“If you have nothing to hide, you have nothing to fear”

Thats an argument I hear all too often when people are talking about the topic of privacy, be it on or off of the internet.

In theory, the people who hold onto that maxim have a point – decent, honest and law-abiding citizens shouldn’t have to feel any level of concern over having their lives checked out.

But, for a moment, consider the origin on the opening quote. Whilst there is no universally agreed upon source for it, common thinking does attribute it to one of two possibles – either George Orwell’s “1984” book, which is all about ‘Big Brother’, or it could just as likely be a direct quote from Reich Minister of Propaganda Joseph Goebbels.

Its a chilling thought either way, and one that surely makes you question the logic of the phrase, isn’t it?

So should you be concerned about how your privacy is valued in this day and age? I certainly think so. In fact, I think the value of our privacy is increasing by the day as more and more entities look to erode what little we have left.

There is an argument, of course, that certain levels of intrusiveness are a necessary evil, required in order to protect us from those who would do us harm. There are criminals out there, and terrorists too, and keeping tabs on them certainly does make it harder for them to commit their crimes and atrocities.

But does the level of potential harm they can do us match the level of surveillance required to keep them in check?

Here in Britain I have heard it said that we have the highest level of CCTV cameras per capita anywhere in the world. I don’t know how true that is but, from my own observations, I can well believe it. The government decided that such camera coverage was required in order to protect us from criminals, anti-social behaviour and all manner of other threats. Millions of cameras have now been installed and I can see them, well, everywhere! But its ok – the government applied a reassuring slogan to the campaign to install them all – “If you’ve got nothing to hide, you’ve got nothing to fear.”

So such a system is ok is it? From conversations I’ve had, I would guess that many Brits, at least the ones I know, think that a little bit of security is worth giving up a whole lot of privacy for. Not that they see it that way of course.

But where would they draw the line?

Perhaps spying on other nations should be taboo? Certainly our governments don’t think so.

The Guardian recently reported on how GCHQ and the spying agencies of other European countries have worked together on programs of mass surveillance of the internet and internet traffic over the last 5 years. The newspaper cited files leaked by Edward Snowden and one part of their report especially stood out to me:

“The files also make clear that GCHQ played a leading role in advising its European counterparts how to work around national laws intended to restrict the surveillance power of intelligence agencies.”

So the intelligence agencies were all helping each other to break laws designed to protect their citizens from snooping.

Is that ok?

I’m beginning to think so because, outside of the infosec community, I’ve heard very, very few voices expressing any kind of alarm over the way our governments are keeping tabs, not only on the bad guys, but also on everyone else too.

I guess we all have different views on how much freedom is worth and thats fine – everyone has an entitlement to an opinion.

But are there any recent cases surrounding the topic of privacy that have got people’s backs up? Are there any lines that cannot be crossed, any sacred freedoms that cannot be tampered with, any special places where cameras cannot dare to go?

Oh yes! And that place is Tesco.

The problem here is that the UK’s largest supermarket chain is going to introduce facial recognition cameras into its petrol forecourts as a means of identifying customers and then serving them up targeted advertising.

Shocking!!!

As that story broke over the last couple of days my Twitter stream went mad with people saying they would never shop at Tesco again as a result. My colleagues at work cannot stop talking about how they fear the supermarkets of the future may be able to identify them by name as they walk in the front door (forgetting that they voluntary handed all that data over years ago when they signed up for all those loyalty cards), and even people queuing with me at my local bank yesterday were worried about the future implications of such tech.

So why has Tesco got them all riled up?

I think it is because it is something that more directly affects them. Its in their local shop, in their face, and they don’t like it.

I’ve heard many people say that they will wear sunglasses and hats next time they fill their petrol tank in order to avoid the cameras. Quite a silly idea in my opinion but at least it has made a few people consider their privacy at long last.

I’m not quite sure how the information security profession can take such traits of human behaviour and response and mold it into something they can use for education and awareness purposes but its something I’m going to put some thought into.

Online, people give their data away every day without a moments thought. They don’t value their privacy in the slightest because it ‘doesn’t matter’ if a virtual stranger across the world has picked up their life story from Facebook.

People only care when they see, or perceive, a direct threat to their way of life.

Surely we can use that in some way to teach them better security practices can’t we? What do you think….