Columns8.08.2013

Cory Doctorow: privacy, oversharing and government surveillance

Cory Doctorow

The European Parliament is currently involved in a wrangle over the new General Data Protection Regulation. At stake are the future rules for online privacy, data mining, big data, governmental spying (by proxy), to name a few.

Hundreds of amendments and proposals are on the table, including some that speak of relaxing the rules on sharing data that has been “anonymised” (had identifying information removed) or “pseudonymised” (had identifiers replaced with pseudonyms).

This is, however, a very difficult business, with researchers showing how relatively simple techniques can be used to re-identify the data in large anonymised data sets, by picking out the elements of each record that make them unique.

For example, a recent paper in Nature Scientific Reports showed how the “anonymised” data from a European phone company could be re-identified with 95% accuracy, given only four points of data about each person.

To those who say that privacy is dead anyway, I would point out that the reason anonymisation and pseudonymisation are being contemplated in the proposed Regulation is because its authors say doing this will protect privacy – and that means that they’re implying privacy is worth preserving.

Indeed, the whole premise of “Big Data” is at odds with the idea that data can be anonymised. After all, Big Data promises that with very large data-sets, subtle relationships can be teased out.

Surveillance and oversharing

This brings us to the issue of government surveillance versus individual privacy. Whenever government surveillance is debated, someone inevitably points out that it is no cause for alarm, since people already overshare sensitive personal information on Facebook. This means there’s hardly anything to be gleaned from state surveillance that isn’t already there for the taking on social media.

It’s true people overshare on social networks, providing information in ways that they later come to regret. The consequences of oversharing range widely, from losing a job to being outed for your sexual orientation. If you live in a dictatorship, intercepted social media sessions can be used by those in charge to compile enemies lists, determining whom to arrest, whom to torture, and – potentially – whom to murder.

The key reason for oversharing is that cause and effect are separated by volumes of time and space, so understanding the consequences can be difficult. Imagine practising penalty kicks by kicking the ball and then turning around before it lands; two years later, someone visits you and tells you where your kicks ended up. This is the kind of feedback loop we contend with when it comes to our privacy disclosures.

In other words, you may make a million small and large disclosures on different services, with different limits on your sharing preferences, and many years later, you lose your job. Or your marriage. Or maybe your life, if you’re unlucky enough to have your Facebook scraped by a despot who has you in his dominion.

That is not to say some sharing is not a good thing. Careful, mindful sharing holds enormous benefit for individuals and society. We need to be good at it, though – not merely prolific, but skilled.

Why we should care about privacy

Furthermore, when it comes to government surveillance, politicians are quick to tell us that the innocent need fear nothing from involuntary disclosure. However, it must be remembered that privacy isn’t secrecy. I may know what you do in the toilet, but that doesn’t mean you don’t want to close the door.

There is no doubt that you should be very concerned about government proposals in this regard. There are, in fact, multiple reasons why you should care about your privacy.

You should care about privacy because if the data says you’ve done something wrong, then the person reading the data will interpret everything else you do through that light. You should care about dragnet surveillance because it gives cops bigger haystacks with proportionately fewer needles. What we seek is for the authorities to do their jobs well, not simply suck up all the data they can in the hopes that it will be useful, someday.

You should care about surveillance because you all know people who can be compromised, socially, sexually or health-wise. And finally, you should care about surveillance because once the system for surveillance is built into the networks and the phones, bad guys (or dirty cops) can use it to attack you.

Our communications systems are more secure if they’re designed to keep everyone out – and adding a single back door prevents this. You can’t be a little bit pregnant, and the computers in your pocket and on your desk can’t be a little bit insecure. Once they’re designed for surveillance, anyone who can bribe or impersonate a cop can access them.

And that is a truly frightening thought.

This opinion article is by Cory Doctorow, the globally-renowned science fiction author, activist, journalist and blogger. See Cory Doctorow at the iWeek conference – register to attend at http://www.iweek.org.za/

More opinion columns

Apple bruised, but nowhere near beaten

Be careful what you wish for

Going a bit (Micro)soft

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter