Why do law-abiding citizens need strong security?
Individuals need to guard their information to maintain control over their own lives.
While this statement sounds extreme I believe can illustrate it with a few simple example.
Example 1:
Background: You are a former alcoholic. Although you no longer drink alcohol you have a tendency to be generous when intoxicated. You also typically carry a significant amount of cash with you.
Mallory knows: you are a former alcoholic, you are generous when drunk, and you typically carry a significant amount of cash with you. Mallory also suspects that it will take only two or three drinks to make you drunk.
Scenario: You meet some friends Alice and Bob, and Bob's friend Mallory at a restaurant that also serves alcohol. During your meeting Mallory gets soda for the table, secretly adding an undetectable amount of alcohol to your soda. Alice and Bob leave. Mallory stays telling a sad story about her need for cash. You give Mallory the cash and never see or hear from her again.
Example 2:
Background: You are a civil servant. The office in which you work has a strict policy against employees making negative public statements against current laws. You have a 12 year old child.
Scenario: A popular social networking site has a policy of not allowing children less than 13 years of age to have their own account. You decide to share your social network account with your child by giving them your password. Your child uses your social networking account to publicly post negative comments about a particular law. The local media discovers the posting and learns your real name and where you are employed. Due to the media coverage your supervisor finds it necessary to terminate your employment.
Example 3:
Background: Your ailing grandmother lives alone and has very little income. To help her save on expenses you replace her traditional telephone service with a cheaper VoIP service. Your grandmother does not have a computer and does all her banking by phone.
Scenario: An adversary monitors VoIP calls from your grandmother's service provider and targets calls which are destined for bank phone numbers. Your grandmother makes a routine transfer from her savings account to her checking account giving the bank agent her account numbers and her security code. The adversary records your grandmother’s unencrypted phone call and gets her bank account numbers and security code. The next time your grandmother checks on the status of her accounts they have zero balances and a credit card with a large balance has been opened in her name.
The 'nothing to hide' fallacy
There are three well recognized components to security: confidentiality (secrecy), integrity (has not been damaged, modified, or tampered with), and availability (you can get the thing when you want it).
The 'nothing to hide' argument only works against confidentiality. There are obvious cases where an individual wants a piece of information to be secret and not easily available to anyone who may want it. The single easiest example would be a bank card PIN number. Anyone who has your bank card and knows your PIN can steal your money.
Other obvious example are traditional security items like alarm codes, checking account numbers, and combinations to locks or safes. So the 'nothing to hide' argument is really targeting the information in activities which do not have obvious intrinsic value of and in themselves.
Let’s take the example of a mobile phone conversation.
The surprise party
Alice has a friend Bob who likes surprise birthday parties. Bob's other friends include Carl and Evan. Carl likes to eavesdrop on mobile phone conversations. Alice calls Evan to plan a surprise birthday party for Bob and Carl listens in on the conversation. Before the day of the party Carl tells Bob about the plans for the party. The enjoyment value which Bob would have had if Carl had kept the party a secret is now lost. The disclosure of the secret between Alice and Evan by Carl has a negative consequence for Bob who was not party to the secret.
Typical 'nothing to hide' arguments usually imply that a secret is hiding something bad (illegal, immoral, or embarrassing) and that disclosure of the secret has negative consequences for at least one of the keepers of the secret. Some 'nothing to hide' arguments argue that disclosure of a secret doesn't hurt anyone. The preceding example shows that this is not always the case.
Now let’s look at an example of anonymity.
Anonymity
Alice is a wealthy individual who sits on the board of advisors of a university. The university is in financial difficulty and is allowed to accept private donations. Alice wants to make an anonymous donation to the university. Alice discretely discusses the possibility of an anonymous donation with Bob the university’s exchequer. Carol is another member of the university board who maliciously seeks to reduce Alice's influence on the board. Bob discloses Alice's discussion to Carol. Carol tells the other board members, excluding Alice, that Alice is attempting to gain favour with the exchequer without the board’s knowledge by making a large anonymous donation. As a consequence Alice makes a much smaller public contribution.
The 'nothing to hide' argument against anonymity implies that the person who wishes to remain anonymous must be doing so because the action they are taking when anonymous is a bad action (illegal, immoral, or embarrassing). The anonymous donation of money to a university in need is difficult to characterize as bad. Disclosure of the secret in this case hurt the university and potentially Alice. This example also illustrates part of the problem with excessive openness, the potential for third parties to misinterpret information or actions.