“a new mode of obtaining power of mind over mind, in a quantity hitherto without example.”- Jeremy Bentham, Panopticon; or, the Inspection-House (1791)
Let me say the uncomfortable thing before you decide you are against it: privacy, at least as secrecy, is not the ancient fortress its defenders imagine. It is modern, conditional, technically fragile, and increasingly hostile to the systems we already chose to live inside. In the world we actually inhabit, privacy has become a tax on coordination. The more serious conclusion is not merely that privacy will fade. It is that it should: the information we produce should be available to the public and private institutions capable of using it to prevent harm, detect fraud, allocate resources, price risk, improve services, and make society legible enough to govern.
That is not a slogan. A serious case against privacy has to survive the best case for privacy: the historical case, the legal case, the philosophical case, the encryption case, and the emotional case for the closed door. The conclusion is not that people deserve humiliation or exposure for sport. The conclusion is sharper: freedom cannot be built on hiding, and modern order cannot be built on ignorance.
![]()
I. What privacy is, and why no one can quite say
We talk about privacy as if it were a thing you own. A vault. A wall. A drawer with a lock. It is not. Even privacy’s strongest theorists have never been able to keep it that simple. Solove (2008) begins by calling privacy “a concept in disarray” (p. 1). Westin (1967) made control central: privacy is the ability to decide when and how information about oneself is communicated. Nissenbaum (2009) moved the argument again, toward contextual integrity: the problem is not only that information is revealed, but that it moves outside the norms of the setting where it was shared.
Notice what has already happened. Serious defenders of privacy have spent decades backing away from the popular picture of privacy as pure secrecy. They now defend something more modest and more intelligent: boundaries, context, appropriate flow, limited use. That is stronger as theory, but weaker as myth. A boundary is not a fortress. A boundary moves.
It has moved before. The modern legal right to privacy is not an ancient inheritance. We can name the moment it entered American legal imagination: Warren and Brandeis’s 1890 Harvard Law Review article, written in response to new media conditions - instant photographs, gossip journalism, and the sudden ability to capture and circulate a person’s life without consent (Warren & Brandeis, 1890). The “right to be let alone” was not discovered in a cave. It was invented under pressure from a technology.
That matters. If a legal idea was switched on by one technological age, it can be forced to change by the next. Before portable cameras, before phones, before databases, before recommendation engines, the village already knew too much about you. The medieval household was not a sanctuary of individual isolation. “Being left alone” is not a human constant. It is a brief modern wish, roughly the age of the private bedroom door.
II. The law’s own confession
On paper, privacy is a human right. Article 12 of the Universal Declaration of Human Rights protects people from arbitrary interference with privacy, family, home, and correspondence (United Nations General Assembly, 1948). Article 8 of the European Convention on Human Rights protects private and family life, home, and correspondence (Council of Europe, 1950/2021, art. 8).
But read the second paragraph, because the law already did. Article 8 permits interference when it is lawful, necessary in a democratic society, and justified by national security, public safety, the prevention of disorder or crime, the protection of health or morals, or the rights and freedoms of others (Council of Europe, 1950/2021, art. 8(2)). That does not make privacy meaningless. It does mean the document itself refuses to treat privacy as absolute. Compare that with Article 3, the prohibition on torture and inhuman or degrading treatment, which the European human-rights system treats as absolute (Equality and Human Rights Commission, n.d.).
The drafters knew how to write an unqualified right when they wanted one. For privacy, they did not. Privacy was not written as a fortress. It was written as a door, and the state was given a key under named conditions.
This sounds brutal only because we usually speak about privacy in sacred language while living under legal language. The law’s version is colder. Privacy matters, but it can be balanced. It can lose. It can be overridden. A right that can be overridden may still be a right, but it is not the kind of right on which an entire theory of freedom can safely rest.
III. The surrender already happened, just not where you were looking
Here is the part that should make our panic about data sharing feel late: the surrender already happened, commercially, voluntarily, years ago, and without a vote.
You are already monitored by institutions that turned observation into infrastructure. Zuboff (2019) names the architecture surveillance capitalism: behavior becomes data, data becomes prediction, prediction becomes a product. The Federal Trade Commission’s recent work makes the point less theoretical. It has described large platforms as engaging in vast surveillance and collecting or retaining data from users, non-users, and data brokers (Federal Trade Commission [FTC], 2024a). It has also brought cases involving location-data brokers accused of selling sensitive location information (FTC, 2024b). Read that not only as scandal, but as evidence: the machinery already exists. Privacy did not stop it. Privacy mostly taught it to operate through consent screens no one reads.
So the honest question is not whether data will be collected. It will be. The question is whether we keep pretending that public and private data systems should be separated by a moral wall. I think that wall is sentimental. The state sees patterns companies cannot see. Companies see patterns the state cannot see. One understands crime, taxation, borders, public health, schools, and emergency capacity. The other understands movement, demand, attention, payment, logistics, preference, and risk. Separate them in the name of privacy and both become stupider. Let them share, and the hidden costs of disorder start to fall.
Privacy is the expensive fiction that a person is most free when least legible. But modern life is built out of legibility. Maps work because movement is legible. Credit works because repayment is legible. Public health works because symptoms, contact, and spread become legible. Insurance works because risk is legible. Security works because patterns are legible. A society that refuses to be read is not noble. It is merely harder to protect, harder to serve, and easier to deceive.
The question, then, is not whether we live transparently. We already do. The question is why the flow of information should stop at the doorstep of the institutions most capable of turning it into safety, efficiency, and knowledge.

IV. The quantum problem is not tomorrow
The last refuge of privacy-as-secrecy is encryption. Yes, the data is collected, the privacy defender says, but it is collected as ciphertext. Let them hoard it. They cannot read it. Mathematics is the last wall.
The problem is that the wall has a clock inside it.
Shor (1994) showed that a sufficiently capable quantum computer could solve the factoring and discrete-logarithm problems efficiently. That matters because RSA, Diffie-Hellman, and elliptic-curve systems rely on those problems being difficult for ordinary computers. A cryptographically relevant quantum computer would not gently weaken today’s public-key cryptography. It would attack the assumptions beneath it.
The important part is that the quantum computer does not need to exist today for the risk to exist today. The National Institute of Standards and Technology (NIST) describes the logic directly: an adversary can capture encrypted data now and hold it until a future quantum computer can decrypt it later, the threat commonly called “harvest now, decrypt later” (NIST, 2024b). The Federal Reserve’s 2025 analysis treats HNDL as a present and ongoing data-privacy risk, not merely a science-fiction scenario (Mascelli & Rodden, 2025).
Mosca (2018) put the practical problem in one clean inequality. If the time needed to migrate systems to quantum-safe cryptography plus the time the data must remain confidential is greater than the time before a quantum machine can break today’s encryption, then the data is already at risk. This is the most important sentence in the whole debate, because it turns “someday” into “already.”
The institutional response confirms that serious people believe the clock is running. NIST finalized FIPS 203, FIPS 204, and FIPS 205 in August 2024, standardizing ML-KEM for general encryption and ML-DSA and SLH-DSA for digital signatures (NIST, 2024a). NIST then selected HQC in March 2025 as a backup encryption algorithm in case ML-KEM ever needs a fallback (NIST, 2025). The National Security Agency’s CNSA 2.0 guidance tells national-security-system owners and vendors to transition to quantum-resistant algorithms, with the overall NSS transition expected by 2035 and some categories moving earlier, including software and firmware signing and traditional networking equipment by 2030 (National Security Agency [NSA], 2022). The European Commission published a coordinated PQC roadmap in June 2025 (European Commission, 2025). The G7 Cyber Expert Group published a financial-sector roadmap in January 2026 (G7 Cyber Expert Group, 2026).
A common overstatement should be dropped here because accuracy matters. The G7 did not designate 2026 the “Year of Quantum Security.” What it did was more sober and more important: the G7 Cyber Expert Group issued a roadmap to help financial-sector actors coordinate the migration to quantum-resistant cryptography (G7 Cyber Expert Group, 2026).
The expert timeline is not comforting. The Global Risk Institute’s 2025 report, published in 2026, surveyed 26 experts and found a cryptographically relevant quantum computer quite possible within ten years and likely within fifteen; it also stated that the timeline has accelerated from previous reports (Mosca & Piani, 2026). Google’s Craig Gidney (2025) sharpened the resource estimate further: under stated assumptions, a 2048-bit RSA integer could be factored in less than a week using fewer than one million noisy qubits, compared with the earlier 20-million-qubit estimate.
This does not mean your bank account is being decrypted tomorrow. It means something subtler and worse for the privacy argument: secrecy is not a permanent state. It is a delay. Encryption does not make a fact eternally safe; it buys time. Sometimes that is enough. Sometimes it is not. But it means privacy-as-secrecy is always depreciating.
That is the technical meaning of privacy as a wasting asset. You may encrypt the diary. You may harden the channel. You may rotate the keys. You should, in fact. But if the secret must remain secret for decades, then your freedom cannot depend on the hope that the future politely refuses to become more capable.
V. “If you have nothing to hide…”
Now the oldest blade in the drawer: if you have nothing to hide, why fear the search?
The argument is usually lazy, but it is not stupid. A world without shadows sounds attractive when you imagine the person hiding there is a trafficker, an abuser, a fraudster, or the man who beats his family behind a door the neighbors politely refuse to see. Etzioni (1999) argues from a communitarian position that privacy is a value, not the value, and that it sometimes obstructs public health and public safety. Posner (1978) pushes harder: privacy can function as strategic concealment, a way to manage the difference between reputation and reality. On this view, transparency lowers the cost of trust. It makes markets cleaner, relationships less fraudulent, and private cruelty harder to hide.
That is the seductive version. It has power because it answers a real fear. Ask the woman walking home at 2 a.m. whether the camera in the alley is oppression. Ask the parent of the missing child. Ask the witness too frightened to testify. Privacy, from the victim’s side of the crime, can look less like freedom and more like the darkness that protected the perpetrator.
Now take the strongest reply seriously, because a weak essay would skip it.
Solove’s answer to the nothing-to-hide argument remains the hard answer. He does not merely say that everyone has embarrassing secrets. He says the framing is wrong. Surveillance is not harmful only when it uncovers wrongdoing. Its harms include aggregation, distortion, exclusion, secondary use, and the shift in power between the watcher and the watched (Solove, 2007, 2011). That is the point privacy defenders return to whenever the old blade cuts too cleanly.
Fair. But it does not prove that information should be hidden. It proves that selective visibility is dangerous. If only one actor sees, that actor rules the picture. If data is fragmented, hoarded, hidden, or kept in private darkness, power does not disappear. It concentrates in the places already rich enough to collect it.
So I concede the structure of the objection, not its conclusion. If aggregation creates power, then the answer is not to send each individual back into their little bunker of concealment. The answer is to generalize visibility: standardize data, connect public and private knowledge, make useful information shareable by default, and stop treating opacity as a moral achievement.
The right answer to “nothing to hide” is not “leave me invisible anyway.” It is: make me visible enough that the state can protect me and companies can serve me; make the criminal, the fraudster, the negligent doctor, the tax evader, the fake account, the bot farm, the unsafe product, and the corrupt intermediary visible too. Privacy protects the innocent sometimes. It protects the liar always.
VI. Why companies belong in the bargain
The timid version of the anti-privacy argument gives data to the state only in emergencies and to companies only after a ritual of consent. I think that is the wrong halfway house. If information is useful enough to collect, it is useful enough to share with the institutions that can extract value from it.
There is a reason companies belong here, not as an embarrassment to the argument but as its proof. The company sees ordinary life at the level of habit: what people buy, where they move, when they hesitate, what they search, which service fails, which need appears before the person has found the language for it. The state sees society at the level of collective consequence: crime, tax, health, education, migration, energy, infrastructure, emergency response. Neither view is complete. Together, they make the social body readable.
The privacy instinct treats this readability as contamination. I treat it as civilization. Crime hides in gaps between systems. Fraud hides in ledgers that do not speak to each other. Disease hides in delayed reporting. Traffic hides in bad maps. Poverty hides when need is not measured. A public-private data commons would not make society less human. It would make it less blind.
Consent, as currently practiced, is mostly theater. We click agree because the alternative is exile from ordinary life. Then we congratulate ourselves for having chosen. This is not dignity. It is paperwork. A cleaner society would stop pretending every data transfer is a miniature social contract and admit the larger bargain: participation in modern life produces information, and that information should be usable by the systems that keep modern life running.
This does not require turning every private fact into neighborhood gossip. The argument is not for humiliation. It is for institutional visibility. Your information should move to the state and to companies because those are the bodies with the scale to do something with it. A secret kept only for the sake of being secret is not freedom. It is idle capital.
The fear, of course, is that once information moves, the person becomes a product. But the person already became a product. The only difference is that privacy language allowed the transaction to sound accidental. I prefer a society honest enough to say what is already true: data is the currency of coordination, and refusing to spend it leaves everyone poorer.
The best defense of data sharing is not obedience. It is competence. A state with better data governs with less guesswork. A company with better data serves with less waste. A hospital with better data predicts earlier. A city with better data moves faster. A school with better data sees the child before the child fails. Privacy asks all of them to know less, and then acts surprised when they perform worse.
That is why companies should not be treated as the dirty exception to an otherwise public argument. They are part of the point. The future will be built by institutions that can read reality at scale. The only real question is whether we let them read it honestly, or force them to keep reading it through the keyhole while calling the keyhole a right.
VII. Conclusion: the wasting asset

Put the pieces together. Privacy-as-secrecy is historically contingent, legally qualified, commercially bypassed, and technologically time-limited. It is not worthless. But it is too weak, too theatrical, and too expensive to be the organizing principle of a serious society.
I am saying something more direct than the polite version of this argument usually permits: the state and companies should be allowed to know far more, not far less. Not because every institution is angelic, but because ignorance is not a virtue. A society that hides itself from its own operating systems should not be shocked when those systems fail.
The closed door has had a very good public-relations campaign. It calls itself dignity. It calls itself autonomy. Sometimes it is both. But it is also the hiding place of crime, fraud, inefficiency, false reputation, untreated risk, and self-mythology. We have mistaken the romance of being unknown for the reality of being free.
My earlier instinct, when writing about this question, was to spring a trap: make the case against privacy, then reveal that the real answer was freedom. I understand that ending. It is cleaner. It is also too easy.
The more honest answer is that privacy and freedom are not the same thing. Privacy is often the substitute we use when we do not want to be read. But a substitute should not become a religion. The real task is not to protect the drawer. It is to build institutions intelligent enough to use what is inside it.
In a world where today’s encrypted secrets can be harvested for tomorrow’s machines, freedom cannot remain a locked drawer. Give the information to the institutions that can use it while it is still useful. Let the state see. Let companies see. Let the world become legible enough to work.
Build that, and privacy becomes what it always quietly was: not the wall we needed, but the placeholder we used before we admitted that knowledge itself is the better architecture. Replace the substitute with knowledge, and you will not miss it.
References
-
Bentham, J. (1791). Panopticon; or, the inspection-house. T. Payne.
-
Council of Europe. (1950/2021). Convention for the Protection of Human Rights and Fundamental Freedoms. https://www.echr.coe.int/documents/d/echr/convention_ENG
-
Equality and Human Rights Commission. (n.d.). Article 3: Freedom from torture and inhuman or degrading treatment. https://www.equalityhumanrights.com/human-rights/human-rights-act/article-3-freedom-torture-and-inhuman-or-degrading-treatment
-
Etzioni, A. (1999). The limits of privacy. Basic Books.
-
European Commission. (2025, June 23). A coordinated implementation roadmap for the transition to post-quantum cryptography. https://digital-strategy.ec.europa.eu/en/library/coordinated-implementation-roadmap-transition-post-quantum-cryptography
-
Federal Trade Commission. (2024a, September 19). FTC staff report finds large social media and video streaming companies have engaged in vast surveillance of users with lax privacy controls and inadequate safeguards for kids and teens. https://www.ftc.gov/news-events/news/press-releases/2024/09/ftc-staff-report-finds-large-social-media-video-streaming-companies-have-engaged-vast-surveillance
-
Federal Trade Commission. (2024b, December 3). FTC takes action against Mobilewalla for collecting and selling sensitive location data. https://www.ftc.gov/news-events/news/press-releases/2024/12/ftc-takes-action-against-mobilewalla-collecting-selling-sensitive-location-data
-
G7 Cyber Expert Group. (2026, January 13). G7 Cyber Expert Group statement on advancing a coordinated roadmap for the transition to post-quantum cryptography in the financial sector. GOV.UK. https://www.gov.uk/government/publications/g7-cyber-expert-group-statement-on-advancing-a-coordinated-roadmap-for-the-transition-to-post-quantum-cryptography-in-the-financial-sector
-
Gidney, C. (2025). How to factor 2048-bit RSA integers with less than a million noisy qubits. arXiv. https://arxiv.org/abs/2505.15917
-
Mascelli, J., & Rodden, M. (2025). “Harvest now decrypt later”: Examining post-quantum cryptography and the data privacy risks for distributed ledger networks. Finance and Economics Discussion Series, 2025-093. Board of Governors of the Federal Reserve System. https://doi.org/10.17016/FEDS.2025.093
-
Mosca, M. (2018). Cybersecurity in an era with quantum computers: Will we be ready? IEEE Security & Privacy, 16(5), 38-41. https://doi.org/10.1109/MSP.2018.3761723
-
Mosca, M., & Piani, M. (2026, March 9). Quantum Threat Timeline Report 2025. Global Risk Institute. https://globalriskinstitute.org/publication/quantum-threat-timeline-report-2025b/
-
National Institute of Standards and Technology. (2024a, August 13). NIST releases first 3 finalized post-quantum encryption standards. https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
-
National Institute of Standards and Technology. (2024b, August 13). What is post-quantum cryptography? https://www.nist.gov/cybersecurity-and-privacy/what-post-quantum-cryptography
-
National Institute of Standards and Technology. (2025, March 11). NIST selects HQC as fifth algorithm for post-quantum encryption. https://www.nist.gov/news-events/news/2025/03/nist-selects-hqc-fifth-algorithm-post-quantum-encryption
-
National Security Agency. (2022, September). Announcing the Commercial National Security Algorithm Suite 2.0. https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS.PDF
-
Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Stanford Law Books.
-
Posner, R. A. (1978). The right of privacy. Georgia Law Review, 12(3), 393-422.
-
Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings 35th Annual Symposium on Foundations of Computer Science (pp. 124-134). IEEE. https://doi.org/10.1109/SFCS.1994.365700
-
Solove, D. J. (2007). “I’ve got nothing to hide” and other misunderstandings of privacy. San Diego Law Review, 44, 745-772.
-
Solove, D. J. (2008). Understanding privacy. Harvard University Press.
-
Solove, D. J. (2011). Nothing to hide: The false tradeoff between privacy and security. Yale University Press.
-
United Nations General Assembly. (1948). Universal Declaration of Human Rights. https://www.un.org/en/about-us/universal-declaration-of-human-rights
-
Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193-220. https://doi.org/10.2307/1321160
-
Westin, A. F. (1967). Privacy and freedom. Atheneum.
-
Zuboff, S. (2019). The age of surveillance capitalism: The fight for a human future at the new frontier of power. PublicAffairs.