An interesting new research paper about privacy threats in intimate relationships.

From the abstract:

This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these relationships, and many otherwise effective protective measures fail when applied to intimate threats. Those closest to us know the answers to our secret questions, have access to our devices, and can exercise coercive power over us. We survey a range of intimate relationships and describe their common features. Based on these features, we explore implications for both technical privacy design and policy, and offer design recommendations for ameliorating intimate privacy risks.

Privacy threats in intimate relationships by Karen Levy and Bruce Schneier

Some key points from the paper:

  • they disproportionally impact society’s most vulnerable and least powerful people, often including women, children, the elderly, and the physically or cognitively impaired
  • Attackers may have multiple motivations— including beneficent ones—often tied to emotion
  • Because they share physical space and access to devices, it defeats a lot of “normal” security mechanisms intended to defend against unauthorised access
  • The attackers may know a lot about their victim

This can lead to some implications for designing secure systems:

  • Recognise the importance of privacy relative to the purpose of the system. The example provided is of an app to coach teen drivers which doesn’t share exact GPS locations, but rather, broader location information only – and to limit it to 100 hours (enough, for example, a teen to learn to drive without it)
  • Consider accidental leakage of data (eg, notifications on lock screens)
  • Be careful of default settings
  • Recognise that privacy preferences can change (eg, relationship endings)