A critical review of 10 years of Privacy Technology

This paper is still being revised. It will eventually appear in the proceedings of the 2010 surveillance studies conference. It can then be cited as follows: George Danezis and Seda Gürses, A critical review of 10 years of Privacy Technology, In the Proceedings of Surveillance Cultures: A Global Surveillance Society?, April 2010, UK. Since 2000 there has been a renewed interest amongst computer scientists in the field of ”privacy technology”. This includes mechanisms for “anonymous” communications, censorship resistance, selective disclosure credentials, as well as privacy in databases all of which are meant to shield the user from some aspects of on-line surveillance. Beyond the lab, some of those systems have been deployed and are widely used today. Yet, the type of surveillance against which privacy technologies are supposed to offer protection is often ill-defined, and widely varying between works: from an individual who wishes “to hide an occasional purchase from his spouse”, to “groups coordinating political dissent under totalitarian regimes”. While privacy is seen as the key unifying theme of these works only one aspect of it is systematically represented, namely ”confidentiality”. Privacy as self-definition, informational selfdetermination or as a public good that needs to be negotiated is often neglected. Further, the increasing omni-presence of surveillance technologies, the informatisation of every day life, as well as active resistance to on-line surveillance are used as justifying departure points for privacy technologies but they have so far not been explored in depth in the privacy research field. In this paper, we explore the development of contemporary privacy technologies, its key results and methodologies. At its heart our argument is that the field of privacy technology was seeded by computer security and cryptography experts that rushed to apply their tools to new problems, yielding mixed results. Additional pressures from different stakeholders to devise technology that will make large IT systems acceptable to the public, has led to further confusion about the goals and methods most appropriate to embed privacy friendly values into computer systems. Using concrete examples, we seek to explain why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises. From the results of the analysis we expect to infer new requirements for future privacy research.