In the wake of former CIA employee Edward Snowden’s revelations of the PRISM NSA mass surveillance, people are once again asking why the general public should care if they’ve got nothing to hide.
“Nothing to hide” hides a lot behind an absolutist gloss. It puts the focus on the individual rather than on the real problem of a society-wide loss of data control at many levels.
Is this a fair question? Not really. Below, I give nine reasons why we must care – regardless of our innocent intentions.
1) Presumption of guilt
Mass surveillance and data retention overturn the foundation of the modern legal system: the presumption of innocence. Not only is the presumption lost for gathering evidence, it also weakens the effect of that presumption throughout the rest of the legal process.
If there is a normalisation in the public consciousness that there is a weakened presumption of innocence, we have compromised the effectiveness of our legal system.
2) The loss of personal data control
Mass surveillance circumvents our right to personal data control, also known as informational self-determination. As the late Professor of Public Law Alan F. Westin put it in his 1970 book, Privacy and Freedom:
The right of the individual to decide what information about himself [sic] should be communicated to others and under what circumstances.
We have envelopes for our letters and curtains on our windows not because we’re doing something wrong but because our we are choosing how to share (or not) that business. Governments and security organisations should have no part in that choice without a specific, targeted, and legally warranted reason.
3) Transferring power to security organisations
Allowing security organisations to have far-reaching capabilities without strict oversight effectively transfers power from governments to the security organisations themselves.
The power of voting for elected officials is weakened if security organisations make choices based on securing their own position rather the interests of the country.
Vladimir Putin is reputed to be finding the siloviki (the “men of power” from state security) who helped build his regime to now be more demanding than in the past. Such transfers of power are not limited to a shadowy few in a far-off land, nor just at the highest level.
In this kind of climate, the power to invoke or even just threaten a search from mass surveillance can be devolved to even front-line law enforcement.
4) False positives
Anyone searching for information on “topics of concern” to security agencies, for legitimate reasons (such as researchers, journalists, students) or even personal curiosity, could be falsely identified as a person of interest in an investigation.
As security technologist and author Bruce Schneier argued in a guest blog post last year, this is one of the fundamental problems of profiling.
The ramifications for the individual might range from inclusion on no-fly lists, denial of access to some jobs, through to false arrest.
5) Changing definitions of issues of concern
What counts as a problematic topic in the eyes of security organisations changes over time, especially in the wake of an incident. We are all still taking off our shoes at many airports because of one “shoe bomber”, Richard Reid, in 2001.
When something as seemingly benign as shoes is suddenly linked to security concerns, the potential for large retrospective data sweeps - as well as having shoe-related topics then included in future sweeps - increases, with concurrent increases in the possibility of embarrassing and/or gravely serious mistakes.
6) Political corruption
The potential exists for the government of the day to request detailed information that falls well outside the scope of legality. Watergate is the classic example of data-gathering about political adversaries, but compared to the potential corruption made possible by mass surveillance, that was a drop in the ocean.
Mass surveillance could be directed not only at direct political adversaries but also their official supporters and those who might fall into a demographic of potential support.
7) Personal abuse of power
While most security agents work within the law, there are occasions when they abuse their power. The London Police were found to be complicit in the News Of The World hacking scandal and, as ABC journalist Nick Ross noted in an article last September, many small-scale examples of abuse of power are captured on the news website Reddit.
Communication data gathered for abusive private purposes could include email, texts, pictures intended for revenge, extortion or prurience.
Large collections of telecommunications data - be it the content or the metadata - attract hackers. Unfortunately, governments and their sub-contractors have a poor track record safe-guarding such data.
Even without blunders, the data can be stolen or individuals with direct access can be manipulated to hand over this information through social engineering, bribery, or coercion.
9) Big data and the problem of patterns
The entire premise of “big data” – large and complex sets of computer data – is to find patterns from aggregates. While you may feel that, post-by-Facebook-post, you have “nothing to hide”, mass surveillance creates the possibility of finding patterns that catch the interest of security organisations.
Such patterns have the possibility of including the innocent with the guilty. Worse, there’s the possibility to not just find but “create” patterns from such aggregations that frame the innocent as potentially guilty.
Everything to lose
As security expert Bruce Schneir wrote for Wired in 2006, and is even more true today, we must not “accept the premise that privacy is about hiding a wrong”.
The issue with the NSA PRISM program, and other such programs around the world, is not that we have “nothing to hide” – it’s that we have everything to lose.