Are Infrastructural Solutions to The Analog Keyhole Problem Worth the Cost?

By David Sidi and Laura Brandimarte

Abstract: 

In this paper we identify the analog keyhole problem, which is a combination of
two subproblems: (1) for nearly all applications, information cannot be secured
with encryption at display time, since the decryption operations required by
cryptosystems cannot be performed mentally with the necessary speed and
accuracy; and (2) perceptually-capable devices exist that are capable of automatic
interception and interpretation of information presented at display time; these
exist in a wide variety of environments.

One way to at least partially address the analog keyhole problem without
cryptographically-secured display is to add an infrastructure designed to
notify users of their observability by perceptually-capable devices. In effect,
this allows the users themselves to physically secure the display of their 
information—for example, by covering their phone while unlocking it, or by not 
unlocking it at all when observable.

For service providers the trade-off for the cost of adding such privacy
infrastructure to a perceptually-capable system is partly a matter of the
extent to which the infrastructure limits the risk associated with sensitive
data collected incidentally. We present a study here that is intended to
provide evidence about that trade-off. We created a privacy infrastructure to
inform participants of when they are observable by a surveillance camera. We
compared unlock behavior across three groups: a group notified using textual
notice, a group notified using “visceral” notice, and a control group that is
not notified at all.