A key conclusion in my latest column deserves elaboration: why all available empiric data tells us that the only way to prevent misuse of surveillance data is to never collect it in the first place. This is a very unpopular fact with surveillance hawks, but it’s nevertheless the truth: all collected surveillance data will be abused and turned against the citizen, and that with a mathematical level of certainty.

While it can’t be logically proven that all surveillance data has been misused and that the surveillance power has been abused, there comes a point in time in any activity where all available empiric data gives the same indication of failure forcefully enough to make people stop and ask “hey, maybe this wasn’t such a good idea”. We’re there with the so-called War on Drugs, we’re there with a number of activities, but the establishment is still fighting forcefully for more surveillance – even though all the data against it is there, and has been for decades.

Let’s take one example of a super-benign data collection. Around 125 years ago, the Netherlands wanted to serve their citizens better in city planning to make sure everybody had a place of worship nearby, so they started collecting data on people’s faith and where they lived, in order to make sure everybody had a short distance to walk to places of worship.

There’s absolutely nothing wrong with this on the surface, right? Making sure people have access to services? And yet, this is squarely in the “what could possibly go wrong” category.

After Germany invaded Netherlands on May 10, 1940, and the Dutch surrendered five days later, the new administration found it very convenient to have governmental registers of people’s religion connected to their physical address. As a result, there were almost no Jews at all in Amsterdam after World War II – the Netherlands had taken an enormous death toll compared to other countries, over 75 per cent. Quoting Wikipedia:

During the first year of the occupation of the Netherlands, Jews, who were already registered on basis of their faith with the authorities (just as Protestants, Catholics and others were) […] In 1947, two years after the end of the Second World War in the Netherlands, the total number of Jews as counted in the population census was just 14,346 (down from a count of 154,887 by the German occupation force in 1941).

This is what happened when you had a governmental register connecting people’s address to their faith. The purpose was super-benign. As we can see, that didn’t matter in the least.

Even the most benign data collection can and will be abused, up to and including for genocide.

The stated purpose of a data collection must be ignored. The only thing that matters is how dangerous the data is if it gets in the wrong hands, which it always does.

For anybody doubting that data always gets in the wrong hands, consider again the data point of my last column where the US government collects data on all its top-secret-cleared (and other) employees on what kind of extortion they’re vulnerable to, and that this data set on twenty million people got in the hands of a foreign adversary. Not as in “could happen”, but “already happened”.

Mission creep always happens to collected data: once the data is in place, somebody always invents a new way to use it, which it was not collected for – and not consented to. This appears to be a mathematical certainty as well.

“If the data exists, it will be used.” — Andy Halsall

For example, consider Sweden’s DNA register, which I’ve written about before. It was created for medical research purposes (only!), and contains samples of everybody’s DNA born after 1975. This lasted until some knucklehead small-time prosecutor realized they could legally seize DNA samples from that register, instantly turning it into the largest Law Enforcement DNA register in the world, and drying up the inflow of samples just as instantly (while also making a lot of people demand their existing samples destroyed).

With the most recent news, where a full half of police data lookups were in bad faith, we can observe that there’s a lot of abuse of power going on in any surveillance environment. There’s just no empiric data point where surveillance data has been used as intended for a long amount of time without getting into the wrong hands or abused by its collectors. None. Not one.

This doesn’t mean that all surveillance officers will abuse their power at the individual level. But it does mean that in a large enough group of surveillance officers, such abuse of power will take place – by someone. We can tell this with certainty:

When there is a nonzero probability of a misuse taking place, and that probability does not decrease over time, then that misuse will happen at some point in time, with mathematical certainty.

Privacy remains your own responsibility.