[TRANSLATION] This article is a translation of the original article „Ich habe ja nichts zu verbergen.“
Do your eyes sparkle when you hear „privacy“ and „data protection“, does it tingle in your toes, when you hear „backup“ and at „GDPR“ your heart starts beating faster? – Well, it does not happen to us either. Nevertheless, the need for data protection grows alongside the amount of data. Following are thoughts on a well-known counterargument for data protection in messenger apps.
Data protection is compulsory, not freestyle
Data protection is not an issue that inspires our ideas, calms our minds and makes us laugh. This necessity is more of an annoying burden, we associate it with cumbersome typing of long passwords that we can’t remember and complicated settings and pop-ups with content we don’t fully understand.
Data protection itself is a broad field and can mean a lot:
- Protection of personal data,
- protection against unauthorised access
- protection against data theft and
- protection of privacy.
That sounds like work! Where to start? If data protection means as much as putting on snow chains on your car in a dark winter night, with cold snow rain and uphill – then it seems no wonder that we ask ourselves: Aren’t new winter tyres just enough?
The fact that data protection always requires effort and detours lies in the nature of things: it means extra effort to protect something specifically. With the General Data Protection Regulation (GDPR), which came into force in 2018, this additional effort was to be transferred from the private sector to companies: Privacy by default means that the default setting already protects the data – instead of releasing it. This makes data protection an obligation for companies and thus easier for users.
Data protection ranges between two extreme poles: comfort and security.
Comfort <————––––> Security
Comfort means simplicity, good usability, convenience. An app that is easy to open, software that is easy to use, data that is easy to find. No extra activity is necessary.
Security often means the perceived opposite: two-factor authentication, long passwords, different logins. In the background, of course, it’s all about protection, barriers and personal control.
Even if these two opposite poles are not always well compatible, it is understandable that we often opt for comfort in our hectic everyday lives. We have better things to do! (Because cognitive effortlessness is not only lazy, but also evolutionary clever.)
The argument: I have nothing to hide.
Let’s look at the example of the communication app: Facebook Messenger, WhatsApp, Slack, Wire, Riot, Telegram, Threema, Signal – they all offer different levels of security. The decision as to which messenger to use is often based on simple criteria: the circle of friends, the family, the boss use it as well. Switching to a more secure Messenger (recommended by the authorities, friends) is difficult and is rejected with the argument: „I have nothing to hide“. We would like to refute this argument.
#1 Data is not equal to data: About content data and metadata.
By using a messenger, different data are transmitted: Firstly, the communication content („Hi, how are you?“), i.e. content data between the users. Usually, these are already transmitted in encrypted form by the messengers. Encrypted means that the content can only be read by the individual communication participants, but not by outsiders. This end-to-end encryption already works well for e-mail (OpenPGP, based on PGP).
Secondly, however, additional data is transferred which can be useful as information, so-called metadata. This includes information about the location, device and movement data. It is transmitted from where you went where, with which device you communicate, how long a conversation with whom took etc. For technical reasons, some of this metadata must be stored – at least temporarily.
Metadata shows a basic usage behaviour, additionally, the contacts in the social network are disclosed. From this, usage profiles can be created that are of high value to advertisers and can therefore be sold.
The discussion in Austria about data preservation circled only around metadata (and not content data).
When calling from WhatsApp, WhatsApp stores the call data. How long and for what purpose – and its mother Facebook – stores and uses this data is still unclear. What is clear, however, is that Facebook has not excelled in the past in its careful handling of data.
In a nutshell: Even if no content data is stored by software during encrypted communication, metadata is usually still stored. This metadata can be used to draw many conclusions about a person’s life, behaviour and attitudes, and can therefore be used to create comprehensive and informative user and personal profiles.
#2 The ego is not (always) more important than the collective.
Of course, your privacy is worth protecting. But privacy is especially important when someone is in danger: Politically and religiously persecuted people need protection, also stalking and unwanted contacts should also be made more difficult. If there are no systems with protection mechanisms, within which everyone moves in the same way, no matter whether protection is needed or not – then those who really need it cannot be protected either.
Of course, protected spaces are also misused for unintended purposes – for example, the Darknet, in which journalists and informants find protection, is also known to be a secure space for weapon and drug trafficking, pornography and other crime. So don’t support protected spaces? That would be turning the wrong cog.
What can you improve in 5 minutes?
Sicher ist: Wenn Sie den Umstieg von WhatsApp zu Signal tun, haben Sie einen Riesenschritt gemacht. Seien Sie Ihrem Umfeld Vorbild! Es ist der Aufwand eines Downloads einer einzelnen App zum Nutzen einer sicheren Kommunikation.
One thing is for sure: If you make the switch from WhatsApp to Signal, you have already taken a giant step. Be a role model for your environment! It is the minor effort of downloading a single app for the benefit of secure communication.
Even if you have nothing to hide, it’s nice to know that your private life is kept, you know, private.
- Paul Jarvis mentions that protection is a privilege, that laws change, and that it is only a matter of time before data is used against us. But I have nothing to hide, Sunday Dispatch 2019-09-15.
- Netzpolitik.org: Metadaten: Wie dein unschuldiges Smartphone fast dein ganzes Leben an den Geheimdienst übermittelt (07/2014) (DE)
Interesting example of an evaluation of metadata of a working week
- VICE: Hacker erklären, welche Messenger-App am sichersten ist (01/2018) (DE)
- pcwelt.de: Vier Messenger-Apps im direkten Vergleich (10/2018) (DE) – good quick overview of Signal, Threema and Telegram
- BSI für Bürger: Instant Messenger: Tipps (DE)
Links on this topic:
- saferinternet.at – Datenschutz (DE)
- EU GDPR (DE)
- Austrian Data Protection Act (DE)
- Austrian Data Protection Authority
Image source: icons8.com/ouch