Don't Turn Your Back On Privacy Because You Have 'Nothing To Hide'

Your smart phone or browser may be wrapping chains around your future self, that are invisible to you now.
Don't Turn Your Back On Privacy Because You Have 'Nothing To Hide'

Nothing to hide, nothing to fear

You tell me you have nothing to hide.

Then please post your bank PIN code in the comments section below this article. And then install a webcam in your bathroom with a live feed to your Facebook page.

If you really believe you have nothing to hide, you won’t mind emailing me the passwords for your email accounts (all of them, not just the work ones) and you won’t mind me trawling through everything you’ve ever written, and publishing anything that I think is interesting for the world to see? I mean it. This is a live experiment. My Contact Form is on this website. If you’re not a bad person, if you’re doing nothing wrong, you’ll do that for me, won’t you?

Actually you don’t need to send me your passwords for your information to be out there in the cloud. Perhaps you didn’t realise, but every email you send (unless you use an encrypted email service, like ProtonMail) can be read by any server it passes through on the internet on its way to your intended recipient - a typical email passes through multiple servers, and some of these servers are ones set up by criminal organisations or other bad actors.

It’s like sending all your post, including communications with your bank, lawyers and lovers by postcard rather than in an envelope - and then asking the mafia to deliver them.

No wonder pensioners are losing so much money to scammers, and most business data breaches are due to phishing and social engineering attacks. But that’s just the beginning.

Smart phones are the greatest mass surveillance tool that has ever existed, for governments and hackers. Most of us realise this in the backs of our minds, but carry on anyway - because “why would anyone be interested in our lives?”.

From William Binney, ex-US National Security Agency (NSA) Technical Director, regarding the collection of data done by the US on its own citizens and those of other continents: “Collecting data on that scale … presents the opportunity for the government to go really bad … People in Germany who have experience of the Gestapo and SS - they have living memory of what it means to have that kind of information in a central repository for central government to use. It’s only a matter of whether the current government is favourable to democratic principles as to whether they become totalitarian or not.”

The powerful people who control the online world feed us the message that only bad people have something to hide. But their actions don’t match their words when it comes to their own lives.

Facebook’s Mark Zuckerberg in 2010 said “privacy is no longer a social norm”. Yet in 2013 Zuckerberg and his new wife purchased not only their own house, but also all four adjacent houses in Palo Alto (for a total of $30 million) in order to ensure they enjoyed a zone of privacy to prevent other people from monitoring what they do in their personal lives.

Democracy is not a spectator sport

Google’s Eric Schmidt in 2009 said “if you are doing something that you don’t want other people to know, maybe you shouldn’t be doing it in the first place”.

“The only people that care about privacy are bad people”, is the message we are fed, but this is very dangerous and misleading because of an unseen disconnect between us and those who govern us. We (the public) assume ‘bad people’ means terrorists or violent criminals. But to those in power it means anyone who poses a threat to them and their power.

Even if you aren’t brave enough to risk protesting about things you care about, aren’t you glad the activists, journalists and dissenters do it on your behalf - whether it be to protect the planet, promote women’s rights, or fight corruption.

By taking away the right to privacy, action against the state can easily be stifled, and this is not for the common long term good. (People argue that to stop terrorism we need to stop encrypted communication - I did debunk that myth in a draft of this article, but it got too long!)

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different from saying you don’t care about free speech because you have nothing to say.” Edward Snowden

The measure of how free a society is, is not how it treats its good, obedient citizens, but how it treats its dissidents. Compare the UK to Russia (and hope we don’t become like them).

By the way, one of the first things Russia did having invaded Crimea was to ensure that all internet traffic went through Russian cables - why was this? To create a better service, or for control of the people? For journalists working in war zones or under repressive governments, digital security can be the difference between life and death.

If you don’t support the rights of others to privacy (because you say you have nothing to hide), you are being entirely selfish.

I recommend a film, Nothing to Hide, from 2017 (and free to watch online). It’s enlightening on just how much information about a person can be inferred from the metadata on their smart phone usage. Metadata is data about data, not the content itself (for instance information about the date, time and recipient of a message rather than the actual message text). So people think it’s innocent and don’t mind giving their apps permission to use it - including the ones written by unknown programmers in Russia or Africa.

Let’s take a mainstream example, WhatsApp.

WhatsApp is encrypted so I don’t need to worry … think again!

Even though WhatsApp message content is encrypted, the app still collects vast amounts of information. The permissions it obtains on installation include access to all phone operations, files and photos, contacts, accounts, running apps and text messages (and many more too - you can check for yourself).

That means WhatsApp, and its owner Facebook, know who is in our social group. It can log the details of every call and message, track our location 24 hours a day, know which apps we use, read the files stored on your phone and scan every photo (including performing facial recognition of every person in them). It then connects this with information collected by Facebook - both on the Facebook site and as we browse on most other websites - including our interests, posts we made, articles we ‘Liked’, items we bought, political statements we’ve made, causes we support and so on. Where we work, live and eat out, and who we socialise with gives away a lot of information about us, even though we think we’re anonymous. This includes our financial status. And by the way, any app (not just WhatsApp) can tell who you are just by seeing which Facebook page you go to the most. Not exactly rocket science, is it?

Facebook paid $19 billion for WhatsApp in 2014. Why would they do that if “all your information is encrypted” and there wasn’t a huge new pool of your information to exploit? If you haven’t yet realised, Facebook is not a charity - it’s one of the most profitable businesses in the world - and your data is the product they are selling.

Many people argue that they don’t mind Facebook collecting data because “targeted ads are useful”. Would you change your mind if you know that some sites charge differing amounts when you shop depending on your profile?

As an example, Orbitz charged more for hotels if you were searching for a room using an Apple Mac than if you were using a Windows PC - because Apple users were deemed to be less price sensitive.

And how would you feel if that same data collection allowed a Facebook algorithm to learn that you were having an affair? Relatively easy to do from your location data - for example where you are each night - together with your message, call, website history and changing shopping habits.

Facebook regularly sells their data, has it stolen or accidentally exposes it. Evidence of your affair could be used against you equally effectively for blackmail by criminal gangs in Nigeria, to control you by future governments, or for business sabotage by your competitors.

We know we are being surveilled by all the web giants. Facebook, Google, Microsoft, Amazon, Apple are all collecting our data on a vast scale - never seen before in history even by the worst autocratic states. The only difference is who is in control. In the future different people may be in control, but our data will still be there.

Once that data has been collected, it is out there on ‘the cloud’. It can be misused, sold or stolen by corporations, governments, political actors and anyone else who wants to manipulate us.

A prison in the mind is more powerful than iron chains

The worst form of mass surveillance is when the surveilled do not know whether they are currently being watched. This psychological system has been used by prisons and tyrants as it is one of the the best forms of control.

When we are in a situation where we know we may be being watched, our behaviour changes dramatically - we conform to ‘social norms’ - the range of behavioural options we consider is severely reduced. This fact has been recognised by social science, literature, religion and many psychological studies.

The government doesn’t have the resources to monitor all of us all the time. But what every tyrant and authoritarian regime has realised is that they don’t have to. If people don’t know whether or not they are being watched but know that they might be, their behaviour changes anyway. It’s an incredibly efficient way to ensure compliance, obedience and submission.

“Those who do not move, do not notice their chains.” - Rosa Luxemburg

This is how authoritarian regimes have always worked. In the past they used a network of ‘informers’ - now they don’t have to because they have your smart phone. By voluntarily carrying smart phones we have inadvertently given this spying facility to Western and ‘democratic’ governments and the power that it gives is proving hard to resist.

Governments, including those in the UK and the US, are turning the internet from a tool of liberation and democratisation into a tool of mass and indiscriminate surveillance. See the TED Talk by Glenn Greenwald.

Nothing to fear

There are some things we are only willing to do if no-one is watching.

We are social animals so we like to communicate and voluntarily do so via social media. But equally, we instinctively know that we need to be able to have privacy - to create, to experiment, and to have fun without others watching or listening.

All of us have things to hide.

Do you like to dance alone?

dance fail

To walk around the house naked? To practise karaoke in private until it’s at a level where you’re not embarrassed to perform in public? To try out new looks? Experiment with sex or drugs?

If you conform to the go-to-work, come home, cook some wholesome recipes, help with childrens’ homework, watch the news fed to you, and never read or write about anything that criticises politicians stereotype - then truly, you probably don’t have anything to hide or to fear.

But you have just turned yourself into a dull, uncreative, robot. This is how the state and those in power want us to be. Conforming and submissive. Do you want to be like the poor human beings in North Korea and the old Communist China that are turned into automatons because they are too scared to do anything else? This is the possible end game if we do not stay alert and guard our privacy like we guard our democracy - democracy and privacy go together like surveillance and tyranny.

Do you want to travel to the United States? Things may change soon.

The US has just announced it wants all visa applicants (yes that’s everyone travelling to the States, not just those deemed a potential high risk) to provide all of their social media names, email addresses and phone numbers they have used for the last five years.

We know that President Trump is sensitive, bullying and revengeful. Does that mean that if you’re a business woman in the UK wanting to do business in the US, you will not be allowed into the country if you have ever criticised the policies of the US President?

Soon anyone wanting to do business in the US will be too afraid to comment on US policies.

Maybe I won’t be allowed to go there for writing this post.

You can’t predict the future, but your data from today will still be there

Records of our posts, emails, photos and location history never go away.. When you delete your history, do you really think it’s deleted off all the servers on Google and Facebook? And off the servers at agencies such as the NSA and GCHQ?

Most phone apps ask for ‘location’ permissions, which means that any of those apps can log every time you break the speed laws while driving - and you can’t be sure this won’t be on record for ever. Are you sure you’ve never broken the law?

People change. You might be a climate change activist now and perhaps you break the law during your protests for the greater long term good of the world. Or right now at college, you believe in the medical uses of marijuana and like to help out with some of the experiments personally :). It can be easy to find out those things using data from your smart phone. And that data will still be available when you are the CEO of a big business in thirty years time. If the government of the day decides you are an annoyance or are threatening their power in any way, they could easily describe you as a ‘law breaker’, a ‘bad person’, and use the evidence of these past offenses to bring you down a notch or two (or worse).

A more extreme example. If you read on your Kindle, tablet or smartphone, Google, Amazon or Apple will know everything you’ve read, and so by extension will the government. If politics keeps moving to the right as fast as it has in the last five years for the next twenty, then perhaps the US government will lock up all those who have read anything from the Koran. Since birth.

Unlikely, but not unimaginable given where we are today.

So, in summary

The convenience of the smartphone comes at an unseen but potentially huge cost to our future selves - with large and negative impacts to our personal liberty and democratic system. If we want our own homes to be fun, to create and explore in ways that we might be embarrassed to do if we suspect someone might be watching, we need to guard our privacy like anything else we value highly.

Information (sometimes surreptitiously) created on the lives we are living now will be stored forever. Once the geni is out, you can’t close the bottle. Yet the future is unknown - our role in life will have changed, and governments will definitely change, sometimes dramatically. We simply don’t know what activity we are doing or which communication we are writing, if recorded this year, might hurt us in a few decades’ time. In other words we need to control the information that we allow into the public domain.

Humans are very short termist - that is why climate change is such a threat - in the same way, because threats from privacy erosion are hard to see, most people make short term convenience a priority over long term freedom. But the threats are building right in front of our eyes, with news of data misuse headlining almost every week.

This does not have to be so. We can still socialise, use our smart phones, send emails and messages, use social media and browse the internet while protecting our privacy. Most people just don’t know how. It’s not in Google, Apple, Microsoft, Facebook and our own governments’ interest for us to do this and they aren’t about to help.

So let’s educate ourselves. There’s virtually no effort required to put basic protections in place, and it doesn’t come with inconvenience or a degrade in the services we get on our phones and devices.

This is my first post in a series of articles - in my next post I’ll tell you what steps you can take to protect your privacy.

There’s a golden circle too. By protecting your own privacy, this will also help the activists, journalists, human rights campaigners and other people that are making the world a better place on our behalf. These people may ‘red-flag’ themselves to their enemies (for example, the authoritarian governments they are criticizing) by showing an interest in privacy enhancing services or tools, because it is only the exceptional minority that uses them. But if we make privacy the norm for most of us - as it should be, it will be much harder for those wanting to protect their own power, to root their critics out.