Playing with the sand at the side of the road

On privacy and consent

So I’m just back from the Cambridge Union, where tonight there was a debate titled This House Believes that Institutional Intrusion into our Privacy has Gone too Far. I had some things to say about the content, so hey, why not abuse the blog I never post on.

One of the very good points made my the proposition was that quite often, people arguing that institutions should have more data posit that this is a great thing–Google can detect the locations of flu epidemics faster than any other organisation using just search engine queries, and we can discover medications that react with each other through search queries as well. Therefore, less privacy is a good thing.

While you might agree that this is worth sacrificing some privacy for, this conflates two notions of privacy. I have willingly gave to Google my search query and, implicitly, my geo-located IP address, and I have consented that they can store/use this data. I have not, however, consented to other forms of data about me being stored, like my e-mails being read by official bodies or my phone records being analysed. We can’t roll these two points into one–we need to talk about them separately.

One of the most well-known phrases made by the opposition was that “if you have nothing to hide, you have nothing to fear” and that it wasn’t real people looking and analysing our data, it’s only robotic computers looking for patterns. Well that’s just fine then(!)

The notion that innocent citizens should be happy that their data is analysed is flawed. While real people may not analyse your own data, real people have created the heuristics to filter through that data, which for all intents and purposes has exactly the same effect.

David Davis made the good point that even though you or I might be happy to trade some of our privacy for more national security, someone else might have embarrassing information that they may not want to share with the state, like medical information for instance. While the state may be benign by most people’s standards, there are still cases where private information the state holds is used against people for political and other reasons, let alone the dangers of holding information in big databases that may be lost, stolen, or lacking the correct access controls.

Mostly, I just want independent verification that GCHQ and other state bodies are acting within the law. If they are, I want to know when it was discussed in Parliament, whether the full consequences were unearthed at the time, and whether the public were made sufficiently aware of those consequences.