In praise of hiding..

The new government anti-encryption campaign, ‘No Place to Hide’, has a great many problems. It’s based on many false assumptions, but the biggest of all of these is the whole idea that hiding is a bad thing. It can be, of course, when ‘bad guys’ hide from the authorities, which is what the government is grasping at, but in practice we *all* need to be able to hide sometimes.

Indeed, the weaker and more vulnerable we are, the more we need places to hide. The more predators we face, the more we need places to hide. And if we believe – and the government campaign is based on this assumption – that there are a lot of dangerous predators around on the internet – that becomes especially important. Places to hide become critical. Learning how to hide becomes critical. Having the tools and techniques not just available for a few, specially talented or trained individuals but for everyone, including the most vulnerable, becomes critical.

This means that the tools and systems used by those people – the mainstream systems, the most popular networks and messaging services – are the ones where safety is the most important, where privacy is the most important. Geeks and nerds can always find their own way to do this – it’s no problem for an adept to use their own encryption tools, or to communicate using secure systems such as Signal, or even to build their own tools. They’re not the ones that are the issue here. It’s the mainstream that matters – which is why the government campaign is so fundamentally flawed. They want to stop Facebook rolling out end-to-end encryption on Facebook’s messenger – when that’s exactly what’s needed to help.

We should be encouraging more end-to-end encryption, not less. We should be teaching our kids how to be more secure and more private online – and letting them teach us at the same time. They know more about the need for privacy than we often give them credit for. We need to learn how to trust them too.

Who needs privacy?

You might be forgiven for thinking that this government is very keen on privacy. After all, MPs all seem to enjoy the end-to-end encryption provided by the WhatsApp groups that they use to make their plots and plans, and they’ve been very keen to keep the details of their numerous parties during lockdown as private as possible – so successfully that it seems to have taken a year or more for information about evidently well-attended (work) events to become public. Some also seem enthused by the use of private email for work purposes, and to destroy evidence trails to keep other information private and thwart FOI requests – Sue Gray even provided some advice on the subject a few years back.

On the other hand, they also love surveillance – 2016’s Investigatory Powers Act gives immense powers to the authorities to watch pretty much our every move on the internet, and gather pretty much any form of data about us that’s held by pretty much anyone. They’ve also been very keen to force everyone to use ‘real names’ on social media – which, though it may not seem completely obvious, is a move designed primarily to cut privacy. And, for many years, they’ve been fighting against the expansion of the use of encryption. Indeed, a new wave of attacks on encryption is just beginning.

So what’s going on? In some ways, it’s very simple: they want privacy for themselves, and no privacy for anyone else. It fits the general pattern of ‘one rule for us, another for everyone else’, but it’s much more insidious than that. It’s not just a double-standard, it’s the reverse of what is appropriate – because it needs to be understood that privacy is ultimately about power.

People need privacy against those who have power over them – employees need privacy from their employers (something exemplified by the needs of whistleblowers for privacy and anonymity), citizens need privacy from their governments, victims need privacy from their stalkers and bullies and so on. Kids need privacy from their parents, their teachers and more. The weaker and more vulnerable people are, the more they need privacy – and the approach by the government is exactly the opposite. The powerful (themselves) get more privacy, the weaker (ordinary people, and in particular minority groups and children) get less or even no privacy. The people who should have more accountability – notably the government – get privacy to prevent that accountability – whilst the people who need more protection lose the protection that privacy can provide

This is why moves to ban or limit the use of end-to-end encryption are so bad. Powerful people – and tech-savvy people, like the criminals that they use as the excuse for trying to restrict encryption – will always be able to get that encryption. You can do it yourself, if you know how. The rest of the people – the ‘ordinary’ users of things like Facebook messenger – are the ones who need it, to protect themselves from criminals, stalkers, bullies etc – and are the ones that moves like this from the government are trying to stop getting it.

The push will be a strong one – trying to persuade us that in order to protect kids etc we need to be able to see everything they’re doing, so we need to (effectively) remove all their privacy. That’s just wrong. Making their communications ‘open’ to the authorities, to their parents etc also makes it open to their enemies – bullies, abusers, scammers etc, and indeed those parents or authority figures who are themselves dangerous to kids. We need to understand that this is wrong.

None of this is easy – and it’s very hard to give someone privacy when you don’t trust them. That’s another key here. We need to learn who to trust and how to trust them – and we need to do our best to teach our kids how to look after themselves. To a great extent they know – kids understand privacy far more that people give them credit for – and we need to trust that too.