6:56pm

Fri December 13, 2013
All Tech Considered

A Movement To Bake Online Privacy Into Modern Life, 'By Design'

Originally published on Fri December 13, 2013 7:46 pm

As we become a more digitally connected society, one question has become increasingly pervasive: Is the expectation of privacy still reasonable?

Ann Cavoukian, the privacy commissioner for Ontario, Canada, thinks so. She contends that privacy — including privacy online — is foundational to a free society. She developed a framework for approaching privacy issues back in the 1990s that's been recognized around the world.

Her approach of seven principles, called "Privacy By Design," advocates that tech designers and engineers need to bake privacy provisions into their products and work from the start, not as an afterthought.

The Federal Trade Commission has called on companies to implement Privacy By Design, and in 2010, the European Union called the approach a key tool to promote citizens' trust in a connected society.

"It's all about thinking preventatively, preventing the privacy harm from arising," Cavoukian tells All Things Considered host Audie Cornish, "as opposed to offering some system of redress after the fact."


Interview Highlights

On why she feels privacy is so important

We're flooded by all these messages in the media that, "Oh, well, we have to kiss privacy goodbye." I mean, the death of privacy has been predicted just repeatedly over the years.

And my response to that is, "Say no to that." Because if you value your freedom, you will value your privacy. When you look at countries that have morphed from a free and democratic state into a totalitarian state, the first thread to unravel is privacy.

On the incentive for businesses to adopt Privacy By Design

I have very great sympathy for businesses that want to gain a benefit in some way from your information. But what I would suggest to them is that, in the long run, if you do this at the expense of privacy — at the expense of your users — they're going to gravitate somewhere else.

Users don't know that there are other options. And they accept what is being offered because that's the only game in town. That is going to be changing.

On preventing tracking of consumers' Internet use

There's been a lot of talk about "do not track." So, a Privacy By Design model of do not track on the Internet websites would be that you could access a website and the default would be that ... that website would not track any of your information unless you positively consented to it. If you didn't do anything, the default would be no tracking.

On other ways PBD is being used around the world

We have applied Privacy By Design to over a dozen specific areas — surveillance cameras used in mass transit systems, biometrics used in casinos, smart meters in the smart grid. Think of mobile devices, near-field communications. We've used it with [radio frequency identification] and sensor technologies. We've done it with home health care sensors.

On how surveillance programs can be improved with PBD

What we have learned through the revelations of [Edward] Snowden is that there is massive surveillance on a scale that is unprecedented. And if anything it has grown the need for Privacy By Design. And exploring ways of how you do privacy and surveillance, can you do both? ... Yes you can. ...

Imagine what the NSA is doing. And I'm not suggesting it should continue in the way that they're doing it, but just imagine their model, where they're collecting tons of metadata and it's left in plain text, meaning it's not encrypted.

At the very least, if you must do that, there's something called homomorphic encryption, which simply means that you encrypt the data and you can engage in data analysis on the encrypted values. ... It allows you to do surveillance ... so no one's personal information is in plain text.

And then only when you get a hit ... on potential terrorist activity, you get a court order, a warrant and you decrypt that data. ... It is eminently possible to do things in a much more privacy protective way.

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

Transcript

MELISSA BLOCK, HOST:

This is ALL THINGS CONSIDERED from NPR News. I'm Melissa Block.

AUDIE CORNISH, HOST:

And I'm Audie Cornish.

As we become a more digitally connected society, there is no more pervasive question than this one. Is the expectation of privacy reasonable? We're exploring the subject of privacy and technology in occasional stories and conversations. Today, we hear from an international leader on privacy issues, Ann Cavoukian. She is the privacy commissioner for Ontario, Canada.

BLOCK: Cavoukian argues that privacy is foundational to a free society. And she developed a framework for approaching privacy issues that's now gaining recognition around the world. The Federal Trade Commission here in the U.S. points to it as a set of guidelines, as does the European Union. It's called Privacy by Design.

CORNISH: Ann Cavoukian, welcome to the program.

ANN CAVOUKIAN: Thank you so much, Audie.

CORNISH: So the Privacy by Design idea is governed by several principles - seven actually - that include things like that companies need to be proactive, not reactive when it comes to privacy, that privacy settings are default. But how do you actually apply these principles in the programs we use today?

CAVOUKIAN: The essence of Privacy by Design, as you mentioned, is that it be embedded proactively into emerging technologies and operational processes and business practices. It's all about thinking preventatively, preventing the privacy harm from arising, as opposed to offering some system of redress after the fact.

So how do you do this? Think of Do Not Track. So a Privacy by Design model of Do Not Track on the Internet would be that you could access a website and the default would be that website would not track any of your information unless you positively consented to it. If you didn't do anything, no tracking. That's the sort of automatic privacy assurance that comes with Privacy by Design.

CORNISH: Now, in what ways is this at odds with the very business models of tech firms, right, which seems to be, we offer you some kind of free, quote, "service" but we essentially make money off of the treasure trove of data that's been collected in the process?

CAVOUKIAN: And I understand - I have, you know, very great sympathy for businesses that want to gain a benefit in some way from your information. But what I would suggest to them is that in the long run, if you do this at the expense of privacy, at the expense of your users, they're going to gravitate somewhere else.

CORNISH: But haven't we seen consumers repeatedly choose convenience over security, right, apps and games that collect their location, social networks that tap into their address books, just having bad passwords?

CAVOUKIAN: The passwords, I give that to you. Absolutely. But with respect to the other features, it's that users don't know that there are other options. And they accept what is being offered because that's the only game in town. That is going to be changing.

CORNISH: Now, people have criticized privacy by design as being too vague. And what's your response to this concern that essentially you're inviting companies to kind of collect all the data they want, but as long as they give us a few privacy settings here and there they can have at it?

CAVOUKIAN: It's nonsense when people say privacy by design is too vague. We have applied privacy by design to over a dozen specific areas - surveillance cameras used in mass transit systems, biometrics used in casinos, smart meters and the smart grid. We've done it with home health care sensors.

CORNISH: But is there a certain threshold? I mean, does - is there a danger that this turns into something, like, you know, kind of food labels, right, like organic or free-range or local, like, there's a label here that makes you feel good, but it's very murky about the companies how they apply it and what it actually means.

CAVOUKIAN: I think - of course, there's always that danger, and I always want to make sure that privacy by design doesn't get weakened just by everybody saying they're doing it. The essence of it is absolutely clear to software designers, engineers. Two years ago, I called up (unintelligible) engineer. I went around the world talking to engineers to see if they could get this. And they got it big time. They said the most important thing, though - of course, we can bake it into the design of the technology.

The most important thing is the bosses. They have to tell us right at the beginning that they want privacy embedded into the system. But usually, that doesn't happen until the thing is designed and they come along after the fact and ask us to bolt on some solutions, which we can't do as well after the fact.

CORNISH: The revelations about the NSA surveillance programs, how has that undermined this idea that our data is secure from government agencies that want it?

CAVOUKIAN: Well, the notion that our data was secure with government agencies was always one that was linked with a question mark. What we have learned through the revelations of Mr. Snowden is that there is massive surveillance on a scale that is unprecedented. And, if anything, it has grown the need for privacy by design and exploring ways of how do you do privacy and surveillance. Can you do both? We have a new paper out called Privacy-Protective Surveillance by design. Yes, you can. And I've presented it at the Pentagon and a very positive reception to it because we...

CORNISH: So how does that work? I'm not totally clear here.

CAVOUKIAN: So imagine what the NSA is doing - and I'm not suggesting it should continue in the way that they're doing it, but just imagine their model where they're collecting tons of metadata and it's left in plain text, meaning it's not encrypted. At the very least, if you must do that, there's something called homomorphic encryption, which simply means that you encrypt the data and you can engage in data analysis on the encrypted values. It's amazing. It allows you to do surveillance but all on encrypted values, so no one's personal information is in plain text.

And then only if you get a hit and you have a threshold that you develop on potential terrorist activity, you get a court order, a warrant, and you decrypt that data. I'm really simplifying it, of course, but it is imminently possible to do things in a much more privacy-protective way. You just have to turn your mind to it by design at the beginning.

CORNISH: It sounds like what you're saying is then this is surveillance by design, like you essentially bake-in proper the ability for government agencies to tap into whatever to get what they want.

CAVOUKIAN: The first wish is to redesign everything and prevent the type of data collection that is happening in this dragnet manner, absolutely. But I try to be a realist, and right now, there's an existing system of what the NSA is doing and they're doing it. So if we want an immediate protection, what do you do? You can do this kind of surveillance by design, where at least you encrypt all the data holdings you have. And only when you get a legitimate hit, then you would decrypt the data through a court order. These are magnitudes of higher protection than exist now. Right now, you have no protection.

CORNISH: What do you say to people who kind of look around at the industry now and all of the different programs and networks that they're using and kind of throw their hands up and say, you know, the horse is out of the barn, as they say, right?

CAVOUKIAN: The horse isn't even close to the barn door. Because what you have to - and I encounter people like that all the time, and I understand because we're flooded by all these messages in the media that, oh, well, we have to kiss privacy goodbye. I mean, the death of privacy has been predicted repeatedly over the years, and my response to that is, say no to that, because if you value your freedom, you will value your privacy. When you look at countries that have morphed from a free and democratic state into a totalitarian state, the first thread to unravel is privacy.

CORNISH: Ann Cavoukian, she's the privacy commissioner for Ontario, Canada. Thank you so much for speaking with us.

CAVOUKIAN: My pleasure. Thank you very much. Transcript provided by NPR, Copyright NPR.

Related Program