My GDPR-Inspired Rant: Privacy, WTF!!!
This has been brewing for years, and May 25 (aka “the GDPR Day”) is the perfect day for my epic privacy rant. So, WTF is privacy?! WTF is this obsession with privacy?!
Look, I get secrecy or confidentiality. I do NOT want my health data in your hands. Is this privacy? Hell no. This is me protecting my secrets (and those who say “we do not have secrets” often do too).
In fact, why the fuck do these people protect so-called personal data or PII (personally identifying information)? Look, my name is Anton Chuvakin (oh, no, nooo, nooo…this is “pee-ai-ai” leak … nooo!!!) , and I had my main email on my website www.chuvakin.org since 1997. It is not that hard to find where I live. I don’t need a chocolate bar to disclose my email – it is PUBLIC [amazingly, my Twitter handle is public as well :–)]. You don’t own this information about yourself, the idea that you do is just bizarre and alien.
For fuck’s sake, have these privacy crusaders heard of phone books? White pages? In recent years, I’ve seen many ”data breaches” where the attackers essentially steal a phone book, and no other information at all. Yet we’ve heard throngs of clowns scream “Oh no!! They got PII!!!” IMHO, much of “securing PII” is just wasteful busywork, that has no security or risk value whatsoever. Secure the secrets, not names and emails!
Further, if you pass by my house following the public street, you will be recorded on my cameras. If you see me drive by, you will be recorded by my car dashcam. Public space is public. Therefore, I find the discussion about privacy in the public space to be thoroughly idiotic. Yes, it is OK for our police to record your license plate as you drive on the public road – just read it again … PUBLIC road.
Please, don’t be stupid, PRIVACY IS NOT A HUMAN RIGHT. Privacy is at best a preference of some people; at worst, a luxury for spoiled neurotics. Just as living in a cave and eating paleo is a preference of some people. If certain countries prefer to think of it as a right, they can easily regress into being a Digital Third World, where computers are frowned-upon because – OMG! – they cannot explain their decisions (as if most humans can?)
Look, some cultures has no concept and no word in their language for “privacy.” Doesn’t it just give you a hint that it is NOT a universal thing of any kind?
Now, some people like to quote “if you are not paying for the product, you are the product” which I find idiotic. Look, I enable “share location data with Google” because I know the data will be pooled and put to good use. Can you build a system to optimize road navigation in your city with just your own data? No, you cannot. So, the value of this data for this purpose for you is $0, and I am VERY happy that it provides value to all of us when I share it. You pay nothing – and get value, so share more!
Further, unlike some, I am OK with being profiled online and seeing well-targeted ads. Here is a quick test: if you are shopping for a new bicycle, which ads you’d rather see: a/ bicycle ads or b/ penis enlargement ads? Think about it – some of it may feel creepy (uncommon, unexpected, weird, etc), but there is no harm to you and there is definitely value for you.
Similarly, if my hospital wants to share my health data with a pharma company and they pool it and then use it to develop cancer cure and make billions – you know, I am OK with that. Will you holding on to your data cure cancer? Hell no. This is why some [admittedly biased] say “GDPR will murder people” by slowing down or killing some medical research.
As a side note, I consider the “right to be forgotten” to be evil. Stalin evil, to be precise. In Stalin’s times, in USSR, the government censors edited people our of pictures and then republished history books without them. This is your brain on “the right to be forgotten.” I wish Google and others will fight this menace harder than they do today.
Finally, I have to take a personal risk and consider the final argument people bring up for privacy in Europe. It did come up in a few discussions with my European colleagues, typically as their “argument of last resort.” Let’s call it “the Holocaust argument.” They relate European psycho-obsession with privacy to historical lists of certain groups or nationalities collected by governments for the purpose of killing them. And, look, I know and respect history, but seriously – do you think in today’s Europe this risk is real at all? To me, this argument is purely neurotic, and not factual.
So, here is my closing thought: re-think privacy! Much of what you think you know about its goodness is perhaps not so certain – and occasionally just plan evil. BTW, some further reading that matches this world view is here (Gartner access required, Maverick research does not represent the consensus view of the analyst community).
P.S. And, no, for the record, I do NOT think “GDPR will be the model privacy regulation.” I think GDPR will either die a slow bureaucratic death or will destroy Europe’s chance to be a part of the digital future.
*** This is a Security Bloggers Network syndicated blog from Anton Chuvakin authored by Anton Chuvakin. Read the original post at: https://blogs.gartner.com/anton-chuvakin/2018/05/25/my-gdpr-inspired-rant-privacy-wtf/
