In responding to a recent Conversation article on surveillance, I drew an analogy between the wearing of ninja costumes and secrecy-centred approaches to privacy. I've used this analagy several times elsewhere on this blog, but writing on The Conversation — where even comments probably receive far more attention than this blog — forced me to focus on the quality of the analogy.
In trying to portray rants about surveillance as simplistic and beside the point, I worked out a brief description of a world in which we used ninja costumes and ID numbers to prevent anyone finding out about us. I later wondered, off-line, if the imagined world was not just as absurd as I intended it to be, but also just as bad for freedom as the totalitarian state being imagined by the author of the article (Graham Murdock) and most of the other commenters. On the face of it, feeling compelled to wear ninja costumes and answer to ID numbers sounds very much like the dehumanised totalitarianism that Murdock and commentators say they fear.
Of course surveilling electronic networks doesn't work quite the same way as surveilling the streets: the kind of information involved is quite different, and computers can process and record much greater quantities of information than street-walking spies. But nor is it entirely different: both forms of surveillance can support the kind of arbitrary discrimination that anti-surveillance rants presume to be the goal of surveillance systems, and both can be combatted by a tell-nobody approach.
Re-reading my previous blog entries on privacy, I realised that I'd come across the key point in a Conversation article from Ashlin Lee and Peta Cook: a large part of freedom concerns the freedom to express oneself, and it is exactly this freedom that would be threatened by the ninja-costume state. Sure, the government would be unable to persecute any of its ninja-citizens, but no one would be able to do what they wanted to do anyway (unless all they wanted to do was to dress as ninjas).
Now suppose I encrypted and anonymised all of the entries in the blog, and all of my comments on the Conversation, just to make sure that no government or corporate overlords could pick me up in a crackdown on people with English names, long hair, or sceptical views on technology boosterism. I'd be free to have all the views I liked, but no one would be able to read them (they're encrypted), and no one would know that I'm a person who identifies with these characteristics. Is this a freedom worth having?
I suppose that critics of Lee and Cook's idea might argue that they want to express themselves to certain chosen people, but not to the world at large for fear of embarrassment or persecution. I can see a certain amount of pragmatic appeal in this position under various circumstances, but how does one identify those chosen people in the first place? And would not limiting our expression to only a select few like-minded fellow citizens leave us in a filter bubble from which we were unable to see perspectives other than our own?
Or perhaps we'd like to express ourselves to the world at large, but have the government and corporations politely ignore us. But, again, how do we choose those whose attention we want to attract and those by whom we wish to be politely ignored, and how do those parties know what we want of them? And, come to think of it, do we really want a government that ignores us anyway?
The Conversation (amongst others) last week had plenty to say about "PRISM", with all of Philip Branch, Sean Rintel, Alan Woodward, Grant Blank, and Ashlin Lee and Peta Cook having something to say about the US National Security Agency's alleged programme to collect information from the servers of US Internet companies.
I found it curious that the criticisms levelled at this kind of surveillance are largely (though not completely) theoretical, in the sense that they don't much discuss actual instances of people suffering at the hands of such systems. A mention or two of Watergate seems to be about it, and that happened forty years ago.
Now, what constitutes "suffering" may be a matter of opinion. Does it do someone harm to be embarrassed? To be in the NSA's files? To be judged by information collected by Google and Facebook? And perhaps it's hard to find people suffering because such systems haven't been widely used in Western countries (though Lee and Cook's contribution suggests otherwise).
The orthodox view amongst those who write most about privacy seems to be that the collection of data is harmful in and of itself. The classical view amongst technologists, in particular, is that privacy consists of never telling anyone anything, and hence their fascination with technology like Tor and Bitcoin. It certainly seems sinister enough to imagine that there's some organisation watching one's every online move. After all, what good could such an organisation possibly do for the person being watched?
The answer is that, whatever conspiracy theorists might like to imagine, I don't think there are any organisations that collect data simply for the sake of it. Google, Facebook and the rest collect data in part to serve the immediate needs of their users and in part to meet their own business needs. The NSA and similar organisations collect data to serve what they perceive to be the public interest. To get worked up about the mere collection of data is to miss the point: the real question concerns the purpose the data is used for, and whether or not the benefits of this purpose outweigh the costs.
Making simple allusions to totalitarian states and Orwell doesn't answer this question. The problem with totalitarian dictators isn't so much that they spy on their citizens, it's that they persecute citizens who hold views disagreeable to the dictator. Indeed, any organisation that simply collected data for its own sake would just be a corporate variant of the oddballs that appear on Collectors.