29

I'm having a discussion with someone who thinks they don't need technical measures of privacy or anonymity.

Common arguments against needing to care about privacy or anonymity include:

  • Everything about them can be Googled or searched from public records
  • Their personal information is already out there from companies who have been exploited
  • Credit card insurance protects them from fraud
  • There is no value in trying to protect future communications (data is already out there)
  • They don't consider themselves a valuable target
  • They feel the technical expertise is beyond their reach, and therefore don't try
  • Anonymity is only needed for dark web, or criminal efforts
  • They have nothing inflammatory, or of potential conflict to say
  • ...?

My intent is to gather a finite list of occasions when either privacy or anonymity is needed for a typical end user in the UK or US. I will use these scenarios with the common actors, Alice, Bob and Mallory.

Here are some possible answers for this question:

Scenarios for anonymity

  • Voting (why, to prevent provable coercion of votes, or retaliation from opposers)
  • Anonymous donors (to charity or political organization )
  • The witness protection program is a way of creating a new living persona (almost akin to creating a new email account or Twitter handle)

Scenarios for privacy

  • GPS coordinates of your phone should not be exposed to stalkers or thieves who want to rob you
  • Conversations with a friend who is doing drugs illegally, should not notify law enforcement
  • Google searches, chats and phone calls to suicide prevention, disease, or drug hotlines for someone else
  • Conversations about sexual and reproductive health (Planned Parenthood)
  • Prevent against the intentional, or unintentional misunderstanding of an email, SMS, or other communication, resulting in legal/police action
  • An accidental violation of an NDA resulting in the victim getting terminated
  • Sometimes laws must be broken for society to progress
  • The government may accidentally put someone on a Watch List, making travel more difficult
  • Anytime someone entrusts them with a secret, they need privacy to protect that. Someone with nothing to hide does not protect or guard that secret.

Scenarios for privacy and anonymity

As you can see "anonymity" is harder for me to articulate than simple privacy. Focus and assistance here is appreciated, but interesting privacy scenarios would be useful as well.

I am interested in scenarios targeting an end user (non technical) located in the US or UK.

Question

  1. What are some more scenarios where someone else will do something illegal resulting in a victim getting punished for someone else's crime?

  2. Or, for people who think that anonymity is only for criminals, when would anonymity-protecting tools would reduce risk?

This Bruce Schneier article lightly touches on how trust (that the message will not be taken out of context) can change the content of what's being said. For example, someone listening in on a phone call, even if was a momentary / false suspicion, might change the tone and word choice being used. This makes me think that there is a psychological need for privacy and anonymity.

Documents from psychological studies might provide more when examples. (I'm more interested in the example than the study)

makerofthings7
  • 50,488
  • 54
  • 253
  • 542
  • How would you organize people to decriminalize marijuana in a state where marijuana is illegal without being targeted by the police? Do you think the government always follows the law? Do you have curtains in your home? Have you never had a private business conversation? – Neil McGuigan Aug 03 '15 at 03:06
  • @NeilMcGuigan I'm just looking for "when" a person would need anonymity or privacy... Haven't thought through "how" – makerofthings7 Aug 03 '15 at 03:09
  • 10
    This might be a political answer, but many cultures assume the "when" to be: "whenever I so choose". When an honest person is prevented from making that choice, then there is generally a problem. – schroeder Aug 03 '15 at 03:11
  • 7
    I'll just leave this here: ["If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." - Cardinal Richilieu](https://en.wikiquote.org/wiki/Cardinal_Richelieu) – Mark Aug 03 '15 at 04:16
  • 10
    One argument that I think favours privacy a lot is historical changes to the legality of various things. If there was no personal privacy would the gay rights movement have succeeded? Their actions were, at the time, illegal and in the UK homosexuality could be quite harshly punished. In the US think about the civil rights movement, if they had no privacy would they have been able to organise themselves, or would they have been cracked down on for actions which were, at the time, illegal. In South Africa, think about the Anti-Apartheid movement, same idea would it have worked without priv? – Rory McCune Aug 03 '15 at 07:42
  • 2
    So why don't they walk around naked and live in a glass house? – Konrad Gajewski Aug 03 '15 at 08:21
  • 9
    Is it a problem to have a database of all people in Germany with their religion in 1933? They don't have anything to hide, do they? Is it a problem to have a database of all kindergarten children including photos and notices if parents miss the time to pick them up? I mean this are innocent children, they surely have nothing to hide! Would you want this database in the hands of paedophiles? With a picture of your little child and a notice, that you often miss the pick up time? What do you have to hide??? – Josef Aug 03 '15 at 08:54
  • 2
    One common rebuttal is "so why don't you have a public webcam in your bathroom?". – user253751 Aug 03 '15 at 10:20
  • 11
    @Josef Your scenario isn't even hypothetical. There was such a database in the Netherlands and nobody had a problem with it - until Germany invaded the Netherlands and SS found their task greatly simplified – Hagen von Eitzen Aug 03 '15 at 13:21
  • @immibis Also "Why do you wear pants outside your bathroom?" – Hagen von Eitzen Aug 03 '15 at 13:21
  • Not the guy mentioned, but I'm very googleable and I still believe in privacy. The government should not have access to my personal communications, regardless of their content. This guy just sounds like a nutter. – Seiyria Aug 03 '15 at 14:01
  • Please include some naked pics of them, their bank statements of the last year and recordings of their conversations at home, maybe we can find some reason somewhere in there, and they don't have anything to hide, right? – RemcoGerlich Aug 03 '15 at 14:16
  • 1
    I'm here to register my complaint about drawing hard lines between fact an opinion, and attempting to create a culture where only "facts" are acceptable things to talk about. Security is inherently value driven, not fact driven, and this is inherently a question about values. So yes, this is an appropriate question here. – Steve Sether Aug 06 '15 at 18:56
  • @SteveSether Feel free to discuss this on META.security.stackexchange.com, and know that when you reach 3,000 points in rep, you can vote to reopen. As it stands now, there are 2 votes to reopen. – makerofthings7 Aug 06 '15 at 19:04
  • Thought you might like this link: http://attentiv.com/anonymity-impossibility/ – paj28 Aug 26 '15 at 20:49
  • @paj28 LOVE it! – makerofthings7 Aug 26 '15 at 22:48

7 Answers7

40

There's a great short essay written by Bruce Schneier on the right of privacy:

The most common retort against privacy advocates -- by those in favor of ID checks, cameras, databases, data mining and other wholesale surveillance measures -- is this line: "If you aren't doing anything wrong, what do you have to hide?"

Some clever answers: "If I'm not doing anything wrong, then you have no cause to watch me." "Because the government gets to define what's wrong, and they keep changing the definition." "Because you might do something wrong with my information." My problem with quips like these -- as right as they are -- is that they accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.

You can read it in full here: https://www.schneier.com/essays/archives/2006/05/the_eternal_value_of.html

dr_
  • 5,109
  • 4
  • 20
  • 30
  • 3
    My e-mail, my castle. – Konrad Gajewski Aug 03 '15 at 08:23
  • 3
    In all honestly, as valid as the "clever answer" is when it stands on its own, it actually answer the question. The question of what you have to hide still stands whether or not others have a right to watch what you're doing. It's a lot more convincing if you can explain why it makes logical sense to hide "OK" things instead of of claiming privacy is a fundamental right and therefore just erasing the question altogether. Personally, I haven't ever heard a very convincing answer to this question, even though I've heard lots of convincing non-answers. – user541686 Aug 03 '15 at 08:50
  • 11
    That's exactly the point: *we shouldn't have to convince* you or anyone else. We shouldn't have to explain why we want to hide something that's OK. As you correctly said, privacy is a fundamental right and we should be allowed to hide fact X about our life *just because we wish so*, without any explanation. – dr_ Aug 03 '15 at 08:57
  • Glenn Greenwald (journalist from The Guardian that broke the Edward Snowden story) also makes a very compelling argument in this Ted Talk: http://www.ted.com/talks/glenn_greenwald_why_privacy_matters?language=en – mti2935 Aug 03 '15 at 09:58
  • 1
    @Mehrdad - I think there is a human psyche need for privacy and possibly anonymity. Hopefully this question will help me find them. If rooted in `because I'm a human and humans need privacy/anonymity`, then that might give more weight than *because I wish so* – makerofthings7 Aug 03 '15 at 12:21
  • I disagree with the premise of this passage. Where did this "inherent human right" come from? Who granted it? There is an important distinction between what _is_ a human right and what we _want_ to be human rights. – David says Reinstate Monica Aug 03 '15 at 13:39
  • @DavidGrinberg By analogy... You have a right to wear clothes. Those clothes, in addition to protecting from the elements, protects your physical *privacy*. If you choose not to wear clothes, you are exposing your privacy. If you were *forced* to not wear clothes, that is a violation of privacy that any decent human would state should not be violated. If you choose to expose your privacy to a person, it does not automatically grant world-wide access to your privacy for all time in the future. Even if you're doing nothing wrong, you *expect* this privacy. – phyrfox Aug 03 '15 at 14:26
  • 2
    @phyrfox Again... where did this right to wear clothes come from? You need to be very careful with this type of logic because then when you get strip-searched people are violating your rights - obviously not true. There is an **important** difference between innate human rights and things that we basically just take for granted. You in fact mentioned it yourself in your comment - you _expect_ privacy, you are not _entitled_ to privacy as a human being. – David says Reinstate Monica Aug 03 '15 at 14:53
  • 1
    @DavidGrinberg Since when is getting strip-searched is not violating your rights? – Fax Nov 06 '18 at 09:14
30

Positive reasons

  • Instead of a beach holiday, we joined a Christian Mission this summer in Malawi. We're keeping quiet about it in case the children are teased at school.
  • I leapt into the road and saved a toddler's life. I just walked away because I don't want any fuss.

Controlling dissemination

  • My wife is pregnant, great news! We want to tell close family and friends first, before it is common knowledge.
  • I've lost my job. I'm keeping it quiet from my wife, hopefully I can land a new job before I have to tell her.

Seeking advice

  • Doctor, I have this spot on my penis. I don't want to talk to my friends about it.
  • Lawyer, I'm concerned I may have broken xyz law. I want to be informed before I talk to anyone else.
  • Engineer, I've noticed cracks in my wall. I want advice before I contact my insurer, bank, etc.
  • Shrink, I've started feeling attracted to prepubsecent children. I need help in absolute confidence.

Negative reviews

  • Jane, you should know we had an awful time at the new restaurant on our street. I'm not willing to confront them publicly, and worried I could face libel.
  • Steve, you need to know that when Joe stayed at my house, cash went missing from my drawer. I'm not prepared to confront Joe on this circumstantial evidence.
  • Ellie, you need to know that your new boyfriend has been violent with previous partners. Don't tell him you know as he'll try to kill me.

Controversial events

  • We learned our baby would be severely disabled and took the difficult decision to terminate the pregnancy. We're keeping it quiet because some people will judge us.
  • I was sexually abused as a child. I don't generally like to talk about it.
  • When I was a poor student I habitually shoplifted for groceries. I didn't get caught, and would never do it now, but I still want to keep it secret.

Enemies

  • I had a difficult divorce and I'm sure she still stalks me online. I like to share updates and photos on Facebook, but I don't want her to see them.
  • I had a violent ex-partner and still receive unsettling messages. I certainly don't want him to know where I live.

Entrusted with information

  • Mum, my best friend confided in me that she's pregnant. I need some super-private advice on how to handle this.

Sexual kinks

  • My horny girlfriend made me a special album for when we're apart. This has to just be for me.
  • I'm a furrie and regularly hook up with other furries online. I don't want my work or family to know.

Appropriate audiences

  • I share highly offensive jokes with a few of my friends. All legal and in good humour, but my job would fire me.

Security

  • Joe posted photos of his fab holiday in Costa Rica on his public Instagram account, where other photos revealed his address. When he returned home, his house had been burgled.

Ultimately, I agree with Bruce Schnier's analysis. The way I put it is: you own the information about yourself, and you decide who you share it with.

Two areas I have left out of the above list: illegal activity and infidelity. While those are definitely things people want privacy for, they are not generally seen as legitimate reasons to want privacy.

I view anonymitiy a little differently to you. Whenever we need privacy there are two main ways to achieve this: trusted communication, and anonymity. Traditionally you would talk to your doctor face-to-face and in confidence - trusted communication. A modern alternative is to go to a public forum and post anonymously. I see anonymity as one way to achieve privacy.

If you look at all these examples, you can argue that the world would be a better place without privacy. If we all talked openly about penis spots, we would actually all be healthier. The violent ex should be controlled in other ways, so the victim doesn't need to hide her address. Sometimes anti-privacy people try to capitalise on this. But I think the key point is that people are not perfect. Sure, Geoff should be able to talk about being gay with his parents - but they really will judge him.

paj28
  • 32,906
  • 8
  • 93
  • 130
  • 3
    Additionally, any informations like that could also be used by stalkers / other 'crazy' people. Or just used by criminals themselves: "Neighbour xyz is obviosuly enjoying his vacation in canada. Let's break into his house." – Katai Aug 03 '15 at 12:01
  • Seems like there is some overlap with controlling dissemination, but I like the categorisation for needing privacy. If only I could do the same for anonymity – makerofthings7 Aug 03 '15 at 12:31
  • I acknowledge and like the fact you say that anonymity is a means to achieve privacy. I'd like to find more scenarios in which anonymity is needed to achieve that privacy – makerofthings7 Aug 03 '15 at 12:34
  • 1
    One thing to add - re: `You own the information about yourself` ... in the UK, the government's department of health owns all the medical records of its people. The United States is distinctly different in this regard. – makerofthings7 Aug 03 '15 at 12:53
  • 1
    Regarding "illegal activity and infidelity": If privacy is not granted for these cases (in due relation to the suspected offence), then Miranda rights, search warrants, defense attorneys are not needed either. – Hagen von Eitzen Aug 03 '15 at 13:31
  • 1
    @LamonteCristo - anonymity is needed where you need privacy and cannot have trusted communication. Perhaps an employee needs to whistleblow, but they can't trust the police, perhaps because of corruption. It is also useful for discussing private things online (some subreddits like NoFAP or TIFU are notable!) Probably a few more examples - maybe ask a separate question? – paj28 Aug 03 '15 at 19:34
  • @Katai - good point! I've added your suggestion – paj28 Aug 03 '15 at 19:37
  • Is the singular form of "furries" not "furry"? – user253751 Aug 04 '15 at 09:42
13

Just to address one point:

  • Credit card insurance protects them from fraud

This makes several assumptions, none of which are to be relied on:

  • You assume that the insurance will pay out. It would be safer to assume that the insurer will try to avoid paying out, and require you to prove that you didn't give away your card details. This may be tricky if you've adpoted a no-security model.

  • You won't suffer overall from being out of pocket and without a card while investigations take place. Hopefully the loss of one card wouldn't mean you can't buy food until it's sorted (assume months). What about the loss of all your cards simultaneously -- you're talking about an easy target after all. Delays of months have been reported.

  • After the first few incidents you can still get card insurance. The insurer is likely to refuse your business as a bad risk.

On the more general case I can't add much to dr01's answer (not surprising given that they're quoting probably the world expert), except to point out the risk that rather than stealing from you, any criminal with 2 brain cells to rub together would use your details to defraud someone else. If they have control over all your data, you would have a hard time convincing a court that the fraud was committed in your name rather than by you (There have been attempts to mitigate this effect in law).

It has been demonstrated time and again that the watchers are not to be trusted. In this case both police officers and contractors accessed data on their family, ex-partners etc.; Other cases involve police accused of stalking with help from their database.

Chris H
  • 4,375
  • 2
  • 16
  • 23
5

For the fraud and "identity theft" angle on this, people should remember that dealing with it always takes someone's time and money. Identity theft can be extremely inconvenient or expensive, and your time is not usually covered by insurance.

Another angle is price discrimination. "We see you have $1234.50 in your bank account, therefore the price of this vital medical treatment to you is $1234.50." There are less dramatic examples of this all the time.

Then there is employment discrimination. Should employers be using people's personal lives to discriminate against them? The people that don't care about this assume they are average enough not to be victim to this, but ask them if they've ever complained about any of their employers to anyone in any medium and ask if they would like that broadcast.

Political opinions as well. Maybe people will say that they aren't registered to vote and have zero interest in politics, but that itself could be held against them by people.

Let's not forget weaponised shaming fads. The internet is very good at taking one photo or video of something mildly embarrasing or unpleasant and making it into a worldwide phenomenon that makes some poor person unable to leave their house.

Then there's the third-party leakage problem. Remember the OPM hack. Even if you trust the organisation that has your information, they may still leak it to malicious hackers.

pjc50
  • 2,996
  • 12
  • 17
  • These are great.. do you know of anytime anonymity can be used as a means to gain this privacy? – makerofthings7 Aug 03 '15 at 12:40
  • 2
    Good enough anonymity means that people can see these actions, but they can't correlate them with your "public" identity; people can't see that the John Q Public on the CV is the same person posting political opinions they disagree with. – pjc50 Aug 03 '15 at 14:38
5

I would like to quote Edward Snowden on this:

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

Just because you have nothing to hide (you likely do, but let's assume you are really OK with your government, foreign governments and various cyber-criminals knowing everything about you), doesn't mean others have nothing to hide.

But when only those people who actually have something to hide insist on privacy, that alone marks them as interesting surveillance targets. When you really want to invade someones privacy, there are no technical measures which can not be circumvented with access to enough resources. But those resources are scarce. By insisting on your privacy even when you don't actually need it, you are making in-depth surveillance of everyone who does insist on privacy infeasible.

Even when you are a true patriot who believes that everything your government does is right and just, remember that your government is not the only one spying on you. There are also foreign governments, corporations and criminals which are very interested in knowing more about you.

Philipp
  • 49,017
  • 8
  • 127
  • 158
2

One of the reasons to guard your privacy is that whilst the government is doing its best (ehem) to protect you from criminals, the latter also have methods to get the information about you, wire-tap your phones, and eavesdrop your communications. There are powerful crime syndicates out there that have the technical abilities of law enforcement. And this is all providing there is no corruption. It's like with firearms. You need them for protection.

Konrad Gajewski
  • 593
  • 5
  • 16
  • 1
    Any links supporting the claim that the power of crime syndicates match or exceed those of law enforcement would be interesting and useful. – makerofthings7 Aug 03 '15 at 12:05
  • 2
    I can't vouch for this ZDNet article, but it describes what I have claimed: http://www.zdnet.com/article/organised-cybercrime-groups-are-now-as-powerful-as-nations/ . Also: http://edition.cnn.com/2012/07/29/opinion/goodman-ted-crime/ http://www.govtech.com/dc/articles/Cyber-Crime-Law-Enforcement-Must-Keep-Pace.html?page=1 http://www.businessidtheft.org/Education/WhyBusinessIDTheft/tabid/85/Default.aspx http://www.resnet.wvu.edu/security/hacker_economy.html – Konrad Gajewski Aug 03 '15 at 12:26
2

Appropriate audiences is the right phrase to use. Certainly some missives are more appropriately cast in a manner that would make them palatable to the listener. The interaction between a group of two is entirely different from a crowd of thousands. Similarly, would you like to know that the doctor who treats your disease had a teenhood that encompassed weekend binge drinking? Or that a short run of deaths might be a contributing factor to his capacity?

Price discrimination, user segmentation, itself is based on available information on purchases in affiliated stores and are not traditionally tied into deeper finances, but it would also be fair to say that data aggregation through use of leaked data might also be on the cards for aggregators or fire hose providers. Any number of ways this could be analyzed as actionable business intelligence.

The other consequence of segregation into silos of trusted groups would also be the inevitable lack of societal integration and fragmentation into groups without real understanding of the other. The security angle here is simple. Polarisation is dangerous, and privacy is how some might keep beliefs of one group from trampling on another.

munchkin
  • 393
  • 1
  • 5
  • 1
    Do you have any specific scenarios where anonymity could be useful to gain the privacy you're describing? – makerofthings7 Aug 03 '15 at 15:39
  • Let's say you have two diametric intellectually opposing groups. On the one hand, you'd categorise any encounter as a zero sum game, but in real life what you would want is a way of integrating both as a whole, in so far as it is possible for everyone to get along. The only way to do that would be, to be less confrontational with the parts that are deep seated beliefs and allow diffusion of influence on both sides. – munchkin Aug 03 '15 at 16:31
  • Very useful. So someone would need validation of being a member of the opposing herd, and anonymity for expression leniency or tolerance for the opposing party. – makerofthings7 Aug 03 '15 at 16:44
  • That and possibly privacy in keeping inflammatory remarks from disrupting the cross influence. Interestingly enough commerce was usually the reason to do this in the past. – munchkin Aug 03 '15 at 16:45