Embed Size (px)
Citation preview
Practical Privacy
The Problem
There is a deluge of public and private data about each of us, and our research subjects, including social media content, web browsing habits and location data. The ease of accessibility is usually at the bidding of
the tech organisation who owns the data.
Technology capacities are constantly changing which means privacy definitions, policy and enforcement have been unable to keep up.
This is obviously a problem for human rights defenders in countries with oppressive governments, however the research community should
note that some British journalists and researchers are under dataveillance too, due to being considered “threats to national
security” by the UK government.
More than these concrete issues, privacy is enshrined in human rights conventions because it is important in and of itself - not in context or
with justification.
The research community is presented with information and communication technologies which can lead to the violation of privacy rights, some of which are used second hand, like email or facebook,
some of which are used first hand, such as social media analytics research.
We need to make decisions on what is the right balance between the risks and opportunities of these tools is in the absence of up to date
ethics guidelines.
The Solution
StrategyUsually ethics guidelines are already built under the strategy and values of an organisation, and these ethical guidelines drive decisions - however, with this area already lacking it is important to start by building a strategy - That is, what is the overall plan for the protection of the rights of the researcher, the research and the research subjects.
It is necessary to understand the research subjects - who they are and what risks they face, your research - what are the goals and what information is necessary, and finally yourself, what are your skills, capabilities and, most importantly, responsibilities.
Strategy
Threat Modelling
Tactical Tech
Microsoft (more
technical)
Threat modelling is a method to develop this strategy. Threat modelling is an in depth risk analysis of a certain context. To carry out threat modelling you have to think of risks and threats, their likelihood
and the level of impact if they happen.
In relation to information and communication technologies it is important to ask:
● what information is needed for the threats to be carried out? ● Where will this information be held? ● What tools are you using and what or who do those tools and
servers interact with?
For all of these, the threat or the information carrier, such as the email company, can, and probably do, collect more data than would be
obvious.
So once you worked out what information you want to gain and share, and what threats and risks are involved, then you have an overarching
strategy for the protection of your data.
5 Tacticsand supporting tools
Go Offline
The safest place for information is in your head, not said out loud at all, not written down anywhere.
However, information and communication is what most of society is built on, including the academic research community. The next step up
from not talking at all, is to write handwritten notes or meet face to face. The alternative is have a computer that is completely offline, this means a computer that doesn’t even have the capability to connect to the internet, this way no one can access the files without having hard
access to your computer.
When necessary, it is at least important to be aware of what you are putting on the cloud, sometimes without realising it.
Fight Fire with Fire
Encryption(PGP)
VPN
TOR
Alternatively, you can make it harder to access the information. This might be through covering your webcam with paper, which was once seen as the same category as wearing a tinfoil helmet but comes now
at the recommendation of the Director of the FBI.
The other way to make it hard to access information is to fight fire with fire, technology with technology.
That can mean encryption, for example WhatsApp and Facebook messenger offer end to end encryption, and emails can be encrypted with PGP. PGP not only allows you to have conversations privately but to put a public pgp out there so people can make initial contact with you privately, this may be particularly important for whistleblowers.
Other tools include a VPN and TOR which can help separate the originating computer from the message.
Fight Fire with Fire
Alternatives(PIWIK)
D.I.Y
Encryption(PGP)
VPN
TOR
Secondly, in relation to the tactic of fighting technology with technology, you can use non-mainstream tools that consider
privacy a core value. There are many alternatives out there to most social media for example. PIWIK is an alternative to google analytics that allows people to own the data they
collect.
Finally, you can make your own tools, the risks of which are discussed later on.
ChaosLastPass
There are two aspects to the tactic of chaos:
1) How chaos can protect you from others - this tactic is useful if people are meeting regularly but don’t want to be seen to be
associated, for example taking a different route every time and swapping oyster cards to avoid location data and IDs being
associated or patterns forming.
This also incompasses the first vital rule of protection - your password - choose random collection of characters or at least four
random words not connected to you in anyway. Generally a password manager is recommended to allow for complexity and
randomness across all websites that require passwords.
2) How chaos can protect you from yourself.
There is a human condition “apophenia” which means seeing patterns where they don’t exist and our preconceptions impact the patterns we see. It is important to have good quality data, test them
with others and get different perspectives and ultimately to remember we are applying order to chaos.
The principle is to disrupt patterns.
Transparency
The fourth tactic is transparency. In some journals it is already standard to not only publish, alongside the research, the
supporting data but also the supporting code and this should become the norm in social sciences too, with appropriate
anonymisation as necessary.
It is also important to outline which tools you are using, and the risks involved, such as with facebook groups or email, to the subjects so they can make decisions for themselves. Even if it means the research subjects then want to back out, this is the
responsibility of a researcher.
Take only what you need
Eraser
Finally, the last tactic I want to discuss is to only take what you need. In this data deluge it is very tempting to not only take more
than necessary but also keep it indefinitely.
To ensure best practice with data it is important to consider exactly what your research is first and then collect specifically for
it.
Once the research is over all sensitive data that won’t be used in the final publications should be deleted completely. This doesn’t
just mean deleting it from the trash can, in extreme cases it means incinerating or drilling holes in hard drives.
Perhaps more practically, it means using tools such as eraser which overwrite many times with random data until the previous
data can no longer be retrieved by expert programs.
The Issues
There are some difficulties I have come across in achieving these tactics.
Firstly, many require technical skill which makes it more difficult to engage with. Even software engineers know not to write their own
encryption, because it is likely they won’t make it good enough. This is one of the reasons I haven’t moved to hosting my own server for my data,
because I am not convinced I could keep it safe from attack.
The safety of most of expert technologies used to “fight technology with technology” is often doubted - WhatsApp’s encryption was quickly
undermined when they joined with FaceBook. TOR came under attacks for ultimately being created by the NSA. That doesn’t stop them being
useful, only to highlight the need for caution.
Many of these tactics will also mean that data collection and analysis takes longer. In fact, many privacy activists have considered their
campaign similar to the environmental movement, that if change is desired a ‘slow computing’ approach needs to be taken,
Furthermore, contradictions are created between many of these tactics.
For example between deleting data after use and publishing anonymised code, particularly as anonymisation is almost impossible.
In Cryptography there is a whole art to differential privacy, which aims to provide maximum accuracy in data with minimal risk of
identification - but it is not easy.
Another example is to take only what you need for your research questions and applying a sense of chaos in collection to avoid ingrained
bias in the formulation of questions and patterns.
There is a also substantial tension between being a researcher, relying on, and accountable to, a transparent public profile, and protecting our
own privacy.
Practical Privacy
In conclusion, this isn’t about a single answer tool but a strategy for researchers to take in their methodologies and ethics.
The technical challenges with achieving privacy protection are sometimes not in our control and ultimately we have to continue to
demand system and culture change with our research and from positions of authority or persuasive when we can.
As for the contradictions, the discussion should be open and all actors should be listened to so we can find solutions together.
Thank you for listening.
