As our lives become increasingly intertwined in a cyber-physical world, discussions about digital privacy are growing louder and more complicated by the day. The conversation takes place in a variety of public and private organizations and venues globally, but until now it has been mostly framed as a corporate compliance issue. The needs of and interests of individuals have been largely overlooked.
The technologists and policymakers who are engaged in the conversation are normally speaking from very different viewpoints, and with very little shared understanding of one another. That is problematic because the inputs, experiences, and expertise of separate viewpoints are absolutely critical to creating an environment in which the capability exists to enable individuals to privately maintain presence, data, identity, and dignity online.
There are social and public policy implications of creating technology. New code or new inventions can either hurt people or benefit people, depending on how they are conceived, written and applied. On the other hand, policymakers and engineers are naturally enthusiastic about their own ideas and might not initially consider substantial technical, financial or social barriers that could complicate their best intentions. The IEEE Digital Privacy Model shows that many ideas and viewpoints must be considered to create truly robust technical designs and social policies. Before making any real progress to identify and preserve the digital privacy of individuals, we need to bridge the gaps and to enable meaningful back-and-forth discussions between “techno geeks,” “policy wonks,” and other stakeholders with something like a Star Trek “universal translator” function to allow better communication.
The IEEE Digital Privacy Model illustrates the broad, dynamic and sometimes conflicting aspects of digital privacy from a high-level visual perspective. Using the IEEE Digital Privacy Model, businesses, government organizations or other stakeholder entities can systematically map the gaps in their people, processes and technology capabilities to implement solutions that support individuals’ expectations of privacy. The model encourages cross-functional exchange of ideas among environmental influences, while ensuring a common understanding of individuals’ expectations of privacy among all the actors engaged in building a digital privacy ecosystem.
A Broad, High-Level Examination of the Challenge
The IEEE Digital Privacy Model is a comprehensive, 30,000-foot view of the complex influencers on privacy and why is it important to reframe the global digital-privacy discussion from the perspective of individuals.
The model was created by volunteers under the sponsorship of the IEEE Digital Privacy Initiative, which was formed under IEEE Future Directions in January 2022. The initiative focuses on the digital-privacy needs of individuals beyond just the technological issues of the security of data, products and organizations, and works to incorporate a holistic and cross-disciplinary collaboration to address privacy for the benefit of humanity.
On 13 November 2023, the IEEE Digital Privacy Initiative convened with 25 technology and policy professionals at the U.S. Capitol Building in Washington, D.C., for the Reframing Privacy in the Digital World workshop. The event included a diverse roster of scheduled speakers, including Mason C. Clutter, Chief Privacy Officer, U.S. Department of Homeland Security; Chris Irwin, Program Manager, Office of Electricity, U.S. Department of Energy; Nick Napp, co-founder, Xmark Lab; and Sreedhar Rao, Field CTO Telecommunications, Snowflake.
The IEEE Digital Privacy Model Goes to Washington
The Washington, D.C., workshop served to socialize the IEEE Digital Privacy Model firsthand among professionals with significant influence on how decisions about digital privacy will be made in the years to come in both the United States and other parts of the world.
The IEEE Digital Privacy Model provides a common starting point to drive privacy solutions that are predicated on individuals. This approach is unique. Until this point, discussions among either policy or technical proponents of digital privacy have rarely been focused on needs and expectations of individuals.
The model depicts six characteristics of individuals that together represent digital privacy:
- Identities
- Behaviors
- Inferences
- Transactions
- Confidentiality and integrity
- Access and observability
The model also identifies seven influences on the actions of various actors to achieve digital privacy and manage individuals’ expectations of privacy:
- Technical
- Regulatory
- Economic
- Legislative
- Legal
- Individual
- Societal and cultural
The goal is to show the synergistic effects of all of the digital privacy expectations and influences that need to work in concert for the benefit of individuals. Because all of the defined areas must be considered as participants, the IEEE Digital Privacy Model does not narrowly focus on any single aspect, or attempt to solve any particular problem within the digital privacy sphere. Furthermore, the IEEE Digital Privacy Initiative volunteers who wrote the model conscientiously tried to make it very broad and applicable across all global regions and industries.
Next Steps Toward Achieving Concrete Progress
The loss of privacy is often rooted in technical breaches where personally identifiable information (PII) or other sensitive information such as industrial data is gathered illegally or unethically and used for something other than its intended purposes. It is very difficult to safeguard digital privacy unless features and functionality have been predesigned into systems across a generally unsecured architecture like the internet.
One thing that the IEEE Digital Privacy Model does not attempt to do is explore, study or discuss the technological solutions to problems that have occurred in digital privacy breaches globally. Indeed, while there may be many different methods to address those issues, this model is intentionally not meant to be prescriptive.
Rather, the important next step is for both technology- and policy-oriented readers of the model to consider its implications that are the most important and relevant within their contexts. For example, what might be the most likely obstructions to achieve the expectations of privacy in a given environment? Which of the model’s documented influences most prominently participate in that environment?
The IEEE Digital Privacy Initiative is undertaking surveys of international subject-matter experts about what people in different regions realistically expect in terms of privacy. It is already clear that there are widely divergent public policies about what should and what should not be private. IEEE Digital Privacy Initiative volunteers are also continuing to solicit feedback on the model itself, and planning to develop next-level details to help companies operationalize digital privacy for individuals. As the first line of the document states, “The IEEE Digital Privacy Model is a work in progress …”
Digital privacy is a topic of increasing scrutiny across global political, geographic and technological boundaries. The IEEE Digital Privacy Model has been designed to fuel a more informed, individual-centric conversation. The model is an intentionally generic, high-level, easy-to-understand visual representation that is easily downloadable in several languages and portable for any venue. To learn more about how you can engage in the work of the IEEE Digital Privacy Initiative and/or to keep apprised of future events such as the Reframing Privacy in the Digital World workshop, please visit https://digitalprivacy.ieee.org.
Kent Lambert is an IEEE Digital Privacy Initiative volunteer. He was elected to serve in the Colorado House of Representatives January 2007-January 2011 and Colorado Senate January 2011-2019. He is chief operating officer of BlockFrame Inc. and a retired U.S. Air Force colonel.
