“Encryption works, but you might just delete the data if you are choosing encryption. At some point of time, you have to de-crypt it in order to look into the data. It can be a matter of safety, so presumably it has to be used at some point,” notes a discussant at MediaNama’s roundtable discussion on ‘Exploring User Verification’ on March 23, 2023. The discussion focused on user verification norms in India, the importance of anonymity and effectiveness of verification in protecting individuals from online harm.
While exchanging ideas about how user anonymity can be preserved, experts weighed in on how anonymization of data is not a fool-proof method to protect people’s privacy given the risks of de-anonymization of publicly available data. We have delved deeper into the harms of de-anonymization, here.
The experts noted that there’s need for better technical alternatives for anonymization. Ekta Jafri, Design Mentor at The TechBridge, inquired whether encryption can be a better solution to protect anonymity of users. The privacy expert (quoted above) stated, “Encryption preserves it (data)..in transit, but it’s not the solution to anonymity.”
Watch the full event here:
MediaNama hosted this discussion with support from Meta and Truecaller. The Internet Freedom Foundation, CUTS International, Centre for Internet and Society, and the Centre for Communication Governance at the National Law University, Delhi, were MediaNama’s community partners for this event.
STAY ON TOP OF TECH POLICY: Our daily newsletter with top stories from MediaNama and around the world, delivered to your inbox before 9 AM. Click here to sign up today!
Encryption and anonymity:
Encryption refers to a process of “converting messages, information or data into a form unreadable by anyone except the intended recipient”, essentially a crypted communication accessible only to the sender and receiver. Encryption tools are primarily used to protect “confidentiality and integrity of content” against unauthorized third-party access or manipulation.
Anonymity is using an “invented or assumed name” to communicate anonymously on the internet. Sometimes individuals present their name or identity in a way that it “protects the determination of one’s name or identity” and is not one’s legal identity. In cases where individuals take up an assumed name it can be referred to as pseudo-anonymity, while anonymity can also refer to “taking no name at all”.
As stated by the United Nations Special Rapporteur on Freedom of Expression, both encryption and anonymity, “separately and together” are critical to individual privacy and freedom of speech and expression as they “create a zone of privacy to protect opinion and belief”. This is true especially for journalists, activists and members of marginalized communities, who are vulnerable to surveillance and harassment by state and non-state members.
Is encryption a better method? Jafri pointed out that personal, sensitive data can be encrypted and decrypted when in need by the right parties and it is also easy to share such encrypted data. The above-mentioned speaker, who also emphasized on encryption, was of the view that encryption is different from anonymity, because there is still room for decrypting data by whoever has access to it. Though it adds a layer of protection and all data must be encrypted to some degree, he states that:
“With most of the modern technology it’s quite difficult to stay anonymized, only because of the fact that datasets are available about everywhere you look. There has been no credible method that we have known for successfully anonymizing data, because you’re not the only person who collects it, everyone collects it.”
Techniques for balancing encryption & anonymization:
On the question of alternative techniques for protecting user data in a better way, law and policy consultant Pranesh Prakash mentioned the following:
- Aggregate data: Prakash elaborates on one alternative when it comes to “private data” which is to aggregate it. He explains, “Instead of trying to anonymize it, removing certain attributes from a particular row in a database, in a spread sheet, etc, to aggregate it so that there is no one person that the data refers to any more. So that’s one technique.”
- Differential privacy: He also talks about “differential privacy”, a data-computation technique, which enables one to poison data. “There are techniques of differential privacy, which allow you to create, to enter wrong data…which then poisons the data to a limited extent, and you have a privacy budget. The more you poison the data, the less useful the data is, but also, the harder it is to actually trace the people back to find out enough about people.”
- Holomorphic encryption: This is another technique for computation on encrypted data, mentioned by Prakash. Holomorphic encryption essentially enables safer handling of encrypted data by a third party. It allows “complex mathematical operations to be performed on encrypted data without compromising the encryption”.
- Zero-knowledge proofs: These allow proving/verifying certain kind of information without revealing more information than necessary. For example, verifying one’s age without revealing the full details of their ID card and all the details contained within it, including name and so on.
According to Prakash there are various ideas emerging from the computer science and mathematics field, but none of them are a solution. “It’s a solution when you’re able to present something that works for multiple parties who are in conflict, which is what seems like is the case right now that there are different rights, which are genuinely in conflict, and how do we resolve that conflict and rights?,” he adds.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
- Why India Should Think About Harms Of Deanonymization In Non-Personal Data Governance And Privacy Law
- Do Marginalized Groups Support Online Anonymity? #NAMA
- Why Is A Scammer The Best Fintech Founder In The World? #NAMA
- How Do India’s Growing Verification Mandates Impact Companies And Industries? #NAMA