https://www.youtube.com/shorts/1wfpPEB1xK8
Here, we aim to outline the key technological decisions that can help a DPI reduce risks to the population. It is important to recognise that technology has inherent dynamics irrespective of the intention of public officials or the legal situation in a country.
<aside> đź’ˇ
The law cannot fix what technology has broken.
</aside>
Complex technical systems can hardly be changed after they are rolled out. When large amounts of personal data have been collected, they rarely ever get deleted. Information on the internet often behaves like water that diffuses and is hard to remove completely. Hence, a privacy preserving architecture should begin at the design phase of DPI long before people use the system.
<aside> đź“Ś
Privacy is like fire protection. Sometimes it makes construction more complex. But only with protections is the structure safe for people. Refitting an existing structure is much more expensive than taking care of it in the design phase.
</aside>
Privacy by design is an approach to engineer systems to maximise their respect for privacy. It aims to reduce the risk for end-users and provides guidance how to make engineering and process decisions value driven. It includes the principles privacy-by-default, which states that the default setting for any product or service should be as privacy-friendly as possible and users can make their own choices if they want to share more of their data, for example to gain additional features.
Another component of privacy respecting systems design are Privacy Enhancing Technologies (PETs). These are state of the art technologies to reduce the systems processing of personal information, while not compromising the functionality of the system. This module discusses many of the techniques that can be summarised as PETs.
Only data that is never collected is truly protected. Every processing of personal information entails risk of misuse, data breaches or data corruption. Hence, data protection law establishes the principle of minimising the personal information we retain and process.
This principle can be envisioned as a funnel, designed to restrict the amount of personal information processed at each stage to what is necessary for the intended purpose the user agreed to. When data is no longer needed, it should be deleted.
While this principle may be less critical for a typical small or medium-sized company, it should serve as a guiding star for large IT projects that process significant amounts of sensitive data. Encrypted messengers are a great example.
A decade ago, most messaging apps stored all of their users’ messages on their servers. Often the messages were not even encrypted during transit. For example, the original version of the WhatsApp messenger effectively sent every message like a post card that could be read by everyone with access to your network or to their servers - employers, internet cafés, governments, etc.
This changed after Edward Snowden’s 2013 revelations about the extent and sophistication of the U.S. government's indiscriminate mass surveillance operations. Many websites began encrypting traffic between their servers and users during internet transmission.Thereby, the passive snooping of traffic no longer exposes personal information.
This also led WhatsApp to encrypt users’ messages end-to-end.Thereby, there is no longer a copy of personal communication on the servers of WhatsApp, because it’s encrypted so that only the parties of the chat can read it. Even with a warrant, the content of the communication stays private.
But WhatsApp was acquired by Meta (Facebook) and stopped there. Signal messenger went further. Not just the content of communication is protected, but also the meta data and much more. WhatsApp knows who talks with whom when and where, as well as their phones’ full address book. Signal removed this information with privacy-by-design technology that minimises the amount of personal information they even see.
This took Signal – which is run a by a non-profit and used by hundreds of millions of people – a lot of effort. But it paid off and made them the trusted messenger of choice for many activists, journalists, whistleblowers, politicians and everyday people that care about privacy.
<aside> đź“Ś
The level of privacy-by-design protections seen with encrypted messengers gives us a good benchmark of what we should request from a DPI that governs large parts of society.
</aside>
The more personal data is concentrated in a single location, the greater the risk of misuse or theft. Attackers will try to go after the largest amount of data. Large data collections will motivate law enforcement and intelligence agencies to gain access. Biometric information is particularly valuable because it remains relevant and sensitive throughout a person’s lifetime.
Decentralisation helps by giving users self-custodianship over their data. Transactions are executed either directly from the user’s device or through a server that can only decrypt and process the information with the user’s authentication.