By Sean Rintel
In
the wake of former CIA employee Edward Snowden’s
revelations of the
PRISM NSA mass surveillance, people are once again asking
why the general public should care if they’ve got nothing to
hide.
“Nothing
to hide” hides a lot behind an absolutist gloss. It puts the
focus on the individual rather than on the real problem of a
society-wide loss of data control at many levels.
Is this a
fair question? Not really. Below, I give nine reasons why we
must care – regardless of our innocent intentions.
1)
Presumption of guilt
Mass
surveillance and
data retention overturn the foundation of the modern legal
system: the
presumption of innocence. Not only is the presumption lost
for gathering evidence, it also weakens the effect of that
presumption throughout the rest of the legal process.
If there
is a normalisation in the public consciousness that there is a
weakened presumption of innocence, we have compromised the
effectiveness of our legal system.
2)
The loss of personal data control
Mass
surveillance circumvents our right to personal data control,
also known as
informational self-determination. As the late Professor of
Public Law
Alan F. Westin put it in his 1970 book, Privacy and Freedom:
The right of the individual to decide what information about himself [sic] should be communicated to others and under what circumstances.
We have
envelopes for our letters and curtains on our windows not
because we’re doing something wrong but because our we are
choosing how to share (or not) that business. Governments and
security organisations should have no part in that choice
without a specific, targeted, and legally warranted reason.
3)
Transferring power to security organisations
Allowing
security organisations to have far-reaching capabilities without
strict oversight effectively transfers power from governments to
the security organisations themselves.
The power
of voting for elected officials is weakened if security
organisations make choices based on securing their own position
rather the interests of the country.
Vladimir
Putin is reputed to be finding the
siloviki
(the “men of power” from state security) who helped build his
regime to now be
more demanding than in the past. Such transfers of power are
not limited to a shadowy few in a far-off land, nor just at the
highest level.
In this
kind of climate, the power to invoke or even just threaten a
search from mass surveillance can be devolved to even front-line
law enforcement.
4)
False positives
Anyone
searching for information on “topics of concern” to security
agencies, for legitimate reasons (such as researchers,
journalists, students) or even personal curiosity, could be
falsely identified as a person of interest in an investigation.
As
security
technologist and author Bruce Schneier argued in a guest
blog post last year, this is one of the fundamental
problems of profiling.
The
ramifications for the individual might range from inclusion on
no-fly lists, denial of access to some jobs, through to false
arrest.
5)
Changing definitions of issues of concern
What
counts as a problematic topic in the eyes of security
organisations changes over time, especially in the wake of an
incident. We are all still taking off our shoes at many airports
because of one “shoe bomber”,
Richard Reid, in 2001.
When
something as seemingly benign as shoes is suddenly linked to
security concerns, the potential for large retrospective data
sweeps – as well as having shoe-related topics then included in
future sweeps – increases, with concurrent increases in the
possibility of embarrassing and/or gravely serious mistakes.
6)
Political corruption
The
potential exists for the government of the day to request
detailed information that falls well outside the scope of
legality.
Watergate is the classic example of data-gathering about
political adversaries, but compared to the potential corruption
made possible by mass surveillance, that was a drop in the
ocean.
Mass
surveillance could be directed not only at direct political
adversaries but also their official supporters and those who
might fall into a demographic of potential support.
7)
Personal abuse of power
While most
security agents work within the law, there are occasions when
they abuse their power. The London Police were
found to be complicit in the News Of The World hacking
scandal and, as ABC journalist Nick Ross noted
in an article last September, many small-scale examples of
abuse of power are captured on the news website
Reddit.
Communication data gathered for abusive private purposes could
include email, texts, pictures intended for revenge, extortion
or prurience.
8)
Honeypots
Large
collections of telecommunications data – be it the content or
the metadata
–
attract hackers. Unfortunately, governments and their
sub-contractors have a
poor track record safe-guarding such data.
Even
without blunders, the data can be stolen or individuals with
direct access can be manipulated to hand over this information
through
social engineering, bribery, or coercion.
9)
Big data and the problem of patterns
The entire
premise of “big
data” – large and complex sets of computer data – is to find
patterns from aggregates. While you may feel that, post-by-Facebook-post,
you have “nothing to hide”, mass surveillance creates the
possibility of finding patterns that catch the interest of
security organisations.
Such
patterns have the possibility of including the innocent with the
guilty. Worse, there’s the possibility to not just find but
“create” patterns from such aggregations that frame the innocent
as potentially guilty.
Everything to lose
As
security expert Bruce Schneir
wrote for Wired in 2006, and is even more true today, we
must not “accept the premise that privacy is about hiding a
wrong”.
The issue
with the NSA PRISM program, and other such programs around the
world, is not that we have “nothing to hide” – it’s that we have
everything to lose.
Sean
Rintel Lecturer in Strategic Communication at University of
Queensland
No comments:
Post a Comment