net.wars: Nothing to hide, no one to trust
by Guy J Kewney | posted on 14 September 2007
The actor David Hyde Pierce is widely reported to have once responded to a TV interviewer inquiring as to whether he was gay: "My life is an open book, but that doesn't mean I'm going to read it to you." (Or something very like that.)
This seems to me a both witty and intelligent response to the seemingly ever-present mantra these days, "If you have nothing to hide, you have nothing to fear," invoked every time someone wants to institute some new, egregious privacy-invasive surveillance practice. And there are a lot of these.
Last week, a British judge came up with a brilliant scheme for eliminating the racial bias of the 3 million-entry DNA database: collect samples from everyone, even visitors.
I may have nothing to fear from this – after all, DNA testing has, in the US, been used to exonerate the innocent on Death Row - but it invokes in me what British politicos sometimes call the "yuck factor". Normally, this is reserved for such science-related ethical dilemmas as human cloning, but for me at least it applies much more strongly here. I loved the movie Gattaca , but I don't want to live there.
In fact, there are considerable risks in DNA-printing the entire population (aside from killing tourism).
For one thing, we do not know how we will be able to use or interpret DNA in the future as sequencing plummets in price (as it's expected to do). Say, the UK had considered compiling a nationwide fingerprints database back in 1970 (there would have been riots, but leaving that aside). No one would have foreseen then the widespread availability of cheap fingerprint scanners and online communications that could turn that database into a central authority.
We can surmise that the DNA database will contain sufficient information to allow anyone who can gain access to it to impersonate anyone at any time.
Conversely, as we get better and better at understanding what individual genes mean and sequencing drops precipitously in price, the DNA database will grant those who have access to it unprecedented amounts of information about each person's biological or medical prospects and those of their immediate relatives. While there are many diseases that do not have markers in our genes, there are plenty more that do.
Does anyone really want the government to be the first to know that they carry the gene for cystic fibrosis or breast cancer?
I don't believe for a second that it was a serious proposal. This is the kind of thing someone says and then everyone holds their breath to gauge the reaction. Has the country been softened up enough to accept such a thing yet? But the fact that someone could say it at all shows how far we have moved away from the presumption of innocence on which both the UK and the US governments were founded.
Witty answers on talk shows aren't, however, quite enough to make a case to a government that what it wants to do is a bad idea. Daniel Solove, author of The Digital Person* and a law professor at George Washington University law school, recently published an essay examining this very point.
In it, he compares privacy to environmental damage: not the single horror story implied by "nothing to hide, nothing to fear", but the result of the accumulating damage caused by a series of "small acts by different actors". The broader structural damage that happens in breaches of confidentiality (such as companies violating their own privacy policies by selling data to third parties) is a loss of trust.
I am not a supporter of open gun ownership, but the US Second Amendment has some merit in principle: the basic idea is to balance the power of the individual against the State. The EU's data protection laws do – or would, if the EU doesn't ignore them as it has in the case of passenger data – a reasonable job of balancing the power of the individual against commercial companies.
But the data protection laws can be upended, it seems, whenever a national government wants to do so. All it has to do is pass a law making it legal or mandatory to supply the data it wants to collect, transfer, share, or sell. But the fact that such policies are possible doesn't make them a good idea, even with the best intentions of improving security or personal safety.
The San Francisco computer security expert Russell Brand once asked me, in the casual way he poses philosophical questions, "If you knew they would never be used against you, would you still have secrets?"
After some thought, I came up with this: yes. Because one of the ways you show someone that they are important to you and you trust them is that you disclose to them things you don't normally tell other people. It is, in fact, one of the ways we show we love them.
We don't tell governments secrets because we want to be intimate with them; we do it because we're required to do so by law. The more one-sided laws make the balance of power, the less we're going to trust our government. Is that really what they want?* The Digital Person: Technology and Privacy in the Information Age (Ex Machina: Law, Technology and Society)
Technorati tags: privacy
Ask me in Room 101... - You can discuss this article on our discussion board.
net.wars: Nothing to hide, no one to trust