Awhile back, I wrote an article called “Nothing to Hide” after a comment made by a particularly unthinking neo-conservative — an otherwise likeable guy, making his comment all the more disturbing — suggested that if you have nothing to hide, you should not be against governmental intrusion into your privacy. And, yes, that was virtually the way he put it.
I have found in talking to others that one reason people say things like this is that they believe that if you aren’t doing anything wrong, then the government won’t bother itself with invading your privacy. They believe that the invasions of privacy which do occur will be a) because someone deserved it, or b) incidental to some compelling governmental purpose and narrowly-tailored to meet that purpose. In the latter instance, they believe that if the government makes a mistake, it will quickly reverse itself before making too severe an intrusion, once it realizes that it has made a mistake and that the “accidentally-targeted” individual is no threat. In other words, governmental intrusions will not be very burdensome upon them, will not cause them major issues and, once the government recognizes that they — the people who “have nothing to hide” — aren’t doing anything they shouldn’t do, they will move on. No harm, no foul.
They fail to take into account both the mind-set of law-and-security-enforcement types and the power of computers.
Why You Are Not As Safe As You Think
Key to the beliefs these “nothing to hide” people hold are that the government doesn’t have time to waste on those who aren’t up to no good. There are, after all, millions of citizens in the United States. To pry into the lives of all these people in a significantly intrusive manner is seen as impossible.
In the world of computer security, this is what we call “security by obscurity” and it’s not a very safe way to live. For one thing, you never know that you’re safe. Just because you’re one in a million doesn’t mean that someone doesn’t see you. In the real world, in the so-called “beltway sniper” case a couple of years ago, the fact that Dean Harold Meyers was one of hundreds of thousands of people who used the Sunoco gas station in Manassas, Virginia did not prevent his death. Being one of millions may make you harder to see, but it doesn’t make you invisible.
A related technique is “security by obfuscation.” The idea there is that security is obtained when you make it difficult for people to understand what you’re doing. In computer programming, for example, names of procedures or places where information is stored might be changed from “userID” to “x14e0a” everywhere it occurs in the program code — when compiled, the computer program will still function exactly the same. But if someone tries to “decompile” the program, so that they can see what the original code looked like, it will be very confusing to read, making it hard to understand what the program is about or how it works without an incredible amount of work on the part of the person trying to use that information.
In the real world, people with nothing to hide aren’t using obfuscation to cover their tracks; in one sense, they have no “tracks” to cover. But people who do have something to hide will use techniques such as this. Consequently, governmental authorities whose job it is to protect citizens will have difficulty in determining who has nothing to hide and who does. Their jobs will require them to be suspicious of everyone. That you, yourself, are innocent of any crimes will not help you if one of them decides that your innocent behaviors are merely attempts at security by obfuscation. It will only force them to dig deeper into your life if you end up in their sights. And so, ironically, the mere existence of techniques such as security by obfuscation makes people who have nothing to hide less secure!
Both these ideas depend upon the difficulty they create for the person or persons to “accidentally” violate a citizen’s constitutional rights. The first move makes it difficult because the chance of someone with nothing to hide being picked out of a crowd of millions of other citizens — or even tens of thousands if a small geographical area (like, say, ports of entry to the United States) limits the search area — is significantly reduced. The second makes it difficult because theoretically the government still only wants to imprison people who actually commit crimes. (I say “theoretically,” because in the old days, the government only went after people who were commiting or had committed crimes. Increasingly, though, our government is targeting people who might commit crimes, i.e., who are, in the view of government, a “danger to our way of life,” and so the net widens.)
Besides the fact that neither of these techniques actually protects you — they just make you one target out of many — computers make both these forms of “protection” even less protective.
Just the other day, I got a message from Microsoft telling me their Hotmail service is going to increase storage capabilities from something like 10 megabytes to 250 megabytes. People who were getting 10 megabytes of free storage are now getting 250 megabytes of free storage. If this is what you can get free, then what can a government that spends millions on computer storage afford to keep?
And that’s not the only way computers make constitutional violations more likely. Consider this: I get a lot of email. And I mean a lot. We’re talking upwards of several hundred messages per day spread across about five or six different accounts. But I don’t really have to read very much mail. Why? Because computer programs sort my mail for me. When I go to read my mail, there are folders that have mail from certain relatives, mail from particular individuals, mail from groups I regularly read (e.g., listservs, for those who know) and folders for junk mail. Some mail never even gets into any of my mailboxes, but is dropped automagically because it contains particular kinds of advertisements I’ll never want to see. This makes the process of reading my email, in spite of its volume, pretty easy. How does this happen? Filters.
And the best part of filtering is that it sorts things for me into categories that make it much easier for me to decide what I want to pay attention to, without requiring me to get rid of stuff I might not yet have the time for. I can save that stuff indefinitely until I either get more time, or better filters, for analyzing the saved information.
It doesn’t take a lot of imagination to realize that you combine these two factors — huge amounts of storage and the use of filters — and it goes a long way towards overcoming the “protection” created by obscurity and obfuscation.
The Ultimate Freedom of Information Act
Maybe you still don’t care. Maybe you’re thinking that the government can keep information on every minute of your day. It’s no skin off your nose. After all, as you’ve already said, you have nothing to hide. You aren’t committing any crimes. The government will never have any reason to use any information it collects against you. And to hell with Ben Franklin’s warning, you’ll gladly risk the potential inconveniences I described above for the feeling of being safe, however false it may be.
Okay. There are at least three points that go against that way of thinking, though.
- You don’t know what the government considers a crime.
- The government sometimes hires corporations to collect the information.
- The government sometimes hires corporations to analyze the data for them.
You may think you know what constitutes a crime. Chances are you’re wrong about that. Suppose you take pictures of a hotel because you’re interested in corporate architecture. Is that a crime? Are you willing to sacrifice your property forever and perhaps a few days, weeks, months of your life as you endure routine questioning and scrutiny, some of it while in custody, until (hopefully) your innocence is proven, because you had nothing to hide? And what if the government, refusing to believe your protestations of innocence, decides you’re a threat, but they just can’t prove it? So what happens when they discover that you “accidentally” broke some other law you didn’t know existed? Furthermore, what avoids catching the government’s attention today might become a point of interest in the future; remember that data once collected, can be stored indefinitely.
But let’s suppose that you’re right and you know that nothing you do is a crime and you’ll never be accidentally arrested by people who worry otherwise. So you have no problem with the idea that the government might use cameras to track your every movement.
Sometimes, however, the information is collected by private companies, working in conjunction with the Central Intelligence Agency or other governmental entities. How do those corporations use that information?
Suppose, instead of just tracking your movements with cameras, the government begins to collect and store DNA from every citizen? Many states already collect fingerprints from those who apply for drivers’ licenses. Banks and other corporations collect them from many people who write checks. What happens when those corporations that help the government collect, store, or analyze DNA samples start providing — legally or in back-door deals — that information to insurance companies?
And — believe me or not, time will be its own witness — this is the best case scenario. The United States government is planning to start issuing passports with insecure imbedded computer chips containing private information about the passport holder. As Barry Steinhardt, director of the ACLU Technology and Liberty program notes,
This is like putting an invisible bull’s-eye on Americans that can be seen only by the terrorists. Matthew L. Wald, U.S. will soon add computer chips to passports (November 27, 2004) The New York Times via The International Herald Tribune.
Suppose the State Department decides to imbed your DNA profile on this chip, as well? Recently, in Columbia, an eight-months-pregnant woman was drugged, abducted and the kidnapper performed a C-section to remove the baby. What next? Scan American tourists for DNA information on their passports to find the right one to kidnap for his or her kidneys?
All this is bad enough. Want something scarier? Imagine all the technology available today in a regime modeled on the German government of 1939.
Right now, Americans are frogs stewing silently in a pot. Contrary to the title of this article, it doesn’t have to be that way. But this is one place where being one-of-millions as opposed to, say, seven-of-nine, really hurts us. We, the people, theoretically still run America. But unless we speak out en masse, that’s just theoretical. So let’s find our legs, folks — jump out of the pot and all over your congressional representatives. The only way to be truly secure is to stop the daily incremental abrogation of our liberties.
Articles Used In This Blog Entry
- Photographer arrested for taking pictures of Vice-President’s hotel (December 5, 2002) 2600 News.
- Associated Press, Florida town to use blanket of surveillance cameras (April 27, 2004) USA Today.
- Declan McCullagh, Security officials to spy on chat rooms (November 24, 2004) C|net News.
- Dan Kennedy and Harvey Silvergate, How the Terrorist Crisis Threatens our Personal Liberties (October 2, 2001) Boston Phoenix via Alternet.
- Matthew L. Wald, U.S. will soon add computer chips to passports (November 27, 2004) The New York Times via The International Herald Tribune.
- Columbia police report abduction by C-section (November 24, 2004) CNN.com
- Bruce Perens, Why Security-Through-Obscurity Won’t Work (July 20, 1998) Slashdot
- Simon Robinson, Principles of Obfuscation, (December 9, 2002) Simon Robinson’s Website.
- Beltway Sniper attacks, Wikipedia.