The idea of privacy is that each human being should be able to decide who has information about them. It's an interesting concept: each person creating an island of data and limiting access to the island only to other entities the individual permits.

In practice, it doesn't work, meaning it's both impossible and incredibly harmful to everyone when privacy “rights” are imposed and enforced. This is true for a number of reasons, including human nature, modern technology, and the way data functions and affects interaction.

Today, many people say they want privacy—that they value control of their own information. There is an almost innate, reflexive horror at the idea that someone, anyone, could know something about us that we did not want them to know. Many of us do not feel comfortable with this idea: what if you had no privacy—what if everything you ever did or said was known to everyone else? Each of us may have a different image of the form of that discomfort. Who knows everything about me—the government? Corporations? My spouse? And what would they do with that information? Harm me? Track me? Sell things to me? When we conceive of a dystopia, fictional or real, that depiction usually includes some aspect of loss of personal privacy, from the Big Brother intrusive government of George Orwell's 1984 (the archetypical dystopia)¹ to modern North Korean governmental control of its citizens² to the constant and ubiquitous monitoring of our online activity by the behemoths of the Internet, from Google to Facebook to Apple to Amazon.³ We fear anyone that has the totality of information; if someone knows everything about me, maybe they can control me. I, myself, prize my privacy and loathe the notion that someone else knows something about me that I did not want them to know.

And yet … we want to know everything about everyone else. We are naturally curious—no, not curious: nosy. We crave gossip and innuendo and accusations; we want to know what happened and when and to whom. We have entire industries thriving on the practice of gathering, analyzing, and distributing information about other people for our consumption.^{4 5 6 7 8 9 10} This desire runs exactly counter to our claim that privacy is important, or, at least, it suggests that we want privacy for ourselves, but nobody else.

But what if there was no privacy, for anyone or anything, at all? What if everyone knew everything about everyone else?

Imagine if you could view video from every camera in the world … could listen in on every microphone … could view every person's browser feed … could watch every satellite feed … in real time, unadulterated, any time. But also imagine that every other person had the same ability: your neighbor, your parents, your kids, your co-workers, your friends, and total strangers. What if we could all access every piece of data, live or recorded, at will?

In this book, I'm going to make the case that a world without privacy would be the optimum outcome: all data, everywhere, known to everyone. It's disconcerting; on a very personal level, I don't like the feeling I get when I consider this idea, and I think most people feel the same way. But, rationally, using objective reason instead of emotional reaction, it makes much more sense than the ultimate (unobtainable) goal of every individual having total control of information, and it is absolutely preferable to the bizarre patchwork of information disparity we currently have, where certain people and institutions have access to particular information, others have access to different sets of information, and each individual person has only limited glimpses of the whole.

The Purpose of Privacy

To begin with, it's good to dissect why this idea makes us feel uncomfortable. Why do we want (or think we want or say we want) privacy? For the most part, we think privacy will give us security; the two words are often used together, sometimes mistakenly synonymously. For most of my life, I have worked in industries where the collection, distribution, and protection of information was valuable: the military, journalism, teaching, and computer security. For security practitioners, one of the fundamental premises is called the Triad of security goals: confidentiality, integrity, and availability.¹¹

• Confidentiality: Only authorized people can get access.
• Integrity: Only authorized transactions are allowed.
• Availability: The asset exists when authorized people are authorized to make transactions.

From this perspective, privacy is usually perceived as an aspect of confidentiality; individual people want control of the confidentiality of information that identifies them. And confidentiality isn't used just for personal privacy; it's used to secure data and assets in all types of activities, organizations, and business. We've depended on confidentiality as part of our effort to attain security for so long that it's hard to imagine being secure without it; it's a cornerstone of the security profession.

But it's not necessary. In fact, confidentiality often inhibits security.

For example, one of the desires we have about privacy is to protect ourselves financially—we don't want anyone else knowing our bank account information or the credentials we use to access the account (passwords, identification cards, bits of information like name and address and birthdate, etc.). Banks spend a lot of money protecting these credentials,¹² and we expend effort creating and maintaining them. All of this effort has a financial cost, which negatively impacts the financial benefit of the process and investment. Every amount the bank spends on securing the transaction is an amount charged to the customer, either through direct fees or in reduced interest on the investment—you would make more money with your account if security wasn't an additional cost of the process. This is all to prevent fraudulent transactions—someone pretending to be you in order to get your money.

But this can happen only because the criminal has privacy. If all of the information about all of the transactions, legitimate and fraudulent, is known to everyone, then there is no opportunity for theft. If the bank knew when someone other than you tried to take your money, the bank would not give the money to that person. If every action of every person is known to every other person, no transaction fraud could exist. A criminal can't engage in theft by fraud if we all know what the criminal is doing and who the criminal is.

Total transparency, then, directly counters the need for confidentiality … and improves the lives of everyone involved, because we no longer have the costs associated with the need for confidentiality, and we can all then derive the greater benefits.

Going to Extremes

Take this to an even greater extreme and get weird with it: why do we even have banks? Again, it's a perceived need for security, based on money. We put our money in a bank so that someone else doesn't take our money without our permission. But … if everyone knows everything about everyone else, we would know if someone without permission took money from someone else. We would know if a crime was committed, and we would know who the rightful owner of the money is. The need for banks would be greatly diminished or dissipate altogether … and the cost of banking would similarly evaporate, and each individual person would get greater value from their own money.¹³

If what I'm describing is starting to make you feel uncomfortable and the idea of everyone watching your every action is creeping you out, that's understandable and completely normal. I'm not trying to describe a police state where you're being watched by law enforcement every moment of every day. Forget the how of this proposal for the moment; I'll get into theoretical mechanisms for achieving these goals throughout the book. (And, to be clear, I do not have a comprehensive way of accomplishing these goals. Putting these theories into practice will require the contribution and coordination of many experts, organizations, and thinkers. This book is intended to be a catalyst to start that conversation. But I think the discussion in society about privacy thus far has been overwhelmingly one-sided: everyone seems to be pursuing ways to implement and mandate more privacy, not less, as a means to ensure security. I think they're mistaken.)

It's worth noting that some jurisdictions (some cultures, some populations) value privacy in different ways. For instance, the European Union, right now, has decided that personal privacy is a human right, tantamount to living; this is codified and mandated by the General Data Protection Regulation (GDPR), which gives some power to individuals in terms of imposing who can or cannot disseminate their personal data.¹⁴ This law also gives an even greater amount of power to the governments of the European Union, as enforcers acting on behalf of the individuals they supposedly protect. This law is mimicked around the world; similar statutes exist in countries such as Japan,¹⁵ Switzerland,¹⁶ Australia,¹⁷ Canada,¹⁸ Argentina,¹⁹ Singapore,²⁰ Israel,²¹ and others, as well as the American states of California²² and New York.²³

Other jurisdictions, on the other hand, have laws and practices that are in direct opposition to personal privacy. China, for instance, has laws that require that the government have access to all online activity, including the ability to monitor the action/communication of each individual.²⁴ In the same vein as the European Union's justification for the GDPR, China's rationale for monitoring is to protect the citizenry. But unlike the EU, which purports to protect individual privacy, China's stated intent is a different excuse for police powers: Chinese authorities want to protect society from criminals who operate in secret or prevent disruption of society that might result because of “bad” information or influence.

Meanwhile, in the United States, prevailing national law runs exactly counter to the very idea of privacy: instead of each individual having an absolute right to privacy, each individual has an absolute right to free expression. This is codified in the US Constitution and in the First Amendment (twice, in fact, as both the freedom to say what you want and the freedom to distribute/publicize what you say—freedom of speech and freedom of the press).²⁵ So instead of you telling me what I can say about you, I can say anything I want about you, to anyone or everyone. That applies regardless of whether “you” means an individual, a government, or a corporation. Perhaps not surprisingly, this approach of freedom of speech, combined with transparency, will be most in line with the argument for improving the human world I'll make throughout this book.

Please Indulge Me

I'm going to ask for your indulgence as you read the rest of the book. It might seem, in a few places, that I'm suggesting that a police state is somehow preferable to personal privacy—that is definitely not the case. In fact, I think it is much more likely that privacy laws create a situation for a police state to grow and flourish. I prefer personal, individual freedom over all other things. It might also seem like what I'm describing is science fiction—that what it would take to achieve total transparency is impossible. I ask you to momentarily suspend your disbelief for the purpose of this discussion and examine the topic objectively, from the perspective of the desired end-state, and not the complications of the possible implementations.

Finally, it's probably best we all agree that there is no actual privacy (or that there probably never really was): someone knows everything about you. Not that any one person knows all the things—but all the people who know things about you could get together and assemble all that data and nothing you've done or said would be private anymore. Someone, somewhere, singly or collectively, has all of it—whether that someone is the government, corporations, or trusted loved ones, you have no privacy. You have an illusion of privacy, or the faux privacy of anonymity. These are not worth the expense and cost that the false benefit of “privacy” supposedly provides.

Premises

Secrecy is not security; confidentiality is only one leg of the Triad. If other legs of the Triad are violated/abrogated, we can lose security just as easily as if we lost confidentiality. Privacy is not security—but we often think privacy will give us security. Privacy requires secrecy; if you cannot enforce confidentiality, you have no privacy.

In the rest of this book, I’m going to describe ways that privacy and secrecy hinder actual security, or how security (whether attained through confidentiality, integrity, or availability) can harm people. It’s important to understand that what we say we want, or what we think we want, is not something that is actually beneficial or useful (or at least as not as beneficial/useful as we think, especially compared to other choices). Privacy is not a magical solution to perceived problems, and privacy might actually cost each of us more than the potential benefits it provides. We might all benefit more, as individuals, from security methods other than limiting access to our own data islands. And other approaches would not incur the costs privacy requires.

Another premise: to properly discuss privacy, we need to discuss adult topics, because we, as people, usually want privacy for adult reasons (financial, sexual relationships/activity, death, business, etc.). This book will deal with those topics in frank and adult terminology—if you're uncomfortable with adult conversation, you may find parts of the book uncomfortable.

Finally, while reading the rest of the book, try to imagine that each person on the planet has a magical capacity to view and hear everyone else on the planet: a television set that can be instantly tuned to any other person, anywhere, that not only displays real-time data, but all prior activity—all historical actions and speech of every other person.

I'm not using this premise because I'm excited about the potential; from the perspective of someone who was raised in a culture that respected privacy and someone who has been engaged in the practice of security in one way or another for most of my adult life, this premise seems awkward, intrusive, dangerous, and makes me very uncomfortable.

But my personal feelings/biases don't matter: I also realize that the future I'm describing is almost here, and that it is inevitable. While I'm not relishing its arrival, I'm trying to view it as objectively as possible, and I anticipate the pitfalls and predict the opportunities. I know the situation that brings me discomfort is upon us, and I know that we can exacerbate the danger and difficulty of the transition from a private world to the post-privacy world, if we approach it with obsolete tools and philosophies.

And that magical TV set is just a step away from what we have right now—and it's only magical in Arthur C. Clarke's sense of technological sophistication. It would be better if we could start figuring out how to use our next magical tool instead of pretending it will never arrive.

How to Contact the Publisher

If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

To submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”