Reading06: On Encryption and Privacy
The tradeoff between privacy and security is a difficult subject. At a glance, it seems like a no-brainer that we as citizens should have a reasonable assumption that our personal lives and data are relatively secure, free from prying eyes. At the same time, though, isn’t it a good thing to be able to catch terrorists? To prevent crimes and attacks before they happen?
Progress in privacy and encryption is a double-edged sword; every protection and safeguard provided to general consumers is necessarily also made accessible to those with hostile intent. Should we hold back on encryption and privacy so that criminals aren’t protected?
I think the answer to that is no. Companies such as Apple should continue to strive for increased security and privacy for their users. It is more than fine for them to cooperate in retrieving data from criminals’ phones to help stop further attacks. However, I think they correctly drew the line at creating tools that could be used to unlock anyone’s phone.
Proponents of security sometimes use the phrase “If you’ve got nothing to hide, you’ve got nothing to fear.” I would like to counter that with an even more famous quote:
“First they came for the socialists, and I did not speak out—
Because I was not a socialist.
Then they came for the trade unionists, and I did not speak out—
Because I was not a trade unionist.
Then they came for the Jews, and I did not speak out—
Because I was not a Jew.
Then they came for me—and there was no one left to speak for me.”
– Martin Niemöller
Obviously at first glance, comparing iPhone privacy to the holocaust seems a little drastic. But, I think it is relevant in the statement it makes about small injustices and protections against an ill-intentioned government. In a perfect world where the American government was run by angels, then I suppose it would be true that those with nothing to hide would have nothing to fear. However, people are fallible. Bad people can get too much power, and even worse things can happen. Even barring any institutional evil or something nearly as dire as a genocide, there are still a number of reasons to err on the side of privacy.
In general, fewer people having your data is better for the consumer. I think many of us have made a kind of grudging peace with the fact that our data is getting vacuumed up no matter what we do, but the more encryption and privacy we have, the better. Even if the people collecting it could more or less be trusted, we are then relying on their data protection. If they get hacked, our data is then exposed to who knows what kind of actors. And, due to simple probability, the more people and services that have our data, the more possible failure points for it to get somewhere it doesn’t belong.
In short, I don’t think there’s very much merit to the thinking that “if you’ve got nothing to hide, you’ve got nothing to fear.” More privacy, encryption, and security for consumers’ data is almost always for the better.