The most common misconception about privacy is that it’s about having something to hide. “If you aren’t doing anything wrong, then you have nothing to hide,” the saying goes, with the obvious implication that privacy only aids wrongdoers.
One of the most surreal aspects of the NSA stories based on the Snowden documents is how they made even the most paranoid conspiracy theorists seem like paragons of reason and common sense.
In the 17th century, the French statesman Cardinal Richelieu famously said, “Show me six lines written by the most honest man in the world, and I will find enough therein to hang him.” Lavrentiy Beria, head of Joseph Stalin’s secret police in the old Soviet Union, declared, “Show me the man, and I’ll show you the crime.” Both were saying the same thing: if you have enough data about someone, you can find sufficient evidence to find him guilty of something.
Surveillance makes us feel like prey, just as it makes the surveillors act like predators.
Complexity is the worst enemy of security, and our systems are getting more complex all the time.
As former NSA general counsel Stewart Baker said, “Metadata absolutely tells you everything about somebody’s life. If you have enough metadata you don’t really need content.
In 2014, former NSA and CIA director Michael Hayden remarked, “We kill people based on metadata.
If you have nothing to hide, then you have nothing to fear.” This is a dangerously narrow conception of the value of privacy. Privacy is an essential human need, and central to our ability to control how we relate to the world. Being stripped of privacy is fundamentally dehumanizing, and it makes no difference whether the surveillance is conducted by an undercover policeman following us around or by a computer algorithm tracking our every move.
Google knows more about what I’m thinking of than I do, because Google remembers all of it perfectly and forever.
For years, well before consumer tracking became the norm, Radio Shack stores would routinely ask their customers for their addresses and phone numbers. For a while I just refused, but that was socially awkward. Instead, I got in the habit of replying with “9800 Savage Road, Columbia, MD, 20755”: the address of the NSA.
Estimates put the current number of Internet-connected devices at 10 billion.
By 2010, we as a species were creating more data per day than we did from the beginning of time until 2003. By 2015, 76 exabytes of data will travel across the Internet every year.
Those of us who fought the crypto wars, as we call them, thought we had won them in the 1990s. What the Snowden documents have shown us is that instead of dropping the notion of getting backdoor government access, the NSA and FBI just kept doing it in secret.
Mug shot extortion sites turn this sort of thing into a business. Mug shots are public record, but they’re not readily available. Owners of mug shot sites acquire the photos in bulk and publish them online, where everybody can find them, then charge individuals to remove their photos from the sites.
Philosopher Jeremy Bentham conceived of his “panopticon” in the late 1700s as a way to build cheaper prisons. His idea was a prison where every inmate could be surveilled at any time, unawares. The inmate would have no choice but to assume that he was always being watched, and would therefore conform. This idea has been used as a metaphor for mass personal data collection, both on the Internet and off.
Increasingly, companies use their power to influence and manipulate their users. Websites that profit from advertising spend a lot of effort making sure you spend as much time on those sites as possible, optimizing their content for maximum addictiveness.
For many organizations, security comes down to basic economics. If the cost of security is less than the likely cost of losses due to lack of security, security wins. If the cost of security is more than the likely cost of losses, accept the losses.
I used to say that Google knows more about what I’m thinking of than my wife does. But that doesn’t go far enough. Google knows more about what I’m thinking of than I do, because Google remembers all of it perfectly and forever.
Our relationship with many of the Internet companies we rely on is not a traditional company–customer relationship. That’s primarily because we’re not customers. We’re products those companies sell to their real customers. The relationship is more feudal than commercial. The companies are analogous to feudal lords, and we are their vassals, peasants, and – on a bad day – serfs. We are tenant farmers for these companies, working on their land by producing data that they in turn sell for profit.
Workforces are flexible, jobs are outsourced, and people are expendable. Moving from employer to employer is now the norm. This means that secrets are shared with more people, and those people care less about them. Recall that five million people in the US have a security clearance, and that a majority of them are contractors rather than government employees.