PrivacyGroup Event:2018/05/23 Presentation at SHB
Are Infrastructural Solutions to The Analog Keyhole Problem Worth the Cost?
By David Sidi and Laura Brandimarte
Abstract: In this paper we identify the analog keyhole problem, which is a combination of two subproblems: (1) for nearly all applications, information cannot be secured with encryption at display time, since the decryption operations required by cryptosystems cannot be performed mentally with the necessary speed and accuracy; and (2) perceptually-capable devices exist that are capable of automatic interception and interpretation of information presented at display time; these exist in a wide variety of environments. One way to at least partially address the analog keyhole problem without cryptographically-secured display is to add an infrastructure designed to notify users of their observability by perceptually-capable devices. In effect, this allows the users themselves to physically secure the display of their information—for example, by covering their phone while unlocking it, or by not unlocking it at all when observable. For service providers the trade-off for the cost of adding such privacy infrastructure to a perceptually-capable system is partly a matter of the extent to which the infrastructure limits the risk associated with sensitive data collected incidentally. We present a study here that is intended to provide evidence about that trade-off. We created a privacy infrastructure to inform participants of when they are observable by a surveillance camera. We compared unlock behavior across three groups: a group notified using textual notice, a group notified using “visceral” notice, and a control group that is not notified at all.