11 January 2010

What "Nothing to Hide" is Hiding

As governments around the world - but particular in the UK - increase the surveillance of their hapless citizens, one argument above all is made in favour of doing so: "if you have nothing to hide, you have nothing to fear."

Of course, the rebuttal is that, indeed, we have nothing to hide, but we do value our privacy, and we should not be asked to sacrifice that for dubious government convenience. But as this excellent paper entitled "I've got nothing to hide, and other misunderstanding of privacy" points out, there is a particularly dangerous "strong" form of this argument that is harder to brush off so easily:

Grappling with the nothing to hide argument is important, because the argument reflects the sentiments of a wide percentage of the population. In popular discourse, the nothing to hide argument’s superficial incantations can readily be refuted. But when the argument is made in its strongest form, it is far more formidable.


The NSA surveillance, data mining, or other government information- gathering programs will result in the disclosure of particular pieces of information to a few government officials, or perhaps only to government computers. This very limited disclosure of the particular information involved is not likely to be threatening to the privacy of law-abiding citizens. Only those who are engaged in illegal activities have a reason to hide this information. Although there may be some cases in which the information might be sensitive or embarrassing to law-abiding citizens, the limited disclosure lessens the threat to privacy. Moreover, the security interest in detecting, investigating, and preventing terrorist attacks is very high and outweighs whatever minimal or moderate privacy interests law-abiding citizens may have in these particular pieces of information. Cast in this manner, the nothing to hide argument is a formidable one. It balances the degree to which an individual’s privacy is compromised by the limited disclosure of certain information against potent national security interests. Under such a balancing scheme, it is quite difficult for privacy to prevail.

One of the key arguments of the paper revolves around data aggregation (not surprisingly):

Aggregation...means that by combining pieces of information we might not care to conceal, the government can glean information about us that we might really want to conceal. Part of the allure of data mining for the government is its ability to reveal a lot about our personalities and activities by sophisticated means of analyzing data. Therefore, without greater transparency in data mining, it is hard to claim that programs like the NSA data mining program will not reveal information people might want to hide, as we do not know precisely what is revealed. Moreover, data mining aims to be predictive of behavior, striving to prognosticate about our future actions. People who match certain profiles are deemed likely to engage in a similar pattern of behavior. It is quite difficult to refute actions that one has not yet done. Having nothing to hide will not always dispel predictions of future activity.


Another problem in the taxonomy, which is implicated by the NSA program, is the problem I refer to as exclusion.85 Exclusion is the problem caused when people are prevented from having knowledge about how their information is being used, as well as barred from being able to access and correct errors in that data. The NSA program involves a massive database of information that individuals cannot access. Indeed, the very existence of the program was kept secret for years.86 This kind of information processing, which forbids people’s knowledge or involvement, resembles in some ways a kind of due process problem. It is a structural problem involving the way people are treated by government institutions. Moreover, it creates a power imbalance between individuals and the government. To what extent should the Executive Branch and an agency such as the NSA, which is relatively insulated from the political process and public accountability, have a significant power over citizens? This issue is not about whether the information gathered is something people want to hide, but rather about the power and the structure of government.


A related problem involves “secondary use.” Secondary use is the use of data obtained for one purpose for a different unrelated purpose without the person’s consent. The Administration has said little about how long the data will be stored, how it will be used, and what it could be used for in the future. The potential future uses of any piece of personal information are vast, and without limits or accountability on how that information is used, it is hard for people to assess the dangers of the data being in the government’s control.

None of these will come as any surprise to people thinking about privacy and computers, but it's interesting to read a lawyer's more rigorous take on the same ideas.

Follow me @glynmoody on Twitter or identi.ca.


zaine_ridling said...

I tend to make an Orwellian argument against a government's unlimited data collection on its citizenry. And that is, what's to prevent the next government (administration) from using new laws with old data with which to prosecute you in the future?

For example, in the way I use a search engine, what I download, where I spend my money, where I travel. Oh wait, that world is already with us. Never mind.

glyn moody said...

@zaine: ha!