Privacy laws are useless when everyone wants to be surveilled
Despite this surge in support for privacy, we’re looking at a situation where routine surveillance of citizens will continue to become normalized—not through coercion, but through convenience. There’s been much fanfare around supposedly privacy-protecting laws like GDPR. But what good are they if people voluntarily surrender their data anyway?
In Portugal, where I live, residents are assigned what’s called a NIF number—a unique identifier that’s used for taxation and other purposes, similar to a Social Security Number in the U.S. Under Portugal’s tax system, deductions for business and other expenses can be claimed only if a person provides their NIF number at the point of sale. The result is that citizens routinely give out their most sensitive identifying information in the course of routine daily activities, like buying their morning coffee. For the sake of convenience, they are willing to give the government a record of everything they do. As a bonus, the government enters these willingly provided NIF numbers into a nationwide lottery—a meaningful incentive.
There are more examples. On a recent trip to Germany, I saw how safety measures introduced to combat a novel virus have begun to morph into accepted aspects of daily life. To enter a clothing store, people were required to provide their personal details for contact tracing. Everyone complied; the pleasure of shopping outweighed the distant, seemingly hypothetical risk of losing privacy.
In each of these cases I cite here, people are free to not provide their personal information but choose to do so anyway. This isn’t a scenario that current privacy laws are designed to protect against.
Many rightly point out that the governments in question are, broadly speaking, mild-mannered. Most Germans trust their government to do the right thing, and the likelihood that Berlin will use the data it has for nefarious purposes seems low. But this is a miscalculation. No constitution or set of political norms can promise that only wise people will sit in positions of power. The point of democracy, and of personal privacy, is to protect against the inevitable scenarios in which the authorities are unwise, incompetent, or cruel. To paraphrase another powerful organization: The point is not “don’t be evil”; it’s to limit the degree to which the mighty can do evil to individuals at all.
What about GDPR? On closer inspection, much of its substance amounts to little more than theater. It seems intended as much as a statement against American cultural hegemony—in the form of tech monopolies like Google and Amazon—as a genuine defense of individual privacy. And while governments make a show of strengthening consumer privacy through performative laws, they’re also busy establishing incentives for people to submit to surveillance voluntarily. Opting out is not illegal—it’s just disqualifyingly inconvenient.
Many people around the world respond to such statements with something along the lines of, “It doesn’t bother me because I don’t have anything to hide.” This attitude misunderstands the threat. It’s not that we’re all out trying to protect individual financial privacy so we can dodge taxes and buy things on the black market. It’s about the fundamental question of who has a right to see into our most intimate spaces—and whether we have access to any truly private spaces in the first place.
Does the government have a right to see every financial transaction I make? Do my neighbors have a right to know how much money is in my bank account? In many countries the answers to those questions are obvious, but not the same. In some Nordic countries, you can look up the assets of anyone in a public database. In the U.S., this scenario is unthinkable.
But regardless of cultural mores, what’s essential is that we as citizens are able to determine where the lines are drawn. We need to develop the habit of protecting our rights not just from obvious government overreach or egregious political repression but also from the creeping accumulation of seemingly innocuous requests. If we don’t, we could one day find that we’ve lost all right to privacy or autonomy—because we traded them for a cappuccino.
Steven Waterhouse is the CEO and cofounder of Orchid, a privacy tool built on Ethereum designed to let people explore the internet freely.
(35)