Digital identity, data protection, and the need for privacy

“I have nothing to hide” is the most common refrain I hear when talking to a layperson about privacy. Surely, only a criminal would want to hide information about themselves. My reply is always a request to complete that sentence: “I have nothing to hide… from whom?”

The government is not a monolithic entity. It is made up of individuals, some of whom behave badly. When there are insufficient checks and balances on the use of power, such bad behaviour increases. But does having data count as “power”? We can imagine a policeman blackmailing someone after having gathered evidence of a non-standard sexual orientation, say. But surely, some kinds of data are “safe”!

Data is strange. It is “the new oil”, but it also isn’t: since it is easily replicable, entity A using data doesn’t prevent entity B from doing the same – we cannot treat it as a natural resource. Humans are also terrible at figuring out what a certain piece of data actually means.

Current legal systems are permissioned: you are allowed to do X, but not Y. This doesn’t work when one is dealing with data at scale. Consider automatic license plate readers (ALPRs) – these are tiny cameras, often at traffic crossings, which automatically take photos of cars running red lights, etc. They automate the task of a policeman noting down your license plate number during a traffic violation. Since you are in public and have no expectation of privacy, this is considered kosher (no warrant required) in most places.

However, think about what happens when you have thousands of such cameras, covering every crossing in a city. Linking them together allows the police to track a vehicle accurately anywhere in the city (this is already being done across the world, including India). Now, if you’d been asked “should the police be allowed to put a GPS device on a car and track it without a warrant?”, I suspect most of you would say no. But giving permission for ALPRs (grandfathered in by the comparison to individual police officers) enables a police force to track a vehicle accurately, simply by adding scale. In short, giving someone access to data X (which is allowed) may give them the power to generate data Y, which one had hoped to keep secret.

Anonymisation is no solution. Historically, it has proven to be incredibly hard: scrubbing personal identifiers from a database is easily undone. The movies you watch on Netflix can uniquely identify you. Simply knowing your postal code, date of birth, and gender is enough to identify most people. With sufficient auxiliary data – which is available to many governments and giant corporations – many “apparently anonymous” databases can be deanonymized.
We need a new legal paradigm and new ethical axioms. My students and I are working on it, so perhaps one day soon, I can write about some solutions. For now, however, the best thing to do is to keep as much data secret as possible. 

written by Debayan Gupta, Assistant Professor, Computer Science