Obscurity by Design
Hartzog, Woodrow, Stutzman, Frederic, Washington Law Review
Abstract: Design-based solutions to confront technological privacy threats are becoming popular with regulators. However, these promising solutions have leftthe full potential of design untapped. With respect to online communication technologies, design-based solutions for privacy remain incomplete because they have yet to successfully address the trickiest aspect of the Internet-social interaction. This Article posits that privacy-protection strategies such as "Privacy by Design" face unique challenges with regard to social software and social technology due to their interactional nature.
This Article proposes that design-based solutions for social technologies benefit from increased attention to user interaction, with a focus on the principles of "obscurity" rather than the expansive and vague concept of "privacy." The main thesis of this Article is that obscurity is the optimal protection for most online social interactions and, as such, is a natural locus for design-based privacy solutions for social technologies. To that end, this Article develops a model of "obscurity by design" as a means to address the privacy problems inherent in social technologies and the Internet.
Privacy by design, that is, "the philosophy and approach of embedding privacy into the design specifications of various technologies," promises to alter the law's largely reactive approach to privacy threats.1 Government and industry are gradually embracing privacy by design and other design-based strategies to protect Internet users.2 To ensure wide applicability, the Privacy by Design approach offers little domain-specific guidance. However, with the growth of the Internet and social technologies, designing usable and effective privacy for technologically mediated social interaction (such as the interaction afforded by social media) is an urgent challenge, one deserving of investigation.
Over the past forty years, regulators and technologists have expended significant effort managing the privacy risk inherent in the collection and storage of personal information.3 In the era of social media and behavioral tracking, the vast databases (i.e., "big data") that store personal information pose significant threats, but these databases and their parent organizations are far from the only threat to privacy on the Internet. The growth of the social web has demonstrated that information sharing inherent in the management of online relationships through social media present their own privacy challenges. As billions of individuals participate in social media, the vast amount of information disclosed and transferred between individuals-an inherent requirement for social interaction online-poses a new class of privacy threat that should be addressed through design.4
Addressing the vexing privacy problems of the social web is a challenging task. Few can agree on a conceptualization of privacy,5 much less how to protect privacy in our social interactions by design.6 There are a number of practical reasons why privacy by design has avoided the social side of the user interface. The translation of regulation to implementation is a complex process and may be more efficient when applied to formal technologies (e.g., databases, protocols).7 Additionally, there is little guidance regarding how designers should approach the implementation of privacy by design in a contextually variant, interactional space. Many substantive protections entailed in privacy by design are effectuated on the "back end" of technologies, such as data security through encryption, data minimization techniques, anonymity, and structural protection though organizational prioritization of privacy.8 However, the design of social technologies must consider "front end" privacy concerns such as privacy settings, search visibility, password protections, and the ability to use pseudonyms.9
The answer to these challenges might lie in refining the goal for the design of social technologies. …