• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
Search
Search this blog:
 
About
This page contains a single entryfrom the blog posted on
February25, 2009 9:07 PM
.
The previous post in this blogwas
Biometrics and Privacy
.The next post in this blog is
NTHNTF: More mythbusing
.Many more can be found onthe
main index page
or bylooking through
the archives
.
Subscribe to this blog's feed
 [
What is this?
]
Debunking a myth: If you have nothing to hide, you have nothing to fear (The Privacy, Identity & Consent Blog)
Go to Computerweekly.com
http://www.computerweekly.com/blogs/the-data-trust-blog/2009/02/debunking-a-myth-if-you-have-n.html (1 of 6)3/4/2009 12:35:42 PM
The Privacy,Identity & Consent Blog
The Data Trust Blog
Debunking a myth: If you have nothing to hide, youhave nothing to fear
The idea that an individual can live in a surveillance society with nothing to fear so long as theyhave nothing to hide may, on the face of it, appear attractive. For those of us who think of ourselves as 'honest' - we pay our taxes, don't commit murders and are loyal to our partners -why indeed should we fear surveillance?"Nothing to hide, nothing to fear" (NTHNTF) is a myth that is built on certain false assumptions,and these assumptions are never questioned when it is wheeled out as an argument to supportwhatever draconian surveillance measure is being pushed out in the face of citizen opposition(commercial organisations rarely try such an approach, since it dooms them to failure from thevery beginning). These assumptions include:
q
 
Continuity 
: When a large data gathering exercise is started, the lifespan of the systemwill almost always be greater than that of its instigators. The most benign and caringgovernment, authority or private company is inevitably subject to a change of management, and if the new executive does not share their moral stance, then data canbe reused for very dangerous purposes. Those who provided data believing they hadnothing to fear may find that data is misused in the future.
q
 
Context: 
Those who use the NTHNTF argument most commonly use it in the context of government collecting information about individuals. In the information age, the idea of asingle entity holding that information does not hold true. The massive pressures to shareinformation within and beyond government mean that information is constantly on themove. Sooner or later, information held by the government will be shared across thegovernment and with the private sector.
q
 
Control: 
Whether through a sharing agreement, aggregation of databases or simplyleaving a memory stick in a pub car park, information is always shared sooner or later.Information security professionals always assume a system to be insecure, and plan forwhen - not if - data is lost or corrupted.
q
 
Consistency 
: The most important issue is that of consistent use of accurate informationacross all authorities and all individuals.Let's consider
consistency
in more detail. When databases work from 100% accurateinformation; when that information is used in accordance with the original consent purpose;
Search
 
Debunking a myth: If you have nothing to hide, you have nothing to fear (The Privacy, Identity & Consent Blog)
when processes work correctly; when outcomes are as expected for every subject in thedatabase; then, arguably, individuals have nothing to fear. Unfortunately, this is a Utopian statethat is never achieved in a real world system. We see numerous examples of this problem:
q
 
Take the extreme example of 
Khalid El-Masri
. This German national was kidnapped,flown to Afghanistan, tortured and then eventually released when it was realised that hiswas a case of mistaken identity, and he was not in fact an alleged terrorist with a similarname.
q
 
In 2007,
 junior doctors found their personal information - including sexual orientation - published on the Internet
in a web security breach. How many of thoseindividuals were 'outed' as a result of that breach? Those who had kept their orientationsecret from their families or colleagues were perfectly at rights to do so, but found itreleased anyway.
q
 
In 2006
a student was wrongfully arrested for stealing mail
when a batch of letterswere recovered. His fingerprints - which had been taken a year previously when he wasaccused of criminal damage but released without charge after the real culprit confessed -matched those on some of the letters. After his arrest it was discovered that the lettersbearing his fingerprints were
posted by him
. He was released, and then had to campaignto have his DNA data removed from the National DNA Database.
q
 
Time and again individuals have been fired from jobs, or failed to get jobs, because of 
errors in the Criminal Records Bureau database
. They have been stigmatised ascriminals, even to the extent of being falsely branded as sex offenders, because of database failings.This sort of mistake might seem rare, but it is going to become increasingly common.
Police cars are being fitted with fingerprint scanners
, and it seems to be only a matter of time
before they can even check DNA on the spot
. Systems will make mistakes, and procedureswill go wrong. The victims of the benign database state are those who aren't treated inaccordance with the intended rules, but are at the wrong end of breakdowns in data accuracy,procedural rules or system errors. Under a benign government, it's not the intended surveillancethat makes victims of innocent people, but the errors.So why do I fear the idea of a database state, even when I have "nothing to hide"? Well, I
do
 have things to hide. Everyone has things to hide. If I have a serious health concern, I want tobe able to consult my GP without worrying my wife. If I'm looking for a new job, there is noreason why I should have to reveal that to my employer. In fact, if even I've committed aserious crime, been convicted, rehabilitated and paid my debt to society, why should I beobliged to reveal that history to my neighbours if I pose no threat to them? Should my friendsknow if I've got an unauthorised overdraft, or if I've downloaded perfectly legal adult contentfrom the Internet? I've done none of these things, and am in no particular rush to, but Idemand the right to privacy if those situations arise."Nothing to hide, nothing to fear" is a myth, a fallacy, a trojan horse wheeled out by those whocan't justify their surveillance schemes, databases and privacy invasions. It is an argument thatinsults intelligent individuals and disregards the reality of building and operating an IT system, abusiness or even a government. If ever you hear someone at a dinner party crank out this oldchestnut, grab your coat, make your apologies, run fast and run far. And as
William
has saidbefore, I wouldn't want to be stuck at a dinner party next to someone who has nothing to hide -
http://www.computerweekly.com/blogs/the-data-trust-blog/2009/02/debunking-a-myth-if-you-have-n.html (2 of 6)3/4/2009 12:35:42 PM
 
Debunking a myth: If you have nothing to hide, you have nothing to fear (The Privacy, Identity & Consent Blog)
imagine how dull that would be.
Tags:
 
privacy
 Posted byToby Stevenson February 25, 2009 9:07 PMPermalink|View blog reactions 
Comments (2)
One of the more cogent and coherrant exposes on the "NTHNTF" myth.One of my chief concerns (and I have many) regarding the emergence of what Guy Herbertfrom the campaign group NO2ID calls, "The Database State", is that its development isinextricably linked to with notion that as good citizen's we should be required - indeed expected- to constantly proove: (a) that we we're good - i.e., that we behaving in a socially acceptableand socially endorsed manner and (b) that whatever we may ask for from the state, we are infact entitled to ask for it. That is, that we must first proove our entitlement. Only by constantlymonitoring us, under a constantly operating regime of surveilance may we achieve this and inthe process, weed out those who aren't entitled and those are are deviant and dangerous tosociety.Such a view profoundly confuses the distinction between entitlement and privacy and issymptomatic of the move towards to emeregence of a totalitarian state. It is my view my viewthat we in the west are already well on the way to a new form of post-modern totalitarian state(what Guy Herbert calls 'soft fascism') in which behaviour and opinions which are disapproved of by the political class are pathologised and then regulated by violence-backed laws "for your owngood' or "for the children" or "for the environment. The emeregence of the surveilance state issimply the icing on the cake if you like of the development of an infrastucture designed toorchestrate social control. Resonating strongly with the warnings Orwell extols in his book 1984,it's obvious how the more information you have about citizens, the more you can control whatthey see, hear, think and ultimately do.What's essential, somehow, is to get across the idea that you are entitled to be anonymous ingoing about your lawful business. I think that this is close to being a fundamental principle of afree society under the rule of law: because we ought to be treated equally in equalcircumstances, an enquiry into who you are ought to be considered unacepptable in any casualtransaction because it ought to be irrelevant.Compare those rules in effect forbidding employers from asking female candidates at interviewabout their plans for children. Because the inquiry implies a discrimination on grounds of personal characteristics that it is thought ought to be irrelevant, it is barred.The very fact of formal inquiry as to your identity - rather than the relevant characteristic -implies that we are not equal before the law and places you in the position of a personalsupplicant, not a customer or equal citizen.Beyond the reasons already articulated, one can easily think of persons who do have aspectsabout themsleves that they would arguble have completely legitimate reasons for wanting tokeep secret. To give but a few examples:1) People with "socially unnacceptable" illnesses who would not want that information sharedoutside professional medical contacts.2) People fleeing domestic violence who do not wish to be traced.3) "Spent" criminal convictions - although that's already largely redundant. Very little is spentthese days.
http://www.computerweekly.com/blogs/the-data-trust-blog/2009/02/debunking-a-myth-if-you-have-n.html (3 of 6)3/4/2009 12:35:42 PM
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...