Saturday, July 30, 2005


Kinds of Privacy

Our ability to keep our private business private has been declining steadily for decades, but it's not often recognised that the decline takes two quite separate forms.

One is that information that was available to the public, but only easily available to a relatively small number, is now very easily available to anyone who wants it. That is a simple result of information technology that makes the communicating of all information easier. It ranges from simply inverting the index of a telephone directory to make it easy to identify a person from their telephone number, to businesses compiling and trading details of their customers' shopping habits.

The other, quite different phenomenon is that the government is demanding, with legal force, information that by previous standards would have been totally private. They demand to be informed of every transaction of various types, even if all parties would rather keep them private.

The distinction is often made harder to see, because the government is obtaining the information from the same source -- large businesses, as are responsible for spreading some of the non-private information of the first kind. But the difference between a supermarket selling a mailing list and a phone company handing a database of call records over to police is all the difference in the world, if the first is voluntary and the second is not.

It's true it can be difficult if you want to release much less "voluntary" information than most other people do, but that is to be expected, because it is always expensive (one way or another) to be out of step with the rest of society. At least there are limits on exposure of this sort, in that it has to be acceptable to most of society.

The most important right you need to keep your privacy was lost many years ago, without anyone noticing very much. It is the right to choose how you will be known. In Britain, only decades ago, your "real name" was whatever name people knew you by. It did not have to be on official record anywhere, and there was no offense of using a "false" name, unless you were pretending to be some other real person, for fraudulent purposes. Very few people availed themselves of the option of using another name, but mere fact that the option was open had large effect, because it made it pointless to casually collect and collate names, as some proportion of them could be made up.

The other large and old breach of privacy is in vehicle and driver registration. As soon as you set foot in a car, you lose most of the rights of privacy that people have held for centuries. Not only are you required to identify yourself on demand, you are required to advertise your identity to everyone via the registration plates on the car. When the argument came up a few years ago about drivers licenses carrying photographs, my position was that it was only reasonable for a drivers license to have a photograph on it, so that you could prove that you were licensed to drive, and it was a doubly good thing because then the name and address would no longer be necessary and could be removed - a valid license with your picture on it proved that you were licensed, whatever your name was.

Obviously, the name and address were not removed - the government finds that information far too valuable to give up. The only direct driving-related issue would be that you couldn't easily enforce driving bans as punishment, as the banned person could get a new license under a new name, but if enforcement became too difficult then other punishments could be used instead. London transport travelcards work that way - if buying a monthly or longer ticket you need to get a photocard, to prevent people sharing season tickets, but the name on the travelcard doesn't need to be your real name, and they ask for no evidence that it is.

The "bad" effect (compulsory government identification) increases the bad consequences of the "inevitable" effect (wide publication of public information). Most of what you do on-line, for instance, is traceable back to you only because at the end of a chain you've paid for it through a bank account, and bank accounts, as of around 1990, have to be in your "one true name". I opened a bank account in 1989, and was not asked for any evidence of identity -- as they had no reason to care, since they were not giving me credit. Shortly afterwards, however, that fundamental, basic freedom for me and the bank to do business according to our own convenience, was taken away in the name of combating laundering of drug-dealing profits.

After that, the ID cards that are on their way are a relatively small imposition - the completion of a process of loss of freedom that is mostly done already. I will oppose it, and I hope as many as possible do the same, but it is too little, much too late.

The lesser loss of privacy, the wide publication of public information, has bad consequences sometimes - there is much debate of the dog-poo girl - but it is inevitable because to prevent it would involve a greater loss of privacy than to allow it. If government agents have the right to inspect your ISP's records, to make sure that they are complying with "data protection" law, is your privacy enhanced or reduced? For me, it is much reduced. Communication is essentially a private activity, and it cannot be restricted in the name of privacy.

There is no inevitability to the greater loss of privacy, the compulsory disclosure and compulsory identification. The benefits are minor, and the costs enormous. It is done in the cause of very minor benefits, such as making it possible to catch "criminals" - such as drug sellers or "insider traders" - whose crimes are so popular with their "victims" that it is impossible to actually catch them doing the crimes. It is part of the general expansion of state power, into every aspect of life, which is reversible and which should indeed be reversed.

(this article is expanded from a comment on slashdot two years ago).

Update: DH makes a good point in the comment below, that in examining the matters of principle involved in ID cards above, I am not addressing the practicalities of how effective and efficient the scheme is likely to be -- and indeed, while the anti-money-laundering measures came in quietly and have not been noticed by many, ID cards will be a far more visible breach of principles of good government. If the implementation goes as badly and as expensively as I expect, it will be a disaster for the country and the Government.
I think there are other issues than privacy that mean ID cards are more than a "relatively small imposition". Including cost both to the state and the idividual along with an increased reliance on a single source for authentication and hence a single point for both failure and attack.
