Skip to main content

Privacy does not imply secrecy

The debate around surveillance, government overreach, NSA, Prism, XKeyScore has been split in two categories. Well, three actually. The first will be the government, which feels that all this is justified, because "think of the children." They justify the stripping away of the civil liberties of not just their own citizens, but those all across the world for the purpose of supposedly protecting their own. Cluck cluck.

The other two camps are the people who are subject to this surveillance. One camp argues that they have "nothing to hide." The other camp argues for increased encryption, and these are camps that will create PGP keys, hold keysigning parties, encrypt everything lest the government gets their data. I think both camps miss the point.

Privacy is not the same as secrecy. I know what you do in the toilet, that does not mean that you will leave the doors open, or let the toilet walls be made with glass. Humans have evolved to respect privacy, the confidence of knowing that we all have our own "private" spaces, which are free from any infiltration by others. So, if I write an email or a text message, I should not have to encrypt it in order to feel confident that my message will be read by the intended recipient and no one else. That's privacy. It means that in my house, I have a right to not be disturbed by anyone else, because my house is my private space.

However, privacy does not apply only to private places. Public places can also offer a reasonable degree of privacy. Let's consider a hypothetical scenario where I wish to avoid an inconvenient dinner with someone, and I use a little white lie to wiggle out of the appointment. Then, I go to another restaurant for dinner, and I have a reasonable expectation that the other person will not find out. My sense of privacy is limited to one person not finding out about this, and this sense of privacy is statistically guaranteed. If I don't go to a place frequented by the other person, or any of our mutual friends, I can get a "reasonable expectation of privacy."

Consider the impact of technology on this expectation. Foursquare places a public tweet that I was at a certain restaurant. The other person finds out. Disaster.

Now, consider a hypothetical human to represent technology. We would not mind being in this person's sights anywhere, until we find out that this person has an infinite memory and knows everyone. Worse, this person is always hovering above our shoulders, noting and remembering everything we do, everything we speak. Wouldn't any "reasonable person" freak out?

The trouble with technology is exactly this. Technology knows what we do at all times, and has in infinite amount of memory. It is this facet that freaks me out. Think about it --- Google knows where I have been at any time of the day. It searches for patterns in my behaviour, and tries to sell me advertising that's targeted to fit my patterns. Using credit cards gives away my identity to every store there is. My bank knows what I buy, and where. My cell phone company is tracking me through tower information. Further, given the extremely cheap storage, it's highly unlikely that this data will be deleted in the time-frames that I'm concerned about.

I realise that some basic information has to be sent in order for me to get the data I'm looking for. When I send an email, it goes through a number of servers over the world, and this is essential to the nature of email. Heck, I wouldn't mind sending plain-text email without any encryption if I were guaranteed that no one would snoop on the email on the way. Now that I know that people will snoop on my email, I'm uneasy about sending email in a plain-text form. So, I go ahead and create my PGP keys. The keys reside on my laptop, I did exchange them with exactly two people so far. Two of the hundreds that I interact with. And exactly zero of the two would like to receive encrypted emails by default.

I'm tightly integrated in the Google ecosystem. My university uses Google Apps, I use GMail as my primary personal account, and my phone is an Android, which means that I'm floundering in the Google moat around Google's ad castle. I have a smartphone because I need access to email on the go, my advisor has sent emails a few minutes before the meeting to let me know that the meeting has been cancelled or rescheduled. A traditional email setup would never work in this case. It just makes sense to send plain-text emails instead of encrypting them in this case. So, convenience prevents me from using the secrecy that has now become essential to privacy.

At the same time, the privacy of my communications is dictated by the privacy policies of the people I'm communicating with. This has always been the case, but it plays a new and important role now. Traditionally, I could write a letter with the expectation that the recipient would not allow anyone to read the letter without due reason, and in a way that respects my privacy. If the recipient decided to publish my letter in a book, my privacy would be violated because the recipient did not respect my privacy in the first place. The same thing holds true today. The privacy of any communication is dictated by the worst privacy practices of the parties involved. This means that if you use a secure email service like MyKolab, which guarantees very good privacy; but I use Google Apps, our communication will be as private as Google Apps allows. If I use encryption but you don't, our conversations cannot be encrypted.

The second factor responsible for "privacy is dead" is the "nothing to hide" camp. Now, I may be making an overly general statement here, but the "nothing to hide" camp believes that if they do start encrypting their email and other communication, they will appear as "outliers" who have something to hide, thereby increasing their chances of being under surveillance. Almost all my friends and contacts fall in this category. They agree that surveillance is bad, they want their privacy, but are too afraid to demand privacy by adopting basic practices. Now, these practices are repugnant to me, because they require secrecy, which happens to be a superset of privacy, and which requires much more care. A message can be sent in private, but a secret message has to be encrypted with keys that cannot be "left around" in multiple places. A great deal of care is required when writing "secret" messages because most of the algorithms for secrecy do not support forward secrecy. So, if any one message is compromised, all others may be.

The enhanced practices needed for secrecy mean that I need to carry my laptop around every where I go. I don't trust my phone to store my private keys, because Android is filled with backdoors that allow Google to access my phone, and which may or may not give Google access to my phone's contents. So, I find myself in a very uncomfortable place. I need to send email, but I cannot do so securely without

  1. The recipients using the same privacy practices I use.
  2. A lot of inconvenience to myself.

On the other hand, all existing services I use can assure me privacy without any inconvenience of secrecy. They just don't.

There's a great opportunity here. According to the capitalist philosophy, consumers can demand what they need. They can accomplish this using "dollar votes," by using services that respect their privacy. DuckDuckGo is a great search engine which promises to not record your search activity. MyKolab is a great service for private email and file storage --- because it is located in Switzerland, we can be reasonably certain that we'll be protected by Swiss privacy laws, which are the strongest in the world, and which are respected by the government. RedPhone and TextSecure by Open Whisper Systems are great apps for Android (iPhone versions coming soon) that encrypt calls and text messages respectively. Other people can fill in the niche that's left in terms of privacy apps and services.

Remember, we only ever get the rights we fight for, and forgo the rest. I cannot but insert an Orwell reference here. Do we want to go from "all animals are equal" to "all animals are equal, but some animals are more equal than others"?

Privacy does not require secrecy, but if secrecy is the only way to ensure privacy, then let's go with secrecy.

Software and services that respect your privacy

  • Duck Duck Go --- Search
  • --- private email, calendar, file storage. Note that I have not used this service, as I find it costly, and because it's purpose is defeated by the insecure practices of my correspondents.
  • Open Whisper Systems --- RedPhone and TextSecure apps for Android (iOS versions coming)
  • DoNotTrackMe --- A browser extension that prevents companies from tracking you
  • HTTPS Everywhere --- Another browser plugin, which enables HTTPS wherever available. HTTPS is an encryption layer over HTTP, which prevents people from snooping on your web browsing.
  • GnuPG --- The GNU Privacy Guard, a suite of encryption software and software that's designed to protect your privacy. Available on all platforms, use GPG to encrypt email, files and more.

Popular posts from this blog

Progressive Snapshot: Is it worth it?

I turned 25 last year, which in the highly mathematical and calculating eyes of the US insurance industry meant that I had suddenly matured into a much more responsible driver than I was at 24 years and 364 days of age. As a result, I expected my insurance rates to go down. Imagine my surprise when my insurance renewal notice from GEICO actually quoted a $50 increase in my insurance rates. To me, this was a clear signal that it was time to switch companies.Typically, I score really high on brand loyalty. I tend to stick with a brand for as long as possible, unless they really mess up. This qualified as a major mess up. As a result, I started shopping for insurance quotes.Two companies that quoted me significantly lower rates (30%–40% lower) were Progressive and Allstate. Both had an optional programme that could give me further discounts based on my consenting to the companies tracking my driving habits. Now, I am a careful driver – I hardly ever accelerate hard. I hate using the brak…

Cornell Graduate Students United: At What Cost?

On Monday and Tuesday, we graduate students at Cornell will be voting on whether or not we want to unionise. Actually, scratch that, only graduate students who hold a TA, RA, or GRA appointment can unionise.This is a shitty arrangement, and I will be voting against it.For those of you who are not aware of how graduate school works at Cornell, you could be on one of many appointments.FellowshipA graduate student on a fellowship gets a stipend and tuition paid without associated teaching or research opportunities. Graduate students on a fellowship typically work towards their own theses, but will be excluded from the unionGraduate research assistantshipsA GRA gives a graduate student stipend and tuition without teaching responsibilities. However, this money comes out of a specific project grant, and the students typically work on their own theses. Students on GRAs magically qualify to join the union, whereas there is virtually no difference between a GRA and a fellowship for the most pa…

Reading List, April 2017

Adam Carroll, When money isn’t real: The $10,000 experiment, in TEDxLondonBusinessSchool, 9 July 2015. [Online]: Carroll presents an interesting point – we have abstracted away money through the use of a number of instruments, such as credit and debit cards, NFC payment systems on our phones, and in-app purchases, when we don’t realise how much we are actually spending. Carroll spends some time showing how his kids, aged 7–11 played monopoly differently when they were playing with real money. He goes on to lay his premise, that financial literacy must be taught to children at a young age, when they should be allowed to fail and learn from their failures at a small scale, not at the hundreds of thousands of dollars when they are in student loan debt and just out of college.Carroll’s talk hit a lot of notes with my own experiences with money, and I’m sure that it would resonate with your experiences as well.Brett Scott, If plastic replaces cash, much tha…