Obscurity by Design

• Publication year: 2021

OBSCURITY BY DESIGN

Woodrow Hartzog(fn*) and Frederic Stutzman(fn**)

Abstract: Design-based solutions to confront technological privacy threats are becoming popular with regulators. However, these promising solutions have left the full potential of design untapped. With respect to online communication technologies, design-based solutions for privacy remain incomplete because they have yet to successfully address the trickiest aspect of the Internet-social interaction. This Article posits that privacy-protection strategies such as "Privacy by Design" face unique challenges with regard to social software and social technology due to their interactional nature.

This Article proposes that design-based solutions for social technologies benefit from increased attention to user interaction, with a focus on the principles of "obscurity" rather than the expansive and vague concept of "privacy." The main thesis of this Article is that obscurity is the optimal protection for most online social interactions and, as such, is a natural locus for design-based privacy solutions for social technologies. To that end, this Article develops a model of "obscurity by design" as a means to address the privacy problems inherent in social technologies and the Internet.

INTRODUCTION ................................................................................ 386

I. PRIVACY BY DESIGN MUST BE CLARIFIED TO APPLY TO THE USER INTERFACE OF SOCIAL MEDIA ................... 389

A. Privacy by Design Challenges Organizations to Rethink Established Approaches to Privacy ...................................... 390

B. Obscurity Can Improve Privacy by Design ......................... 392

II. BETTER LIVING THROUGH OBSCURITY ............................. 395

A. The Concept of Obscurity .................................................... 395

B. The Four Principles of Online Obscurity ............................. 397

1. Search Visibility ....................................................... 397

2. Unprotected Access .................................................. 399

3. Identification ............................................................. 399

4. Clarity ....................................................................... 400

III. IMPLEMENTING OBSCURITY BY DESIGN ........................... 402

A. Technologies ........................................................................ 403

1. Smart Hyperlinks and Access Walls ......................... 403

2. "Privacy" Settings ..................................................... 404

3. Search Blockers ........................................................ 405

4. De-Identifying Tools ................................................. 406

5. Passwords and Encryption ........................................ 407

B. Policies ................................................................................. 407

1. Contractual Restrictions on User Behavior ............... 407

2. Community Guidelines ............................................. 410

C. Behavioral Interventions ...................................................... 411

1. Defaults ..................................................................... 412

2. Feedback ................................................................... 413

3. Content, Ordering, and Placement of Signals ........... 415

4. Carefully Crafted Language ...................................... 417

CONCLUSION .................................................................................... 418

INTRODUCTION

Privacy by design, that is, "the philosophy and approach of embedding privacy into the design specifications of various technologies," promises to alter the law's largely reactive approach to privacy threats.(fn1) Government and industry are gradually embracing privacy by design and other design-based strategies to protect Internet users.(fn2) To ensure wide applicability, the Privacy by Design approach offers little domain-specific guidance. However, with the growth of the Internet and social technologies, designing usable and effective privacy for technologically mediated social interaction (such as the interaction afforded by social media) is an urgent challenge, one deserving of investigation.

Over the past forty years, regulators and technologists have expended significant effort managing the privacy risk inherent in the collection and storage of personal information.(fn3) In the era of social media and behavioral tracking, the vast databases (i.e., "big data") that store personal information pose significant threats, but these databases and their parent organizations are far from the only threat to privacy on the Internet. The growth of the social web has demonstrated that information sharing inherent in the management of online relationships through social media present their own privacy challenges. As billions of individuals participate in social media, the vast amount of information disclosed and transferred between individuals-an inherent requirement for social interaction online-poses a new class of privacy threat that should be addressed through design.(fn4)

Addressing the vexing privacy problems of the social web is a challenging task. Few can agree on a conceptualization of privacy,(fn5) much less how to protect privacy in our social interactions by design.(fn6) There are a number of practical reasons why privacy by design has avoided the social side of the user interface. The translation of regulation to implementation is a complex process and may be more efficient when applied to formal technologies (e.g., databases, protocols).(fn7) Additionally, there is little guidance regarding how designers should approach the implementation of privacy by design in a contextually variant, interactional space. Many substantive protections entailed in privacy by design are effectuated on the "back end" of technologies, such as data security through encryption, data minimization techniques, anonymity, and structural protection though organizational prioritization of privacy.(fn8) However, the design of social technologies must consider "front end" privacy concerns such as privacy settings, search visibility, password protections, and the ability to use pseudonyms.(fn9)

The answer to these challenges might lie in refining the goal for the design of social technologies. The current goal of design solutions is "privacy," which is too broad and opaque to provide meaningful guidance in designing social technologies. Indeed, one conceptualization of privacy, secrecy, can be seen as antithetical to the notion of social interaction. This Article recommends looking to the related concept of obscurity. Empirical evidence demonstrates that Internet users aim to produce and rely upon obscurity to protect their social interaction online.(fn10) The concept of online "obscurity," defined here as a context in which information is relatively difficult to find or understand, is a much more defined and attainable goal for social technology designers. Obscurity is more flexible than some conceptualizations of privacy and also more feasible to implement. Moreover, obscurity involves more than prohibitions on conduct; internet users can actively produce obscurity themselves.

The main thesis of this Article is that obscurity is an optimal protection for social interaction online and, as such, is a useful concept and design pattern when addressing front-end (i.e., user-facing) privacy concerns. Therefore, the purpose of this Article is to introduce and develop the concept of "obscurity by design" as a model for design-based privacy solutions in social technologies. In doing so, we provide organizations who wish to embrace privacy-protective design principles with a useful set of tools for approaching these interactional privacy concerns.

Part I of this Article reviews the broader concept of privacy by design, including its strengths, the challenges to its implementation, and its missed opportunity in failing to account for the front-end design of social technologies. Part II sets forth our conceptualization of obscurity, including the four major factors of online obscurity: (1) search visibility, (2) unprotected access, (3) identification, and (4) clarity. This Article proposes that the four factors of online obscurity constitute a set of principles that designers should consider when building privacy into social technologies. Finally, Part III proposes a model to implement obscurity by design. This model suggests that obscurity by design can be effectuated through a combination of technologies, policies, and behavioral interventions.

I. PRIVACY BY DESIGN MUST BE CLARIFIED TO APPLY TO THE USER INTERFACE OF SOCIAL MEDIA

In recent years, consumer technologies have embraced the broad collection and storage of personal information. Behavioral advertising, consumer forecasting, and geolocational systems have pushed-and created new-boundaries for the collection of data about users.(fn11) While many industries argue that increased data will lead to better products and predictions,(fn12) the collection and storage of this data potentially opens consumers and companies to novel risk.

Early approaches to protect the information and privacy rights of consumers were to punish violators by utilizing torts, statutes, and regulations to levy fines and injunctions.(fn13) These "reactive"...