Privacy and the "Nothing to Hide" Argument

Good essay:

In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the "nothing to hide" argument. When asked about government surveillance and data mining, many people respond by declaring: "I've got nothing to hide." According to the "nothing to hide" argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The "nothing to hide" argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the "nothing to hide" argument and exposes its faulty underpinnings.

Posted on July 13, 2007 at 7:11 AM • 63 Comments

Comments

BarnabusJuly 13, 2007 8:10 AM

Oh, the delicious irony of it!

Bruce's link above points to an abstract of the article on ssrn.com. The main document is available as a downlaodable PDF from that page.

However, AFAICT, unless one is prepared to accept two session cookies, plus four persistant cookies which don't expire for *thirty* years, the site doesn't appear to permit downloading of the PDF document - it just redirects back to the abstract until the cookies are accepted.

Of course I've got nothing to hide, and I can always (and have) delete the offending cookies after the download is complete, but given the theme of the essay in question...

ApostropheJuly 13, 2007 8:15 AM

My argument is always this.

If you have nothing to hide, would you mind an IRS audit every year?

Everyone seems to understand once I suggest that.

Cochese TontoJuly 13, 2007 8:15 AM

Around page 10...
"Many commentators had been using the metaphor of George Orwell’s Nineteen Eighty-Four to describe the problems created by the collection and use of personal data...I suggested a different metaphor to capture the problems – Franz Kafka’s The Trial, which depicts a bureaucracy with inscrutable purposes that uses people’s information to make important decisions about them, yet denies the people the ability to participate in how their information is used.49 The problems captured by the Kafka metaphor are of a different sort than the problems caused by surveillance. They often do not result in inhibition or chilling. Instead, they are problems of information processing—the storage, use, or analysis of data—rather than information collection. They affect the power relationships between people and the institutions of the modern state. They not only frustrate the individual by creating a sense of helplessness and powerlessness, but they also affect social structure by altering the kind of relationships people have with the institutions that make important decisions about their lives."

...along with the following paragraphs, best description I've seen of the privacy problem so far.

ApostropheJuly 13, 2007 8:15 AM

My argument is always this.

If you have nothing to hide, would you mind an IRS audit every year?

Everyone seems to understand once I suggest that.

gregJuly 13, 2007 8:30 AM

What I find is that when folk say "if you've got nothing to hide". What they really mean is "Other people shouldn't have anything to hide".
they don't want the same "observations" being done on them, just on others.

If the government refuses the "transparency" towards citizen the same way they want citizens to be transparent, then they understand "nothing to hide" all too well.

Sez MeJuly 13, 2007 8:39 AM

"Nothing to hide" indicates a misunderstanding of what privacy was meant to be. It was never meant to protect illegal behavior. It was meant to hinder governmental tyrrany.

UhmJuly 13, 2007 8:48 AM

Uhm;
howabouts I am investigating one thing and it leads to another. For instance, if we spy on everyone to figure out if they are a terrorist, for instance, would we uncover a large amount of closet homosexuals? Luckily intelligence is never used for political/coercive purposes.

Amit UpadhyayJuly 13, 2007 9:14 AM

From my blog post about the same:

Schneier links to a 25 page paper about why privacy is important, and how "I have nothing to hide, so its okay for govt to collect data on me, to fight against terrorists" argument is invalid. At-least it is supposed to "exposes its faulty underpinnings". 12 pages into it, after reading 1 million times that this argument is not valid, I am yet to see any strong argument. Schneier and group trying to brain wash people about something that might potentially help stop terrorists?

Why is privacy required? Do we need privacy? Is it our right? It would have been a good thing had there been reasons to call privacy a fundamental right, but there isn't. If you have nothing to hide, you have nothing to worry about. This is fundamental.

I am an advocate of privacy actually, but when I see criticism of data mining projects in the name of privacy, it sounds more like security analysts/watchdogs are taking the wishful simpler but wrong way out of "privacy is fundamental therefore data mining is wrong" approach, where as they should be pointing out the details of the programs. The reasons are simple, if I have to tell a common person that government is doing something wrong, I would rather want my argument to be one sentence long rather than one para or a book long. Common people have short attention span, they know anyone, who has invested anything in any field of expertise, will want everyone to know how valuable whatever they know is, is to everybody. Basic human psychology, common people understand it, and will take the experts opinion with a grain of salt.

It is wrong for security experts to call privacy card. For one there is the cause vs the champions going on, you take the cause of privacy, and make lame arguments in its support, all privacy supports suffer the loss. The fact of matter is government has been collecting information on us. The automobile registration papers, the passport, the death and birth certificate, the tax papers. They are going to keep collecting information on us, no sane person would try to argue government should stop collecting any of the information I mentioned above for example. Information collection is the part of life, and we have to live with it. We have to live with the concept that there should be a comprehensive information collection systems. Years of privacy advocates have really made that system sound so bad, that instead of developing such a system openly, taking citizen interest and feedback into account, government has to do this under the covers. Should government do it? Yes. Is it possible that there can be problems with the implementation? Yes. Why not there be a open source project about the same. But privacy advocates will just kill that project, and force government to do it under covers, which actually leads to systems that are under scrutinized, and bad for the privacy in the first place.

Let there be a data collection agency. Let everyone public or private collecting data on citizens operate under the laws governed by such an agency. Let security experts participate in building such an agency taking into account the concerns of government/law enforcement and citizens alike. Let privacy have a chance.

http://www.amitu.com/blog/2007/july/...

FPJuly 13, 2007 9:23 AM

One of the suggested responses to "I've got nothing to hide" is "can I see your credit card bills for the last year?" Good luck trying that when you're pulled over by a cop or when the FBI is at your door.

It is quite easy to make people agree that it makes sense to have privacy from one another.

It is much harder to disprove the notion that "I've got nothing to hide from the government," and I don't see this essay addressing the question why individuals need privacy from the government.

The problem is that people usually assume a benevolent government when discussing privacy issues. When the government is only out to catch the "bad guys", and their interpretation of "bad" matches yours, then, indeed, why should you have anything to hide?

You have to get into issues like false positives, abuse of information and corruption, or weaker concepts like chilling effects, to have a better basis for claiming privacy. But that's hard to do when the government is benevolent, and when they claim that "safe guards" will be built in (getting into a Cach 22 there).

I enjoyed this comment from the discussion of this essay on Slashdot: http://yro.slashdot.org/comments.pl?...

"That's what Republican Senator Larry Craig did on the Rush Limbaugh show. Craig was promoting a bill to add more civil rights safeguards and actual oversight into the USAPATRIOT Act. Rush was asking why such a thing was necessary, and was Craig claiming that civil liberties had been violated by George Bush's administration, and did he have any proof that it had happened. Rather than delving into that trap of pre-prepared talking point responses, Larry Craig pulled a wonderful switch. He said no, he thought Bush was doing a great job respecting liberties, but what if Hillary Clinton became the next President?!"

I also find the essay's statement troubling that automated data mining does not invade anyone's privacy as long as it is not seen by a human.

KristineJuly 13, 2007 9:25 AM

@Amit:

The government is not forced to collect data under the covers, it chooses to do so. This is not a problem of privacy, but of a government which is not the servant of the people (as it should be, at least in a democracy or realanarchy), but has its very own agenda.

In the same way, one could argue that governmental torture should be legalized, as otherwise the government will still torture, but secretly (IIRC this argument came up on this blog before).


Kristine

P.S: The "terrorist" horseman of the apocalypse is a bit overused, especially in conjunction with "might potentially help". So it does not scare me

RoyJuly 13, 2007 9:31 AM

If you are looking for a better job, then if your current employer can snoop through your email, including your private account on your home computer, then a few phone calls you won't know about will take care of any jobs you've applied for. You're not doing anything criminal, but your lack of privacy allows your employer to commit crimes against you.

If you know of crimes committed by your employer, and you have no privacy, then your employer can find out how much of a threat you are as a potential witness or whistleblower, and can take appropriate measures. RIP.

DaleJuly 13, 2007 9:33 AM

As a teenager, I remember being pulled over as we returned from the movies. "You don't mind if we look in the car - you have nothing to hide, right?"

I didn't really have an option to say no, especially as a teenager.

The "nothing to hide" argument is a pure power play. In my case, the cop had the best of intentions - to determine if there was booze in the car.

But in the larger context, it was a case of guilty, until proven innocent. If I wasn't suspected of something, why ask the question in the first place?

Now, for a bigger jump. If private data is collected and dumped into a big data pit, whoever is accessing the information is looking for a guilty party. Better hope you don't fit any faulty or overly simplistic profiles. Better hope the data isn't being abused for political reasons.

SteveJJuly 13, 2007 9:57 AM

@Amit: "Schneier and group trying to brain wash people about something that might potentially help stop terrorists?"

It's not brainwashing - you aren't forced to read the essay, and you aren't required to agree with it. If pupils weren't allowed to graduate high school without passing a test on reasons why there weren't entitled to privacy, that would be brainwashing. Or if Bruce were to kidnap you and force you to read the essay every day for a year.

Personally I do think that calling 25 pages a "short essay" is a bit misleading in the context of journalism, although I'm sure it's fine in the context of jurisprudence. If it's too long-winded, just skip it, but don't claim that because you haven't read it, it therefore isn't well-reasoned.

@FP: "When the government is only out to catch the "bad guys", and their interpretation of "bad" matches yours, then, indeed, why should you have anything to hide?"

Depends who you're talking to. Anyone who believes in benevolent dictatorship, and hence thinks that the people need no rights in respect of the government, is either hopelessly naive politically, or else is talking about God (or other object of worship).

It's true that perhaps different arguments need to be used when speaking to people who don't really know much about the practice of government, from those used when talking to people "in the know".

The former set of people need to be convinced that they need rights *at all*. The latter need to be convinced that privacy should be one of those rights - which is difficult in the US, since there's nothing about it in the Constitution so you have to fall back to softer arguments.

So while you're right that sometimes talking about false positives or corruption is necessary, in other cases it can be taken as read. The argument must be tailored to the audience.

SteveJJuly 13, 2007 10:01 AM

@Peter Harkins:

Enable cookies, then you can get the paper. Someone has already observed in comments that this is not without irony.

shrdluJuly 13, 2007 10:27 AM

Three arguments against the "nothing to hide" claim:

- Differing views on what's bad. If your neighbors are paranoid fundies and find out that you're a Muslim, they may decide to take whatever action seems appropriate to *them.* Your private information, once it's made accessible, may be used against you not by the government, but by your fellow citizens.

- The goalposts can always move. An action that is legal today can be made illegal tomorrow. Again, anything known about you can potentially be used against you even if you don't think it's something to hide.

- And finally, if I supposedly have "nothing to hide," then the government should have nothing to hide either. Oversight on everything, please -- including the list of who Dick Cheney meets with.

TanukiJuly 13, 2007 10:42 AM

To the "nothing to hide" people I generally suggest they have a publicly viewable 24*7 webcam installed in their shower.

And suggesting they watch the excellen t Terry Gilliam movie "Brazil".

paulJuly 13, 2007 10:51 AM

One of the crucial parts of Solove's paper is his recognition of the Kafkaesque nature of much of modern life. It's fine to say that hiding things is about preventing others from learning discreditable things about you, but that assumes everyone has the same definition of "discreditable" and that people's definitions stay the same over time. Commenters here, for example, might not think that the fact that one's grandfather was jewish (or sunni, or a socialist) is particularly discreditable, but in other times or circles such information could get you killed. It's not just that everyone might have something they consider wrong in their closets, it's that we all have something that someone, somewhere will consider wrong.

Another thing that struck me was the apparent pro-big-brother bias of the court cases Solove cited. Having one's time wasted and phone lines tied up as a result of a company's breach of its promise to keep information private was dismissed as not being real damage. But let an individual make free with information that a company considers its own (say, for example, an ostensible trade secret) and watch the sanctions fly.

ZwackJuly 13, 2007 10:52 AM

@Dale:

"You don't mind if we look in the car - you have nothing to hide, right?"

The correct answer (no matter what your age) is "I do not consent to you searching my vehicle or person without a warrant."
The police are very good at trying to persuade someone that they should let them search without a warrant. The only way to deal with it is to keep calm and refuse politely. Do not offer them more information than the minimal "I do not consent to a search."

Anything else and you might let something slip that will be taken the wrong way. If driving then you can produce your license and insurance, and if on foot then identify yourself. Otherwise don't say anything.

Of course if you were doing something wrong then be careful what you say, but don't deny any obvious facts. For instance, I was pulled over for speeding on a rural freeway, as I was passing some semis. I was doing about 15mph over the speed limit, so I told the officer politely that I didn't know how fast I was going, but that I knew I was going over the speed limit, as I had just accelerated to pass and then slowed back down to the speed limit once I had passed. The officer had been following me for a couple of miles (at the speed limit) after clocking me, and I had driven at the speed limit, and kept over to the right except to pass slower moving vehicles. I was let off with a warning. There was no point in denying that I had been driving fast, but equally it wasn't a good idea to say "Yes, I was doing 80 in a 65".

Z.

quickJuly 13, 2007 11:12 AM

Sure, I'll take an IRS audit and hand my credit card records to whichever law enforcement agency wants them. I really don't care if they look at them.

But, err, I would care about what they did with them afterwards. I'm more worried about identity theft than privacy.

Chris VJuly 13, 2007 11:34 AM

I am fond of my privacy, but we have to do much better at stating why its important. In my opinion this bloated essay fails to do this.

In the essay and even on these posts, we resort to quoting fictional stories like Brazil and 1984 to make our privacy points. We need real-life examples.

We all have something to hide, the question is: From who? Some of us might care less that a specific government program has information about us. But we don't necessarily want the neighbors or the spouse or the congregation or a solicitor or the kids to have that information.

Until we can succintly state why privacy is important in real-life terms, the "security vs privacy" argument will trump us every time.

Nick TJuly 13, 2007 11:58 AM

I always think of the "nothing to hide" argument in terms of that "silly" old idea, one of the principles of our (American) legal system. "Innocent until **proven** guilty" ring a bell? This whole attitude that seems prevalent nowadays that CC cameras, mail monitoring, phone tapping, etc seems to stem from the notion that you're guilty of something, at some point and working backward from there.
Yes, I know, strictly speaking that only applies once you've got the law involved, but I think the idea is still sound.

Geoff LaneJuly 13, 2007 12:05 PM

Here's an example that works right now.

You have a mobile phone with GPS. The phone company tracks the phone, first to the cell level and then to a box about 10 metres square (roughly room size.)

You have a lover that you visit regularly and you carry your phone.

Your partner suspects and gets a court order to release the phone tracking records.

You haven't done anything illegal but have been exposed.

Now, the records held by the phone company can be analysed, compared to the billing addresses and the sex of the person paying the bill and the sex of the person who is living at the visited address.

The phone company may not do anything with such datamining, but not everybody who works for the phone company is honest.

You can modify this for many perfectly legal situations which will cause problems if known to the public. What about a well known politician who is regularly tracked to a fertility clinic?


Kyle WilsonJuly 13, 2007 12:08 PM

It seems to me that anyone requesting personal information without a warrant should be willing to 'trade' if they really believe the 'nothing to hide' argument. I suspect that most goverment officials and law enforcement officers would take exception if a group were started that followed them around in their off duty hours in public places and posted where they went and what they did on a public web site. This would certainly make an interesting test for any judge that found there to be no privacy rights...

Sez MeJuly 13, 2007 12:34 PM

Most honest people have done things that, when taken out of context, can make them suspect for activity. And also a candidate for blackmail.

Another angle is that when it is government, it is convenient to target and/or blackmail political opponents with information one has on them.

Privacy laws aren't intended to protect the guilty. But they do keep the innocent from undue harrassment, bullying, etc.

crispmJuly 13, 2007 12:45 PM

@Amit says:
(...) if I have to tell a common person that government is doing something wrong, I would rather want my argument to be one sentence long rather than one para or a book long.(...)

A book-length argument may be too long, but a paragraph?? If that is the level of political or ethical discourse you are willing to engage in, or consider worthwhile, your own post is about 550 words too long for a bumper sticker.

Just because English is especially suited to short and symmetric utterances (e.g., "if we outlaw guns only outlaws...") it does not mean intelligent dicussion is impossible.

Likewise the limitations of similes and metaphors. Stop anthromorphizing organizations, be it governments or private corporations; it will lead you to all kind of nonsensical conclusions. Kafka explains this very well, and of course the modern totalitarian regimes of the 20th Century made a science of building "bad" machines (e.g., detention and extermination by the state) out of generally "decent" people (e.g. paper-shuffling law-abiding bureaucrats).
If you don't have time or the inclination to read, try watching the German film "The Lives of Others."

With regards to collection and use of information, the situation is fundamentally asymmetric. A government, or a health insurance company for example, can use information to awesome, life-changing effect --good and bad. The only safeguard against "bad" uses available to individuals is the power of the state (embodied in laws and their application) to restrict "corporate" (including the gov't) agents.
None of this is new; in the US we speak of "checks and balances" aka the three co-equal branches of government.

SteveJJuly 13, 2007 12:54 PM

@Kyle Wilson:

Don't follow the cops - they're for the most part trying to do their job. They'll use the powers they're given by the legislature and judiciary.

It's the politicians who pass pro-surveillance laws, and the judges who find no rights to privacy, who deserve be photographed on their way to perfectly lawful, "nothing to hide" Alcoholics Anonymous meetings, or to have their bank sell their "no expectation of privacy" financial records to their business rivals or the press.

@Sez Me: Thing is, someone arguing "nothing to hide" will simply say that the government is not in the business of blackmailing people, and is perfectly capable of investigating a suspect without convicting them of anything they haven't done. Any exceptions are minor disadvantages which can be ignored, rather than (as we might see it) unacceptable flaws in the whole system.

It's shocking how people respond to authority when they're scared of some imaginary terrorist or criminal, come to kill their family. Even the same people who in practice don't want the government anywhere near them unless absolutely necessary, can be fooled when the same government says that in principle it only wants to spy on wrong-doers, but in order to do that has to spy on everyone.

DavidJuly 13, 2007 1:00 PM

Kyle, I think you're on the right track. Instead of falling into the defensive trap of trying to justify secrecy for ourselves, I think we should simply insist on parity. The government's specific actions trouble me far less than our increasing inability to oversee them. This particular administration has worked very hard to promote a flagrant double standard in that regard.

gexJuly 13, 2007 1:06 PM

And when the government has information on your toll-pass moving through the tolls on the highways, and your spouse is able to use the data handed over by the government in your divorce to take you for everything, you'll realize that having "nothing to hide" can change in a hurry.

ARMJuly 13, 2007 1:07 PM

@ Amit

"If you have nothing to hide, you have nothing to worry about. This is fundamental."

This simple statement rests on a number of assumptions, and you must accept that all of those assumptions are true before this can be taken at face value. But let's turn it around, and look at it from another angle.

If nothing is going to be used against you, then you have nothing to worry about.

This is, in practice, a completely different statement than the first one made, even though people assume that the two are equivalent. Many people assume that if you lead a clean enough life, it's impossible to take any of the details of that life, and use them against you. But the reality of the situation shows that it isn't that simple. The BBC recently had to apologize to the Queen for using documentary footage out of order in an advertisement, creating the impression that Her Majesty had walked out on a session with photographer Annie Leibovitz. And this was an honest mistake on their part. With malicious intent it's quite possible to use completely factual information to create a completely false picture of events.

The basic underlying assumption behind "If you have nothing to hide, you have nothing to worry about," is that any information gained will always be used in good faith, and that existing safeguards are 100% proof against anyone who attempts to obtain and use the information in bad faith. But we know better than that.

DBHJuly 13, 2007 1:28 PM

Look, there is no such thing as 'nothing to hide'. Cardinal Richelieu said it (in French, of course): "Give me four lines written by a man, and I'll give you something to hang him". In this day of guilty until proven innocent, giving massive amount of data to NSA/FBI/whatever is just ASKING for trouble! Hmmm, Mr. Johnson, I see you bank at Commerce bank and make your deposits every Monday at xyz branch. It appears you have something in common with Muhammed who seems to also bank at the same time every week...lets get a material witness warrant or declaration of enemy combatant and see what we can sweat out of you" And since you have no knowledge of what information, correct or incorrect (e.g. I never go to that branch in Idaho, I live in Pennsylvania!) or any way to fight that because "its classified", then Kafka-esque is the right way to describe the results. The best way to fight it is not to provide information. BTW, chasing down an innocent will only waste resources that could be used actually catching a bad guy, and automated programming generating lots of 'hits' will waste a whole lot of investigator time.

Not to mention that perhaps Democrats seem to have an abnormally large number of these 'mistakes', for instance...

AdamJuly 13, 2007 3:08 PM

Nothing to hide=Guilty till proven otherwise

State Police? Federal Police? International Police? Foreign Countries Police?
Each of these MANY bodies have different levels of access to your life.

NO private citizen could stand up to the scrutiny of any of these organizations. Anyone JUST accused of a serious crime by these bodies would most likely lose their job, home, family, citizenship, and possibly life.

I am from Dallas, TX and we have released how many falsely imprisoned persons lately? I have lost count.

JimJuly 13, 2007 3:48 PM

When the 4th amendment right to privacy was written, most couldn’t even imagine the myriad technologies that enable and contribute to today’s illegal behavior. In 1787, in order to procure a bomb, one had to walk into and out of a bomb store. Today one can do it at home via the Internet, credit cards and UPS, content and secure in ones reasonable expectation of privacy. The 4th Amendment needs updating to version 2.0.

wkwillisJuly 13, 2007 5:11 PM

Kyle Wilson
It is illegal to reveal the home address of a police officer in most states. For good reason.
I would have no objection if all information searchable by a government official were also searchable by me, or anyone else.
Jim
Until a few decades ago you did not have to give identification when purchasing explosives such as dynamite and blasting caps. Which is why unions were a lot stronger than they are today.

paulJuly 13, 2007 7:21 PM

I think Adam has a crucial point with "Anyone JUST accused of a serious crime by these bodies would most likely lose their job, home, family, citizenship, and possibly life."

Perhaps it's a reflection of the structure of US society in particular, but it seems that simply becoming a certain kind of public figure (see the Autoadmit case for one example) can have serious destructive consequences. There doesn't have to be any deleterious information, just the appearance of information.

Eric NormanJuly 13, 2007 7:22 PM

@greg

Haven't you figured out yet that every utterance by a congresscritter or other gummit official always contains an implicit exclusion? "..., except for me".

@all

You can always answer the "nothing to hide" question with the truth: "Yes, I do have something to hide".

Pat CahalanJuly 13, 2007 8:56 PM

If you have nothing to hide, do you object to the government implanting a speed monitoring device in your car? Why would you object?

Let's go one step further, if you have nothing to hide, that implies that you are always fully 100% compliant with the letter of every law, right? Otherwise, you would have something to hide.

Therefore, we don't need to stop at logging your speed, let's just put limiters on every car so that they are incapable of driving faster than the legal limit. Let's put brake locks on cars so that they cannot physically move forward if they're facing a red light. IR sensors on the front and back bumper that enforce the "1 car length per 10 mph" rule. Now we're not just keeping an eye on you, we're preventing you from getting yourself in trouble. Why not? Seems perfectly reasonable.

AnonymousJuly 14, 2007 5:10 AM

@Pat Calahan:

The fact that someone breaks the law might not necessarily imply that they have anything to hide.

For example, you want to get someone into hospital as quickly as possible, and driving would be faster than waiting for an ambulance. If you had a speed monitor in your car, then (assuming you don't need to keep a squeaky clean license for your job) you would break the speed limit, get to hospital, admit the crime, and pay the ticket. The penalty is low enough that it's worth breaking the law, especially if that penalty might be reduced due to mitigating circumstances.

I don't in fact support speed monitors, by the way, I'm just presenting the counter to your argument against them...

Also, just because you break the speed limit or get too close to the car in front doesn't necessarily mean you've broken the law or should be prosecuted - there may be extenuating circumstances which a prosecutor or the court would accept. Some criminal trying to run you off the road (unlikely), or you making space for an emergency vehicle or runaway truck (not that unlikely). The mechanical restrictions you describe aren't (just) bad because they infringe on people's "freedom to break the law", they're actually dangerous.

The trouble with bringing up examples of "if you have nothing to hide, then you would accept X", is that X must be something which (a) the government actually might want to do, (b) would not be ruled out on some grounds other than that it breaches privacy, and (c) the person you're talking to genuinely would not accept.

Speed monitors might fail to satisfy (c): a "good guy" might be willing to accept a speed limiter in return for the government having the power to search and spy on "bad guys" without due cause or limit, until eventually they get something on them. Speed limiters at the speed limit fail to satisfy (b) and probably (a): they're dangerous, and at least in the UK the government makes more money from fines on minor traffic offences than it costs to enforce them, so they have no incentive to stop them happening.

The other argument in favour of phone tapping but against speed monitors, is that terrorism is a "greater threat" than speeding (despite causing fewer deaths, but that's an argument for another day), and hence warrants greater invasions of privacy.

I think in many cases the "nothing to hide" argument can be put another way: "I'm not an Arab, so I have nothing to fear". People wrongly believe that only terrorists, or only people who are mistaken for terrorists, will suffer, and that they and their friends will never be mistaken for terrorists.

AnonymousJuly 14, 2007 9:30 AM

Barnabus:

SSRN is a members site, and it is expected that you have traded some details for access to the documents.

JLKJuly 14, 2007 6:04 PM

"Here's an example that works right now.
You have a mobile phone with GPS. The phone company tracks the phone, first to the cell level and then to a box about 10 metres square (roughly room size.)
You have a lover that you visit regularly and you carry your phone.
Your partner suspects and gets a court order to release the phone tracking records.
You haven't done anything illegal but have been exposed."

No, but you still have something to hide, and most people would say that you have been doing something that is wrong.

I suspect that most of the people complaining about their privacy being violated have exactly this kind of thing that they want to keep hidden.

John PhillipsJuly 15, 2007 12:44 AM

JLK: Or the information they want to keep private is not illegal or immoral but is not good for their health if the wrong people in the wrong place know about it. E.g. I have American friends who are atheists but live and work in very religious xtian communities where being openly atheist is, at best, met with disapproval and at worst, can harm them professionally or worse. Similarly, I have friends who are gay, which is not against the law but there is still a degree of homophobia existing where they are from. Some of it dangerous, and so they prefer to remain in the closet when they visit their home areas, for very good reasons. Neither of the above examples are illegal, or even immoral except to certain religious people, in the US or UK, but there are times and places that it is wiser to keep the knowledge private and it should be the individual's decision when to reveal such information, nobody else's.

Thus people who have never themselves faced any such problems or can't foresee the problems others might face from the type of private information, which in itself is not illegal or immoral, as in my examples, will not see the danger of the 'nothing to hide' argument. And that is without considering how even the most innocent of private information, when viewed out of context, can be damaging to the most guiltless of people. Especially, as in today's US and even the UK, where due to fear, it often appears that the principle of innocent until proven guilty has been reversed, often on the flimsiest of pretexts or evidence.

AleJuly 15, 2007 6:01 PM

Putting aside philosophical debates over whether privacy is a basic human right or not, I think that it is extremely useful for the construction of functional societies.

People very seldom understand others in a holistic fashion - instead, labels are applied that classify people into a small set of stereotypes. This labels can be economically counterproductive: Less gets done. If a person is sacked from work, or killed, wounded, or his/her property damaged due to the label (adulterer, homosexual, alcoholic, etc) being unsatisfactory to some other person, there has been a net damage to society. Of course, the same reasoning applies to the goverment/media/etc being unable to have complete access to personal information: as the information asymmetry between people and the government grows, transaction costs increase, making society as a whole more inefficient.

If a society is able to minimize the labels that people have, most people will fall in the category of "normal folks", and this economic damage will be reduced.

aNDYcAPPSlOCKJuly 15, 2007 11:29 PM

@Ale - there is no such thing as a basic human right. All there is are rules and conventions that are useful for the construction of functional societies.

This then gets us back into the philosophical debate over privacy, as (according to me, anyway) "basic human right" is equivalent to "useful for the construction of functional societies"

DaveJuly 16, 2007 2:51 AM

Recently in Australia a Dr has been arrested for giving his SIM card with unused credit to his cousin. He thought he had "nothing to fear" in admitting that to police (as would I).

AndyJuly 16, 2007 4:33 AM

Surely the argument is not if we have got anything to hide or not but if we trust the people who are looking.

aceJuly 16, 2007 7:08 AM

The fact that I am on this page using media to leave comment is rendering all Orwell type arguments void. Video surveillance is one of future society parts. I am not worried about development of such a society as long as I can write comment on this (or any other) blog.

AnonymousJuly 16, 2007 10:40 AM

Something I haven't seen specifically here as an objection to police search power (sorry if I missed it) is that, in some jurisdictions at least, the planting of evidence by police for purposes of detention without cause and/or blackmail is perceived to be very common. I have found this to be an effective argument for privacy in discussions with people who are otherwise supportive of state trespasses in the name of security.

ElliottJuly 16, 2007 11:27 AM

@Amit Upadhyay:
> I am an advocate of privacy actually,

No, you are not, as your post proves.

> ... Schneier and group trying to brain wash people about something that might potentially help stop terrorists?

First, accusing "Schneier and group" of "trying to brainwash people" is inappropriate. Brain washing means manipulating people using drugs, torture and psychological tricks. Bruce, and those you probably mean with "group", present just arguments, and for those having difficulty following them, examples as well.

Second, "something that might potentially help stop terrorists" and other words of your post are an attempt to manipulate the reader; so YOU are who tries to brainwash people. What does "potentially" mean? I hope before attacking Bruce, you understood his concept that security is always a tradeoff. Forbidding cars might potentially stop deadly accidents. But we don't do it because it is a bad tradeoff.

Please explain how exactly erosion of privacy helps to avoid what your idea of terrorism is.

I, personally, feel terrorized by the state because it tries to take the freedoms away for which our ancestors gave their blood and lifes. They did so after they had learned the hard way that democracy cannot exist without privacy. I come back to that at the end of this post.

> Why is privacy required? Do we need privacy?

Too much surveillance, especially any kind of broad surveillance, data collection and mining, always ended in tyranny. History text books tell us that. Privacy is required to protect our western democracies (or more precisely, the little bit that is still left) from power grabs, both obvious and sneaky ones.

> Is it [privacy] our right?

This depends on how you define "right". As long as constitutions as the highest law demand that people defend democracy against any threat, it is both our right and our duty to defend privacy. Once our protections have been weakened to a certain point, someone might manage to change or work around the law so that we lose these fundamental rights.

> It would have been a good thing had there been reasons to call privacy a fundamental right, but there isn't.

I believe you are dead wrong in a very dangerous way, for the stated reasons.

> If you have nothing to hide, you have nothing to worry about. This is fundamental.

This conclusion would only be valid under the assumption that those that collect and use intimate information about you can be trusted absolutely and for all times. This assumption has been proven wrong on every occasion, since thouands of years everywhere around the globe.

> I am an advocate of privacy actually, but when I see criticism of data mining projects in the name of privacy, it sounds more like security analysts/watchdogs are taking the wishful simpler but wrong way out of "privacy is fundamental therefore data mining is wrong" approach, where as they should be pointing out the details of the programs.

In principle I agree that discussion is a good thing. But you need to understand that people who understand the value of privacy experience a frustrating permanently ongoing process of erosion. We are few, stand not far from a last line of defense, and we seem to loose very quickly. People like you who do not understand how fatal it is to give away our freedom make it possible that it happens. There are not enough voices, nor enough time to discuss the basically same thing with millions of people, again and again. That is why we sound so critical before discussing it deeper with, for example, you.

> The reasons are simple, if I have to tell a common person that government is doing something wrong, I would rather want my argument to be one sentence long rather than one para or a book long.

You need to understand that some arguments do not fit into one sentence. Albert Einstein once said, "things should be as simple as possible, but no simpler." Because simplifying them even more introduces errors.

> Common people have short attention span, ...

Yes, that is a problem. But it is not my duty to distort complex matters into a stupid five-words phrase. It is the duty of voters to look as deeply as necessary into the matter so they understand what they are doing when voting.

> It is wrong for security experts to call privacy card.

No, it is not.

> For one there is the cause vs the champions going on, you take the cause of privacy, and make lame arguments in its support, ...

Once again you try to manipulate. The arguments pro privacy are not "lame". They may be too deep for you to understand (at least your words imply that), but that does not make them lame.

> The fact of matter is government has been collecting information on us. The automobile registration papers, ...

That is true, but does not make it good.

Recall that the dutch government did store the religion of people. Then came the Nazis, and killed those for which the entry was "jew". You see, matters of fact are not necessarily "good".

> no sane person would try to argue government should stop collecting any of the information I mentioned above for example.

I would argue so, and still I believe to be sane. Instead, I believe you are wrong to argue the other way around, because your wish to give up privacy might lead to another holocaust.

> Information collection is the part of life, and we have to live with it.

Unfortunately, yes it is a part of life. Fortunately, no we are entitled to do something against. People like Bruce do.

> We have to live with the concept that there should be a comprehensive information collection systems.

I hope you get by now how wrong - and dangerous! - your belief is.

> Years of privacy advocates have really made that system sound so bad, ...

Well, not only does it sound bad, it really *is* bad.

> ... that instead of developing such a system openly, taking citizen interest and feedback into account, government has to do this under the covers. Should government do it? Yes.

No, it should not build "a comprehensive information collection systems". It should restrict itself to collect as *few* data as possible, use it only for the reason for which it was collected, and delete it as soon as that reason no longer exists.

> Why not there be a open source project about the same. But privacy advocates will just kill that project, and force government to do it under covers, which actually leads to systems that are under scrutinized, and bad for the privacy in the first place.

Here you contradict yourself: How could any implementation (be it open or not) of a system that is designed to *eliminate* privacy be *better* for privacy?

Also, the government has never been "forced" to collect data in a secret way. It is the other way round: *they* force *us* to play by their rules.

> Let there be a data collection agency. Let everyone public or private collecting data on citizens operate under the laws governed by such an agency. Let security experts participate in building such an agency taking into account the concerns of government/law enforcement and citizens alike.

See, in germany we do have data protection laws. This has something to do with how Nazis abused unprotected data to kill millions of people. Germany learned the hard way that the only way to actually protect data is to not collect it in the first place. That is what "Datensparsamkeit" means: collect as *FEW* data as possible. Governments and industry today want to collect as *MUCH* data as possible, and talk people into believing that they would then protect it. But I want to protect my data from *them*. How could I trust *them* to protect my data from *themselves*?

KBJuly 16, 2007 2:04 PM

@Amit
"If you have nothing to hide, you have nothing to worry about. This is fundamental."

That statement is not true.

The university I attend was hacked last year. Thousands of student's social security numbers were stolen because the school was using SSNs as the student identification number. The school didn't have to use SSNs as ID numbers. They used SSN's because they were CONVENIENT - everyone had one and everyone knew theirs.

The hackers used the data on file to perpetrate credit fraud on hundreds of people. Had the university been respectful of the importance of privacy, and the dangers of SSNs, this wouldn't have happened.

The school has since switched to a unique student ID number to identify students in their system.

I have nothing to hide, yet I have had something to worry about.

RodrigoJuly 16, 2007 5:48 PM

Think about outcomes here.
Either way does the Gov. always make the right, ethical, moral, legal, constitutional or honest use of the appropriated private data.

Case closed.

WrightBrothersJuly 17, 2007 8:17 AM

Two bad pieces of information for you: First, as Solove points out, most people cannot properly weigh the benefits of security versus the loss of privacy. To most people, giving up worthless phone records in exchange for stopping terrorists just feels like a good deal. They cannot see beyond that over-simplified equation.

Secondly, all those cameras are in fact paying for themselves, or they wouldn't keep putting more up. There was an abduction/murder here recently, from a mall parking lot. The dept store provided _super-clear_ pics of the perp, who was apprehended within days. Everyone was glad the perp was caught, and would actually feel safer now, knowing that nobody else will kidnap from _that_ parking lot again! There's no overcoming something like that. The cameras are here to stay.

bendotron5000July 18, 2007 9:32 AM

"I'm more worried about identity theft than privacy."

Identity theft is a failure of privacy. Making that statement is like saying "I'm more worried about getting hit with a bullet than about someone pointing a gun at me and pulling the trigger." It may be true, but it assumes that events do not have causes.

My "If you are not doing anything wrong, you have nothing to hide" response is usually "Boxers or briefs? What color?", but I like the IRS audit one better.

ElliottJuly 19, 2007 2:35 AM

When talking about movies, I recommend "Gattaca", "Enemy of the State", "Minority Report", "V", "Aeon Flux" and, if you like Sylvester Stallone movies, "Demolition Man".

Also, read "1984", "Brave New World", "Fahrenheit 451", and if you like science fiction, the first few books of Nikolai von Michalewsky (aka Mark Brandis).

I probably forgot some more.

BenedictAugust 28, 2007 5:08 AM

Oh, so you have nothing to hide? Well then, take off your clothes, tell me your PIN for your ATM card(s), reveal to the world what your biggest secrets are and do so publicly. Allow cameras INSIDE your home connected to a huge monitoring grid, allow microchips in your arm that reveal your location as well as your identity everywhere you go at all times. Show me what is inside your pockets. And since you have nothing to hide why not hand me over your credit-card data? You seem to trust me with it, even if you don't know me.

Here's something to ponder about for you:

In the seventies, when we did not have a surveillance-based street-life, no mobile phones, barely any cameras at all, and there was A LOT of terrorism and criminal activity going on. Compared to the terrorism and criminal activity today the differences aren't even significant! Yet, questionnaires have shown that people, who were in their teens or older when they lived in the seventies, do NOT feel safer today. Instead, they feel scared, watched, and generally uncomfortable about their governments activities. When in fact according to you they should feel a lot better and safer, losing their privacy and freedoms and all. Which they don't.

"We have to live with the concept that there should be a comprehensive information collection system."
No, we have not. I have just explained to you why. Both criminals and terrorists will only play more hardball when such system would be active. The end result will be worse than having no monitoring or information collecting at all. The fact that it did work, that we did have a good life without it, is proof enough: There is absolutely NO change required in that area. Monitor the criminals and terrorists, but don't monitor everybody in order to get to them, because then they've won you over, they've changed your lives.

BuzApril 19, 2008 4:50 PM

My cell phone just went dark. Tried to restart and got message, "UART CONN ---- NORMA MODE DOWN LOADING". Then went black again. Battery still has power, but phone won't turn on. Any ideas???

sigsJuly 21, 2012 1:39 AM

The Chinese have long since developed quantitative ways to approach aspects of human relations that come close to Western idea of privacy.

Your network is your asset; if your network becomes public, you lose that asset. Hiding private things give you a leg up in competition. Things that aren't worth hiding or can't be hidden may be considered public.

You can put a monetary value on knowing things of the opponent side (e.g. in business context), just as there is monetary value in being connected to certain people.

Of course, this isn't privacy as in feeling intimidated or "hygiene-violated" but more like a bartering concept.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..