 4b prohibiting sharing information that one has not been explicitly allowed to share, and from Maimonides's formulation of rekhilut (talebearing) as sharing anything that causes bodily or monetary damage or discomfort. In those contexts, it remains forbidden for a third party to read unless both the author and the recipient have explicitly granted permission.
Moreover, the law limits inferring waiver from behavior. While the early modern Rabbi Moshe Rivkas (1591–1671) ruled that a letter thrown into the garbage may be read by an individual other than the intended recipient,Footnote 163 this ruling has been disputed in modern times on the grounds that throwing something into the trash cannot be considered explicit consent for its exposure to the public. Rabbi Gross notes that communication released to the public is obviously no longer considered private, but that throwing a letter into the garbage does not constitute release to the public precisely because “it is not the way of people to search through garbage.”Footnote 164 All the more so if the letter has been shredded or destroyed to impede reading. Finally, he notes that it is forbidden to read unenclosed letters—for instance, postcards—since, although the sender may assume that postal employees will read them (and keep the information private), there is no reason to believe that the sender intended for anyone else to do so.
Understanding Waiver Doctrine's Implications for the Vision of the Individual
Reading strict Jewish rules of privacy waiver and consent against the backdrop of several broader Jewish doctrines offers important understandings of the tradition's view of the individual and their relation to privacy. Two doctrines focus on the inherent worth and value of the individual: the notion that each human is created be-tselem Elohim (in the divine image), and the related notion of kevod ha-beriyot (inherent human dignity). These concepts make tseniy‘ut such an important value that guaranteeing it to each individual is central to Jewish understanding of appropriate human existence.
The notion of privacy as tseniy‘ut reflects both a foundational human obligation and a foundational tenet similar to an inalienable human right.Footnote 165 The attempt by Jewish authorities to anchor teachings on privacy in biblical doctrines gestures in this direction; it highlights reciprocal responsibilities between two parties as mutually oriented displays of dignity and compassion.
But Jewish law is a theologically inflected system of nomos, and the link between tseniy‘ut and the inherent value of human life leads to sources that consider privacy through the lens of imago dei, the human being's creation in the image of God.Footnote 166 Jewish tradition (perhaps strangely) grounds the notion of imago dei in the biblical prohibition against leaving the body of an executed criminal on display (Deuteronomy 21:22–23). This proscription, writes legal scholar Yair Lorberbaum, is rooted in belief that “the human being who is created in the [divine] image represents a kind of extension of the divine, and therefore its desecration and violation of the image is that of the divine itself.”Footnote 167 The notion that leaving a human body in public view is a desecration has evocative implications for surveillance of those still living.
Nahum Rakover attempted to ground Jewish thinking on privacy in this conception of humanity as created in God's image, although Aryeh Schreiber notes that “Rakover does not substantiate the claim that this is the basis for the alleged right to privacy.”Footnote 168 Schreiber is at least partially correct, but one need not root Jewish privacy entirely in the imago dei to appreciate its usefulness in a broader cluster of doctrines and ideas counseling for strong protections.
Schreiber and Mark Washofsky instead look to the Jewish doctrine of kevod ha-beriyot, perhaps best translated as “human dignity,”Footnote 169 to undergird a privacy ethos centered on the inherent worth of the individual. Schreiber notes that “insofar as privacy received some form of broad protection, it was human dignity that was being protected, and privacy was protected when its violation was also a violation of someone's dignity.”Footnote 170 This value is occasionally described in Jewish legal sources as one so important that an individual is allowed to violate a precept of the Torah in order to preserve human dignity.Footnote 171
Jewish sources braid together imago dei and kevod ha-beriyot, seeing human dignity as rooted not solely in societal conceptions of honor but in the inherent worth and singular power of each human being.Footnote 172 Like the value of tseniy‘ut, the individual does not have the right to forgive or waive this inherent sacred sense of worth and dignity that the doctrines of privacy are meant to safeguard. Even without accepting the theological premises of rabbinic law, such focus on individual inherent worth as the locus of privacy discourse has much to offer American legal thinking on this subject and on human rights more broadly.Footnote 173
A third doctrine points to a different principle behind limiting waiver: preventing individual exploitation by taking seriously the power imbalances that can plague agreements about “consent.” As Shahar Lifshitz notes, Jewish law does not recognize as enforceable “oppressive contracts”—those with difficult or unconscionable terms or arising from unequal bargaining power.Footnote 174 In the context of privacy and consent, Mark Washofsky understands the doctrine to allow a waiver only between two equal parties; without equal power, one is not mohel—that is, one does not have the legal capacity to give away the right to be protected from illicit surveillance or data gathering.
In this light, forcing users of technology to consent in the absence of equal bargaining power represents a kind of oppression (ona'ah), reflecting religious authorities’ rulings that hezek re'iyah, the damage from the possibility of surveillance, is comparable to damage from smoke or a nearby latrine. Waiver is therefore so fundamentally problematic that it would invalidate the transaction. Unlike contemporary law, this understanding takes a realistic view of the impediments to true individual choice and the rules that must protect individuals from exploitation.
Enabling Teshuvah (Personal Repentance, Personal Growth, and Change)
A second important belief about the individual in Jewish tradition is the possibility of repentance (teshuvah) and growth, and the commitment to protect individual futures and permit escape from existing narratives. Individuals can change in fundamental ways, both inwardly and behaviorally, and Jewish sources view repentance as decidedly positive. “Nothing can stand in the way of repentance,” states one oft-cited rabbinic adage.Footnote 175 “Great is repentance,” states another, “since it arrives at the Throne of Glory.”Footnote 176 Perhaps most audacious, the Talmud quotes Resh Lakish saying, “Teshuvah transforms one's transgressions into merits,” particularly when motivated by love of God rather than fear of punishment.Footnote 177 One must, of course, atone for infractions or injuries to others by seeking forgiveness and making restitution. But once that has been accomplished, forgiveness should be offered, and one who withholds forgiveness is considered a sinner himself.
In service of this ideal, Jewish law prohibits the repetition of many personal facts, even when they are publicly and widely known, including facts about familial origins and past behavior. The Talmud proscribes saying “Remember your earlier deeds” to the penitent sinner (baal teshuvah), or to the progeny of a convert.Footnote 178 When someone convicted of a crime has received appropriate punishment, he is exonerated and does not carry a prejudicial criminal record that will limit his future.Footnote 179 Even if such information is well known, simply mentioning it is harmful and prohibited.
Jewish sources thus acknowledge that public information can be reckoned private. Not only must it not be mobilized or weaponized, but many Jewish commentators claim that it should not be mentioned at all. Identities and information collected and selectively deployed amount to a kind of narrative blackmail that restricts future flourishing—a concern reflected in the prohibitions by Maimonides and others against gathering information and telling narratives about others in light of the biblical prohibition against talebearing. Examples of this sensitivity to facts about individuals’ histories abound in rabbinic literature. Medieval rabbis, for instance, had to reckon with uncomfortable Mishnaic texts that assigned a different liturgy to converts who had no Jewish ancestors.Footnote 180 Rather than the standard formulation of “Our God, and God of our ancestors,” converts were required to recite “God of the ancestors of Israel” or, if praying with native-born Israelites, “the God of your ancestors.” Yet such public variations would force Jews-by-choice to publicize part of their identity in ritual contexts and thus reveal things they might not wish to disclose. Thus, in the twelfth century, Maimonides ruled, in a holding that became dominant, that converts must not be singled out or treated differently in ritual contexts.Footnote 181 His concern seems to have been the potential discomfort of the convert.
Another example of rabbinic literature protecting individual futures involves the legal status of the mamzer, commonly defined as the child born of an adulterous relationship.Footnote 182 According to biblical law and classical rabbinic law, the mamzer could not marry a Jew who was not also a mamzer, yet erasing this stigma from a family line was extremely difficult.Footnote 183 Given the weight of the prohibition against marrying a mamzer, one might expect rabbinic law to be univocal on keeping track of such individuals.Footnote 184 The Talmud, however, presents a discussion that is strikingly bold, declaring that if “a family is intermingled, it is intermingled,”Footnote 185 implying that records of that status should neither be kept nor publicized. Maimonides codified this position into law,Footnote 186 acknowledging the profound importance of protecting individuals’ future choices by publicly “forgetting” their pasts.Footnote 187
Personal transformation is possible only if an individual can escape the narratives already constructed about him. Regarding repentance, Maimonides claims: “[the penitent] must distance himself exceedingly from the matter in which he sinned, changing his name, as if to say, ‘I am now another person, and not the one who committed those misdeeds.’”Footnote 188 Ethical, religious, and intellectual growth is possible only with distance from the past. If one's personal information endures in perpetuity, controlled by others, transformations become effectively impossible. In appropriate contexts, willed forgetfulness allows for individual change.Footnote 189
Preventing Behavior Modification and Protecting Individual Choice
The commitment to preserving freedom for individual teshuvah reflects a broader rejection of privacy incursions that constrain or modify behavior and thereby undermine free choice. Shoshana Zuboff has explained the ways that pervasive surveillance instrumentalizes humans and operates through the means of “behavioral modification.”Footnote 190 Sources understand this as a serious privacy harm, from Rabbi Kanievsky's insight that seeing into a courtyard changes the behavior of the person watched,Footnote 191 to the prohibition against sleeping in the same room as a married couple,Footnote 192 to Rabbi Yonah Gerondi's explanation that revealing information about another will change their plans,Footnote 193 to Maimonides's description of the talemonger whose load of information about others damages them through compromising narratives.Footnote 194
The full force of these insights can be understood only in light of the fundamental Jewish commitment to protecting free will and free choice, central tenets for most Jewish thinkers from the Talmudic period to the present.Footnote 195 Many Jewish scholars see freedom of choice not simply as a prerequisite for responsibility for one's actions, but rather as key to human flourishing. Rabbi Nathan Shternhartz (1780–1840), a Hasidic leader and author of a theologically inflected legal commentary, claimed that “the entire world was created only for the sake of choice. Therefore, choice has very great power indeed.”Footnote 196 God's will, he writes, has been “hidden and concealed . . . within many veils and shrouds, but He has given power and discernment to the human being to cultivate understanding from this knowledge.”Footnote 197 The individual's quest is, by exercising free choice, to sift through the clouds of unknowing and discern the proper course of action.
From a religious perspective, then, removing choice by shaping a person's behavior blocks that person's access to God. They are forced to live exclusively within their present space without seeing beyond its limits (or, in the case of surveillance capitalism, the limits of what advertisers want them to see). In choosing between various paths, the heart and mind do their work; it is thus an act of thievery to obstruct that process, whether through presentation of a single option or by a studied attempt to force a choice from the limited options a third-party offers.
The instinct to protect free choice animates Jewish legal discourse. The Talmud often presents both the opinions of the “House” of Shammai and the “House” of Hillel, rival schools of Jewish jurisprudence, although in most cases, the normative law follows the House of Hillel, suggesting that the Talmud's editors saw the Jewish legal system as demanding space for informed choice. Indeed, claims the Talmud, Beit Hillel are given the final word in law precisely because they recounted the teachings of their opponents as well as their own, and even gave priority of discussion to their opponents’ ideas.Footnote 198 A jurist must have access to the full legal tradition, including minority opinions and discursive expositions, to make choices about law.Footnote 199 “These and those are the words of the living God” claims one rabbinic adage,Footnote 200 and we might say that the exegetical point of the Talmud is to preserve the highest number of valid options rather than eliminating possibilities. Consistent with that impulse, the celebrated twentieth-century jurist Rabbi Moshe Feinstein explained that he was always careful to detail the sources that informed his teachings and rulings.Footnote 201 Without this bibliographic trail, claimed Feinstein, his students would be unable to find their own way to interpretive truth and freedom.
Substantively, moreover, Jewish law holds that “consent” without options, or decisions made under duress, may invalidate a choice—or a sale.Footnote 202 The question of choice under duress, of decisions made with severely limited options, comes up in discussions of apostasy, where rabbinic sources evince a deep consideration of the validity of choices made under extreme conditions. For example, Maimonides claims that Jews forced to convert to Islam under duress did not, in fact, make a true choice.Footnote 203 Because they lacked a viable alternative, and because their decision-making capabilities were limited in the severest ways, their apostasy is essentially meaningless, and no formal act of teshuvah was necessary for them to reenter the fold of Judaism.
Individual choice, to be sure, is not unfettered within a tradition rooted in obligation. Jewish sources place individual choices and freedom within covenantal limits.Footnote 204 Central to the Jewish notion of “privacy in society” is a recognition that the individual cannot act entirely freely but must be consistently mindful of the impact of their actions on others, so that their ability to lead a private life is preserved. One cannot build a window looking into someone's living room, nor can someone on the other side of the fence waive his right to privacy or tseniy‘ut; these values are fundamental and cannot be forgiven. Jewish law thus balances free choice with limits on privacy-harming behaviors, which, like other damaging activities, are constrained by reciprocal responsibilities within society.
Limiting our choices because our potential courses of action may cause damage or because our possible action does not accord with the value of tseniy‘ut, is profoundly different than having one's choices limited by others who control information about us.
Pillar 5: Struggling with the Limits of Privacy
Jewish legal and philosophical-theological sources recognize that privacy doctrines can create harms, and they struggle with how to negotiate their limits.
The sources explored above thread moral and legal principles; stories and laws combine to construct a Jewish ethos of privacy from a network of values and ideas. Rabbinic teachings show that privacy and humility are paramount values that extend beyond preventing damage from even the most seemingly innocuous types of surveillance. This ethos is mirrored by exhortations to modest comportment and dignified behavior.
The emphasis on privacy, dignity, and humility, however, is complemented by a countervailing voice and value. Jewish sources also recognize that privacy and anonymity can, and have, served as tools of oppression.Footnote 205 The impulse toward modesty can be used to repress the voices of marginalized members of society or to hide things that should be brought to light. Struggling with the complexity of privacy is part of the work of creating a good society.
Two sites of discourse point to the importance of circumscribing Judaism's otherwise strong impulse toward privacy. First, modern readers of rabbinic sources must confront the painful reality that exhortations to humility and modesty have justified oppression. The concept of tseniy‘ut has been used to limit women's authority. The verse “all the honor of the king's daughter is within” (Psalm 45:14) has been interpreted as instructing women to stay outside of the public eye,Footnote 206 even when it comes to performing religious rituals, on the grounds that it would be against tseniy‘ut.Footnote 207 Medieval rabbis ruled that women may not be appointed to positions of communal power (serarah)Footnote 208—a ruling with a long afterlife even in the modern period.Footnote 209 And the category of dat yehudit or “religious behavior of Jewish women” reinforces compulsions to modesty and humble conduct.Footnote 210 The lived experience of many who are forced into the realm of “the private”—silence, quiet, or exclusion from the limelight—reveals how the very sources that illuminate doctrines of privacy can also be used to construct shackles.
Second, an important line of Jewish jurisprudence rules that some sensitive information may not remain secret if it relates to potential harms. The contemporary rabbinic judge Rabbi Shlomo Dakhovski allows secret recordings in very limited circumstances to prevent damage to oneself. He follows Rabbi PalagiFootnote 211 and Rabbi Shlomo ben Aderet in reasoning that Rabbenu Gershom's decree against reading communications was intended to fortify the ethos of the Torah that people should act with modesty; the prohibition therefore should yield when it undermines other Torah values, such as public or private safety.Footnote 212
The Talmud, in fact, imagines the Sanhedrin, the Jewish high court, as eavesdropping on an individual reputed to have incited others to idolatry.Footnote 213 The Sanhedrin thus performs an ordinarily unconscionable act of surveillance but may do so because a religious value (monotheism) trumps an individual's claim to privacy.
Modern rabbinic scholars underscore that limited cases may warrant recording someone or opening their correspondence without their knowledge. Exigencies may demand that privileged information be shared with specifically delimited individuals. As Rabbi Tzvi Hirsh Spitz explains, reading personal letters or listening in on private conversations may be necessary to fulfilling the Torah and preserving religion. “In these and other similar cases it is permitted, ab initio, to read or listen to private information.” These cases include parents or educators who reasonably suspect a child or student of engaging in illegal activities, and reasonable fear that a person is engaged in untoward behavior.Footnote 214 In such cases, when privacy is used to conceal possible damage to society, the countervailing values of Judaism and preserving Torah override one's right to private communication.
Jewish discourse on the merits of anonymous giving is venerated and much discussed. But Jewish legal sources also reveal a deep-seated awareness of the problems of anonymity. Rabbi Moshe Isserles begins his gloss on the Shulhan ‘Arukh by explaining that one should behave as if she or he is never truly alone, as the watchful eye of heaven is always trained upon every individual. One should therefore follow the precepts of Jewish law even if nobody else is watching. Similar exhortations are common in Jewish moralistic literature. Divine oversight—or surveillance—is an important motivating and restraining force. And there is a sense in the texts that criminality thrives on anonymity. “A thief does not steal before witnesses,” declared one medieval authority.Footnote 215 Internet trolling and hate speech thrives on anonymity.Footnote 216
Pre-modern Insights for Post-modern Privacy
The modern approach to privacy has failed to meet the demands of the big-data age. Framing the issue as a battle between society and the individual has largely made our public lexicon incapable of either conceiving of societal commitments to privacy or calling out infringements by members of society against one another.
In the social-personal privacy struggle, moreover, the individual is poorly outfitted with the weak weapon of “rights” to “informational self-determination.” Individual privacy is balanced against important social values and often loses out. Control over the collection and use of information about oneself, moreover, is increasingly illusory, as comprehension of what is visible, what is exposed, how it is aggregated, and how it will be used exceeds the limits of individual cognition (and often remain obscured even to those collecting and processing the information). Large swaths of what is dear to individuals is deemed unprotected because it can be tracked down “in public” or cannot reasonably remain private in the face of intrusive technology. Massive collection, sharing, or use of information is often not prohibited because individuals are deemed to have consented to it as a condition of participating in ordinary life functions, or because privacy intrusions do not satisfy particular notions of cognizable harm or injury. The fragmented nature of privacy protections—focusing on specific places (the “home”) or types of data—fail to appreciate the totality of big-data surveillance, and both map awkwardly onto new online contexts and fail to appreciate the interrelated nature of privacy harms wrought by intrusion and information flows. In sum, the security and sanctuary of control over one's personality has been replaced by anxiety wrought by powerlessness. If privacy is, as often claimed, a fundamental human right, it is largely an empty one.
Jewish law doctrines offer different languages and frameworks to address this constellation of failures. They could make four contributions to privacy discourse:
1. A language that strengthens the social commitment to privacy by shifting the focus from individual control over information to the prohibition of widespread surveillance and big-data harms.
2. A language that replaces the current fragmented approach to privacy protection with one that appreciates the totality and severity of surveillance and big-data harms and can facilitate strong protections wherever those harms occur, including online spaces and new data uses.
3. An approach to privacy regulation that focuses on substantive behavioral prohibitions rather than expectations.
4. A commitment to each individual, an understanding of their place in society, an appreciation of the privacy harms they face in light of big data, and a framework for their continued protection and flourishing.
A Language for a Societal Commitment to Individual Privacy
Jewish law offers the means to replace the anxiety arising from the powerlessness of the modern individual with a formula for individual dignity. The Jewish tradition promotes individual capacity to enjoy a private life. But casting tseniy‘ut as a societal value shifts a large portion of the responsibility for privacy to all societal members. The lonely right of privacy, by this understanding, becomes a shared endeavor.
This shift offers several important conceptual and practical advantages. Priscilla Regan has examined the costs of policy emphasis on “achieving the goal of protecting the privacy of individuals rather than curtailing the surveillance activities” of others.Footnote 217 Privacy rights are a somewhat roundabout means of controlling intrusive power and are positioned over against arguments supporting the exercise of that power—with privacy often the loser. This situation reflects the weakness of the tool. Negative rights employed as a structural mechanism are poor guarantors of consistent substantive protections. As Robert Cover explains, “the rights system is indifferent to ends and its indifference can claim systemic coherence without making any robust claims about the fullness or vanity of the ends.”Footnote 218
Additionally, as Regan suggests, by focusing on a simple bifurcation between the individual and society, privacy theory has struggled to find language reflecting the effects of the collection of information on the relationships between different members in society (both private persons and private organizations), and the appropriate roles of each.Footnote 219 Jewish law explicitly focuses on structuring those relationships and mandating appropriate behaviors for each. Having such a language offers a remedy to the “enormous imbalance of power between the isolated individual and the great data collection organizations” where “under these conditions, it is a pure illusion to speak of ‘control.’”
By promoting rules about healthy information flows as a building block of social ordering, Jewish law offers a language for understanding that privacy interests and privacy harms implicate multiple parties; they are not discrete to the individual. Framing privacy as a fundamental and collaborative social value promoted by societal rules and prohibitions suggests mechanisms for legal reform. On one hand, such reform would circumvent the difficulty of collective action when the mechanism for vindicating privacy is dispersed among many individuals.Footnote 220 On the other hand, reform would set up privacy to “create good things,” in Neil Richards and Woody Hartzog's words, by replacing an oppositional model with one relieving frictions and promoting sustainable trust.Footnote 221
A Language for Appreciating and Addressing the Totality of Surveillance and Big-Data Harms
Strikingly, pre-modern Jewish jurisprudence offers a language for comprehending the totality of the harms of pervasive surveillance with which modern discourse has struggled. Contemporary privacy discourse is cramped by inherited fragmented approaches to privacy—some focusing on particular spaces, others on the intimate sphere, and still others on protecting data and information. Commentators and legal doctrines have focused on delineating the scope of these areas. These fragmented approaches have led to rather formalistic articulations of what is private, reflecting an understanding of the goals and interests of each approach. Pursuant to what Dan Solove has termed the “secrecy paradigm,” privacy “is tantamount to complete secrecy, and a privacy violation occurs when concealed data is revealed to others.”Footnote 222 But “if the information is not previously hidden,” or “when surveillance occurs in a public place,” then “no privacy interest is implicated by the collection or dissemination of the information.”Footnote 223 “In many areas of law,” he notes, “this narrow view of privacy has limited the recognition of privacy violations.”Footnote 224
These understandings have handcuffed the modern response to surveillance and big data. Policy and jurisprudence lack a robust language for the new reality that information about individuals can be aggregated from ubiquitous sensors, mobile devices, cameras, and access to far-flung databases, while private information revealed with “consent” can be combined with “public” data scraped from the web and collected from sources previously functionally private because of the difficulty in accessing them, and all of this can be stored permanently in what Paul Ohm has called “Databases of Ruin.”Footnote 225 Policy makers struggle for a framework that can address, or even articulate, the harm when data is used to make judgments that affect and limit human opportunity or constrain individual choice and growth.
Jewish legal discourse, by contrast, rejects these sharp delineations and appreciates the inseparability of data and person, space and information, and the totality of vulnerability of the individual across them. “Private” activities—those protected by Jewish law—can occur in the home but also in a visible agricultural field or in a street. “Private” information can be publicly known, but because it can cause embarrassment or limit personal growth by capturing a narrative one seeks to escape, it should be protected.
Jewish law understands the profoundly destructive and varied privacy violations and their harms. Nahmanides's paradigmatic framing of visual harms makes clear the intertwined nature of both the inherent emotional damage of visual intrusion and the consequential damage of disseminating and repurposing information.Footnote 226 Similarly, Maimonides's prohibition against aggregating publicly known information casts information collection as part of the harm of the process of spreading narratives about another.Footnote 227 The architectural laws of hezek re'iyah categorically prohibit a situation in which a person can be observed “throughout the entire day”;Footnote 228 the technical possibility of such pervasive surveillance changes both the nature of the surveilled person's space and their freedom to behave as they wish, and simply makes impossible a life consistent with tseniy‘ut. The damage of the “evil eye”Footnote 229 underscores the insight that gazing on things that are readily and technologically visible can bring a new kind of attention to the facts learned or behavior witnessed; as Ruth Gavison notes, “one can lose privacy merely by becoming the object of attention, even if no new information becomes known and whether the attention is conscious and purposeful, or inadvertent.”Footnote 230 The prohibition against repeating nonsecret facts about another's history seeks to free them from the constraint of historical and partial narratives.Footnote 231 The harm of these outcomes, Jewish law and narrative recognizes, is a dehumanizing and objectifying process akin to death.Footnote 232
By focusing on behaviors and harms that it wishes to prevent (as well as the values it wishes to promote), Jewish law provides a powerful language for addressing technological changes that have enabled pervasive surveillance and big-data analytics. It offers a means for arguing that, even if intrusive activities can occur technologically, they should not. And it provides a mindset to allow privacy protections to expand from traditional contexts to online spaces and new data uses, reflecting the reality that, in the words of surveillance scholar David Lyon, “privacy can no longer refer to fixed spaces. Both privacy and surveillance now exist in a world of flows.”Footnote 233
A Language of Obligation for Better Privacy Protection
Embracing categorical rules and prohibitions—both architectural and behavioral—as the legal mechanisms for substantive privacy protection, Jewish law suggests an alternative to modern privacy approaches that falter in the face of widespread surveillance and big data.
Subjective approaches based on individual exercise of privacy rights have been overrun by technological opacity. Leaving to an individual the decision whether to exercise the right to “press” or “waive” privacy protections might in theory be empowering.Footnote 234 Yet at best, by injecting subjectivity into individual decisions about privacy's meaning and when it should be enforced, such an approach conceptualizes “privacy as a form of protection for the liberal self” and renders privacy, in Julie Cohen's words, “reactive and ultimately in-essential.”Footnote 235 At worst, it threatens a charade of privacy “theater,” by which the technological obscurity of big data outpaces the individual's capacity to make meaningful decisions.
Moreover, as discussed above,Footnote 236 objective approaches rooted in the vindication of expectations face the danger of collapsing into technological determinism, as scientific advances alter understandings of what is possible and therefore anticipated. By rejecting such determinism, and limiting the ability to waive protections in some cases while requiring very explicit consent in others, Jewish law's categorical obligations regarding intrusions and information gathering and use—as well as limits on knowledge-revealing behavior by the surveilled—offers a model for stronger privacy protection.
Such a regime of obligation may sit uncomfortably within liberal modern values, as it includes types of regulation that can be criticized as paternalistic. But this type of regulation is not completely foreign to western governance. The feminist legal philosopher Anita Allen, in Unpopular Privacy,Footnote 237 cites the Children's Online Privacy Protection Act as an example of such substantive regulation.Footnote 238 Moreover, consistent with the nonwaivable design mandates of hezek re'iya doctrine, privacy by design widely embraced as an important tool in privacy protection—emphasizes the incorporation of technology design choices that limit revealing behaviors. Furthermore, recognizing how power imbalances and information asymmetries thwart meaningful waiver of protections, numerous scholars and advocates argue that regimes based on notice and consent should give way to outright prohibitions against certain information disclosure. In Allen's words, “privacy is so important and so neglected in contemporary life that democratic states, though liberal and feminist, could be justified in undertaking a rescue mission that includes enacting paternalistic privacy laws for the benefit of uneager beneficiaries.”Footnote 239
Certainly, the United States would identify and agree on its commitments and categorical mandates through democratic processes rather than Judaism's common law jurisprudence rooted in biblical and Talmudic principles. But amid debates regarding federal and state privacy legislation, Jewish law offers an important policy corrective for strengthening privacy.
A Commitment to Each Individual
Finally, Jewish law offers a distinct language for envisioning the privacy subject—a language focused on fundamental protections and the values those protections reflect, rather than an illusory promise of informational control in the face of overpowering technological capacity. Jewish privacy provides a vision of the individual, their place in society, the privacy harms they face, and a framework for protection that can speak realistically to the dangers of big data and lead to stronger vindication of privacy interests.
Jewish privacy recognizes, on one hand, the fundamental dignity due to each human being and the concomitant importance of a domain of privacy. It also admits, on the other, to human vulnerability and the fragility of attempts to protect that domain. This conception of the human being severely limits consent, since dignity is permanent and subject to neither volitional nor oppressive waiver. Though rooted in theological language, the Jewish conception of the individual as ever-evolving and possessing inherent worth and dignity could shift American legal discourse by introducing a critical moral dimension vis-à-vis what it means to be human.
Jewish privacy recognizes that surveillance threatens fundamental human dignity. Surveillance is a form of theft that destabilizes one's ability to live modestly and empowered. Aggregation of data facilitates construction of narratives that manipulate one's behavior and diminish the essence of humanity: individual choice and personal growth. This objectifying and dehumanizing process is a form of death.
Contemporary privacy paradigms too often devalue the privacy interests of the less powerful.Footnote 240 Rather than abandoning each individual to a lonely Sisyphean task of averting these harms, Jewish law suggests that societal power should be marshalled to address power imbalances and impediments to collective action by constructing a social framework that shares the responsibility for privacy protection. It argues for taking this onus seriously by creating substantive mandates that prohibit abusive behavior and preclude waiving obligations. Through universal design and behavior mandates, it prohibits seeing things easily seen and collecting information easily collected. Where no countervailing concerns suggest otherwise, it mandates the “forgetting” or nonuse of knowledge that could keep individuals from fulfillment. Jewish law thus offers a framework that can both strengthen privacy protection and serve an important expressive function, signaling to all members of society that their privacy matters.Footnote 241
Conclusion
Privacy, in Daniel Solove's words, is “a concept in disarray.”Footnote 242 Deirdre Mulligan, Colin Koopman, and Nick Doty in response describe the ways that privacy's “essentially contested concept” is its feature rather than its bug.Footnote 243 They suggest that putting privacy into practice in meaningful ways involves considering the applicability of alternative privacy justifications in context, with the questions of “Which privacy? For what purpose? With what reason?”Footnote 244
The Jewish law vision of “privacy in society” adds an important language to this exercise. It offers a distinct answer to each of these questions, a different framework for appreciating privacy harms and considering privacy's purpose, and new tools for its protection. Bringing this language into the policy discourse promises both to move toward a set of legal commitments around which architectures and behaviors must be ordered, and to inform regulatory frameworks that guard personal privacy through reciprocal obligations and relationships.
Acknowledgments
We are grateful for support from Berkeley Law's Robbins Religious Law Collection, The Diller Institute for Jewish Law and Israel Studies at UC Berkeley, and the Berkeley Center for Jewish Studies; for generous discussion and comments from Suzanne Stone, Amalia Kessler, Omer Tene, Samuel Levine, Mark Gergen, Ilana Fodiman-Silverman, Michael Broyde, Nadav Berman, Benjamin Porat, Tal Zarsky, Amos Israel-Vleeschhouwer, and participants in the Shalom Hartman Institute's Bay Area Scholars’ Circle, the Berkeley Law faculty retreat, the Hebrew University research group on Law, Halakhah, and Ethics in Conjunction with the Challenges of AI, and the Berkeley Center for Jewish Studies faculty colloquium. A version of this article was delivered by the authors as the 2021 Robbins Collection Lecture in Jewish Law, Thought and Identity at University of California, Berkeley. We also thank Samantha Behar for her help in preparing this manuscript for publication.
Open access
