�Թ���վ

Most of us have heard the that “if you have done nothing wrong, you have nothing to fear” when it comes to online surveillance.

It’s regularly trotted out in defence of government monitoring and heavy-handed powers granted to law enforcement in the name of protecting us from terrorism and the worst kinds of criminality.

Over the last week or so, the has provided ample evidence as to where this argument fails.

Following , the purported Medibank hackers – separated between “naughty” and “nice” categories. The “naughty” are those with medical histories some may find embarrassing – including drug dependencies and mental health conditions – while others whose medical histories the hackers decided were more prosaic the hackers were deemed “nice”.

Then things turned even nastier, with the hackers claiming to have. Then came .

There is a lot to unpack here.

Firstly, the hackers are weaponising the fear of some of the most vulnerable Medibank customers to try to pressure the health insurer to renege on its not to pay any ransom demands. The depravity of this behaviour hardly needs stating.

Secondly, the overtones of moral judgement in the attackers’ actions are unmistakable – creating fear and anxiety over details in those health records.

But, more importantly, this tactic highlights how it’s those in society who are already the most marginalised and vulnerable that have the most to lose when their private information is made public without their consent.

Disability rights advocate when she explained how people living with a disability must carefully control exactly what information about their disability they reveal and to whom.

This constant battle, she explained, is necessary to reduce the risk of victimisation and discrimination.

That makes perfect sense, as the ongoing has made clear, discrimination against people with disabilities remains all too common in Australia today.

Think of any medical condition or medical treatment that is stigmatised, and you’ll have an excellent guide as to the kinds of people likely to find their name on the Medibank hackers’ “naughty” list.

The truth is that we all rightfully have something to hide. And those who society stigmatises or discriminates against have more to hide than most.

It has been less than four months since the , which overnight criminalised abortion for a massive fraction of the US population.

A year ago, few American women would have been comfortable revealing whether they had had an abortion, with good reason given the virulence of the . For many, that choice now has criminal implications.

In a highly polarised society, there’s good reason to hide that you may have engaged in many legal activities that other people object to. When the line between legal and illegal can shift so quickly, hiding what you have done today lest it be criminalised tomorrow seems only prudent.

That the vulnerable and those already victimised have the most to lose from data breaches is not a new observation.

In the wake of the Optus breach, earlier this year many on how it was domestic violence victims, for instance, who might be most at risk for having their address details exposed. This is to say nothing of the dangers that might be posed by an abusive or malicious ex-partner who is able to impersonate you by having your identity document information.

More recently, the Medibank breach has how children face greater risks from having had their medical histories made public.

For the sake of society’s most vulnerable, we need to recognise that privacy is non-negotiable because breaches of privacy cause real harm.

We need to allow people to seek compensation when companies breach their privacy, in addition to levied by government regulation. We also need stronger mechanisms to disincentivise the collection of sensitive information by companies and the government.

For instance, penalties for breaches should be scaled – not according to the size of the organisation – but to the volume of sensitive information it has collected.

All of us have secrets worth hiding.

Secrets that we necessarily entrust to corporations and the government as part of life in our modern society. In an age in which we can expect to see more data breaches, privacy laws must keep up.