Debunking the “Nothing-to-Hide” Rhetoric

A few months ago, Least Authority ran user-testing sessions to get a sense of what our potential users think about our products – S4, our current Amazon S3 based application of Tahoe-LAFS and Gridsync, our forthcoming graphical user interface for S4 and Tahoe-LAFS.

In addition to getting valuable feedback, it was interesting to hear diverse perspectives on the questions of data security, privacy, and surveillance. One of the viewpoints that stuck with us was “I don’t care about privacy. I’ve nothing to hide.”

To us Least Authoritarians, who believe that freedom matters in Internet technology and who design our products to help you retain control over your data, the “I don’t care about privacy. I’ve nothing to hide,” argument does not sound convincing. It has some faulty underpinnings and needs to be debunked.

Let’s start by dissecting some of the oft-repeated reasoning given in support of “Nothing to hide” argument.

I’m a responsible citizen, I am honest and truthful, I’m law-abiding, I have nothing sensitive, embarrassing, or illegal to conceal. I’m not a criminal involved in illicit activities. I’m not doing anything wrong, so I have nothing to fear and nothing to hide

Sounds about right until you picture this –

You are law-abiding, responsible citizen who does no wrong yet, under the guise of providing security, someone out there is clandestinely ensnaring your phone calls, rifling through your emails, your photos, your documents, your bank statements, your usernames, passwords and even your household trash. All this to collect data about you, process it, store it and then analyze it without you knowing about it.

Furthermore, if inadvertently you fall under suspicion from somebody, your stored data is used against you, and every decision you have ever made, every friend you have ever discussed something with, is scrutinized to prove that you are a “bad guy” and a potential threat to the society. How does that make you feel?

I don’t mind companies or the government knowing all about my private life or collecting my personal data. It’s important to detect and catch the “bad guys” and ensure citizens’ safety and security.

Studies have not corroborated that collecting our personal data helps in detecting and catching the “bad guys”. We are reportedly giving up the control of our private communications and not getting any real security in return. A study conducted by New America Foundation showed that the bulk collection of data (for instance via telephone calls you make, your email address book and contact list or the messages you send to your friends), had zero or marginal effect on the detection of bad guys and prevention of attacks.

Another common reasoning is “I don’t care about privacy. I am an open person and I have nothing I would want to hide.”

This does not sound quite right.

Everybody probably has something to hide from somebody. We all enjoy privacy. We like to retreat to our homes, keep conversations among our family and friends and pursue our personal interests. We put passwords on our email and all our online accounts. We lock our bedroom and bathroom doors to prevent other people from entering our ‘private realm’. As Glenn Greenwald commented during the TED Talk, “Every single time somebody has said to me, ‘I don’t really worry about invasions of privacy because I don’t have anything to hide.’ I always say the same thing to them. I get out a pen, I write down my email address. I say, ‘Here’s my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you’re doing online, read what I want to read and publish whatever I find interesting. After all, if you’re not a bad person, if you’re doing nothing wrong, you should have nothing to hide. Not a single person has taken me up on that offer. I check that email account religiously all the time. It’s a very desolate place.”

People who crank out “nothing to hide” argument are those whose viewpoints about privacy, are in most instances devoid of context, insight, clarity or reason.

• They have wrong notions about privacy. They think privacy is about hiding something wrong. But it is not. As Bruce Schneier says, “We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.”
• They are unaware that companies are sweeping up vast quantities of data about their activities, both online and off. This massive volume of data is analyzed to make inferences about them, including potentially sensitive inferences such as those related to ethnicity, income, religion, age, and health conditions.
• They are uninformed about how their data is collected and used. They have, for instance, zero or little information that their smart, connected products gather and transmit detailed information about them. This data is used by big companies to make predictions about their individual interest and behavior.
• They have not yet considered that their privacy may have value. They don’t realize that the “big data” collected by big companies by intruding into people’s private lives is used to better sell their products, target marketing efforts, or just make better products to sell.
• They think privacy is not necessary and they get accustomed to a lack of privacy. They have an illusion of invulnerability until they experience negative consequences such as being phished or stalked. They are aware that they are being monitored by governmental organizations, marketers, and employers but do little to deter it.
• They value privacy but they value other things more. They are willing to give up their privacy in return for a minor benefit like a small discount card.

In the light of the above facts, “Nothing to hide” argument is apparently not based on very solid grounds.

It is, in fact, a dangerous proposition and can lead to serious consequences.

Here’s How –

• • Security is about attitude, mindset, and culture. The “I don’t care about privacy” attitude reflects careless indifference towards building a digitally secure life and leads to increasing incidence of attacks and breaches, which potentially impacts us all. The incidents given below are just a few examples:
    • In Mexico, the personal information of over 93 million voters, including home addresses, were openly published on the Internet after being taken from a poorly secured government database. Considering that up to 100,000 people are kidnapped in Mexico each year, leakage of such sensitive personal information could be far more dangerous than anyone could imagine.
    • In England, hundreds of planned operations, outpatient appointments, and diagnostic procedures were canceled after a computer virus, most likely a ransomware infected the hospital systems.
    • In 2016, VTech electronic toy company announced that one of its databases had been hacked, exposing the names, ages, and genders of more than 6 million children who used the company’s toys.
  • “Anti-privacy” rhetoric also shows apathy towards mass surveillance, a power that carries tremendous potential for abuse. One cannot overlook the lesson learned from the history about how humans respond when put in positions of unchecked power. With the help of the corporate giants, government agencies all around the world have the means to browse through our previously private data. Organizations authorized for surveillance legitimize these practices on the ground of fighting terrorism. They claim that they only look at our data when investigating terrorism. However, the definition of the term ‘terrorism’ may change or broaden with time. For example, the new legislations in U.K, U.S.A, France, Turkey and other countries prove how in the name of security, many laws that attack freedom of expression and the right to a private life have been adopted. Agencies are pushing for more and more surveillance creating possibilities of building a system with even more potential for abuse.
  • Privacy is about our ability to decide how we present ourselves to the world. Given how many of our digital traces are constantly being collected, mostly in ways that we can’t see, this erosion of our privacy will have an impact in the long run – on our jobs; on our networks; on how much we pay for specific products; and a range of other things we can’t even imagine, yet.

• • There are psychological effects of the erosion of privacy. According to Elias Aboujaoude, a professor of psychiatry at Stanford University and the author of “Virtually You: The Dangerous Powers of the E-Personality”, “Privacy at it’s heart is about our psychological autonomy and the maintenance of some semblance of control over the various little details that make us us.” Bruce Schneier rightly points out, “If we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that — either now or in the uncertain future — patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality because everything we do is observable and recordable.”

• Privacy is not a matter of individual choice. How everyone treats privacy and security has an effect on others. When you say, “I have nothing to hide,” you absolve yourself from the social responsibility and mean that it’s okay for governments to infringe on the rights of potentially millions of humans and possibly ruining their lives in the process. As Edward Snowden says, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”

Philosophers and ethicists have described privacy as an indispensable characteristic of personal freedom. Privacy is associated with autonomy, dignity, spirituality, trust, and liberty. In his famous article on the Right to Privacy (1890) the American jurist Louis Brandeis described privacy as “the right to be let alone” and as “the most fundamental of all rights cherished by a free people.” He also articulated in the same article, “Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual the right “to be let alone.” What Brandeis said, resonates with us Least Authoritarians and we work continuously towards achieving the “Right to privacy” for individuals by the use of strong cryptography.