Zum Inhalt springen

Digital Society Blog

Unsere vernetzte Welt verstehen

GameJam_16-9 Skater

Nichts zu verbergen?

18 Oktober 2017

In unserer vernetzten und digitalisierten Gesellschaft sind personenbezogene Daten das neue Gold. Immer mehr müssen wir uns mit komplexen Themen wie Privatsphäre und Datenschutz auseinandersetzen – besonders in der Arbeitswelt. Wie lassen sich diese Konzepte am besten erklären? Beim “Game Jam: Unveil the Privacy Threat” kamen EntwicklerInnen, DesignerInnen, Forschende und Kreative zusammen, um diese Sachverhalte durch Serious Games auf intuitive Weise zu vermitteln. Für den ersten Teil unseres Rückblicks hat HIIG-Forscher Maximilian von Grafenstein zusammengefasst, welche Spielideen konkret entwickelt wurden. Im zweiten Teil zeigen wir die besten #PrivacyJam Momente:

Before getting started with the development of game concepts, three use cases helped all participants to recollect the many facets of privacy.

Use case 1: I’ve got nothing to hide!

In her keynote, Jillian York (Director of International Freedom of Expression at Electronic Frontier Foundation) gave five reasons for why the statement “I’ve nothing to hide!” is wrong:

Many people think they have nothing to hide and thus do not need to protect their privacy. The reasoning behind this is that only people who have done something illegal would want to conceal their behavior; but, so the thinking goes, there’s no social need for protection for illegal behavior!

However, this only relates to a tiny part of privacy protection. In fact, privacy laws doesn’t just protect those (allegedly) engaged in “illegal” behavior. Privacy also protects a person against the loss of reputation that can occur when information is disclosed and/or used in the wrong context. As early as the 17th century, the French high priest and statesman Cardinal Richelieu stated: “Give me a letter of six sentences written by the most honorable man, and I will find something sufficient to hang him.” Of course, we don’t hang people anymore. However, what this kind of reasoning indicates is that there can always be somebody who wants to use personal information against someone. It is this misuse of personal information that privacy seeks to protect against. Some people even say that it actually doesn’t matter what you may have to hide; what matters is your ability to decide whether to hide something or not. This ability is guaranteed by privacy. Privacy is hence an essential precondition for the enrollment of an autonomous personality.

Use case 2: Oops… wrong recipient!

The second speaker, Michelle Dennedy (Cisco), illustrated how challenging it is to sensitise employees to privacy.

The most common privacy threat in companies arises when an employee accidentally sends personal information about somebody else to the wrong recipient. This may sound like a no-brainer, but in fact, it is one of the biggest challenges in implementing effective privacy protection policies within companies.

There are two typical constellations that give rise to slightly different challenges for companies trying to mitigate this threat: In the first constellation, an employee uses an email client, and in the second constellation, he/she grants access to a file depository. In both cases, an employee typically sends an email, or grants access to a repository, to the wrong recipient because the email client or repository incorrectly autocompletes the address based on the first few letters. The employee forgets to double-check the name and… oops, the information is sent to the wrong recipient. But there are differences between the cases: The differences between both cases refer to how such an employee can react. If the employee has granted access to a file repository, in principle, he or she can still restrict access retrospectively. In contrast, if the employee has sent an email, the information is definitely “gone”, and he or she can only ask the recipient not to read and/or open the content. However, in both cases employees often do not react at all, or they do not appropriately, because they fear negative consequences if his or her colleagues or superior find out about it.

Use case 3: Unraveling the anonymity paradox!

Jonathan Fox (Cisco) demonstrated the challenges of data anonymisation in his keynote “Unravel the anonymization paradox!”.

If personal information were anonymized, all our privacy concerns would be gone! But what does “anonymized” mean? This question is one of the hardest to resolve in the privacy debate. At present, privacy experts are grappling with the paradox that – in the big data era – there is no anonymous data anymore. All data can always be related to an individual by means of data analysis technologies. The reason for this is that data is only considered “anonymized” if it cannot be related to an identified or even to an identifiable individual.

In order to understand this paradox, imagine more than three million Berlin citizens – and another million tourists – are carrying around their personal devices every single day. Imagine that there is a Berlin-wide wifi system, which is publically available for all people who have switched on their devices’ wifi by default. This wifi system collects the movement data of all these devices over a longer period of time. Can you imagine how useful this data would be for urban traffic management and many other innovations? But wouldn’t it be creepy if this data could also be misused against an individual later on? Imagine that this data is thus anonymized in order to mitigate these risks. In the process all personal identifiers (i.e. the MAC address and IMEI) of the devices captured by the wifi system – which could in principle lead to an identification of the owner or even carrier of a device – are “hashed” (i.e. substituted by a specific hash value for each identifier). This hash value does not, per se, contain information referring to the owner or carrier of the device. However, it is still possible to capture the device’s movement pattern by referring to this hash. This movement pattern becomes more and more precise over time. Now imagine a person who gets access to that movement pattern (e.g. an employee of the provider of the wifi system or another data-driven company) and suddenly discovers that this device must be owned by somebody he knows very well. The reason for this is that this device “leaves” the building where he lives at the same time every morning and “moves” to an address where only lawyers work: In terms of probability, that person must be his wife!

This risk of re-identification of “anonymized” data exists generally, where it is combined with further information. It is hard to say which information will be added and hard to say what the consequences of an identification are. It is hard to say under which conditions this risk is low enough in order to be socially acceptable.

And the winners are…

Taking the perspective of an activist in a repressive state, the players of “Pieces of Data” learn how data collected by their smartphones can harm them, and even other parties – and how to protect themselves against such threats. “Because this game was so advanced in its development, it won!”, Maximilian von Grafenstein states.

This Game Jam was part of our research project Privacy by Design in Smart Cities.
This post represents the view of the author and does not necessarily represent the view of the institute itself. For more information about the topics of these articles and associated research projects, please contact info@hiig.de.

Dieser Beitrag spiegelt die Meinung der Autorinnen und Autoren und weder notwendigerweise noch ausschließlich die Meinung des Institutes wider. Für mehr Informationen zu den Inhalten dieser Beiträge und den assoziierten Forschungsprojekten kontaktieren Sie bitte info@hiig.de

Katrin Werner

Koordinatorin für Wissenschaftskommunikation und Fundraising

Bleiben Sie in Kontakt

und melden Sie sich für unseren monatlichen Newsletter mit den neusten Blogartikeln an.


Zukünftige Veranstaltungen

Weitere Artikel

Eine große Kreuzung mit viel Verkehr.

Neues Toolkit mit einfachen Tipps für intersektionale KI

Intersektionale KI greift auf Praktiken marginalisierter Perspektiven zurück, um die Entwicklung und Nutzung von KI grundlegend neu zu gestalten.

Titelbild für den Blogbeitrag. Ein Fernseher steht auf einer Orangen Decke neben einer Schale Pommes und Äpfeln.

Filmfestivals on demand? Pandemie, Filmkultur und Streaming

Filmfestivals sind durch die Covid-19-Pandemie besonders herausgefordert. Obwohl sie mit einem digitalen Medium arbeiten, das grundsätzlich online präsentiert werden kann, leben sie vom persönlichen Austausch einer analogen Veranstaltung. Nastassja Kreft...

Titelbild unsustainable behaviour extractive-practices-unsustainable-behavior

­Der Fall der Kultur: Extraktive Praktiken der Work-Life-Integration in Technologieunternehmen

Von “move fast and break things” zu einem modernen Arbeitsplatzpanoptikum: Technologieunternehmen behandeln ihre eigenen Mitarbeiter als reine Produktivitätsmaschinen und treiben den scheinbar unstillbaren Durst nach Wachstum und Shareholder Value an....