Blog article
See all stories »

Don't be so cynical about privacy

Reports of the death of privacy abound, but they're premature.

There are certainly those who, on the sly, would seek its demise, for privacy tends to get in their way. Like politicians on a post 9-11 national security bender, or Internet entrepreneurs who seek to monetise their eye-in-the-sky knowledge of their customers' habits. They're all trying to sell you something, whether it be an ideology, or a new pair of sneakers as you walk by a store and your phone announces the presence of a known exercise junkie.

There is some patchy evidence that the current younger generation has a more carefree attitude to privacy, and that they think direct advertising is cool, but whether this complacency will last as long as the typical teenager's hotrod remains to be seen.  I argue that on many counts we should take these laissez faire attitudes with a grain of salt.  For one thing, online social networking is tremendous fun, plus there's a suspension of disbelief at work when we surf the web, so it's an alluring tell-all environment.  But even if this is not just a fad, how should we extrapolate from adolescent risk taking to sober privacy law making?  We don't let 21 year old males set road safety policy, and we shouldn't let them set privacy policy either.

Privacy advocates, like civil libertarians, tend tragically to be caricatured as extremists. Or they're compared unfavourably with hippies and modern day paranoiacs.  They're regarded with suspicion, for a popular misconception is that "if you haven't done anything wrong, you've got nothing to hide".  There are a number of strong academic rebuttals to this cliché, like the excellent work of lawyer Daniel Solove.  But here I'd like to give some personal belt-and-braces responses:

  • I reckon I'm a fine upstanding citizen: middle aged, white collar, respectable, zero criminal record. But I do have things to hide, or more subtly, revelations that I want to control the timing of. There are episodes of youthful exuberance I'd prefer were kept secret (especially from my teenage kids!) Come on: it's a rare person who has never done anything they regret.
  • I tend to keep my work and private lives separate; I rarely mix business with pleasure. So my politics for example is something that only my close friends know.
  • One particular episode drove home privacy for me. Some years ago I was retrenched and found myself technically unemployed. A decent payout allowed me to think and plan for several weeks, and I resolved to set up a business. With a solid credit rating and good equity in my home, I called my bank for an overdraft. They said, ‘No problem Mr Wilson, you're automatically approved for $ X thousand. All we need is to see your last two pay slips." Woops! Had the bank known my employment status, my options were about to be severely limited.
  • I'd prefer not to say how I got out of that dilemma, and I'd prefer not to say how much money I borrowed to set up the business!

And lots more hypotheticals come easily ... I imagine that if I bought St Johns Wort at an online supermarket I wouldn't want the database administrator to work out I had depression, especially if nothing stopped the supermarket selling their shoppers' behavioural data to a marketing company.  And if I had an STD at university, I might choose not to tell my life insurance company. 

I am also very wary of the fallibility of computers.  Remember: to err is human but to really f*** something up takes a computer.  So imagine a future data-drenched society where my every movement is tracked by motorway cameras with number plate recognition, public transport smartcard tickets linked to my credit card, and biometric scanners at airports, ATMs and department stores.  But can you seriously imagine this matrix never making a mistake?  The very best biometrics are simply riddled with errors, with false positives usually running at one or two percent.  So it's only a matter of time before some 7x24 data mining machine goes "ping", suggesting that I was in the wrong place at the wrong time. 

That is, I haven't done anything wrong, but thanks to someone else's SNAFU it might look like I've done something wrong.  I don't need that kind of grief.  

[I'd like to acknowledge the valuable contribution to my thinking in this area made by Anna Johnston of Salinger Privacy in Australia.]

It's really surprising that so many security geeks are blasé about privacy when they should know better than anyone how mistakes are made.  

Truly, I am not paranoid, just principled.  The past decade of Internet experience has proved what happens when information is collected.  It doesn't just lie around, it gets used energetically and in all sorts of ways that few people ever predict.  So when they say "information wants to be free" they're not just talking about cost.  They mean friction too.  Information is now super-fluid.  

The best way to head off these nightmare scenarios is to invoke fundamental privacy protections at every step.  Nobody should collect information about me without a clearly defined need.  And nobody should re-use information about me for unforseen purposes.  Privacy is all about control. 

It's not inevitable that all my transactions get joined up so my bank gets to see my real time employment status, nor that all of my shopping gets logged and passed around from marketing company to insurance company.  But the complacency of technologists and the easy contempt that is shown for principled privacy advocates means that we do face an uphill battle to retain control over our own affairs. 

Stephen Wilson, Lockstep.


Comments: (0)

Now hiring