Privacy is intuitive to us. We know exactly what to do when we want to tell a secret to a friend. We whisper, go to a secluded space or wait until its safe. Or when describing the party last night to mom, we leave out the spicy secrets. We don’t have to think twice about it — secrets are our second nature.
With technology, privacy is more difficult. We do not have an intuition as to what technology does with our information. We see plenty of useful effects, where technology uses our information for good purposes, such as shows us the interesting news first, but for the bad consequences we don’t have an intuition. Perhaps teens today have acquired such an intuition, but I know I don’t. Personally, I’ve just decided that, on social media, I’ll post only stuff which can be safely be made public for all. You make some rules for yourself and hope you’re safe. But just when you think that you’ve got it sorted, you find out that Facebook is leaking your supposedly secret contact information. Or perhaps Alexa is sending your discussions to random strangers? How would you know?
This is nothing new to privacy minded engineers, researchers and policy-makers; Bruce Schneier is right in that we should not blame the users,Tim Berners-Lee is working on an exciting infrastructure where users can choose where their data is stored and the general data protection regulation (GDPR) of the European Union puts the responsibility on the companies, which have to make sure that users’ data is safe. This is real progress, but not enough, because we still don’t know what privacy means.
Suppose you talk to Siri or Alexa; who owns that conversation? Can Google be allowed to automatically store all your web-history? Sure, Google improves your searches and sure, Siri and Alexa learn to help you better. But how would you know what is reasonable?
I’ve come up with a simple test. Replace the name of the product with Greg and try again. Suppose you talk to Greg; who owns that conversation? Can Greg be allowed to store your web-history? I think the answer is obvious. If Greg is an anywhere near decent chap, he will not record a conversation with you without explicit warning. As Greg gets to know you better, he might have better suggestions for you. But if Greg would secretly follow me when I go shopping and observe me when I go out to have a beer, I would have him arrested as a stalker.
With this simple trick, by replacing a product name with the name of a real person, we reveal the true implications of technology. I call it personification. It assigns personhood to a product. It connects with our intuitions of how all our interactions should be. In particular, it connects with intuitions of how our interactions with technology should be, rather than what we grown accustomed to. It removes all the marketing hype and replaces it with a flesh and blood person.
In the design of new technology, we need to connect to that same intuition about how things should be. Privacy is a feature of the user-interface, which we should tune. Indeed, privacy is not a problem, but a value. It is not a question of what is legally permissible, though we do have to follow all relevant laws, but it is as much a question of ethics and morals as it is of good design. Privacy-aware technology should adapt to their environment and protect what you find valuable. When sitting on the bus and searching for information on the phone, it is not ok if the phone responds with “Did you ask about the transmission of chlamydia?”. Avoiding such behaviour is the right thing to do and should be part of the design of a good user-interface. The phone should do what we expect it to do.
I am completely operational, and all my circuits are functioning perfectly. — H.A.L. in ” 2001: A space odyssey”
For engineers like me, the challenge is then to recognize the needs of the user. How can the device know whether this is a private discussion? An advanced user can turn on the private-browsing feature, but I can’t expect my grandmother to do that. Technology should adapt itself automatically. A second question, especially for user-interface designers is: How do you communicate the current level of privacy to the user? How would the user know if a microphone is currently recording? Those are the two questions, measuring and reporting privacy, that I find most interesting in current technology and research. In essence, the task is to understand the feelings of the user and to build an emotional connection of mutual understanding.