Data Protection? I Have Nothing to Hide!
Nobody cares about me. I’m not interesting. I have nothing to hide.
These phrases often come up when you talk about privacy. It is terribly tiring to discuss privacy with friends, colleagues and family. Nevertheless, we must do it. We are the ambassadors of data protection, the fighters for civil liberties, the defenders of the free democratic world and the activists of fundamental rights. I have compiled this argumentation for us.
Theory And Background: the Nothing-to-Hide Argument
Basically, it is not at all about whether a single person is interesting or uninteresting. This is completely irrelevant in the debate – but unfortunately also difficult to understand. In the 21st century, we are no longer talking about the privacy of individual persons. It has always been and will always be possible, to spy out a single person. We are concerned with the automated and large-scale monitoring of the population and the possibility of drawing automated conclusions from the data collected.
In the past, thieves, private detectives, or law enforcement agencies were the ones to be feared with regard to privacy. Today, the surveillance cameras of public authorities and the data centers of advertising companies are the big bogeyman, because they create profiles of all people who move around the Internet. It is all about the big picture:
(…) Mass surveillance is a massive structural change. If society changes for the worse, it will pull you along, even if you are the least interesting person in the world.
This quote is attributed to Julian Assange, the founder of the whistleblower platform WikiLeaks.
Many think that we as a society need to consider what the right balance should be between protecting the privacy of individuals and the security of all. But the real issue is freedom versus control. This becomes understandable, when one realizes that with a little bit of malice, something that makes prosecution or blackmail worthwhile can be found in everyone’s life. So argues Bruce Schneier, a computer security expert and cryptographer.
An example: If you say you have nothing to hide, you may pull your saved Google queries of the last 10 years from the search engine. Print them out and distribute them around the office. The same applies to Facebook likes and private messages (including those you never sent), which the social network also stores indefinitely. That feels strange? It should. But then why do we allow foreign companies to view, store and analyze this information about us?
To me, the time factor seems to be equally important: Things change. The sexually transmitted disease we were looking for on the internet may not be an embarrassment to us today, but in 5 or 10 years’ time it could become a problem if we want to apply for adoption, get life insurance, or obtain civil servant status.
Numerous examples from history, but also from the present, prove that people have been abducted, maltreated, and murdered for less than religion or sexual orientation. Databases containing such information are, therefore, extremely explosive if they fall into the wrong hands, as a result of theft, purchase, or simply a change of political mood.
In Germany, too, we have been able to observe in recent years how right-wing groups have collected information about their opponents and compiled it into lists. There are portals on which teachers should be reported who have expressed critical views on the right-wing-party AfD and addresses of politicians and critical journalists were collected to create a “death list”. Threats against people on such lists are made openly. So nobody can say that they did not see it coming.
Concrete Examples: Everyone Has Something to Hide
Just because you find your data boring yourself, this does not have to be true for everyone else. Data is worth a lot in the right hands and nothing in the wrong ones. Money is worth the same to everyone, data varies in value depending on whether the person who has it is able to merge, match, cluster, compare it.
We are dealing with three different threat scenarios:
- State actors who build surveillance systems using the argument of fighting crime.
- For-profit companies that create profiles from the available data to play out personalized advertising.
- Criminals who gain access to online identities and payment information through fraudulent activities in order to enrich themselves personally.
Here are some examples:
Users of the fitness app Strava have tracked their routes while jogging, to measure and compare running times and calorie consumption. A harmless hobby – one would think. But it is possible (even without any hacking skills) to compare the routes and view them in the map view. So it happened that the locations of secret military bases became public, because the soldiers jogged around the area to keep fit. Probably none of them had in mind to betray their own location to the enemy. And yet that is exactly what happened. You can read the whole story on cnet.com.
A financial loss, for example, can arise if you handle your Amazon access data carelessly. If you log into your Amazon account on a strangers computer, or with a weak password, you risk having your account hijacked. Unwanted orders can cause a large minus on your credit card bill within hours. Even if you manage to cancel such orders, you will have to deal with your bank and the police. This is avoidable stress. Our tip for a hacked Amazon account: Follow these 6 steps.
Health data is very sensitive information. We expect treating physicians to adhere to the confidentiality and data protection basic regulation – in other words: to do everything in their power to protect patient information. But then why do we, for example, freely give away our menstruation cycle data, including preferred sex positions and desire to have children, to an app on our smartphone, which ends up directly in the databases of advertising networks? How is it possible that we voluntarily make our daily routines, including resting pulse, available to insurance companies? And why does Facebook find out about every medical emergency that we check in the diagnosis app?
When you think about all the data that is transmitted from your smartphone and your apps alone, which is collected and used to create a profile, it would be legitimate to get nervous.
A book that helps to understand the systematics and dangers of profiling through advertising networks is Dann haben sie halt meine Daten. Na und?, a book in German language by Klaudia Zotzmann-Koch.
Protective Measures and Recommendations for Action: Protecting Privacy (Book Suggestion)
Klaudia Zotzmann-Koch has written a workbook that is suitable for every level of knowledge. Technical knowledge is not a prerequisite for understanding it. This makes the introduction to the topic of data protection much easier.
In the first part, she explains numerous terms and functions of the Internet, so that you can get an idea of how the apps on your private smartphone relate to the advertisements displayed on the computer in the office – to name just one example. She also explains the GDPR from the consumer’s point of view (a perspective I have hardly read anywhere before) and differentiates between a targeted attack on a person (stalking or intimidation) and an attack on a group of people who can be spied on by a technical commonality (e.g. outdated operating system).
The second part of the book is about what everyone can change themselves. On almost 100 pages you will find tips for secure apps, ideas for data economy and general advice for your own behavior online and offline. Practical: Each tip comes with an estimate of the effort required.
With the help of numerous examples of data protection violations, the author makes it clear why it is so important to deal with the topic – both on an individual level and on a societal level. What the book has made very clear to me once again is that data protection is a fundamental right that has been increasingly eroded in recent years.
My conclusion after reading it: Anyone can do something. For their own protection and for the protection of others. And the protection of others is important in a double sense. On the one hand, we must stop constantly sending data from our address book to US companies (see WhatsApp). On the other hand, we have to amplify the so-called white noise. By all of us sending more encrypted emails, the encrypted emails of regime critics and investigative journalists are less conspicuous – which increases their protection enormously. Data protection is a team sport is my favorite quote from the book by Klaudia Zotzmann-Koch. All sources of supply and information about the book can be found on the website of Zotzmann-Koch.