Privacy is Security: an op-ed from Peru

Long Read

Miguel Morachimo, Executive Director of Hiperderecho. Hiperderecho is a non-profit Peruvian organisation dedicated to facilitating public understanding and promoting respect for rights and freedoms in digital environments.

The original version of this article was published in Spanish on Hiperderecho's website.

A wooden mannequin hand pointing up

Where does our feeling of insecurity come from? As we walk around our cities, we are being observed by security cameras most of the time. Our daily movement, call logs, and internet browsing data are being recorded and stored by telecommunication companies. In Peru and elsewhere, many daily tasks, such as making a bank deposit or getting a new phone line, require our fingerprint and ID. All of those measures, those additional steps that have become more and more burdensome, have been instituted to make us feel more secure and comfortable on our own homes and businesses. In some cases on our own volition, in some others by Law, we have been giving away small bits of our privacy without asking why or for what. And we are becoming used to the idea that the price of security is renouncing our right to privacy.

During the last ten years, several public safety policies have consisted of sacrificing the privacy of Peruvians. It sounds like a fantasy but not so long ago communications interception was the exception, applicable only to serious crimes, and sensitive information was almost inaccessible to third parties. Like an unstoppable wave, these policies have systematically erased the differences between what we consider private and what we consider public. A major example of this shift is the emergence of the concept of ‘smart cities’, in which everything that happens is registered and measured, and ‘smart services’ become filters designed to exclude and segregate people based on their data.

Today we are more observed than ever before. And we risk getting used to a state of continuously giving away our privacy.

Despite all we have had to renounce, the results have been meager. There is no clear evidence about whether increased government surveillance has helped to improve our security in any substantial way. Nor are there any oversight or control mechanisms to assess how they impact our daily lives. Alongside that, there is a narrative looking to delegitimize any questioning of the system, considering any critical voice as quasi-criminal. As far as we know, the biggest consequences of public policies that threaten privacy in the name of security is that, somehow, we always end up needing new ones.

This is not surprising if we think that we have reached the point in which citizens that still have any expectation of privacy are those who are at the margins of the system: people who are undocumented, illiterate, without access to mobile communications or a credit score, amongst others. And the price for them to access any of those ‘perks’? Renouncing that privacy.

Despite claims from governments in Peru and elsewhere, privacy is an excellent security policy. Only with clear rules and limits to governmental access to our communications, and with strict necessity and proportionality criteria for their data processing activities, will we be truly secure - secure from our data being used to extort us, secure from our personal habits and preferences being in a state database, and free to think, do and say what we really want.

The national debate on how we draw a line on privacy is urgent and much needed. Every month foreign technology providers arrive in Peru, bringing with them newer surveillance technologies and methods that are at odds with our fundamental rights. We keep importing controversial policies and technologies, like the filtering of internet content, cameras able to perform biometric recognition, smart id cards, amongst others. In neighboring countries like Ecuador, Venezuela or Mexico these policies are already being implemented, and unless we do something Peru will likely follow the same path, and keep sacrificing our privacy at the security altar until there is nothing left.

A recent police case in Peru gave us a scary example of the kind of risks we could be facing in the near future. The National Police dismantled a criminal organization that impersonated their victims to buy expensive cellphones on credit. To accomplish their crimes, they first obtained a list of people with good credit scores by querying publicly available databases from credit reporting agencies, then made counterfeited IDs with those names but different photos, and finally printed silicon 3D-copies of the fingerprints of their victims to wear as finger gloves and fool biometric scans. According to press reports, they obtained the original fingerprint and signature images from the National Registry of Identity, a mandatory registry for every Peruvian citizen that lists both birth and biometric information. Their whole criminal scheme was facilitated by the surveillance and mandatory registering policies enacted precisely to keep Peruvians safe.

At Hiperderecho, we believe it is necessary to appreciate the evolution of the regulations that have been undermining our privacy in the name of security. It is time to analyze them from a critical perspective and inquire how they affect our daily lives. That is why we have created a series called ‘Privacidad es Seguridad’ (‘Privacy is security’, available in Spanish) with a series of detailed analyses of those policies.

It is not too late for our policymakers and the population at large to react. Security should not come at the expense of our privacy, but the opposite: privacy is security, and if we lose the first we cannot have the second.