Jaap-Henk Hoepman - Privacy Is Hard and Seven Other Myths: Achieving Privacy through Careful Design

PRIVACY IS HARD AND SEVEN OTHER MYTHS

ACHIEVING PRIVACY THROUGH CAREFUL DESIGN

JAAP-HENK HOEPMAN

THE MIT PRESSCAMBRIDGE, MASSACHUSETTSLONDON, ENGLAND

2021 Massachusetts Institute of Technology

All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher.

Library of Congress Cataloging-in-Publication Data

Names: Hoepman, Jaap-Henk, author.

Title: Privacy is hard and seven other myths : achieving privacy through careful design / Jaap-Henk Hoepman.

Description: Cambridge, Massachusetts : The MIT Press, 2021. | Includes bibliographical references and index.

Identifiers: LCCN 2020036516 | ISBN 9780262045827 (hardcover)

Subjects: LCSH: Computer security. | Data protection. | Privacy.

Classification: LCC QA76.9.A25 H626 2021 | DDC 005.8--dc23

LC record available at https://lccn.loc.gov/2020036516

d_r0

To all that try, regardless.

List of Figures

The components of a computer.

The operating system.

The permissions requested by a flashlight app (July 2019).

An internet packet envisioned as a postcard.

A typology of privacy.

A virtual private network.

Messaging end-to-end encryption.

Smartphone storage encryption.

Polymorphic encryption.

A mix network.

The Tor network.

Onion encryption.

Identity management.

Identity management versus attribute-based credentials.

An attribute-based credential.

Ali Babas cave.

Safe browsing.

Personal data stores.

A visualization of centralized, decentralized, and distributed systems.

The system lifecycle, and how to address privacy in the first four phases.

The eight privacy design strategies.

List of Table

A magnitude table and a frequency table

Technology is neither good nor bad; nor is it neutral.

Melvin Kranzberg, historian, 1985

Architecture is politics.

Mitch Kapor, founder of the Electronic Frontier Foundation, 1991

We live in an increasingly digital world. We shop online. We share our lives digitally. We are tethered twenty-four hours a day through our smartphones, wearables, and tablets, connected to our family, friends, work, and everything that happens in the world. The 2020 COVID-19 pandemic has spurred this transition from the real to the virtual world.

Governments apply new digital technologies to perform their tasks more efficiently, to increase our safety and security, improve our well-being, and to combat fraud. Businesses similarly embrace these technologies for new systems and services that are more efficient and more personalized, disrupting existing brick-and-mortar businesses in the process.

All these systems collect huge amounts of personal data and use that information to monitor or influence us, without many of us being fully aware of this. Common myths (You have zero privacy anyway; Youve got nothing to hide) trouble our vision and lull us into indifference. This book is intended as a wake-up call, to allow people to recognize poorly designed systems and challenge them.

We fail to see that the way systems are designed has a tremendous impact on our privacyand that we, as a society, actually have a choice here. A guiding principle of this book is that technology does not develop in isolation, does not have an independent, inherent purpose or destiny of its own. Instead, technology is made by people and is shaped according to their agendas and beliefs. These beliefs are embedded in how technology functions and determine what technology affords us to do, what it prevents us from doing, and what it does regardless of our own intents and wishes. Systems can be designed in a privacy-friendly fashion, with respect for our autonomy and human dignity, without a negative impact on their functionality or usability. If we want this to happen, though, we need to get involved and influence these agendas and beliefs.

Privacy is often ignored when designing systems. Sometimes this is out of ignorance. More often, it is on purpose because of the huge economic value of all that personal data. This approach is no longer sustainable. Stricter regulations and growing privacy concerns among the general public call for a different approach. But purely regulatory approaches to protect our privacy are not enough. Privacy-friendly design is essential.

A little bit of effort and consideration can prevent a lot of privacy harm. In fact, just as technology can be used to invade our privacy, it can also be used to protect our privacy by applying privacy by design. This book convincingly shows how, thus busting the myth that privacy is hard. It explains existing privacy-friendly technologies and showcases privacy by design approaches, in plain language, addressing a broad audience. These approaches are applicable to many systems we commonly use today.

When preparing the final manuscript of this book, the COVID-19 pandemic broke out, pushing us into endless videoconferencing sessions and forcing us to collaborate online using all kinds of cloud-based tools. Suddenly the whole world depended more than ever on the digital tools offered by a few tech behemoths. These tools are not necessarily designed with our interest, and in particular our privacy, in mind. But we had no choice; there simply were not any viable and usable alternatives. With lockdown measures slowly loosening in certain areas of the world, and the exciting news that an effective vaccine may soon be available, it is time to prepare ourselves for a better future. We should ensure that we do have a choice, that viable, privacy-friendly, and usable alternatives become available soon. Not only for use during an emergency, but to use whenever we want or need them, with the confidence that we can use these tools without fear of risking our privacy.

Privacy is like safety or sustainability. Today we take safe cars, energy-efficient buildings, and environmentally friendly production more or less for granted. Like safety and sustainability, privacy is a reasonable and natural civil demand. A demand that businesses and governments can and should comply with, through careful design. Its not hard.

Each chapter in this book busts a common privacy myth. In the process, it shows how technology is currently used to harm our privacy and explains how different technologies and system-design approaches can be used to protect our privacy instead. Chapters open with drawings inspired by Franz Kafkas famous novel The Trial, which is often seen as a fitting metaphor for a world without privacy. The chapter openings have been wonderfully drawn and graciously provided by Gea Smidt, linking the topics discussed in the chapter with the vivid images that sprout from Kafkas book, visualizing the absurdity and direness of our predicament (and that of Josef K., the central figure in Kafkas book).

Supplementary materials and possible corrections can be found at https://www.xot.nl/privacy-is-hard/ (including links to all online resources and articles cited). This includes a section with advice on how you can protect your own privacy online.