Privacy isn’t dead

Edited version of Thomas Beagle’s opening remarks at the Privacy Panel at NetHui in Auckland on 11th July 2014.

Privacy isn’t dead. Yesterday at Nethui we were told that it’s too late for privacy, that it’s over. But the fact we’re all here and talking about it is a sign of just how wrong this is.

There’s no doubt that technology is changing how we think about privacy but it’s not as simple as saying that people these days are just giving it up willy-nilly. People don’t always get it right, but most have an intense interest in keeping certain pieces of information away from certain people.

Privacy is multi-faceted

I think it’s important to note that information privacy is not simple. People have many relationships – work, family, friends, doctors, government – and they need to be able to control who sees what and when.

Just because we give a piece of personal information to one of those, or they take it without asking, doesn’t mean that we’ve lost our privacy interest in that information. I might tell my doctor about my drug use, but still need to keep it secret from my family, employer and government.

Privacy is also about security

Part of this control is that for many people the debate about privacy is also about security. If you’re a teen questioning your sexuality in a conservative town, that information leaking out might be enough to get you beaten up or worse.

And at the same time, have you ever felt that sick feeling when someone you don’t trust has damaging information about you? What if it’s the government and they’re the ones paying you a benefit that is keeping your family fed? Information is power.

The surveillance demands of national security, the desire to know everything we’re doing, actually leads to many people feeling less secure because they don’t know what the government knows about them and they don’t know how they’re going to use that information.

I’m optimistic

That said, I’m optimistic about privacy.

When it comes to our digital peers such as friends and family we generally already have the tools to protect ourselves, even if we don’t always get it right.

If we look at the rest of the privacy problem, I split it up into three categories. The biggest risk is your own government, because they’re the ones that can put you in jail or deny you basic services. The second is the local companies you deal with to buy your power, your food, and so on. The third is the foreign companies such as Google and Facebook.

The good news is that in a democracy like New Zealand, we can control the first two. We can set limits on what data they collect and how they can use it and how they can share it. Maybe two out of three is actually good enough to say that we can continue to maintain our privacy in the internet age.

Limiting information use

And we can set those limits however we like. Some people seem to believe that once something is published, either by ourselves or leaked by others, that it’s fair game. I’d argue that just because something is out there doesn’t mean that it should be available for use.

There’s ample precedent for this: You’re not allowed to use the electoral roll for anything not to do with elections. Juries are told to ignore any information they may have learnt outside of the trial.

If we decide as a society that we don’t want the Ministry of Social Development to spy on beneficiaries on social media, we can change the law so that they are not allowed to. If we don’t want the GCSB to be able to apply for wide-ranging access authorisations to spy on New Zealanders – for our own protection of course – we can change the law so that they can’t. It’s up to us.

Changes to the law

I believe we do need changes to privacy law in New Zealand. The Privacy Act is a great base for us to work from but it needs works – and not just the new powers for the Privacy Commissioner.

It’s obvious that privacy controlled by opt-in click-through contracts doesn’t really work. I believe that the solution is to further ratchet up the baseline protections provided by the Privacy Act – and to close the law enforcement loophole.

Sadly, I fear that the government’s promised repeal and re-enactment of the Privacy Act will be going in the wrong direction. Thank you.