Exposure Is Not Democratic

Exposure · Part ThreeExposure series

Exposure Is Not Democratic

The price of being legible. Dependency and accumulation are two forms of the same thing: exposure. The durable defence against both is the same move: need less, hold less.

Dependency and accumulation are two forms of the same thing: exposure. Whatever we depend on, or hold onto, today becomes the leverage someone holds over us tomorrow. The durable defence against both is the same move: need less, hold less. When there is less dependency, there is less to switch off. When there is less accumulation, there is less to harvest.

But exposure is not distributed evenly. When leverage is used, the cost lands hardest on the people at the intersections. A harvested attribute that is a mere abstraction for a majority-identity person is a tangible danger to someone whose identity is criminalised, surveilled, or punished. Resilience through minimum disclosure is therefore not only a technical or durability argument. It is a justice argument. Collecting less protects everyone, and it protects the most exposed most.

To say that the power is in the margins and that the safest data is the data you never collected is to say the exact same sentence.

I.

The Conceptual Engine: Distancing Through Abstraction

Why is it so easy for systemic architecture to harm people at the margins? The mechanism relies on distancing through abstraction.

Rendering a person as data strips away the individual, accountable humanity that naturally restrains harm. It replaces the human being with a category, a flag, an attribute, or a database entry. People are vastly easier to harm as categories than as persons. In this way, the database acts like a mask. It does the dehumanising in advance.

Minimum disclosure is the refusal to pre-abstract people into a harm-able form. We keep people human by keeping them un-collected. When we fail to do this, the collected attribute invariably becomes leverage.

II.

The Border: Neurodivergence and the Law

Consider how the simple act of carrying prescribed medication changes radically based on jurisdiction. For neurodivergent individuals relying on ADHD medication, standard medical care in one country becomes a severe criminal offence in another.

Medications containing amphetamine or methylphenidate, such as Adderall or Ritalin, are strictly controlled or entirely banned in nations like Japan and the United Arab Emirates. In February 2015, Carrie Russell, a 26-year-old from Oregon, was detained for eighteen days in Japan after her prescribed Adderall was shipped to her there. In the UAE, travelling with undeclared amphetamine-based medication can lead to imprisonment and mandatory deportation. The system is so rigidly enforced that authorities have imprisoned individuals simply for testing positive for restricted medicines in their urine, meaning the trace metabolite in the body is itself an incriminating attribute.

To travel legally, an individual must frequently disclose their neurodivergence to border and health authorities, exposing themselves to scrutiny, potential detention, or severe legal penalties if the paperwork is deemed insufficient. The collected attribute, a medical prescription meant to aid the individual, is transformed by the state into a criminal liability.

III.

The Physical Space: Disability and the "Fire Hazard"

The danger of legibility also extends to physical space, where an assistive device is documented and flagged as a risk to the majority.

In July 2024, the US Department of Justice reached a settlement with Good Times Restaurants Inc. regarding an incident at a Bad Daddy's Burger Bar in Murfreesboro, Tennessee. Staff excluded a visiting youth wheelchair basketball team and their families, in town for a tournament, allegedly claiming the group of wheelchairs presented a "fire hazard".

This is not an isolated phenomenon. It is the systemic translation of a physical reality into a bureaucratic risk category. When a disabled person is flagged as a safety hazard or an evacuation risk, their visibility is weaponised against their fundamental right to exist in public spaces. The system uses their legibility to justify their exclusion.

IV.

The Database Weaponised: LGBTQ+ Legibility

The most severe costs of legibility are paid when state actors weaponise data against criminalised identities.

I understand this mechanism not just as a theory, but as a lived reality. The uneventful New Year's Eve I have written about elsewhere, heading into the year 2000, I spent at the Badlands nightclub in Washington D.C. What I did not know at the time is that the venue was under active, covert surveillance. In June 2000, it was revealed that the Naval Criminal Investigative Service had run a multi-year undercover operation targeting several local venues, including Badlands. Officially, the military framed this as a drug enforcement operation. However, advocacy groups like the Servicemembers Legal Defense Network credibly criticised the sting as a workaround for the "Don't Ask, Don't Tell" policy, designed to identify and discharge gay service members. A number of service members faced charges or discharge. Simply being present in a specific space, if recorded and tracked, was an attribute that could destroy a career.

The digital age has scaled this mechanism of entrapment to terrifying proportions. In Egypt, under broad "debauchery" laws (Law 10/1961), authorities routinely use digital platforms to monitor and entrap LGBTQ individuals. Human Rights Watch has documented how undercover police use fake profiles on applications like Grindr, Facebook, and WhosHere to lure people into meetings, followed by arbitrary arrests and forced device searches.

In Chechnya, the mechanism of extraction reached a horrific endpoint. During the anti-gay purges that began in the spring of 2017, the authorities did not just arrest individuals. According to extensive documentation by Human Rights Watch, security forces tortured detained men to force them to hand over the contacts of other men from their mobile phones. The contact list, a basic feature of digital life, became the load-bearing mechanism to scale the hunt. Captors forced victims to call their acquaintances to lure them into traps, and families were summoned and encouraged to commit honour killings. The dataset was not just breached. It was actively weaponised to dismantle a hidden community.

V.

The Duty-of-Care Paradox

There is an immense moral distance between a state torture facility and a corporate compliance database. To flatten them would be an insult to the survivors of the former. But while the gravity of the harm is vastly unequal, the underlying architecture of vulnerability is exactly the same.

In the corporate world, this manifests as the duty-of-care paradox. Under the ISO 31030 standard for travel risk management, organisations are guided to assess risks across three distinct phases: preparation before travel, support during travel, and care after the traveller returns. To prepare adequately, companies often feel they must collect highly sensitive data about their employees, such as medical requirements or sexual orientation, to ensure they are not sent to hostile jurisdictions. In the European Union, the General Data Protection Regulation classifies this as Article 9 special category data.

To protect a vulnerable employee, an organisation collects their most dangerous attributes. By doing so, it creates the exact database that endangers the employee if it is breached, intercepted, or legally compelled by a hostile state. The intent to protect is entirely nullified by the method of collection.

VI.

Resolution Through Design Justice

How do we break this cycle? We must turn to the principles of design justice, as articulated by scholars like Sasha Costanza-Chock.

When systems are designed predominantly by those occupying majority identities, they inherently create a "privilege hazard". This term, defined by researchers Catherine D'Ignazio and Lauren Klein in their work on data feminism, describes the failure to recognise oppression because the designer does not personally face the risk. Furthermore, Shoshana Zuboff's warnings on surveillance capitalism and Safiya Noble's insights on how algorithmic optimisation perpetuates structural discrimination remind us that massive data collection fundamentally imbalances power.

The operational resolution to this imbalance is strict data minimisation. Legally mandated under GDPR Article 5(1)(c) (which requires data to be adequate, relevant, and limited to what is necessary) and enforced as data protection by design under Article 25, minimisation is not just a regulatory compliance checkbox. It is a foundational ethical necessity.

By refusing to collect the data, we refuse to build the weapon. Minimum disclosure ensures that we do not pre-abstract vulnerable people into targets. Systems that protect the most exposed individuals inherently protect everyone.

The safest data is the data we never collect.

If this describes your organisation's exposure, the architectural fix is closer than the policy debate suggests. We do confidential 60-minute diagnostics under NDA, with no HRIS integration required. Request a diagnostic →

Share this essay

If this resonates with someone in your security, privacy, or policy network, pass it along.

Levi Hankins is founder & CEO of Third Rail Systems OÜ (Tallinn). Twenty-year US Navy veteran. Writes on data exposure, minimum-disclosure architecture, and the corporate ethics of duty-of-care. Follow on LinkedIn.
v1.0 · Tallinn · EU-Native