Today I'd like to discuss a fundamental principle that security specialists have to deal with all the time but which has a much broader social significance than discussions of, say, firewalls: privacy.

Have you ever heard anyone say something like, “Government ‘invasion of privacy’ does not matter to me; I have nothing to hide.” A more extreme position is, “People who get really hung up on privacy issues are probably hiding something.” That quotation from a graduate student came in an online discussion in one of the classes I taught this summer.

Taken at its simplest level, the statement could be true: Privacy does indeed consist, in part, of confidentiality. Confidentiality implies selective sharing of information - allowing some people to know particular information about you and others not to. Privacy also implies control over information - the power to determine whether others will share information about you, with whom and for what purpose.

Unfortunately, that second position usually has the unspoken word “BAD” tacked on to the end: “…probably hiding something BAD.”

It's hard to counter that kind of generalization. Everyone can think of scenarios in which criminals, cheaters and terrorists have something to hide. I remember my amazement as 250 black-clad, self-described anarchists at a criminal hacker convention in 1993 shouted in unison, “INFORMATION WANTS TO BE FREE.” Apart from the vision of a bunch of anarchists doing anything in unison, what seemed incongruous was that these people studiously used pseudonyms to protect their own privacy while abusing other people’s privacy.

But protecting privacy may mean that people are the good guys. For example, there are many places in the world where governments are justifiably described as criminal conspiracies. Just go to any human-rights group Web site to find examples of governments (or anti-government groups, for that matter) that suppress people’s rights to freedom of speech, assembly, habeas corpus, religious expression, education or medical care, and you will find innocent people who are afraid of their own governments, of corrupt law enforcement agents, of ruthless revolutionaries or of outright criminals who support or oppose the status quo. Under these circumstances, don't you think that anonymity and secrecy might be the hallmarks of people hiding something good?

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.