Why Privacy Matters Even if You Have 'Nothing to Hide'

2011-May

This is an easy-to-understand summary of Prof. Daniel Solove's critique of the "nothing to hide" argument (mirror, 2007 blog post, SSRN paper), which is so often brought up in discussions about privacy and civil rights. I've added a few ideas from "I have nothing to hide" - or the Sainsbury's Lesson, a 2006 article in The Register.

Prof. Solove's article starts like this:

When the government gathers or analyzes personal information, many people say they're not worried. "I've got nothing to hide," they declare. "Only if you're doing something wrong should you worry, and then you don't deserve to keep it private."

This view, however, is mistaken. The "nothing to hide argument" can and should be debunked.

In its most extreme version, the "nothing to hide" argument can be countered with:

  • "Do you have curtains?"
  • "That means I can photograph you naked and show the pictures to your neighbors"
  • "Show me your credit card bill", "What's your debit card PIN / e-mail password" etc.,
  • or with "I don't need to justify my position, come back with a warrant" and "It's not about having anything to hide, but about not being anyone else's business".

"In its less extreme form, the nothing-to-hide argument refers not to all personal information but only to the type of data the government is likely to collect". Privacy is not about hiding bad things. Surveillance can inhibit lawful activities like free speech, free association, and other First Amendment rights essential for democracy.

Here are some of the problems with this type of data collection, be it be government or corporations, and even if you think you have nothing to hide:

  • aggregation: if you bought a book on cancer, that won't raise any flags, but if you bought a wig as well, that suggests you're undergoing chemotherapy, something you might not want to be known
  • exclusion - people are most of the time unaware of what information is being kept or tracked about them. When they accidentally find out to what extent they are being monitored, the reaction is one of shock.
  • guilt by associaton - since you have no idea how your information is used and aggregated, what if some of the purchases you make or places you visit happen to match a pattern observed in actions of government enemies (not terrorists, but "hostile or critical journalists, campaigning lobbyists, businessmen who are likely to sponsor rival parties, people who oppose the party leader's favourite idea of the year")? Once you get on a watch list, even due to an error, it's extremely hard to get out of it. Read Hasan Elahi's story of how he was inadvertently detained by FBI agents in 2002, and since then, he publishes everything he does online, so that he can be monitored properly ("The government monitors your movements, but it gets things wrong. You can monitor yourself much more accurately").
  • distortion - if you buy books on making meth, the government might think you want to build a meth lab; while you might simply be writing a novel about a character who makes meth

Proponents of the "nothing to hide" argument claim that in order to have real resonance, privacy problems must cause serious damage, be it physical or financial, not just feelings of unease. The problem with this is that privacy isn't lost in one dramatic event, the equivalent of an oil spill. Instead, it's eroded slowly, over time, like gradual pollution. Gradual pollution often causes worse problems than an isolated accident.

When the government starts monitoring the phone numbers people call, many may shrug their shoulders and say, "Ah, it's just numbers, that's all." Then the government might start monitoring some phone calls. "It's just a few phone calls, nothing more." The government might install more video cameras in public places. "So what? Some more cameras watching in a few more places. No big deal." The increase in cameras might lead to a more elaborate network of video surveillance. Satellite surveillance might be added to help track people's movements. The government might start analyzing people's bank records. "It's just my deposits and some of the bills I pay-no problem." The government may then start combing through credit-card records, then expand to Internet-service providers' records, health records, employment records, and more. Each step may seem incremental, but after a while, the government will be watching and knowing everything about us.

"My life's an open book," people might say. "I've got nothing to hide." But now the government has large dossiers of everyone's activities, interests, reading habits, finances, and health. What if the government leaks the information to the public? What if the government mistakenly determines that based on your pattern of activities, you're likely to engage in a criminal act? What if it denies you the right to fly? What if the government thinks your financial transactions look odd-even if you've done nothing wrong-and freezes your accounts? What if the government doesn't protect your information with adequate security, and an identity thief obtains it and uses it to defraud you? Even if you have nothing to hide, the government can cause you a lot of harm.

"But the government doesn't want to hurt me," some might argue. In many cases, that's true, but the government can also harm people inadvertently, due to errors or carelessness.

The point is you have no idea:

  • how the data about you might be misinterpreted
  • to whom it may be erroneously leaked - just Google stolen government laptops for a lot of news reports on how stolen government laptops led to identity theft and exposed personal data
  • or how hackers might use data stored about you by various companies, once they get access to it

2013-June update - Metadata

After the notorious NSA mass surveillance leak in June 2013, the argument was made that the U.S. government was collecting only metadata, and there was nothing to worry about. Whether that's true or not, metadata can be extremely powerful, and more than sufficient to identifiy individuals, even if anonymized. Here are some examples:

  • Knowing the titles of the books you borrow from the library can tell a lot about you, without having to know the contents of those books. This is a very simple example of "metadata", or data about data.
  • Visiting a website with a URL containing "depression" doesn't require that the surveillance state know what's in that website. The URL is metadata for the web page.
  • In 2006, AOL released anonymized search data for research purposes. However, individual users were identified. Read more on Wikipedia
  • In 2009, an MIT study showed that gay men could be identified on Facebook based on the sexual orientation of their Facebook friends who make that information public
  • The Electronic Frontier Foundation shows some simple examples of how call metadata can incriminate someone:
    • the mere fact of calling a sex phone service
    • calling a suicide prevention line from a bridge (call plus location)
    • calling an HIV testing service, then your doctor, then your insurance company in the dame date (call correlation)
    • receiving a call from the National Rifle Association, then calling your senator (the nature of the call can be very easily inferred, since the NRA was most likely conducting a campaign, and probably against gun legislation
    • a long call to your gynecologist, follower by a call to Planned Parenthood
  • In an entertaining story, a researcher shows how the British government would have been able to find to identify Paul Revere among hundreds of individuals in 1772, based only on knowing what organizations those individuals were members of

Worse, metadata is also subject to distortion: you can be called by the NRA or some insavory organization by mistake, or you can call a service in order to help someone else.

My tags:
 
Popular tags: