Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design.

Nobody at the turn of this century, except perhaps a few die-hard civil rights activists, expected privacy to become such a dominant news item a decade or so later. But after the Snowden revelations, the Cambridge Analytica scandal, and many other incidents and data breaches, tech companies have finally come under growing scrutiny. Hardly a day goes by without yet another news story covering how this or that company tramples our privacy in such and such ways. As a result, legal protection of privacy has started to improve. Unfortunately, this has so far not really led to any significant changes in the way technology is designed and used. Apart from isolated efforts and fringe services offered by enthusiasts, the bulk of the services we use are still privacy invasive at their core. As the COVID-19 pandemic forced us to suddenly do everything online, we were forced to grab the first tools we could find. Alas, the privacy invasive ones were closest at hand. This needs to change.

(This is the main message of my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that appeared October 5, 2021 at MIT Press. For all other posts related to my book see here.)

Privacy Myth 8 - Privacy Is Hard

A common myth is that privacy is hard. Indeed, designing totally ‘private’ systems is next to impossible even under ideal circumstances. (The same is true for designing 100% secure systems by the way.) But we should not let perfect be the enemy of good. A little bit of effort and consideration can actually prevent a lot of privacy harm. In fact, just as technology can be used to invade our privacy, it can also be used to protect our privacy by applying privacy by design. Existing privacy-friendly technologies and privacy by design approaches can be used to create privacy friendly alternatives to the systems we commonly use today.

(This is the eight myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

Privacy Myth 7 - Privacy and Security are a Zero-Sum Game

Security and privacy are often seen as opposite, irreconcilable goals; as a zero-sum game. Because the stakes involved are high, the debate is often heated and emotional. Privacy advocates and security hawks cling to rigid viewpoints, fighting each other in an aging war of trenches. As a result, measures to increase our security scorn our privacy. And privacy-enhancing technologies do very little to address legitimate security concerns. This is bad, both for our privacy and our security, and for society at large: “It is highly unlikely that either extreme—total surveillance or total privacy—is good for our society.”. But are privacy and security really a zero-sum game?

(This is the seventh myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

Privacy Myth 6 - Your Data Is Safe With Us

Several years ago both Google and Facebook ran a large advertisement campaign in Dutch newspapers assuring us that our data was safe with them. What the campaign also apparently tried to achieve was to reframe privacy as “if you give us all your data, we will keep it private.” This is hugely problematic, as privacy does not mean that Google or Facebook keep our data private. Privacy means that we ourselves can do so. Adding insult to injury is the fact that companies like Google and Facebook are actively subverting our abilities and efforts to do so.

(This is the sixth myth discussed in my book Privacy Is Hard and Seven Other Myths. Achieving Privacy through Careful Design, that will appear October 5, 2021 at MIT Press. The image is courtesy of Gea Smidt.)

Privacy Myth 5 - We Always Need To Know Who You Are

Many online services seem to think they need to know who you are, before granting you access to the service. Why else would they ask you for your name, your address, and sometimes even your phone number? We are so used to this practice that we often provide this information without thinking, not questioning whether this is really strictly necessary. But why should you identify yourself when buying a ticket to a show online, when you can buy the same ticket anonymously over the counter at the box office?

*(This is the fifth myth discussed in my book