What does privacy really mean?
- Privacy is the default state – unless you invite somebody to, it’s disrespectful to intrude on somebody’s privacy. Especially important if the person risks harm by revealing their race, religion, sexuality, espionage, etc.
- Privacy is maintaining control over all information which rightly belongs to you and having the ability to live your life how you see fit. In this internet age, all your information online is eternal. It cannot be truly deleted.
- Privacy is a basic human right, according to the United Nations.
- Privacy is not trading in your unique and personal information, in exchange for free goods or services.
- Privacy is not having to handicap or change our behaviour, because we know we are being watched.
- Privacy is being able to be assessed on the merits of your speech or actions, not on what has been presumed about you from your private information beforehand (such as past actions, medical history, purchasing habits, etc).
- Security => Privacy => Anonymity. Security must exist for there to be privacy. Privacy must exist, for there to be anonymity. However, you can be secure without being private or anonymous. This is an important distinction.
Why would companies want my information?
- To companies, your data, either individually or in aggregate, is of great value. The more accurate your profile, the most efficiently they can market to you. Companies can then on-sell your information to others, the entire process is opaque.
- There are data-brokers who specialize in buying and building massive databases of profiles mined from every interaction you have. Everything from the basic demographics and preferences, to in-depth browsing and purchasing habits, across many websites and businesses. Even webpages nowadays are chock full of tracking and profiling scripts.
- Companies will always pursue profitability, never your personal rights and freedoms. When they appear to, it’s because that’s a selling point, to gain more profitability. They will sell you out on a dime.
- For example, health insurance companies are adjusting premiums based on gathered info, such as the unhealthy food purchases and hobbies of individuals. Car insurance companies use OBD / GPS trackers to log customer’s driving patterns for premium adjustments. Airline tickets change prices based on your demographics. Your financial history also comes into play. Medical conditions are highly valued, even grocery purchases can accurately profile you. All from readily available information. Cross-match or leak them, and you have a living nightmare.
- Mobile apps are especially egregious, they often request permissions for contact lists, locations and other information to on-sell to data brokers or use for nefarious purposes.
Why would the government want my information?
- Power seeks more power. Governments will always aim to preserve itself through silencing or controlling the population. Having more information on groups or ‘troublesome’ individuals makes tracking them more easy. The ability to stifle free thought and speech is paramount to control.
- The Snowden leaks have comprehensively shown that many governments around the world are blatantly exceeding the scope of law in secret, to commit mass surveillance on their own populations. Every level of communication, from the trans-continental cables, to datacenter communications, to ISP equipment, to backdoors in personal computers and online services, to mobile devices.
- There are many countries where individuals can be jailed indefinitely, based on saying/typing the wrong thing, or even trying to expose the extent of government corruption. These basic human rights should not be taken for granted.
What’s the worst that could happen anyway?
- In the mildest form, companies having a profile about you might mean you get a more expensive price when shopping online than the next person. The profile follows you around no matter which website/app you buy from. Without your knowledge, your friends get spammed with promotions with your face on it.
- More seriously, identity fraud is widespread. All it takes is a few small pieces of personal information to take open bank accounts, take out loans or even file a tax return under your name. The cost for scammers is small, since much of it can be automated with scripts online. Your credit score could be irreparably damage, with little recourse, with lifetime repercussions.
- Career or personal opportunities might be sabotaged, because some private information became widespread. Even more common, people don’t lock down unsavoury pictures of themselves online. People you’ve never met might already know a lot about you and adjust their behaviour to suit. Worse still, private information could be used against you for blackmail or extortion.
- When faced with warrants to hand over user information, companies like Facebook and Google reluctantly do so, regardless of the user’s approval. It’s safe to assume all companies will eventually do so, depending which jurisdiction they are in. Microsoft is especially blatant, even building in backdoors for the NSA. Some, like Dropbox, hire ex-Washington staff who openly support warrantless wiretaps.
Speaking of …
- Even if they cannot legally obtain the means, the NSA has been trying to build in encryption backdoors for themselves to more easily intercept communications. However, encryption does not differentiate the intent of the user – if there is a weakness, somebody will exploit it, thus your security is being weakened. The NSA also warrantlessly spies on phone calls every day, amongst many other things.
- Breaking encryption would mean the end of the internet as we know it, according to just about everybody who built the internet can confirm. However, clueless politicians and lawmakers still push for insane measures, while constantly fear-mongering about terrorism and children.
- The processing is not done manually, the NSA has billions to throw at supercomputers to process huge amounts of metadata instantly and break weaker encryption.
- Mass surveillance laws are introduced under the guise of ‘safety’, which act only to further the profits of third-party rights holders with significant political sway. This information can easily be abused, and has very little oversight. It’s still happening elsewhere.
- The Five-Eyes program (US, Canada, New Zealand, Australia, UK), the XKeyscore program and dozens of others, feed a growing cross-boundary realtime searchable database of information about everybody and everything.
- Stingrays (fake cell towers) have been in active use in many states and countries for many years, for monitoring movement of crowds/individuals and intercepting traffic and communications.
- The government itself is not invulnerable to information leakage. Bureaucracy and an abundance of misplaced trust can lead to disastrous leaks, which can have life-changing consequences. Australia is about to introduce a mandatory metadata retention scheme in October 2015. I predict there will be a data breach/exfiltration of this valuable information within 12 months, and/or this metadata information will be used for the government’s political advantage.
What if I have nothing to hide?
- Everybody has something to hide. If you didn’t, you’d leave your curtains open, your webcams broadcasting 24/7 publicly from all rooms, your accounts password-less and publish everything about yourself, medical conditions, tax returns, location logs, ‘private’ messages and all.
- Privacy is important even if you did have nothing to hide. Just like freedom of speech is important even if you have nothing to say. Once you start chipping away at these rights, it becomes a slippery slope which will end badly.
- Even with just a fraction of information, it is possible to find something in anybody’s cumulative data that is of worth to some company for selling, some government for prosecuting or individual for personal advantage. We have all made mistakes in the past, including seemingly trivial ones.
- Entrusting your information to a third-party requires that they are transparent and infallible, using that information only in your best interests. However, the reality is, there is often no transparency to how it’s used or copied. Companies and governments have proven time and time again through data breaches, that there is only one person you can trust.
- Even with ‘just’ the metadata of your phone location (including call details, SMS and email contacts / subject lines, a very accurate picture can be built about you. Arrests have been made based purely on metadata, and NSA / CIA has said – ‘We kill people based on metadata”. It’s commonly known that metadata can be far more valuable than the actual data itself, even complex social networks can be extracted from simple metadata.
- Note that the people urging you to sacrifice your privacy, protect their own privacy with fervor and state the obvious.
- This Wired article goes into more detail.
They said it’s for our own safety?
- There is no proven link between increasing the amount mass surveillance as it’s being done now, blatantly encroaching on privacy and maintaining public safety. It’s simply not a mutually exclusive situation. The constant fear mongering about terrorism and children is intended to invoke an emotional, not a rational response.
- In an ideal world, the government would act responsibly and safely in using private information that they have gathered only for the prevention of crime, Minority Report style. In the real world, governments are made up of people, who are prone to making very human mistakes, often with disastrous life-changing results or for questionable petty gain.
- Actual criminals and terrorists already take steps to properly protect their communications beyond the reach of government, the only people that mass and unwarranted surveillance affects are the innocent. By design of course.
There’s no such thing as 100% privacy, I might as well not bother at all.
- Privacy is not a binary on/off state, there are degrees of privacy, usually it’s a trade-off between privacy and convenience. Many people might see convenience as free, but it isn’t. Free services like GMail and Facebook trade your information to sell to their real customers, the advertisers.
- Our privacy is constantly under assault – browser cookies/fingerprinting, mobile device tracking, phone metadata, email archives, bank statements, the list is endless. Where you sit on this sliding scale depends on you.
- The more information you leave around, the easier it is for it to be used and abused. See identity theft, data broking and prosecution above.
What can I do to protect my privacy?
- Assume that anything you put online, from your encrypted passwords, to the most compromising pictures in a ‘for my eyes only’ gallery, will eventually become public. They will.
- Lock down your browser as much as you can (see my guides for Firefox and Chromium). If you’re on Android read this. If you’re on Windows, get out of there.
- If you’re on mobile, don’t install apps recklessly, find their privacy rating on PrivacyGrade, a project run by some researchers from Carnegie Mellon University. I also wrote an article about Android permissions here.
- Detach or clean up your social profiles – Twitter, Facebook, Google Plus, etc. Anywhere which links any identifiable information with you. On a related note, here are some good reasons why you shouldn’t be on Facebook.
- Don’t sign up to free surveys, offers or other information gathering opportunities. Especially if they ask for any personal details. Even if you don’t use your real details, your devices and browsers are constantly providing unique IDs which can be cross-matched.
- Remember, the magical cloud is simply somebody else’s computer. Spend a few hours one weekend tightening things up and remembering a few habits, and you could save yourself years of grief further down the track.
- Glenn Greenwald: Why Privacy Matters (Youtube)
- Open Rights Group – Responding to Nothing to Hide, Nothing to Fear
- Jacob Applebaum: People Think They’re Exempt From The NSA
- Lawrence Lessig interviews Edward Snowden
- Julie E. Cohen (Georgetown University) – What Privacy is For
- Daniel J. Solove (George Washington Law School) – ‘I’ve Got Nothing To Hide’ and Other Misunderstandings of Privacy
- Electronic Frontier Foundation (EFF)
- Privacy International
- Trailer for CitizenFour (2014)