Transparency, Privacy & Confidentiality

All governments and organization use a mix of transparency, privacy, and confidentiality so knowing these terms is required.

About This Post (Full Transparency)

This post is designed to use an analogy to assist anyone with understanding the differences between Transparency, Privacy, and Confidentiality. The intention is not to engage in a deep dive. Explicit and specific rules, laws, concerns, snd worries will not be analyzed. (Such as how telecommunications providers are legally required to assist government personnel eavesdrop on citizens when warrants that are never publicly released are issued. Or how telecommunications providers can send kill signals are conduct man-in-the-middle attacks on popular VPN provider software). This post is an overview of transparency, privacy, and confidentiality.

The Analogy

Imagine the data in your computer, smartphone, or tablet is actually boxes of paper in your house. You need to move those boxes (data) to other places (such as an email recipient or you favorite social media site). To move the boxes the recipient has hired a moving company (the protocols used to move data ex. Https and ssh) and movers (the software running on the device). The movers come into your home to collect and load the data into the trucks and ensure it is routed and delivered.

Transparency

Transparency is knowing what happens to your boxes. In this case it would include what the movers do with your boxes. What happens to your boxes when they are being transported. As well as what happens at each stop the truck makes. Some things that should be made transparent for each of the three stages may include (but should not be limited to):

Transparency Considerations

• has anyone made duplicates of any portion of your boxes (duplicated your data)
• has anyone other than the workers had accesses your boxes
• has any portion of your boxes split up and placed on multiple trucks to multiple destinations
• has anyone inspected and searched the outside of the boxes
• where are your boxes being stored and who has access to the storage
• how long will your boxes be stored and will they change storage locations or storage conditions
• have any boxes in storage been duplicated
• are the boxes in storage only being stored or are they being used to develop, test, train, enhance, and/or synthesize new projects (such as artificial intelligence)

Transparency is all about knowing the journey your boxes take. From start to finish you should have insights into where your boxes go, how they get there, if they are duplicated or inspected, and how they are managed, stored, and discarded. Privacy is about verifying legitimate access to your boxes.

Privacy

If we continue our analogy into describing privacy we must now consider the contents of the boxes. Privacy is all about the contents of the boxes. Let’s pretend the boxes have our most private of things. There is no guarantee that the contents of the boxes will remain private because privacy is dependent on trust. We must trust the workers, the roads (routes), geography (networks), and recipients to maintain the privacy of the contents of our data. Privacy deals with many of the following questions and there are many more that may be applicable:

Privacy Consideration

• Can trust the workers
• do the workers inspect the contents of the boxes or to they just move the boxes
• do the workers copy any of the contents
• do the workers take contents out of any box
• do the workers send any of the contents of any of the boxes get sent anywhere other than the designated recipient
• how do the workers protect the contents of the boxes
• does the contents of the boxes get accesses on any of the roads (routes) taken
• does the road (route) taken enable or require the contents to be inspected
• do the roads require, permit, or authorize the contents to be copied with the copies being delivered somewhere other than the designated recipient
• do the roads permit or enable the theft of the contents
• does the geography (physical and logical networks ex. Telecom provider, extranet, internet) permit unauthorized access to the contents of the boxes
• does the geography permit undisclosed access or duplication of the contents of you boxes
• does the geography permit or enable theft of the contents
• how does the recipient verify if the contents have been accessed prior to arrival
• how does the recipient restrict access to the contents of deliveries until it can be accessed by appropriate personnel
• how does the recipient verify only appropriate personnel are accessing the contents
• how does the recipient ensure personnel aren’t accessing the contents for fun, to stalk you, to blackmail or extort you, or to embarrass you
• how does the recipient ensure personnel are not taking photos and/or stealing the contents
• does the recipient make copies snd share the contents to advertisers, partners, or anyone else
• does the recipient provide access to advertisers, partners, or anyone else
• how does the recipient ensure no unauthorized person has access to the contents in storage
• how does the recipient ensure no authorized or unauthorized person takes photos, steals, or shares the contents
• how long does the recipient store the boxes
• how does the recipient discard the boxes when they are no longer needed (ex. Do they burn the boxes or toss them on the curb and let the contents spill everywhere)
• do the boxes get moved from one storage place to another, how, how often, and how securely

Confidentiality

Confidentiality is concerned with the boxes that do not belong to you. There are many movers with many moving trucks but only few are moving your boxes at any given time. If the movers and/or moving truck is not dealing directly with your boxes you should have no knowledge of those boxes. You may be familiar with the workers, roads, geography, and recipients but the boxes and contents are a mystery. You should have no access to those boxes because the boxes are protected and not publicly displayed. Any attempt to access any non-publicly accessible box is illegal (malicious hacking) and should not be attempted. You are aware boxes exist on moving trucks driven by movers but they are not your boxes. You do not need to know about others’ boxes so you don’t. This is confidentiality.

Transparency, Privacy, & Confidentiality Conclusions

Transparency is all about knowing how your data is handled and discarded and by whom. Privacy requires trust and pertains to accessing, copying, sharing, and discarding your data. Confidentiality is knowing other people have data and knowing it is none of your business. If you don’t need to know about others’ data you don’t have access to that data. All governments and organization use a mix of transparency, privacy, and confidentiality so knowing these terms is required.