Skip Navigation

Introduction to Privacy

In this lesson, we’ll define the concept of privacy. We’ll also relate privacy to security, including its position in the CIA Triad. Finally, we’ll look at who owns private information and what broad steps can be taken to restore or preserve privacy in the digital age.

Page Contents

Video Lecture


Watch at Internet Archive

Privacy

A simple way to define privacy, at least in the personal sense, is to state that it is the ability for an individual to control who knows what about them and their life. Traditionally, people tend to isolate their personal information into different “compartments” (Figure 1). Some types of information are closely guarded and might only be known to the individual (or to a small, selected group of close contacts), while other levels of information might be known within a family or circle of close friends.

Diagram showing different privacy compartments

Figure 1: Different information compartments related to privacy. Compartmentalization can be viewed both from the perspective of the sensitivity of the information to be protected and from the perspective of the groups of trusted individuals who might know sensitive information about a person.

The more personal a piece of information is – or the more sensitive it is – the stronger the desire to prevent random other people from discovering it. Most people are highly selective when sharing thoughts and feelings, limiting the number of other people who know embarrassing or potentially compromising details about them. Information that is more sensitive, such as a person’s relationship history or Social Security Number, is typically more guarded than information that is less sensitive, such as the person’s name.

Within the context of information security, privacy falls squarely into the Confidentiality principle of the CIA Triad. Each piece of compartmentalized information is ideally kept secret from those who are not privy to that compartment. For example, it is common for individuals to tell their friends things that they wouldn’t necessarily want their families to know. Similarly, most people would expect their doctors to keep their medical information private.

Private Information

In addition to medical records, individuals generally regard financial information as private. Maintaining the privacy of one’s Social Security Number, banking information, and credit card numbers is important, since it prevents someone else from using those identifiers and costing the person money. However, financial privacy goes beyond mere account credentials. A person’s financial behaviors, including income and spending habits, are normally regarded as private, as this information might be used to criticize or even target someone. Nevertheless, most online and physical businesses have a vested interest in uncovering individuals’ financial behaviors, so that they can use targeted marketing techniques to manipulate people into spending more money. These corporations use rampant data collection combined with powerful statistical tools to infer information that would otherwise be kept private.1

Outside the financial realm, most people have other information that they tend to keep private to various extents. Religious and political views have different levels of privacy among different individuals. Personal relationships, sexual encounters, fears, and individual quirks are other types of non-financial information that most people keep private to some extent. However, new tools and techniques are constantly under development to try to discern even these types of information, since they can be correlated with financial information to build comprehensive models of individual behavior, which can again be used for marketing purposes.1

Even if one views marketing as benign or at least sufficiently mainstream as to be entrenched in society, the mere existence of these comprehensive databases is a threat to personal privacy. If a database is compromised, hackers can exploit the information contained within them not only to commit financial crimes, but also to engage in extortion or other potentially destructive attacks on the individual. Governments can obtain the contents of these databases through various legal techniques, giving them exceptional insight into individual behavior and potentially allowing for censorship or repression.

Ownership of Your Personal Information

Consider for a moment that your own personal information is likely in the databases of many different corporations, most of which are unknown to you, and with which you have no direct business relationship. When these databases are aggregated together, comprehensive profiles of your identity can be created, some of which can reveal information about your innermost thoughts (your Internet search history is probably in some of these databases, for example). This is probably more information than you would share with these unknown companies voluntarily, so how do you go about getting the information removed?

In some parts of the world, particularly in Europe, information removal is a possibility. However, in the United States, things aren’t so easy. If a company creates a database record about you, they (and not you) own that record. That record might include all personal details about you, including information derived from behavioral data. Since the company owns the record, your information can be bought, sold, traded, disclosed, and put to any wide array of uses without your explicit consent.

Absent government regulation of what a company can and can’t do with private information, the normal response of a customer would be to choose not to do business with that company. Eventually, if enough customers thought the privacy invasion was too much, the company wouldn’t get any business and would either have to change its behavior or go out of business. The problem is that customers rarely engage directly with the companies collecting the bulk of the information about them. Even when they do, the individual’s private information is traded in exchange for some kind of “free” service that the company is providing. Therefore, typical market-based solutions to curb corporate behavior would be difficult to employ for protecting an individual’s privacy.

Is Privacy Dead?

One approach to the current state of affairs, particularly as it applies to corporate information gathering, is to assert that privacy is dead, and there isn’t anything that an individual can do about it. At best, this attitude represents the ostrich approach of burying one’s head in the sand and happily ignoring the issue. At worst, it represents the defeatist attitude that corporations and big governments would like individuals to adopt.

While personal privacy, particularly in the digital age, is a difficult thing to safeguard, it is still possible to have. Since privacy is under attack from so many different fronts, preserving it is neither easy nor convenient. The companies that profit from personal information have gone to great lengths to make it inconvenient for an individual to protect their own personal information. However, it is still possible to regain some control by applying anti-forensic techniques, selecting services wisely, and taking some protective steps.

The Anti-Forensic Thesis

If one considers how data collection operations work, patterns emerge that are remarkably consistent with those used in digital forensic investigations. For example, individual behaviors or actions form clues that can be related on a timeline, eventually providing a holistic picture of an individual. As is done in a forensic investigation, individual artifacts are collected, and the investigator (or marketing company algorithm, in this case) “connects the dots” to reach a conclusion. We can make the company’s dot connection much more difficult by limiting the available artifacts and intentionally poisoning the data set with false information.

This approach represents the thesis of this course: anti-forensic techniques are an important tool for improving and safeguarding personal privacy. Our objectives in using these techniques are to limit the number of artifacts that are created in the first place, disconnect those artifacts from each other to resist profiling, and corrupt the profiles that do get built by intentionally creating false artifacts (this final technique is called a barrage attack).

In much the same way that relative security is gained by not being the weakest target, the ultimate objective of using anti-forensic techniques for personal privacy is to make the cost of building an accurate profile of an individual greater than the market value of that profile. Since so much of today’s data collection and user profiling online is driven by economic motivations, the effect of giving personal information a net negative value would be a reduction in its collection. If enough people worldwide adopted this approach, overall data collection would decrease dramatically.

Now it might be apparent that this anti-forensic approach is designed to mitigate the actions of one type of threat actor: the big corporation. However, this approach would also be effective against other threat actors. For example, if a person is more careful about their own individual data footprint, there will be fewer opportunities for an identity thief to steal that person’s private information. We’ll look at some more ideas related to this concept in the next section.

What About Regulation?

In theory, if enough people start to care about personal privacy, government regulations can be added to restrict data collection behaviors. We already have examples of such regulations with the European Union’s General Data Protection Regulation and the California Consumer Privacy Act. While these regulations somewhat improve a person’s ability to control access to their own information, there are some issues with relying on government regulation.

The first immediate problem is that the Internet is an international system. A lot of data collection occurs online, and companies are able to move their operations into regions with more favorable regulatory environments. Companies also can stop providing services altogether in regions with strong privacy regulations, as one can easily see when trying to browse American news sites through a European VPN connection. Large companies are also major political donors, and their donations coupled with consumer pressure for the availability of services can be used to stop or at least neuter meaningful regulation.

Another major concern is that nation-states, including the United States, may find the big corporate databases convenient. As business records, much of the information in these databases can be accessed using only a subpoena or other legal process with minimal oversight. Consequently, a government might be able to query a commercial database for protected information about an individual that it could not legally collect itself. This capability provides a perverse incentive for government agencies, including law enforcement organizations, to lobby against regulations that would otherwise improve privacy and potentially reduce criminal activity.

Notes and References

  1. https://epic.org/privacy/consumer/online-tracking/ 

Threats, Vulnerabilities, and Controls

Introduction to Security and Privacy
Anti-Forensics and Digital Privacy
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.