Gehan Gunasekara: Data mining bound to turn against us

Governments should be in the business of protecting our privacy on the internet. Photo / Getty Images

Asking whether to sacrifice our privacy in order to protect our security is asking the wrong question.

John Roughan's article "Security trumps privacy online" belittles privacy as being of little concern to most people.

It uses the familiar "those with nothing to hide have nothing to fear" argument to suggest we have nothing to fear from the American NSA's and perhaps the New Zealand GCSB's harvesting of millions of internet and phone records. The fact that a very tiny number of people who may be terrorists can be ferreted out by such methods is used to justify the cracking of the proverbial nut by using a steamroller of putting everyone, everywhere under surveillance.

The "nothing to hide" argument was tackled head on by American privacy scholar Daniel Solove who asked people to respond on his blog. The responses are too numerous to list here but some notable ones include: "so you don't have curtains?", "can I please see your credit card statement for the last three months?" and "if you have nothing to hide you don't have a life".

Roughan may be right in saying that ordinary people have scant regard for the digital trail they leave, but I suspect the answer will depend on the specific example. For instance, would you be happy for your entire Google search history to be made public?

In today's digital environment it may be impossible to prevent the collection of our personal information by many actors. The key issue though is the use to which it is put and that depends on transparency and controls to which ordinary citizens have recourse. In Franz Kafka's famous The Trial, an individual was faced with unknown accusations by an unseen bureaucracy, left unable to answer for himself. Digital information is far more dangerous than Kafka's paper-based world as it can last forever.

The danger is that the techniques devised today by NSA data miners to track potential terrorists may tomorrow be employed by private sector firms for more mundane uses. Some of these uses may be benevolent but others less so. Ultimately, important decisions about us - whether we secure employment, insurance and access to services - may be based on information we have no idea even exists. I am not talking here about the information we put about ourselves on Facebook which is something within our control. More insidious is information about us garnered from the type of data mining alleged to have occurred. This focuses on patterns of phone calls and internet conduct to which algorithms are applied to calculate probabilities, risks and most alarmingly, to predict our conduct.

Information privacy lawyers refer to such technologies as "automated processing" of personal information. Such techniques have their uses, for example the computer records of government agencies such as the IRD can be matched with those of other agencies such as Work and Income in order to catch fraudsters. However, most democratic countries have strict rules governing their use such as to require a cost/benefit assessment of the program's utility as well as the destruction of the collated information when no matches arise. Individuals must be given notice of adverse action taken on the basis of the matches and an opportunity to explain them; after all, we all know computers don't make mistakes (yeah right). Most importantly, independent authorities, such as privacy commissioners, usually monitor the programmes, report on their efficacy and scrutinise the safeguards. Specialist knowledge is required for this which legislative oversight - such as that referred to by President Obama in relation to the NSA surveillance - usually lacks.

The whole point of surveillance is to ultimately modify behaviour: consider CCTVs which are used to deter crime. Monitoring the entire world's internet and telephone connections, on the other hand, could one day be used to predict and thereby manipulate human interactions on a colossal scale. The internet can be likened to roads. We all need to use them but we also count on the highway police to enforce the rules of the road. In the case of digital and electronic highways, that ought to be the task of privacy commissioners, not secret agencies.

Gehan Gunasekara is an associate professor at the University of Auckland specialising in information privacy law.