CRASHCOURSE THREE. PRIVACY

About the crashcourses  
There are 10 online crashcourses. These crashcourses are linked to the Technology Impact Cycle Tool (tict.io). This free online tool, powered by Fontys University, helps you design, invent, deploy or use technology that makes a (positive) impact on society. The tool offers quick scans, improvement scans and full questionnaires. The tool consists of 10 different categories.

You get the most out of the tool when you are informed on the different categories and, even better, inspired about the categories. That is the goal of this crashcourse: inform you and inspire you on PRIVACY and DATA PROTECTION, so you are better equipped to assess the impact of technology.  All crashcourses take an hour to compleet.

About this crashcourse
This online crashcourse is number three: privacy and data protection. This course, like every course, has one mandatory assignment to help you understand the topic. During the course we will offer all kind of further optional suggested reading, watching and optional assignments for those who crave for more!

The goal of this course is to educate you! To inform you! To inspire you! To entertain you! To dazzle you! To make you think! That is why we did not design a boring crashcourse for beginners, or a basic course with just theory. We cherry picked our way yhrough the topics with the aim to interest, inform and inspire you! If you think we failed you, no problem, we are open for improvements. Just sent us an e-mail on: info@technofilosofie.com.

Some time management directions 
Again: it will take you approximately one hour to complete this course. This course consists of text, articles, videos and assignments. Every section lists reading time, viewing time and assignment time, so you can plan accordingly. If it takes longer than one hour, maybe that means your slow, maybe it means we calculated poorly. You figure it out yourself.

ONLINE CRASHCOURSE THREE. PRIVACY

This 60 minute online crashcourse consists of the following sections:

  1. Introduction in privacy  (18 minutes)
  2. Introduction in data protection & GDPR (14 minutes)
  3. Hot topic: Facial recognition & some analprint recognition (10 minutes)
  4. The Future of privacy (15 minutes)
  5. A do it yourself privacy guide (3 minutes)

Learning outcomes: When assessing the impact of a technology privacy and data protection are very important. After this one hour course you will have a basic idea of the concepts of privacy and data protection. You also will a first idea about how to assess technologies on this theme. We will focus on some key – issues around privacy, data protection and the relation with our modern, digital technology technology and data collecting technology companies. Hopefully after this crashcourse you will think more often about privacy and data protection.

This crashcourse consists of text, videoclips, optional and mandatory assignments and suggestions for further reading, viewing and practicing.

INTRODUCTION IN PRIVACY

Reading time:  4 minutes / viewing time: 9 minutes / assignment: 5 minutes

First, to get a ‘taste of things’ please watch this short two minute video on privacy and ordering a pizza.

Okay, that was quite dystopian, right? Not really a world you want to live in. And we will see even more dystopian scenarios further in this crashcourse.  That is why it is really important to think about privacy in relation to (digital) technology.

We have another video (3 minutes) to really convince you.

So privacy is a fundamental right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are built. Privacy enables us to create barriers and manage boundaries to protect ourselves from unwarranted interference in our lives, which allows us to negotiate who we are and how we want to interact with the world around us. Privacy helps us establish boundaries to limit who has access to our bodies, places and things, as well as our communications and our information.

The rules that protect privacy give us the ability to assert our rights in the face of significant power imbalances. As a result, privacy is an essential way we seek to protect ourselves and society against arbitrary and unjustified use of power, by reducing what can be known about us and done to us, while protecting us from others who may wish to exert control. Privacy is essential to who we are as human beings, and we make decisions about it every single day. It gives us a space to be ourselves without judgement, allows us to think freely without discrimination, and is an important element of giving us control over who knows what about us.

Please check this video (4 minutes) on privacy and then take the quiz (2 minutes).

Privacy is about relational privacy, about territorial privacy, physical privacy and informational privacy. This means privacy is more than data protection. Privacy is socially-agreed-on respect for private & family life, home and correspondence. Data protection is a system of data processing practices of personally identifiable or identifying data for the protection of privacy. We will talk about data – protection later.

Privacy is a right that is often part of national constitutions and international law on human rights. It is possible to invade someones privacy without violating data protection laws. You can for example use technology , like good old fashioned binoculars, to spy on your neighbour. You are invading privacy, you are not violating data protection laws. Privacy can be breached, for example by governments. In that case three questions are very important:

  1. Proportionality: is the goal, the interest in proportion to the infringement?
  2. Subsidiarity: Is this the best way to achieve it? Or are there other ways?
  3. Effectiveness: do I achieve what I want to achieve by the infringement?

Finally it is important to understand that privacy is contextual.

For example: If you like your privacy, the airport looks like hell on earth. Check it out: you have to identify yourself to different people; customs officials screen your bags; at some airports, your irises can be scanned and just about every airport gets your whole body through a scanner. There are few places where you have to reveal so much intimate information in a short time. Yet we don’t fly less about it. From research it appears that the majority of travelers consider that their privacy is “fully” respected. It is all about context.

Contextual privacy was made famous by philosopher Helen Nissenbaum. She explained that when people are saying that they think that their privacy is fully respected when it is not, that is not a result of not caring about privacy. It is because they assess their own privacy at the airport differently than at the bakery. We are okay with the customs officer inspecting the contents of our bag without asking, while we would slap a complete stranger that does that.

Her theory of privacy as contextual integrity provides tools to assess the behavior of data collectors such as Google and the National Security Agency. It explains why we have problems with an university checking our data and we use WhatsApp. Contextual privacy is a sophisticated intellectual tool that can help answer the question of why we perceive one context as very threatening to our privacy and another not at all.

Mandatory assignment (10 minutes):
Open this PowerPoint Template, answer the question on slide one. Next fill out slide two using your own words and the insights in privacy you have gained.

Further suggestions:

  • Read the European Convention on Human Rights (34 pages) and look for the privacy articles (only if you hard core!);
  • Read this short essay (well, short, it is 28 pages) and we guarantee you will never, ever say: I have nothing to hide, again!;
  • Read this essay from Helen Nissenbaum on contextual privacy. Trust me, it is better than reading the whole book;

Key take aways:

  • Privacy is a fundamental human right;
  • Privacy is more than information privacy. Protect your privacy can be something else than protecting your data;
  • Privacy infringement is only allowed under certain conditions;
  • Privacy is contextual.

DATA PROTECTION

Reading time: 4 minutes / viewing time: 10 minutes

In this section we will explain the GDPR (The General Data Protection Rule). This is a European rule, but it has major impact on companies and citizins worldwide. First watch this short overview on the GDPR in this video (2 minutes):

Now watch this longer video that will explain the basics of the GDPR, like the terminology, the data processing principles and the lawful bases for processing (7 minutes).

We already know why privacy is important. We learned that in section one. Information or data in our digital age is incredibly important for our privacy. After all we want to determine by ourselves which personal details we share with others, and how they are used. We don’t want everyone to know what we do or think. We don’t want our boss to know what we discuss with our friends. We don’t want our personal information to be misinterpreted outside the original context. In other words, we want some privacy please. But that is increasingly less self-evident in a world where digital innovations surround us and literally starts getting under our skin. Therefore privacy is more important than ever. It protects us against intrusive companies and an omniscient government. The goal is to maintain a balance of power between the individual and society. In a democratic state this is not only of personal interest but also of interest to society at large.

This is why privacy is a fundamental right.

In the videos you saw that strong European laws protect the privacy of all citizens on European soil. Unfortunately, these laws are often complex and vague. They offer little concrete guidance to designers and system developers. This is a problem if you want to design privacy-friendly systems. Or if you want to assess if a technology is privacy-friendly. For example by applying the privacy by design philosophy, which demands that privacy requirements are taken into account right from the start and throughout the system development life cycle. This makes privacy, like security, a software quality attribute.

Privacy by design is a legal requirement from 2018 onward. But you can also use it to go beyond the bare minimum required by law, and use it as an innovative force. But how to make privacy by design concrete? And how to apply it in practice? How to translate vague legal norms in concrete design requirements?

There are eight different privacy design strategies, divided over two different categories: data oriented strategies and process oriented strategies. The data oriented strategies focus on the privacy-friendly processing of the data themselves. They are more technical in nature. There are four of them.

  • Minimise. Limit as much as possible the processing of personal data (do not ask: how old are you, but ask: are you an adult).
  • Separate. Separate the processing of personal data as much as possible.
  • Abstract. Limit as much as possible the detail in which personal data is processed.
  • Hide. Protect personal data, or make it unlinkable or unobservable. Make sure it does not become public or known.

The process oriented strategies focus on the processes surrounding the responsible handling of personal data. They deal with the organisational aspects and the procedures that need to be in place. We distinguish the following four.

  • Inform. Inform data subjects about the processing of their personal data in a timely and adequate manner.
  • Control. Provide data subjects adequate control over the processing of their personal data.
  • Enforce. Commit to processing personal data in a privacy-friendly way, and adequately enforce this.
  • Demonstrate. Demonstrate you are processing personal data in a privacy-friendly.

Further optional suggestions:

Further optional assignment (1):
Go to a webshop. Register and try to determine which data you have to provide is absolutely necessary if you look at the four technical privacy by design strategies. Could the data you have to provide be minimised or abstracted?

Further optional assignment (2):
Try to read the terms and agreement on data processing of a platform, a webshop or an app and try to determine if you the process oriented strategies are in place. Are you properly informed? Do you have control? Is this properly demonstrated?

Key Take Aways:

  • Data protection is subject to the GDPR;
  • The principles of the GDPR are very important but can be vague to apply;
  • That is why there are privacy by design strategies;
  • These strategies help you to assess the impact of a technology on privacy and data protection.

 FACIAL RECOGNITION (& SOME ANALPRINT RECOGNITION)

Reading time: 3 minutes / viewing time: 7 minutes

One of the main drivers behind the importance of privacy and data protection is that digital technology makes it more and more easy to collect data. In crashcourse two we talked about surveillance capitalists trying to widen and deepen their data collection. In the old days (like yesterday), you may have had a choice. You could choose not to be on social media, not to buy things online, not to use a smartphone, not to let a smart speaker in your house. However, when things become more digital, these choices become harder and harder. Today often choices are no longer there. You need to do things digitally or even worse: your data is collected when you are walking on the street. Even if you do not want to.

The best and most creepy example is facial recognition. Please watch the video below.

Facial recognition is an important example of the importance of privacy and data protection. It is your face, but is just data which can be translated by a computer in a simple: that is you! Even if you do not want to be recognized.

Facial recognition is just a first step into an even more dystopian future. Already there are companies that claim that they can read emotions on a facial expression. Some companies read the micro expressions of applicants for a job to determine if they are the right candidate. Ofcourse these micro expressions are read by a computer. Of course it is scientifically a bunch of crap, but so is the lie detector. Still, chances are that a computer decides if you get a job or not. And it will not explain why. We will talk more about this in later crashcourses.

Further optional suggestions:

  • An article on Vice Magazine that states that AI can not only recognize your face, but also your butthole;
  • An scientific paper in Nature reinforcing the article in Vice;
  • A video of 12 minutes on facial recognition in China;
  • A summary and the complete report of the AI Now institute on facial recognition;

Key Take Aways:

  • Everything is data / information even your face;
  • Your face can be translated in data and recognized even if you do not want to;
  • This all makes the discussion on privacy all the more important.

A LOOK INTO THE FUTURE

Viewing time: 15 minutes

The idea of this crashcourse is to make you think about the concepts of privacy and data protection but also about the importance of privacy and data protection. We already talked about facial recognition, but we like to take it one step further in this video (15 minutes).

A DO IT YOURSELF PRIVACY GUIDE

Finally we like to present to you a Do It Yourself Privacy Guide. Just to make you feel a little bit better at the end of this section. You will not find the normal lists here (things like use a long password, do not just give your data away, use VPN, use disposable e-mail addresses, and so on …) because we all know that this is a little to late and you can find these tips everywhere. And it is hard work. And it is boring! That’s why we’ve rounded up the funnier, more creative ways to safeguard your Privacy here. If privacy is so important, it should be a little fun too.

Right?

One of the major privacy concerns is facial recognition. This technique is developing very quickly and systems are being developed everywhere that you can recognize more and more. Even your phone recognizes you! NOT to participate is getting more and more difficult, that’s why people developed a way in Japan to not be recognized, namely the Privacy Visor. These are glasses with lights that you can wear, so the system does not recognize you anymore. Very weird, but very effective.

If you don’t want to be tagged on Facebook or any other social media platform, we recommend the Glamouflage. This is clothing with celebrity faces on it, which confuse Facebook’s and Instagrams  systems. The example on the right makes Facebook Tagging go wild, because Michael Jackson and Barack Obama together in one photo! You see, the product is a bit older, because Michael is no longer with us, but new variants with new celebrities are available.

Or how about the work of Leo Selvaggio of URME (You Are Me) Surveillance. He made a mask of himself, which fools facial recognition systems. Creepy, but not nearly as creepy as the way these systems are increasingly used.
Another artist is Adam Harvey, who has other ideas. For example, hip ways to make up people and to do their hair, where the facial recognition software gets completely upset. And then there is of course the pixel head Balaclava from Adafruit. A way to mix online and offline while becoming unrecognizable. Finally, in corona times, there is a special mouthcap that confuses facial recognition software. The software thinks the mouthcap is your face.
If you want to be anonymous on social media you can easily create a fake account. Although that is also getting more and more complicated. Or you can’t use social media (even less easy). But there is a better and more subtle way to safeguard your privacy on the social media platforms. Benjamin Grosser’s Go Rando project is such a subtle solution. We all know that Facebook – based on your likes and emoticons – gets to know you quickly. Go Rando is a plugin that you install in your browser and every time you click on an “emotion”, an emotion is randomly selected and posted. In this way, noise is created, which confuses the artificial intelligence of Facebook, for you, but if everyone uses it, for everyone.
Firefox has a new website TrackThis.link where you can choose from 4 profiles ((hypebeast, filthy rich, influencer, doomsday) and then 100 large websites are filled with misleading cookies.
And finally, there are also ways to game your FitBit.
Further optional suggestions:
  • Check the complete article on the privacy visor;
  • Check the complete article on Glamouflage;
  • This a Hyperface, an object that disturbs facial recognition;
  • Go Rando, the project by Benjamin Grosser;
  • The article on Variety about the solution that messes with your cookies.

A VERY SHORT SUMMARY OF THIS CRASHCOURSE

Congratulations. You have done this crashcourse, so you got a very small taste of thinking about technology and the impact on privacy and data protection. An appetizer, if you want. Maybe you did some further reading, so you started on the soup. Good for you. Remember: technology impacts privacy. Digital technology is all about data. In this crashcourse we learned that privacy is important and something different than data protection. We learned how to assess technology from a privacy and a data protection point of view and we learned the importance of privacy and data protection by looking at the future.

Remember: you do have something to hide!