The Five Days of Privacy -- Day 1: In Person

The first of five posts on accessible, achievable steps we can all take to regain control of our privacy.

December 12, 2016
Bill Fitzgerald Director, Privacy Initiative

CATEGORIES Privacy Evaluation Initiative

Conversations about privacy and security often focus on technology and give scant attention to the human, non-technological factors that affect personal privacy. This post is the initial installment of a series of five posts that will cover a range of concrete steps we can all take to regain control over what, when, and with whom we share. Some of the things we discuss will involve technology, and some of them won't. The majority of the suggestions we make involve tools or practices that are freely available. The vast majority of things we suggest are also designed to be accessible without a large amount of technical knowledge. The steps we outline here are intended as a solid starting point, and not a comprehensive solution, but with that said, the steps we define here minimize or eliminate many common issues.

And without further ado, it's time to usher in the Five Days of Privacy!

Assessing Risk

When we think about protecting our privacy, we generally start with these questions:

  • What are you trying to keep private?
  • From whom are you trying to keep it private?
  • What are the consequences if the protections fail?
  • Do the consequences change or shift over time (short-, medium-, long-term)?

These factors can help determine our priorities: What information is most important to protect? Why? How much effort should be put into protecting something?

The answers to these questions will vary widely based on personal circumstances. By making some explicit decisions about what we want to protect and how much effort we're willing to spend protecting it, we can come up with a plan and a strategy that are realistic for us and tailored to our individual needs.

Using these questions to structure our decisions should also take into account how easy or hard something is to do. In the conversations below, we will highlight how easy or hard some changes are to make.

In Person/Face-to-Face

There are a range of ways people can access information if they're physically close to you. In this section, we will highlight ways to minimize the risk of people seeing information they don't need to see.

At the outset, I want to highlight that going into a public space means you will be caught up in some form of observation. This can be as benign and accidental as being in the background of someone's photo in a public place, or it could be as focused as having your license plate scanned as part of passive data collection by law enforcement. It's also worth remembering that many public places (most stores, malls, supermarkets, gas stations, Walmart, and the like) are covered by closed-circuit television cameras.

One of the most common ways that people can get information about you is by watching your screen as you work. This hallmark of the perpetually nosy -- also known as "shoulder surfing" -- can range from simply annoying to potentially dangerous, depending on what you're doing. It's not difficult to imagine web searches where we wouldn't want some stranger, sibling, uncle, or other person reading over our shoulder.

Fortunately, a privacy screen will block shoulder surfing. For other people who work in public spaces -- from coffee shops to offices and libraries -- the following steps can minimize your risk:

  • If you're working and you leave your computer, lock your screen with your password or power it down. If you leave a computer when you're still logged in, anyone can sit down and access your computer and use all the information it has.
  • Encrypt your hard drive on your computer. If your computer is lost or stolen, having an encrypted hard drive will prevent unauthorized access to any information on it. It's worth noting that encrypting your hard drive will not mean much if you have a weak password for your login.
  • Encrypt your phone or tablet. If you're using a newer iPhone or iPad, then your device is likely already encrypted by default. Most newer Android phones support encryption. Encrypting your phone or tablet prevents access to information stored on the device in case of loss or theft. It's worth noting that encrypting your phone will not mean much if you use fingerprint unlock or a weak password.
  • Be careful with using external storage such as USB flash drives.
  • Use a password manager. At first blush, this doesn't seem to make a lot of sense for inclusion in a section on potential risks from someone being in the same physical space as you, but using password managers solves one common problem: writing usernames and passwords on paper where they can be read, photographed, or used by unauthorized people. (Fact: I have seen usernames and passwords written on a whiteboard get included in promotional videos.) Password managers are covered in more detail later in this blog series.

There are other steps you can take to minimize risks that arise from physical access, but using a privacy screen, encrypting devices, not leaving devices logged in while they're unattended, and being careful with external storage devices can eliminate many common issues. Privacy screens cost between $15 and $60, and the other options discussed today are free. As we stated at the outset, eliminating all risk is impossible, but these steps can reduce risks to which we're all commonly exposed.

Wednesday, on the second day of Five Days of Privacy, we will look at tips and tricks for evading trackers when you're online. As a side benefit, these tips also help us break through the confines of our filter bubbles. See you then!


Share your thoughts