Why does one need a high level of privacy/anonymity for legal activities?

Question

This question is sort-of spun off of a previous one.

Why do law-abiding citizens need strong security?

There are a lot of great security-focused answers there. However, I think the true question that is brought up is more about privacy and anonymity than it is just security.

I'm looking for concrete examples that can be presented that show the need for strong security when conducting perfectly legitimate activities. Examples in the areas of trust worthy encryption on end-to-end communications for cellular networks, network identity obfuscation services like Tor or VPNs, complete and total data destruction, and so on are what I'm after.

I'm always inclined to point to social uprisings in states like Libya and Egypt but these events tend to be presented to too many of the people I encounter that use this argument as "things that happen on TV" and not real things that have any effect on them or their personal liberties. So counter-arguments that keep it squarely in the first world, it-could-hurt-you-or-your-grandma kind of are really valuable here.

The examples brought up in the post copied above are really more specific to privacy and anonymity than they are about general security. I'm sure you'll find that most "Joe Users" will agree there is a need for Antivirus, Wi-Fi encryption, and other common defensive measures. But, why would the same people have a need for things like Tor, or end-to-end encryption over cellular networks?

To be a bit more clear: What are some arguments for personal online privacy/anonymity that your regular Joe User - who plays Angry Birds on Facebook while sitting in his boxers on the living room couch - will relate to?

Answer 1

One real world example - when you are naked in your shower, not doing anything wrong, would you like it if everyone came by and took pictures? Or televised your shower for the world? Probably not.

Another example - if I send a love letter, or write a will dividing up my savings, should that be published on the front page of the national papers? Again - no.

If I am carrying out my own business, the expectation should be that I have privacy, except where I have consciously and deliberately waived it. This was the case before technology became pervasive - it should still be the case. In the old days law enforcement needed a warrant before they could access your property or communications, because the assumption has to be innocent until proven guilty. This has been eroded as technology has developed.

If I encrypt all my emails to my friends, the expectation should not be that I am a criminal for doing it, just that I want privacy, like leaving a room to take a private phone call. I could be planning a surprise birthday party, or applying for a new job, or possibly just enjoy using PGP - it doesn't really matter - it's my business.

From the EFF's privacy page:

Privacy rights are enshrined in our Constitution for a reason — a thriving democracy requires respect for individuals' autonomy as well as anonymous speech and association. These rights must be balanced against legitimate concerns like law enforcement, but checks must be put in place to prevent abuse of government powers.

Admittedly, I don't live in the US, but those constitutional rights sound good to me.

Answer 2

There are a great many tweets, blog posts, articles, papers and books on this topic. Here are summaries of three of them in order of accessibility. First some quips in response to the classic question (from Schneier, see below for why these aren't the right answer though).

• "If I'm not doing anything wrong, then you have no cause to watch me."
• "Because the government gets to define what's wrong, and they keep changing the definition."
• "Because you might do something wrong with my information."

And a recent quip from Snowden:

• "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."

---

Falkvinge has a good brief blog post on this topic, further summarised here:

1. The rules might change. Do you know what the next government's policies and laws are going to be? You know, the government voted in by that relatively small voting group that you fundamentally disagree with but managed to form part of a coalition government?

2. It's not you who decide if you have something to fear. It's automated surveillance software. People will start to behave not just based on what is legal or right, but based on a desire to avoid being flagged.

3. Laws must be broken for society to progress. A controversial statement when you first come across it, but self-evident when you think about it (the legality of homosexuality is a good example). Lack of privacy prevents this.

4. Privacy is a basic human need. See @Andrew and @Rory's answers for some obvious examples, and the paper below for a deeper understanding.

---

Schneier, predictably, has a (short) essay on this topic. He argues (like Solove - see below - but more accessible) that the question is wrong to frame privacy about hiding wrongs. He prefers to frame the debate as liberty vs tyranny.

On abuse of data:

Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies -- whoever they happen to be at the time.

---

If you're looking for more in depth treatment, try Daniel Solove's paper, who argues that there is a fundamental problem with the focus of the question on privacy as just being about hiding. Here's an online version of the arguments from the same author.

On this topic:

The harms consist of those created by bureaucracies—indifference, errors, abuses, frustration, and lack of transparency and accountability.

On why privacy should be a default for information, not just on information you consider to be directly sensitive:

Aggregation, however, means that by combining pieces of information we might not care to conceal, the government can glean information about us that we might really want to conceal.

The problems of surveillance by a government in particular

it creates a power imbalance between individuals and the government ... This issue is not about whether the information gathered is something people want to hide, but rather about the power and the structure of government.

One of the problems found in countering this argument is that it doesn't sell very well:

At the end of the day, privacy is not a horror movie, and demanding more palpable harms [caused by privacy violations] will be difficult in many cases. Yet there is still a harm worth addressing, even if it is not sensationalistic.

---

So, the one liners at the top of this answer are weak responses, as in responding in that manner you've already fallen into the trap of focussing solely on the aspect of privacy that is about hiding wrongs or embarrassing information.

You may also want to check out Lessons From The Identity Trail, a book formed from a fantastic collection of papers, now freely available, that were the output from a multimillion dollar study on privacy, identity and anonymity.

Answer 3

Turn the question around

We would need a society where everyone was trustworthy.

• All ISP's that handle my traffic.
• All Web sites.
• All users on the Internet, for every country.
• All governments (how many wars right now).
• All companies.
• All staff of every company.
• All aliens (they are out there).

If we don't encrypt communication and lock systems then it would be like:

• Sending letters with transparent envelopes.
• Living with transparent clothes, buildings and cars.
• Having a webcam for your bed and in your bathroom.
• Leaving unlocked cars, homes and bikes.

All of this makes it clear that there is no way that we should give up all security technologies just because you trust your ISP or Government, you must trust EVERONE IN THE WORLD to make a 'drop your pants' strategy viable.

Answer 4

I would want to be able to have a telephone conversation with Bob about his drug problem and how he can get out of drugs without the cops coming to Bob's place to imprision him for taking drugs.

Even through taking drugs is illegal, I want the ability to have a private conversation with a friend who takes drugs to help him deal with the issue without that friend getting in trouble.

In many cases, when I hear that a friend wants to do something illegal, the first course of action is to convince the friend to stop engaging in that illegal action. Such conversations need privacy to happen.

Even if you do believe that taking drugs is bad, it's pretty totalitarian to effectively see a duty of everyone to inform the government about every friend that takes drugs every time they speak about the topic on the telephone.

Even if you would go that far and assert a general duty to inform the government of every illegal act that you witness there are a lot of cases where people might want to keep information that doesn't refer to illegal acts secret.

A woman who get's stalked by her ex-boyfriend might want to keep her location secret. Let's say Alice wants to ask her girlfriend Carol to go to the movies. Carol wants to keep her location secret from her ex-boyfriend. If Alice would communicate the request via a non-private medium than the ex-boyfriend might get information about Carol's location.

We frequently promise our friend to keep certain secrets, communicating those over a non-private channel mean to break the promise we gave to that friend.

Everyone who ever promised a friend that he will keep a secret but who claims that he has nothing to hide is a bad friend.

Answer 5

The answer is “Joe User” does not want end-to-end encryption over cellular networks or Tor and will not be using it in the future. “Joe User” does not care that his GPS location, tracking his entire life, is reported back to his wireless vendor or that his social networking behaviors are tracked and exploited. “Joe User” likes thrilling, cheap, free, and easy. The real world forces at play are diametrically opposed to the spirit of this question.

This response is not intended to be flippant or offend but rather to suggest a new point of view would be appropriate relative to this question. “Joe User” does not care about privacy and anonymity but rather he/she is a carefree technology hedonist. Therefore, our role in securing his and our systems is much tougher than assumed in the world suggested by your question since “Joe User” logs onto and plugs into our systems. The question suggests that there are some empirical truths to which we are privy which, when shared with ‘Joe User”, will enlighten him/her. Once enlightened, “Joe User” will change behavior, embrace relatively complicated security protocols, and support additional costs at home and work to defend privacy and anonymity. That would be a nice world to live and work in. That world does not exist.

Instead the world is full of Homer Simpsons that gladly share the most intimate details with mega-companies worth hundreds of billions of dollars precisely because they have access to that very information. Neither Homer Simpson nor the associated mega-companies tracking his habits with their K Street lobbying power want to see the vision embedded in your question come true. As Scott McNealy from Sun famously stated in 1999 about privacy “You have zero privacy anyway .. . Get over it” (http://www.wired.com/politics/law/news/1999/01/17538). Scott was sharing reality as far as the mega-companies saw the world in the dot-com adolescent days and planned for its future. His comment precisely predicted the world we live in today and will live in tomorrow.

Thus I suggest we plan for a world without common user privacy protection beyond TLS and wireless router encryption. Angry Birds trumps the point of view of the traditional security expert in this area.

Answer 6

I've summarized Prof. Daniel Solove's critique of the "nothing to hide" argument at Why Privacy Matters Even if You Have 'Nothing to Hide'.

In addition to what others have said, two examples of legal activities that you'd likely want to be private:

• you get called by some unsavory organization or individual by mistake
• you can call a sensitive service (e.g. suicide prevention or drug abuse hotline) in order to help someone else

Examples involving metadata alone:

• Knowing the titles of the books you borrow from the library can tell a lot about you, without having to know the contents of those books. This is a very simple example of "metadata", or data about data.
• Visiting a website with a URL containing "depression" doesn't require that the surveillance state know what's in that website. The URL is metadata for the web page. In 2006, AOL released anonymized search data for research purposes. However, individual users were identified. Read more on Wikipedia.
• In 2009, an MIT study showed that gay men could be identified on Facebook based on the sexual orientation of their Facebook friends who make that information public
• The Electronic Frontier Foundation shows some simple examples of how call metadata can be used to reveal or infer information or actions which an individual may wish to keep to themselves:
  • The mere fact of calling a sex phone service
  • Calling a suicide prevention line from a bridge (call plus location)
  • Calling an HIV testing service, then your doctor, then your insurance company, in the same day (call correlation)
  • Receiving a call from the National Rifle Association, then calling your senator (the nature of the call can be very easily inferred, since the NRA was most likely conducting a campaign, and probably against gun legislation
  • A long call to your gynecologist, followed by a call to Planned Parenthood
• In an interesting story, a researcher shows how the British government would have been able to find and identify Paul Revere among hundreds of individuals in 1772, based only on knowing what organizations those individuals were members of

Answer 7

Actually answering the Question posed.

Concrete example where you need strong security for legitimate activities:

Confidentiality of a Merger and Acquisitions deal is extremely important, up until the publishing of the deal.

If the contents of partial/initial discussions gets 'leaked' then the deal is often broken off.

So, by definition, all communication between the principals, legal advisors, strategy advisors, important shareholders need to be kept confidential.

Not that I actually have experience of these things, but the landscape would be very very different if confidentiality technologies were not available for these deals.

All the Financial Regulators (i.e. SEC) have specific rules and guidelines for these matters, even though they have mandatory disclosure rules on the flipside.

Answer 8

One of the major reasons I've heard about, and from my own government no less as a warning (when facebook was new) is none other than preventing crime from being committed to you in the first place. Lets spin things around, government surveillance is bad, sure but government being able to watch you means that anybody else with a relatively simple set of tech skills can tap in to the government's surveillance tools (like facebook) and abuse it to find the same information the government would find simply by looking around, they don't even need to be hackers...

And what can they, what can criminals do with your now easily accessible information?

They can find out where you live, find out if you have a security system at home or not (based on pictures of your home) they can find out when you're at home, and when you're not, they can find out who lives there with you and discover all the same stuff about them, then based on that they can target your home when you're not there (raid the place), or when one member of your family they want to target is home alone (sexual predator? someone in the mood for a revenge killing?) and act based on what they have found.

Assassins and the like have in the past to be successful needed to get in close proximity of their targets to spy on them, no more, all they need to know is more often than not on facebook, no espionage needed. This will be a particularly big problem if you're a public figure (notice how they don't participate in social media the same way us normal folks do? Well of course not, they can't! because it will paint a target right between their eyes for anyone who wants to do them anything)

But all in all, don't you just think it's pretty damn creepy that anyone anywhere can know anything and everything there is to know about you without you even knowing they exist in the first place? Does that feel right? It certainly does not feel right to me, actually kinda scares me even if I don't have anything to hide by definition, I'm not doing anything illegal...

Or am I? The legal systems everywhere in the world are such a clusterfuck that millions of people are unwittingly commiting crimes, here are a few examples:

http://mic.com/articles/86797/8-ways-we-regularly-commit-felonies-without-realizing-it#.piX5OQnun http://www.telegraph.co.uk/news/uknews/law-and-order/3044794/How-we-all-break-the-law-every-day.html http://www.michigancapitolconfidential.com/19440

Stuff we may consider bad habits, don't realize we're doing, or do but just have no idea it's illegal, under constant surveillance we may or may not be arrested for these things, but one of these days someone somewhere will have it out for you and the data about these illegal things you didn't know anything about can be used against you in a lawsuit or to deface your public image if you care about that. "This musician downloaded a song once!", "Oh what a shithead, since he thinks it's ok lets all pirate his shit!" or "Oh what a shithead, let's boycott his ass!"

Many people even cheat on the tax because they can't afford to pay it (out of need) they may feel ashamed of it, but they are in need of getting away with it. These can be regular everyday normal folks, and while I'm not trying to protect them, you never know when this might be you or your family. When they do it they may feel embarassed about it, know it's illegal, but are simply backed into a corner and feel they have no choice. Without privacy it's true, they don't have that choice.

We also behave differently when we are under surveillance, and I quite liked this video which delves a bit into that one. https://www.youtube.com/watch?v=AW7aU3zv-4M

see also the government perspective: http://www.bbc.com/future/story/20140209-being-watched-why-thats-good A sane person's perspective: http://www.alternet.org/news-amp-politics/surveillance-thinking-and-behavior

As the common saying goes: "The devil is in the details", don't let yours be too easy to find.

And as for why security is important, you simply can't have privacy without it. You can post private data on facebook, anyone can read it, you can post private data on private channels on facebook, most who are determined will find a way to read it. You can send someone a private email, there are many ways to read that.

If end to end encryption is used, the ways in which that private email can be read is severely reduced. If hard drive encryption is used, the ways in which your data could be accessed when you are not at home or if someone lets say steals your computer (it happens, it does, happened to me, my desktop was stolen from my home... I'm just a normal dude...) all that data is accessible to anyone who gets their hands on your computer, unless your drive is encrypted. And well, so on.

You can think about it like this. Two people in the middle of the street chatting privately, anyone can listen in. Two people in a sound isolated room, it suddenly gets much harder to listen in (the only way is having a bug planted inside the room). The former is privacy without security, the latter is privacy with it. It's not that security makes it impossible to spy on you, it's that it makes it too hard to be worth the trouble for whoever might.

Answer 9

If I had millions of dollars—which is perfectly legal—I would want to keep my riches a secret so that my grandson does not become a target for kidnapping.

If there is a militant religious sect that believes it is their duty under God to kill me for my own religious beliefs, I would like to keep my religious beliefs—which are perfectly legal—a secret.

If I vote for the winning candidate in an election—which is perfectly legal—and the loser's supporters start to commit anonymous vandalism and violence against the winner's supporters, I would like to keep my vote a secret.

---

Addendum

If the government gets a video recording of me doing something legal, they can then pass a law against it, edit the video to add a time stamp after the law was passed, and prosecute me.

If I have a stash of weapons which I keep in case the government becomes tyrannical, I don't want the government to know it's there.