Presentation and speaking notes on a practical approach for privacy protection designed for academic researchers, but open to all working on research, human rights, charities etc. Strategy and threat modelling 5 Tactics (Go Offline, Technological solutions, Chaos, Transparency, Limitation) The Challenges

1. Practical Privacy

2. The Problem

3. There is a deluge of public and private data about each of us, and our research
subjects, including social media content, web browsing habits and location data.
The ease of accessibility is usually at the bidding of the tech organisation who
owns the data.
Technology capacities are constantly changing which means privacy definitions,
policy and enforcement have been unable to keep up.
This is obviously a problem for human rights defenders in countries with
oppressive governments, however the research community should note that some
British journalists and researchers are under dataveillance too, due to being
considered “threats to national security” by the UK government.
More than these concrete issues, privacy is enshrined in human rights conventions
because it is important in and of itself - not in context or with justification.

4. The research community is presented with information and communication
technologies which can lead to the violation of privacy rights, some of which are
used second hand, like email or facebook, some of which are used first hand, such
as social media analytics research.
We need to make decisions on what is the right balance between the risks and
opportunities of these tools is in the absence of up to date ethics guidelines.

5. The Solution

6. Strategy
Usually ethics guidelines are already built under the strategy and values of an
organisation, and these ethical guidelines drive decisions - however, with this area
already lacking it is important to start by building a strategy - That is, what is the
overall plan for the protection of the rights of the researcher, the research and the
research subjects.
It is necessary to understand the research subjects - who they are and what risks
they face, your research - what are the goals and what information is necessary,
and finally yourself, what are your skills, capabilities and, most importantly,
responsibilities.

7. Strategy
Threat Modelling
Tactical
Tech
Microsoft
(more
technical)

8. Threat modelling is a method to develop this strategy. Threat modelling is an in
depth risk analysis of a certain context. To carry out threat modelling you have to
think of risks and threats, their likelihood and the level of impact if they happen.
In relation to information and communication technologies it is important to ask:
● what information is needed for the threats to be carried out?
● Where will this information be held?
● What tools are you using and what or who do those tools and servers interact
with?
For all of these, the threat or the information carrier, such as the email company,
can, and probably do, collect more data than would be obvious.
So once you worked out what information you want to gain and share, and what
threats and risks are involved, then you have an overarching strategy for the
protection of your data.

9. 5 Tactics
and supporting tools

10. Go Offline

11. The safest place for information is in your head, not said out loud at all, not
written down anywhere.
However, information and communication is what most of society is built on,
including the academic research community. The next step up from not talking at
all, is to write handwritten notes or meet face to face. The alternative is have a
computer that is completely offline, this means a computer that doesn’t even have
the capability to connect to the internet, this way no one can access the files
without having hard access to your computer.
When necessary, it is at least important to be aware of what you are putting on
the cloud, sometimes without realising it.

12. Fight Fire
with Fire
Encryption
(PGP)
VPN
TOR

13. Alternatively, you can make it harder to access the information. This might be
through covering your webcam with paper, which was once seen as the same
category as wearing a tinfoil helmet but comes now at the recommendation of the
Director of the FBI.
The other way to make it hard to access information is to fight fire with fire,
technology with technology.
That can mean encryption, for example WhatsApp and Facebook messenger offer
end to end encryption, and emails can be encrypted with PGP. PGP not only
allows you to have conversations privately but to put a public pgp out there so
people can make initial contact with you privately, this may be particularly
important for whistleblowers.
Other tools include a VPN and TOR which can help separate the originating
computer from the message.

14. Fight Fire
with Fire
Alternatives
(PIWIK)
D.I.Y
Encryption
(PGP)
VPN
TOR

15. Secondly, in relation to the tactic of fighting technology with technology,
you can use non-mainstream tools that consider privacy a core value.
There are many alternatives out there to most social media for example.
PIWIK is an alternative to google analytics that allows people to own the
data they collect.
Finally, you can make your own tools, the risks of which are discussed
later on.

16. ChaosLastPass

17. There are two aspects to the tactic of chaos:
1) How chaos can protect you from others - this tactic is useful if people are
meeting regularly but don’t want to be seen to be associated, for example
taking a different route every time and swapping oyster cards to avoid location
data and IDs being associated or patterns forming.
This also incompasses the first vital rule of protection - your password - choose
random collection of characters or at least four random words not connected to
you in anyway. Generally a password manager is recommended to allow for
complexity and randomness across all websites that require passwords.

18. 2) How chaos can protect you from yourself.
There is a human condition “apophenia” which means seeing patterns where
they don’t exist and our preconceptions impact the patterns we see. It is
important to have good quality data, test them with others and get different
perspectives and ultimately to remember we are applying order to chaos.
The principle is to disrupt patterns.

19. Transparency

20. The fourth tactic is transparency. In some journals it is already standard to
not only publish, alongside the research, the supporting data but also the
supporting code and this should become the norm in social sciences too, with
appropriate anonymisation as necessary.
It is also important to outline which tools you are using, and the risks
involved, such as with facebook groups or email, to the subjects so they can
make decisions for themselves. Even if it means the research subjects then
want to back out, this is the responsibility of a researcher.

21. Take only what
you need
Eraser

22. Finally, the last tactic I want to discuss is to only take what you need. In this
data deluge it is very tempting to not only take more than necessary but also
keep it indefinitely.
To ensure best practice with data it is important to consider exactly what
your research is first and then collect specifically for it.
Once the research is over all sensitive data that won’t be used in the final
publications should be deleted completely. This doesn’t just mean deleting it
from the trash can, in extreme cases it means incinerating or drilling holes in
hard drives.
Perhaps more practically, it means using tools such as eraser which overwrite
many times with random data until the previous data can no longer be
retrieved by expert programs.

23. The Issues

24. There are some difficulties I have come across in achieving these tactics.
Firstly, many require technical skill which makes it more difficult to engage with.
Even software engineers know not to write their own encryption, because it is likely
they won’t make it good enough. This is one of the reasons I haven’t moved to
hosting my own server for my data, because I am not convinced I could keep it safe
from attack.
The safety of most of expert technologies used to “fight technology with technology”
is often doubted - WhatsApp’s encryption was quickly undermined when they joined
with FaceBook. TOR came under attacks for ultimately being created by the NSA.
That doesn’t stop them being useful, only to highlight the need for caution.
Many of these tactics will also mean that data collection and analysis takes longer. In
fact, many privacy activists have considered their campaign similar to the
environmental movement, that if change is desired a ‘slow computing’ approach
needs to be taken,

25. Furthermore, contradictions are created between many of these tactics.
For example between deleting data after use and publishing anonymised code,
particularly as anonymisation is almost impossible. In Cryptography there is a
whole art to differential privacy, which aims to provide maximum accuracy in data
with minimal risk of identification - but it is not easy.
Another example is to take only what you need for your research questions and
applying a sense of chaos in collection to avoid ingrained bias in the formulation
of questions and patterns.
There is a also substantial tension between being a researcher, relying on, and
accountable to, a transparent public profile, and protecting our own privacy.

26. Practical Privacy

27. In conclusion, this isn’t about a single answer tool but a strategy for researchers to
take in their methodologies and ethics.
The technical challenges with achieving privacy protection are sometimes not in
our control and ultimately we have to continue to demand system and culture
change with our research and from positions of authority or persuasive when we
can.
As for the contradictions, the discussion should be open and all actors should be
listened to so we can find solutions together.
Thank you for listening.