XOT: On Privacy, Security, and... https://blog.xot.nl/ On privacy, security and (occasionally) other stuff Mon, 08 Aug 2022 07:12:01 +0000 en daily 1 Just A Simple Car. Nothing More. Because simple is the new smart. https://blog.xot.nl/2022/04/01/just-a-simple-car-nothing-more-because-simple-is-the-new-smart/index.html https://blog.xot.nl/2022/04/01/just-a-simple-car-nothing-more-because-simple-is-the-new-smart/index.html Fri, 01 Apr 2022 00:00:00 +0000 Back when that still was thing, I used to buy the most basic HiFi equipment I could find: no frills, no EQ, no fance displays. Just an amplifier with an on/off button, a volume dial and input selector.

I was thinking about that yesterday when discussing connected cars. Ford believes the future of profitability for the company is all the data from its 100 million vehicles (and the people in them). And after the announcement that Mercedes will share road condition data with the Dutch government someone suggested that soon Mercedes will give away cars for free, because this will be profitable enough (I didn’t keep the link; if someone knows please send it to me).

And I was wondering. With all these electric cars becoming more and more complex, essentially turning into big supercomputers that happen to also have wheels: would’t there be a (niche) market for people like me that want just a car. Electric (of course). But nothing more. Not digital. With simple mechanical controls, manual locks, windows, shields. As simple, as basic, as possible. Hardly any computer or electronics inside. Something you can maintain with a screwdriver, instead of a logic analyser.

Because simple is the new smart.

(Unfortunately, such a simple car would probably also be much more expensive. At least, that used to be the case with HiFi and other electronics: the price was inversely proportional to the number of knobs, dials and displays.)

]]>
Kabinetsbeleid digitalisering - solide basis, met helaas wat blinde vlekken. https://blog.xot.nl/2022/03/11/kabinetsbeleid-digitalisering-solide-basis-met-helaas-wat-blinde-vlekken/index.html https://blog.xot.nl/2022/03/11/kabinetsbeleid-digitalisering-solide-basis-met-helaas-wat-blinde-vlekken/index.html Fri, 11 Mar 2022 00:00:00 +0000 Een paar dagen geleden stuurde het kabinet een kamerbrief met daarin de hoofdlijnen voor haar beleid voor digitalisering. Vorige week was ik zeer kritisch over de “European Declaration on Digital Rights and Principles for the Digital Decade”, dus ik hield mijn hart vast. Gelukkig bieden de in de brief geschetste beleidskaders een goede basis, met helaas wat blinde vlekken. Maar goed, misschien is het zicht op die punten nog wat te verbeteren ;-)

]]>
The European Declaration on Digital Rights puts people in the firing line of the digital transformation. https://blog.xot.nl/2022/03/06/the-european-declaration-on-digital-rights-puts-people-in-the-firing-line-of-the-digital-transformation/index.html https://blog.xot.nl/2022/03/06/the-european-declaration-on-digital-rights-puts-people-in-the-firing-line-of-the-digital-transformation/index.html Sun, 06 Mar 2022 00:00:00 +0000 On January 26 this year the European Commission proposed a European Declaration on Digital Rights and Principles for the Digital Decade to guide the digital transformation in the EU. The aim is to ensure Europe will benefit from such a transformation (in terms of quality of life, innovation, economic growth and sustainability) while protecting European values and the fundamental rights of European citizens. I am not convinced by the actual guidance offered though: it puts responsibility solely on the individual, and completely ignores systemic risks. This is not sufficient.

]]>
Civil liberties aspects of the European Digital Identity Framework. https://blog.xot.nl/2022/01/31/civil-liberties-aspects-of-the-european-digital-identity-framework/index.html https://blog.xot.nl/2022/01/31/civil-liberties-aspects-of-the-european-digital-identity-framework/index.html Mon, 31 Jan 2022 00:00:00 +0000 Last year, the European commission proposed to update the eIDAS regulation to create a European Digital Identity Framework. This proposal is currently being discussed by European Parliament committees. I was asked by the Committee on Civil Liberties, Justice and Home Affairs (LIBE) to provide a written contribution on the eID proposal, focused on aspects related to privacy and data protection. Below you’ll find my input (that builds on my earlier comments that I published on this blog).

]]>
Ik zou niet meedoen aan het Nationaal Media Onderzoek van Ipsos. https://blog.xot.nl/2022/01/05/ik-zou-niet-meedoen-aan-het-nationaal-media-onderzoek-van-ipsos/index.html https://blog.xot.nl/2022/01/05/ik-zou-niet-meedoen-aan-het-nationaal-media-onderzoek-van-ipsos/index.html Wed, 05 Jan 2022 00:00:00 +0000 Iemand was uitgenodigd om mee te doen aan het Het Nationaal Media Onderzoek van Ipsos en vroeg mij of dat nou wel zo verstandig was. Ik kende het van horen zeggen (het is de opvolger van het oude kijkonderzoek) maar had er nog nooit in detail naar gekeken. Nu dus wel. En “oh boy” dat was een gouden tip. Mijn advies: niet doen!

]]>
Een coronapas is repressief, niet progressief. https://blog.xot.nl/2021/11/22/een-coronpas-is-repressief-niet-progressief/index.html https://blog.xot.nl/2021/11/22/een-coronpas-is-repressief-niet-progressief/index.html Mon, 22 Nov 2021 00:00:00 +0000 De coronopas was dus toch geen tijdelijke noodmaatregel. Sterker nog, de noodmaatregel wordt aangescherpt naar 2G: alleen gevaccineerden en mensen die eerder COVID-19 gehad hebben krijgen een geldige QR code, die bovendien op meer plekken (winkels, universiteiten) moet worden getoond. Een sterk staaltje function creep. Ook een lockdown doemt weer op, want het is dweilen met de kraan open. Maar de roep om de kraan weer dicht te draaien klinkt wel steeds holler als er al die tijd niets is gedaan om de afvoer (op zijn minst provisorisch) te herstellen, die bovendien verstopt is geraakt door jarenlang neoliberaal beleid.

]]>
Is gegevens-bescherming nou echt zó moeilijk? https://blog.xot.nl/2021/10/31/is-gegevensbescherming-nou-echt-z-moeilijk/index.html https://blog.xot.nl/2021/10/31/is-gegevensbescherming-nou-echt-z-moeilijk/index.html Sun, 31 Oct 2021 00:00:00 +0000

Het lijkt bedrijven en overheden maar niet te lukken om digitale diensten op een privacy vriendelijke manier aan te bieden. Is gegevensbescherming nou echt zó moeilijk? Of is er iets anders aan de hand?

]]>
Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design. https://blog.xot.nl/2021/10/12/privacy-is-hard-and-seven-other-myths-achieving-privacy-through-careful-design/index.html https://blog.xot.nl/2021/10/12/privacy-is-hard-and-seven-other-myths-achieving-privacy-through-careful-design/index.html Tue, 12 Oct 2021 00:00:00 +0000 .gea {margin: 5px}

Nobody at the turn of this century, except perhaps a few die-hard civil rights activists, expected privacy to become such a dominant news item a decade or so later. But after the Snowden revelations, the Cambridge Analytica scandal, and many other incidents and data breaches, tech companies have finally come under growing scrutiny. Hardly a day goes by without yet another news story covering how this or that company tramples our privacy in such and such ways. As a result, legal protection of privacy has started to improve. Unfortunately, this has so far not really led to any significant changes in the way technology is designed and used. Apart from isolated efforts and fringe services offered by enthusiasts, the bulk of the services we use are still privacy invasive at their core. As the COVID-19 pandemic forced us to suddenly do everything online, we were forced to grab the first tools we could find. Alas, the privacy invasive ones were closest at hand. This needs to change.

(This is the main message of my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that appeared October 5, 2021 at MIT Press. For all other posts related to my book see here.)

]]>
Privacy Myth 8 - Privacy Is Hard https://blog.xot.nl/2021/10/04/privacy-myth-8-privacy-is-hard/index.html https://blog.xot.nl/2021/10/04/privacy-myth-8-privacy-is-hard/index.html Mon, 04 Oct 2021 00:00:00 +0000 .gea {margin: 5px}

A common myth is that privacy is hard. Indeed, designing totally ‘private’ systems is next to impossible even under ideal circumstances. (The same is true for designing 100% secure systems by the way.) But we should not let perfect be the enemy of good. A little bit of effort and consideration can actually prevent a lot of privacy harm. In fact, just as technology can be used to invade our privacy, it can also be used to protect our privacy by applying privacy by design. Existing privacy-friendly technologies and privacy by design approaches can be used to create privacy friendly alternatives to the systems we commonly use today.

(This is the eight myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

]]>
Privacy Myth 7 - Privacy and Security are a Zero-Sum Game https://blog.xot.nl/2021/10/01/privacy-myth-7-privacy-and-security-are-a-zero-sum-game/index.html https://blog.xot.nl/2021/10/01/privacy-myth-7-privacy-and-security-are-a-zero-sum-game/index.html Fri, 01 Oct 2021 00:00:00 +0000 .gea {margin: 5px}

Security and privacy are often seen as opposite, irreconcilable goals; as a zero-sum game. Because the stakes involved are high, the debate is often heated and emotional. Privacy advocates and security hawks cling to rigid viewpoints, fighting each other in an aging war of trenches. As a result, measures to increase our security scorn our privacy. And privacy-enhancing technologies do very little to address legitimate security concerns. This is bad, both for our privacy and our security, and for society at large: “It is highly unlikely that either extreme—total surveillance or total privacy—is good for our society.”. But are privacy and security really a zero-sum game?

(This is the seventh myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

]]>