如果你没什么可隐瞒 (2015)

如果你没什么可隐瞒 (2015)
If you've got Nothing to Hide (2015)

原始链接: https://jacquesmattheij.com/if-you-have-nothing-to-hide/

## 数据之危：过去、现在与未来阿姆斯特丹精心保存的公民登记处，包括宗教信仰信息，不幸地协助了二战期间纳粹对犹太人的迫害。该登记处使得大约7万名犹太居民能够被高效地识别和搜捕，导致阿姆斯特丹80%的犹太人口丧生。一次勇敢但部分失败的反抗袭击摧毁了一些记录，可能挽救了生命。这一历史事件在最近的2015年美国人事管理局（OPM）数据泄露事件中再次显现，泄露了超过2000万人的敏感信息。就像阿姆斯特丹的登记处一样，为看似良性目的收集的数据——安全审查——变成了一种漏洞。这些事件凸显了“没什么可隐瞒就没什么好怕的”这种论点的谬误。隐私不是关于掩盖错误；它是一项基本人权，载于《世界人权宣言》。即使是无害的数据，一旦被泄露或重新利用，也可能导致严重后果——从身份盗窃到历史上造成的死亡。保护隐私至关重要，不仅仅对于那些有秘密的人，也对于所有重视在日益数据驱动的世界中对其个人信息控制权的人。

## 黑客新闻讨论：“没什么可隐瞒”与隐私 (2015) 2015年jacquesmattheij.com的一篇文章引发了黑客新闻关于“没什么可隐瞒”隐私论的逻辑缺陷的讨论。用户普遍认为这句话并非字面意思，而是代表着对处理数据的机构的信任程度——这种信任不应是绝对的。对话强调了对看似无害的数据未来被滥用的担忧，强调了默认隐私的必要性。许多评论员指出数据收集中固有的权力失衡，将其比作扑克游戏，在游戏中透露信息会使个人处于劣势。还有人指出冲突不可避免，以及当权者可能利用收集到的数据。讨论还涉及隐私与秘密的区别，以及这些问题日益增长的相关性，尤其是在最近发生的数据泄露和政府监控事件之后。一个指向当前黑客新闻关于ICE数据实践的讨论的链接进一步推动了对话，一些人对科技公司与当局的合作表示担忧。最终，该帖子强调了保护个人信息的重要性，即使——特别是——对于那些认为自己“没什么可隐瞒”的人。

原文

The Past

Since 1851 Amsterdam had a registry that recorded the following innocent pieces of data about the residents: Name, Date of birth, Address, Marital Status, Parents, Profession, Religion, Previous Addresses and Date of Death if deceased. For many years this system served well and was kept meticulously up to date.

Which undoubtedly well meaning civil servant long before World War II came up with the brilliant idea of registering religious affiliation during the census is lost in the mists of time. What we do know is that that little field caused untold thousands of people to die once the occupiers decided to use it to locate Jewish people. And there were many of those in Amsterdam, which was home to roughly 80,000 Jews (Dutch) of the total of about 104,000 in all of the Netherlands at the outbreak of the war. 70,000 of them had their data entered into the Amsterdam registry.

Once the civil registry was in the hands of the enemy the extermination program for Amsterdam based Jews (those that had not fled) moved into high gear and street after street was raided. Entire neighbourhoods stood empty. The importance of the registry was not lost on the resistance who planned and executed a brave attack (Dutch) to destroy as much of the registry as they could by firebombing it after subduing the guards. The attackers were betrayed to the Nazis and all but two were executed in the dunes near Overveen. Even though the attack was not a complete success a chunk of the registry was destroyed entirely (about 15%), and a large chunk of the remainder suffered substantial water damage thanks to the fire brigades doing their utmost to drown the parts that had not burnt (after dragging their heels as long as possible to let the building burn as much as they could get away with without raising suspicion that they knew what was up).

All in all more of a delaying action than a complete success but still, quite the coup and the Nazis were seriously angry they lost access to those records. 80% of the Jews in Amsterdam were killed by the Nazis, without the attack on the registry that percentage probably would have likely approached 100% except for those that had already fled the country at the outbreak of the war. That’s how much of a help the registry was in determining who to look for and where.

Because the attack on the civil registry in Amsterdam is widely appreciated as an example of the work the resistance did during the war it is still very much present in the Dutch collective consciousness (though, unfortunately, less so with the passing of time). Apparently innocent database fields suddenly came back to bite a very large group of citizens.

The Present

In the United States recently something related happened. The Office of Personnel Management (OPM) had an enormous breach leading to the release of 20 million+(!!) files on people employed by the government and those that they associate with. This database apparently existed to aid in determining who could be given what level of clearance and because of that contained all kinds of juicy tidbits as well as complete identity information and a large amount of meta information in terms of who is linked to who by family ties or friendships as well as co-workers (especially abroad) and other such information.

It doesn’t require much of an imagination to see how this information could be abused, note that it is closely resembling the situation with the Amsterdam registry in that the original goals of making the database may have been relatively innocent the data suddenly took on a totally different meaning when the ownership of the data changed.

The Future

One of the mantras that I keep hearing in the wake of the Snowden revelations is that ‘if you’ve got nothing to hide you’ve got nothing to fear’, usually bandied around by upstanding citizens who have done ‘nothing wrong’ and therefore applaud any and all privacy invasions because after all, those privacy invasions on the surface do not seem to affect them.

The Amsterdam civil registry take-over and the OPM breach are good illustrations of what can go wrong even if you have done ‘nothing wrong’, after all almost all of those affected have done nothing wrong and yet their privacy has been violated in a pretty drastic manner leading to death, identity theft or embarassement.

If they had nothing to hide because they had done nothing wrong then what’s the fuss about?

Well, that’s an easy one: The fuss is that even if you have absolutely nothing to hide the ‘privacy is dead’ crowd seems to miss out on the fact that privacy by itself is considered important enough to make it into the Universal Declaration of Human Rights, Article 12, and that ‘privacy’ is not the same as ‘secrecy’, in other words having done something wrong or not does not bear at all on the question of whether or not privacy is a useful thing or merely a luxury we can afford to do without since a lack of privacy only affects those that have done something wrong (which is clearly false!). You don’t have to have any dark secrets in order to to value your privacy.

If you really strongly feel that you have nothing that you consider private ask yourself this: Even if you have done nothing wrong, are you willing to publish your pin code, a high resolution scan of your signature, your passport, your SSN, your passwords, your photographs (naked, preferably), your medical records, the conversations with your attorney, the amount of money you currently have, your criminal record (if you have any), your bank statements, your tax returns for the last 10 years, your license plate and a copy of your driving license, your sexual orientation, your infidelities, the names of the people that you love, the names of the people you despise, the contents of your diary, all the emails you ever wrote and received, your report cards, your entire credit history, all the stuff you ever bought, all the movies you’ve ever watched, all the books you ever read, your religion, your home address and so on for all the world to see?

If you’re willing to do all of that then congratulations, you really have nothing to hide and the word ‘privacy’ means nothing to you. But if you answer so much as ‘no’ to any one of those or to any bit of information that you yourself come up with that you’d rather not share with the world then you too value privacy.

And if you’re not content with living in a world where all of that data is public then you’d better stop repeating that silly mantra ‘if you’ve got nothing to hide then you’ve got nothing to fear’, even if instead of death or identity theft your problems might merely be those of inconvenience or embarassment when your data gets re-purposed in ways that you could not imagine when you sent it out in the world in a careless manner, and when you helped erode the concept of privacy as a great good that needs to be protected rather than sacrificed on the altar of commerce or of national security (especially from some ill defined bogey man, such as the terrorists).