I’ve been putting my photos on Flickr for years now—my first photos were uploaded in 2004. I didn’t upload all my photos, just the ones I particularly wanted to share. (In those days, you had to pay for a Pro account to share more than 200 photos. By uploading only occasionally, I stayed under that limit almost until it was lifted.)
More recently, I configured my phone to upload all the photos I take with it to Flickr, but to make uploads private until I go and publish them. I don’t do that for privacy or security. (I figure once a photo is uploaded, it’s effectively public anyway.) I do it this way so that my photostream is a list of photos that I’ve chosen to share, rather than just all my photos.
I think I once had a “Flickr badge” with some of my photos on the sidebar of my blog, but it seems to have gone away at some point. I forget whether there was some technical reason, or if it just got lost when I changed themes or something. In any case, I once again have a widget on the sidebar, showing my most recent shares to Flickr.
It’s pretty far down on the sidebar. In case it’s too far to scroll down, here my most recent Flickr photos, as of this morning:
I’ve been very disappointed by many friends’ cavalier attitude toward both our government’s invasions of our privacy and its use of the most extreme forces of legal process against those who would tell us the truth about what the government has been doing.
One specific disappointment has been the various versions of “I don’t care if the government listens to my calls. I’ve got nothing to hide.” (Usually with some lame joke about how tedious it would be to listen to their conversations.) It’s as if they know nothing about what led to the American revolution. Didn’t these people go to high school? Don’t they know that each of the privacy-related rights spelled out in the constitution was there for good and specific reasons—because of actual abuses suffered by ordinary people?
The most disturbing of the recent revelations is not how much data that they’re sweeping up (pretty much everything) nor the incredibly lax standards they seem to have about exposing the data (my data and their own!) to a surprisingly large number of people. It’s that they’re sweeping up everything and then keeping it for years.
There are several problems here, but I want to focus on two of them.
It’s not okay just because it’s still secret
At one level, I understand people who trust the government enough to think that it’s okay (or at least less bad) to have the government sweeping up all their private information—as opposed to, let’s say, Google or Facebook or Microsoft (or Monsanto or ADM) doing it. I can accept the ideal of government as a force for good. We’re still reasonably close to having a functional democracy—a few tweaks to campaign finance law and we might very well get back a government that was responsive to the desires of its citizens.
But even if you trust the government not to use your information inappropriately, I think recent events prove that you can’t trust them to keep it secret. We’ve just seen a large leak of exactly the information that the government has been trying it’s very hardest to keep secret. But we only know about it because a brave leaker went public and because a free press published what they’d learned. How many leaks were not to the public, but instead to a foreign government or a criminal organization? We don’t know, because those leaks go unreported. We can’t know. Even the government doesn’t know, and if it did know it wouldn’t tell us.
If the government can’t keep the details of its own most secret programs from becoming public, why would you imagine that it could keep your details secret? For all you know, your information has already been leaked to criminal organizations, to foreign governments, to domestic corporations, to lobbying organizations and other influence peddlers—to anybody who could get an advantage by knowing secrets.
Maybe massive amounts of your information collected by the NSA have already leaked. The next time there’s an unauthorized charge on your credit card, maybe it’s because the NSA leaked your credit card number.
And of course that would just be true information about you. Maybe there’s a bunch of false information about you in the giant NSA databases. The next time you get turned down for a credit card or insurance or a job, maybe it’s because false information about you leaked to people who used it to make a decision about it.
And here is where we get back to why the idea that “I’ve got nothing to hide” is such a terrible idea.
It’s not okay just because you have nothing to hide
One friend made a short list of every “crime” he could remember having committed—a couple of youthful indiscretions, a couple of protests, a couple of harmless acts that were circumstantially appropriate but perhaps violations of some code or another. He was willing to own up to those—”If you want to prosecute me, go ahead!”
But, of course, that’s not how it works. The federal government doesn’t care about such things—or, at least, it doesn’t care until you become a “person of interest” in some other matter.
I don’t know whether my friend has committed any other federal crimes or not. But I do know that he has crossed international borders several times in the last few years. Did he fill out the requisite paperwork correctly each time? Did he carry anything across the border that he shouldn’t have, such as an agricultural product? Did he declare in the section on agricultural contacts that one of his running paths was also frequented by feral pigs? Is he sure that none of his financial dealings falls under the ambit of any federal laws?
In the real world, the federal government goes out and checks these sorts of things if they suspect you of something. Worse, they go and check these things if they suspect one of your friends of something (because it gives them leverage to get you to incriminate your friend). But now they’re going to have another whole bunch of things to check—all your phone calls and emails for the past 5 years.
And don’t forget that it’s trivially easy to convict you of conspiracy. All it takes is a single “overt act,” such as lending a friend bus fare or taking in his mail when he’d on vacation. (Well, technically it also takes an agreement and criminal intent, but apparently it’s okay if the only person in the conspiracy with those is the FBI informant.)
Don’t imagine that you’ve “done nothing wrong” just because you’re not aware of it. Unless you’re a federal prosecutor or defense attorney, you have no idea the vast array of actions that turn out to be federal crimes. One of our biggest protections has been that it’s a lot of effort to investigate and look for those crimes. If all your phone calls and emails are recorded it’s going to be a lot less effort.
As I say, I don’t dismiss out of hand the idea that the government is overall a force for good. I think our government (at all levels) has been pretty effective these last 150 years or so in reducing all sorts of bad things—there’s less poverty, there’s less casual violence, there’s less abuse of vulnerable people. But I don’t think giving the government audio recordings of all our phone calls, the texts of all our emails, or lists of every web page we visit will be much help in those things. And I think it will do real harm in those (fairly rare, but not rare enough) instances when people acting under color of law decide that somebody must be guilty of something, and make use of these new tools to prove it.
I had the great good fortune to learn early on that anything posted to the internet is there forever. That knowledge has guided my internet activities for twenty-five years now, and keeping it perpetually in mind has stood me good stead so far. My basic rule is simple: I don’t post anything to the internet unless I’m intending to publish it to the world at large.
So, I’m happy to post the articles and stories I write, and happy to post links to them. That information is deliberately made public. I also post about things I do (and share links to things other people write), but only with the knowledge that each such post is part of my permanent public persona.
The exceptions (commercial, banking, credit card, insurance, and medical sites) are carefully considered, minimized as best I can, and monitored so that I have some hope of detecting and limiting the harm from failures. I expect the information that I share with them will remain private—but I use the word “expect” in much the same way an eighth-grade teacher might use it when telling her students “I expect each one of you will be well-behaved during our field trip.”
Because of this perspective, I pay very little attention to the “privacy” settings of social media sites. Whatever I post is intended to be public, so it makes no sense to constrain it. I do try to keep a grip on things that I don’t intend to be public. For example, I only attach location information to my posts on a case-by-case basis.
As I say, this has stood me in good stead up to this point. But, as Bruce Schneier points out, we’re already well past the inflection point between a past when such efforts mattered and a present and future where they do not. I carry my phone with me most of the time, so my location is already known to a third party—which means that, as a practical matter, it can be known to anybody who cares enough to get the information. Cameras are nearly ubiquitous—even before drones make it possible for them to be actually ubiquitous (and social media sites have already gathered ample data to support any facial recognition effort).
Anybody who’s working on the public policy aspects of these issues who’s not familiar with David Brin’s Transparent Society work is making a mistake. Privacy has no future. It hasn’t for a long time. Transparency is our best hope for keeping this fact from making the unequal power relationships in society much worse.
[Update 22 May 2011: I found the post from 2003 where I tell the story of just how I learned this lesson, back in 1990.]
Security expert Bruce Schneier wrote last week about some changes he was making to his blog to remove some anti-security features. Reading over his list of changes, I was pleased to see that I’d mostly avoided adding anti-security features to my blog in the first place.
- No offsite tracking. Although I’ve experimented with them a couple of times, I don’t have “like” or “share” buttons on my blog posts, so your visits here are not automatically transparent to Facebook, Twitter, Google, or other social media sites. It means you’ll have to copy the link yourself if you want to share my posts. I’d be delighted if you did, so I hope that’s not too onerous.
- No offsite searching. Similarly, the site’s search facility runs right on the site itself, just doing an SQL query of the database that holds the content of my site. Doing a search here doesn’t expose your query to anyone else. (I once looked to see if I was logging queries and couldn’t find them; as far as I know, doing a search here doesn’t even expose your query to me.)
- No offsite feed. I also run the RSS feed for the site right on the site, and always have. I thought for a while that I ought to use feedburner, but I never got around to it, and now it’s clear that laziness led me to the right choice.
Any attempt to keep internet activity private is probably hopeless, but that’s no reason not to try.