How Much do You Have to Hide?

16. September, 2015

When confronted with surveillance the usual reply is “nothing to hide.”

This answer is wrong. Let me tell you a story.

For over one hundred years, the city of Amsterdam had a census. They know your gender, relation ship status, number of children, parents, where you lived. All this information was used to make life better for everyone. And it worked. People were happy. The city government was efficient. It could base decisions on statistics and data instead of gut feelings. They were the first ones to use computers to efficiently store and handle the data.

May 10, 1940, the Nazis took the city. Suddenly, one bit of information – faith – decided over life and death. The Nazis took the data which had been collected and efficiently rounded up all the people they wanted to murder.

Surveillance is not about what you have to hide, it’s about how you can be hurt. It’s the question how much someone hiding in a faceless organization wants to ruin with your life.


Surveillance Produces Blackmail Instead of Security

1. March, 2015

They say that “good” people have nothing to hide and, therefore, nothing to fear from surveillance.

Everyone of us has something to hide. When we are confronted with out dark side, immediate, temporary loss of memory sets in and we say “I have nothing to hide” because we can’t remember on the spot. The source of this behavior isn’t “being good”, it’s peer pressure and guilt.

Everyone reading these lines has hidden something. Maybe you were not 100% honest when filing your last tax return. Or you lied to the police how many drinks you had. You lie to yourself when you’re speeding, thinking that you’re such a great driver, you can’t possible cause an accident. Maybe you had an affair, or a “harmless” flirt or maybe you visit a brothel. A few years ago, it was social suicide to let anyone, even your best friends, know that you’re homosexual. It still is in many parts of the world. In the “first world,” it’s what has happened during the last party, an awkward sickness, embarrassing thoughts, which odd web sites you’re visiting.

Everyone of us has something to hide. The average person, perfect in sync with the medium of society, is a myth.

People lose jobs over Twitter posts, party photos on Facebook. Some never get a job because of a criminal record or their family name. Police officers with access to surveillance equipment spy on their spouses or look into women’s bathrooms. Many partners of NSA agents were under surveillance without any official mandate.

Which brings us to the core of surveillance: The main product of surveillance isn’t security – it’s extortion.

When secret services pile up incriminating evidence against someone, they don’t tell the police. In most states, they aren’t allowed to. They keep it. For when it’s needed. When “someone” decides that “something” needs to be done and there is no legal way.

Not convinced? Well, if “nothing to hide” was true, then why do politicians, agencies and companies absolutely and firmly reject to let us see what they are doing? “Nothing to hide” is always only used as an argument to watch someone else. It implies “I have nothing to hide, so you don’t need to even try. Go away. Nothing to see here.” (Adam D. Moore, author of Privacy Rights: Moral and Legal Foundations, from “Nothing to hide argument“)

That’s why we need to be concerned about surveillance. We need to discuss what we want to achieve and what the costs are.

Do we want to make mass surveillance illegal? We could but we’d have to close down Google and Facebook.

Do we want total surveillance? Can we evolve all the societies on planet Earth to an extent where we can be honest with anyone about absolutely anything? Do we want to? How many people would get that killed?

Or do we have to strike a balance, find out how much surveillance is healthy, what the open and hidden costs are, how to control the people who use it – because it’s in the nature of most humans to do anything as long as they can get away with it.

It’s not a discussion many people want to have, we have so many things on our minds, but as usual: If we don’t make up our minds, someone else will do it for us. Only with out best interests in mind, of course.


NSA Killed Groklaw

10. September, 2013

I’m not sure how to process this.

Because of the ubiquitous surveillance by the US government, Groklaw closed shop. Pamela “pj” Jones just didn’t feel like she could continue her work in such a situation.

If you didn’t know Groklaw: It was the site which cared about law and how it was (and should) be applied in the context of technology. They showed the absurdities of the recent patent lawsuits and other economic war games like the famous lawsuit between IBM and SCO.

And now it’s gone.

I feel guilty because I didn’t notice.

And after reading pj’s last article, I wonder whether her reaction is too emotional or actually more appropriate than my own “it won’t be that bad” attitude.

Now some people will say it’s not a problem. The NSA isn’t allowed to monitor US citizens.

Wrong. It’s way too complicated to filter your mails out of the traffic. So the NSA stores them anyway. And as soon as you write an email to a non-US person, they can watch you without breaking any laws. How much? All the mails? Just the ones which you exchange with someone else on the planet? Who knows. You think you can find out? They know all about you but they won’t tell you anything.

Or maybe you think that you have nothing to hide.

Really? Send me copies of your bank accounts, please. Oh, and photos of your home, your timetable (especially when no one is at home) and where you keep your spare key. How about a password list? Of course, I’m not going to abuse this information. What do you think of me?

And, as pj correctly wrote in her last article, the problem with surveillance has never been what anyone might have to hide.

Instead, the state is suddenly treating its citizens like enemies, creating an atmosphere of distrust. Also, in a few years or maybe even months, “smart” computer programs will look for patterns in the huge amounts of data that the NSA collects. They will stop looking for “Who is a terrorist” and start looking for “Who might become a terrorist?” It makes sense, doesn’t it?

If you have ever used a computer, then you know how dumb and uncaring they are. And suddenly, they decide who is a terrorist? Without anyone being able to second guess this? When the police comes kicking in your door, they won’t even be allowed to tell you why – national security.

i said before: I’m all for surveillance but for everyone. You want to watch me? Well, good. I want to watch all the people in the government. I want to know who they met, how long, what they talked about, how they voted, every penny they goes though their bank accounts. While we’re at it, I want the same for the management layer of big corporations. They are often as big as small states. We observe those, why not corporations?

What, no? Why not? How can it be OK to watch me, a nobody, but not the people who make the big decisions?


Das Netz vergisst nichts!

9. August, 2012

Netter Comic für junge Leute, die sich wundern, wo denn das Problem bei Facebook und Co liegt:  Das Netz vergisst nichts!


Identifying you

22. December, 2010

You have a firewall, NoScript, disabled cookies and everything. Do you think you’re surfing anonymously?

Think again: http://panopticlick.eff.org/index.php


I Have Nothing to Hide … I Think

10. November, 2008

So it has happened again. Someone put a nice web site online and when it came to pick and chose between security and comfort, guess who won. Alas, those who do as you shouldn’t still server as a bad example. What has happened?

DHL, a German parcel delivery service, offers a web site where you can track where your brand new gadget is now so you can guess how long it will take until you rip the wrapping off it. That good.

Not so good is that all customers of DHL get the same default password.

Bad is that DHL reuses the tracking numbers after roughly six months (depending on the amount of parcels that go through the system; if there are less, you can look further into the past).

Really bad is that part of DHL’s tracking number of fixed. It’s based on the DHL customer number. That’s not you, this “customer” is the guy or company you ordered from (DHL renders a service for them).

So this leaves us with a convenient way to check who else has ordered anything from those that shop.

Now imagine you ordered something innocent … oh, maybe porn or “adult toys” or something from company B which is the arch enemy of company A which incidentally pays your wage. All of a sudden, a couple of innocent bits of information have turned ugly.

Whenever you put something out to the world, step away for a few moments from your dreams how much good someone could do with your service and think how much bad someone could do with it. And if you can’t think of anything, you should be very, very worried.


What’s Wrong With … Surveillance

5. July, 2007

“If you have nothing to hide, you have nothing to fear from ubiquitous surveillance.” Uhm, really?

Well, I have something to hide. It’s nothing illegal. I just want to hide from a lot of people: Sales and marketing people, for example, who want to get my mon*cough*attention. People, who hate the company I work for (for whatever good or bad reason). People, who dislike my religion, my taste in clothes, politics or sex.

Imagine a male working for the London police. He’s been dumped by his girlfriend, he’s jealous or just seeking revenge. He sits in his little office and tracks her moving around the city with the some of the 500’000 cameras in the city. Eventually, he sees her meeting with her new flame. What will he do?

Maybe he will not use the face recognition software (which was pretty useless a few years ago). But there are other way. The new boyfriend of “his” girl will probably walk to his car (identification by license plate is a standard tool for the police and you wouldn’t believe the zoom levels the surveillance cameras can get if you don’t limit them artificially) or he will go home. Guess who is having a surprise visit tonight? In 2003, the LA Times brought an article “LA Police Officer Uses Database to Snoop on the Stars“. Apparently, this fellow was looking for a way to even out his income by selling juicy details to tabloids.

The problem with surveillance is not that I have nothing to hide, it’s that I don’t trust all the people who operate the system. In order to “increase” the safety of the system, little is known about which directly leads to a sense of untouchability by the people who run them. We have seen where this leads. Power doesn’t corrupt, unaccountability does.

But there are other problems as well. In Germany, a camera was installed to protect a museum but it also watched the private flat of Angela Merkel (German only). Don’t worry, it watched her only for eight years.

This could be fixed by operating the cameras automatically by a computer. A judge could grant access to the files when authorities receive a complaint. Unfortunately, this just shifts the problem. For most people, computers are still magical boxes. They know that it’s just a bunch of cleverly arranged silicon atoms but the real problem is that they can’t tell when a computer lies. Of course, that never happens. Right?

Well, computers don’t lie in the sense that they can know fact A and tell you B. That’s a human skill. But a human can delete fact A and replace it with fact B and the computer will happily present fact B as The Truth(TM). Since security systems are by default accessible by a select few only, it becomes increasingly hard to know if someone has tampered with a system. Worse, someone can accidentally break something. Your name might suddenly appear on the persona non grata list of the USA because someone mistyped the last name of an evil doer who has the same birthday as you (a chance of 1:366 or less). Luckily, you will notice the next time you pass through customs. Enjoy your strip-search if they don’t arrest or shoot you on sight.

“But the computer said …” Several billion will find this funny, one person won’t. Of course, this is an exaggerated example. But quite a few people do find themselves at the special attention of customs and they don’t know why. That is because the victims aren’t informed about the mistake (the culprit already knows, the guy who made the mistake is sure he didn’t and the person who eventually finds out is too embarrassed to talk about it). Even when they eventually find out, it is insanely hard for to get the mistake fixed everywhere. So when you have finally made sure the guys at airport A know you’re cool, the computer at airport B might not know or might not trust that new information. After all, you might be a very clever cracker, trying to clear your slate! Can’t trust nobody!

Any system that is supposed to be secure, must allow for error, especially human error. When I was taught engineering, the rule was to make each piece twice as strong as it needed to be if a human life was in some way connected to it. That meant you could hang a small car to a swing and it wouldn’t break (don’t try; they have optimized the process since then). The security systems that are being sold to us today are sold as “infallible”. Like the Titanic, the Hindenburg, Bank computers, “automatic” invoice systems. They can’t make mistakes, so when one happens, no one will ask any questions. Somehow, everyone seems to forget that there are still very few computers that can read (and none who can understand what they just read; just ask Google … and they get the data in a computer readable format). Most data that you can find in any computer on this planet has been planted there by humans! Especially the data about other humans! Or as Thomas R. Fasulo said in his infamous IH8PCs blog: “You should never believe anything you read or hear. Especially if you read it here. “

Furthermore, the wide spread surveillance is sold under the flag of “safety”. We are supposed to be more safe. How so? The number of crimes doesn’t change. A few more crimes can be resolved because of the surveillance but the idea that they prevent them is foolish. People commit crimes because they believe they won’t be caught. If there is a camera, they will just adjust their strategy, not change their lives. Many of them believe that the reasons for their behavior is outside of their own control, so they really can’t do anything. On the other hand, imagine the torture of a rape victim that is being filmed in the act and the criminal doesn’t get caught.

Unfortunately, the surveillance systems are sold as a cheap solution for the underlying problems. If a kid has no perspective in life and only gang members as role models, what choice does it have? You would be astonished. Take the Bronx, turned into the sin pit of the world by the media. In 2000, there lived roughly 400’000 people between 10 and 25. In that year, a total of 48,070 crimes were recorded. If each was committed by a different individual, that means that 88% of the people followed the law (remember, even if they were not caught, the crime is still recorded). Sadly, spending millions of dollars for CCTV cameras is more cheap (as in simple) than trying to solve the real problems.

More safety by more surveillance? I don’t buy it.