Privacy is worth protecting, even if you have nothing to hide

Two categories of applications have been getting a great deal of attention lately: those that allow users to make purportedly anonymous comments and share them online, and those that promise secure, encrypted communications between users. But they’ve got a long way to go if they’re going to allay our fears of government eavesdropping and other threats to our digital privacy.

Privacy is the sort of thing most of us only pay attention to when it’s been compromised. If Snowden and Manning’s revelations about the extent of government surveillance hadn’t come to light we’d all be continuing to use services like Gmail, Facebook and Twitter with carefree abandon. Oh wait, most of us are still doing that despite what we now know.

We continue to post geo-tagged photos to social networks that show where we live, how we spend our free time and with whom we associate. We share maps of our running or cycling routes to these services, too, and talk about where we are and what we’re doing. We tag ourselves, and one another, in images on Facebook and Google+, improving each service’s facial recognition software as we do so.

It’s the last of these that alarms me most. Combine facial recognition with the growing number of CCTV cameras in major cities and all it takes is a court order from a disgruntled person with enough political influence to turn your seemingly innocuous social content into a surefire way to monitor your every move.

The reason most often given for failing to consider digital privacy in our day-to-day lives is that, if we have nothing to hide, there’s no need to. Others, meanwhile, take the line of thinking proffered by those institutions caught eavesdropping and argue that monitoring metadata alone — information about, for example, which telephone number you called when and for how long, rather than the content of the call itself — doesn’t amount to an infringement of privacy.

Both of these arguments are fundamentally flawed. Wanting privacy shouldn’t be conflated with having something to hide. There are plenty of legitimate reasons for people to want to keep certain things private – from their religious or political affiliation to their sexual orientation or drunken photos they’d rather family or employers (current or potential) didn’t see. For political dissidents living under repressive regimes, meanwhile, privacy can be a matter of life or death.

The metadata argument, meanwhile, falls flat for two reasons. First, there’s no reason to believe that those with surveillance powers are limiting themselves to metadata even if they claim as much, and second, even metadata in isolation can reveal a huge amount of compromising information about an individual. Just because we see no reason to protect our privacy now doesn’t mean we won’t have sound reason for wanting to do so in future.

Social (over)sharing

That’s not to say we’re all behaving as though no one is watching – in many instances the reverse is actually true. Consider Facebook, which for many of us has become little more than a highlights reel of our digital friends’ finest moments. Many of us only post the best of our lives publicly, and then as publicly as possible.

Aside from failing to consider the implications of doing so, we’re ignoring the communications we consider more private. If someone could read every instant message you’ve ever sent on WhatsApp what would they find? My bet is they’d find a huge selection of compromising information, from embarrassing personal details to – in some instances – bank details, ID numbers and other sensitive data.

Facebook, Google and mobile operators all hand information to authorities; they’ve admitted as much. At the same time, many free Wi-Fi services track users usage to serve them customised advertisements, as do social networks and search engines which derive their revenue from knowing as much about you and your digital habits as possible.

Which brings us to apps that promise greater security including the likes of Telegram Messenger, TextSecure, Threema, Wickr, RedPhone and surespot, to name but a few. While these are a step in the right direction, few of them offer genuine end-to-end security or self-destructing messages by default. Users have to choose to use the security functionality and have to ensure the people with whom they wish to communicate are using the same apps, too.

At the same time, services like Secret and Whisper – which let people post supposedly anonymous messages online – are just as beholden to the powers that be to hand over user information (like IP addresses) if asked to. Add to that reports of low-cost Android devices having security backdoors built in and we’re almost certainly far less anonymous online than we’d like to think.

Privacy is a right that we need to learn to exercise again, and defending it is going to require changes in mindset and behaviour. We need to pay attention to what we share and where we share it, and encourage those around us to do likewise.

Moreover, we need to hold the companies with which we share our information to account for what it’s being used for, how it’s protected and who it can be shared with. If we can’t rely on particular digital services to protect our information or to be transparent about how they’re using it perhaps we need to start taking our information somewhere else?

There’s a joke that goes: “Just because you’re paranoid, doesn’t mean they’re not out to get you”. Unless we take measures to protect our data and ourselves that joke may instead become a warning.

Image: Peter Lee via Flickr.