Posted on Nov 20, 2013 by Rick Falkvinge

Collected Private Data Will Always Be Abused, With Mathematical Certainty

People who defend today’s mass surveillance tend to claim that the collected data on everybody’s private communications and movements won’t be abused. History tells us that they are horribly and dangerously wrong: the most benign data collections have been used for outright genocide. We need to learn from history and realize that such collected data not only can be abused, but will be abused, with mathematical certainty.

With the risk of invoking Godwin’s Law, I’d like to tell a story from early last century, when the collecting of private data was far less intrusive. This story illustrates the dangers of collecting private data with horrible precision. More specifically, the data point is from when the Netherlands included people’s religion as part of the public population records.

It could be trivially observed that somebody’s faith, while still private, is several orders of magnitude less sensitive than somebody’s complete communications, movement, search, and browsing history. But this data was still private – what was the justification at the time for asking people for their faith in order to include it in the public records?

Urban planning.

Not national security, not any “war on terror”, no pedophile scare, not propping up an obsolete copyright industry or anything like that. The citizen wasn’t an enemy in this case.

It was as simple as making sure that city planning met the needs of the citizens by having a somewhat proportional distribution of synagogues, Catholic churches, and Protestant churches that matched the density of respective faiths and the locations of where the people wanted them lived. It was the most benign reason imaginable for collecting private data – and it wasn’t even collected forcibly.

What happened next is in the history books. World War II came around. The Netherlands were swiftly invaded by Germany, who had a profound dislike at the time for one of the faiths listed in the public records.

There were almost no Jews at all in the Netherlands after World War II.

Having this private data collected made the German genocide campaign horribly effective in the Netherlands – and we need to remember that this was data we don’t typically consider sensitive, which had been collected for a clearly benign purpose. How can today’s collected data be abused? It’s useful to consider that question now, because it will.

According to Wikipedia, less than 10% of the Dutch Jews survived (14,346, compared to an earlier population of 154,887). As it turns out, it was very convenient for the… new “administration”… to have access to the collected data, and it was indeed used against the citizens, as it always is in the end.

Since no private surveillance data is ever deleted, and there is a nonzero chance of that data being horribly abused, then it will be abused, with mathematical certainty.

(No private surveillance data is ever deleted. Even if the records are “purged”, there are always backups of the database, and such backups have been brought out on occasion. Besides, even if governmental agencies claim that a piece of data has been deleted, there is no way to verify such a claim. The only way to make sure it’s not there is to not have it collected in the first place.)

Governmental agencies now have pretty much complete access to records of how you have walked and driven about the city, your flight records, your call records, your Internet browsing habits. If somebody’s mere religion can be abused to this degree, and we need to remember that it was, how can today’s surveillance be abused?

Privacy remains your own responsibility. No government is on their citizens’ side today.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.


VPN Service

Leave a Reply

Your email address will not be published. Required fields are marked *

5 Comments

  1. Lillith

    There’s a bit of a logical disconnect here. Most of the article talks about anecdotal evidence to argue that all data will be abused. Corporations collect data. Governments collect data. They communicate with one another. To argue such an extreme position isn’t helpful; it’d be better to discuss data management techniques, such as actually telling people to delete data after a certain amount of time, or limiting what data is collected.

    To point to the holocaust and say “Hitler did it, you will too” is lazy and irresponsible. Any entity can defend against that by just saying, “No, we won’t.”

    4 years ago
    Reply
    1. drwoo

      I never saw the name Hitler used. It was you who invoked his name. Seems to me like you invoked his name to discredit the author.

      4 years ago
      Reply
    2. Kazagistar

      I feel like you didn’t grasp the point here. No one is claiming the current entities will abuse the data. The claim is that if data lives forever, then even with a small chance that any given entity in possession of the data will abuse it, the data will, inevitably be abused. It might not even affect us directly, but future generations, whose privacy is compromised in some way by the spying done on us.

      Furthermore, he claims (weakly, but nonetheless a case can be made) that attempts to limit data persistence are far less likely to succeed then attempts to limit data collection, due to the great difficulty of verifying that data was, in fact, deleted.

      Personally, I would say that as long as the chance (or rate) of abuse is significantly below the rate of data deletion, that would be sufficient.

      4 years ago
      Reply
    3. jonny

      Lillith, what country do you live in or were naturalized into? Don’t sell the rest of us out.

      4 years ago
      Reply
  2. Jordan

    Mathematical certainty implies mathematical proof and as a result would require a proof of infallibility of record integrity (of validity and the time immemorial sense). Furthermore it would need to be supported (i.e. giving more than one) ancillary case. TLDR; Sensationalist bullshit.

    4 years ago
    Reply