In Brief: Last Thursday In Privacy, Virtual Conference

Highlights from PrivSec's virtual identity event

As lockdown continues in countries around the world, many digital identity events are choosing to go virtual. And with lots of people confined to their homes, there’s never been a better time to take the conversation online.

Last week - on Thursday 30 April - PrivSec hosted the first of a new series of virtual conferences, entitled: Last Thursday In Privacy (LTIP). The event brought together 58 speakers and over 3,500 delegates from more than 102 countries around the world, and featured sessions from the European Data Protection Supervisor, BBC News, the Canadian Civil Liberties Association, and many more.

If you were unable to make the event or just want a refresher, we’ve put together a quickfire summary of our highlights from the day.

COVID-19 and the threat to privacy

The multi-faceted impact of the COIVD-19 pandemic on digital identity was the primary point of discussion during the event. Given the impending introduction of potentially invasive technologies - such as contact-tracing apps, immunity certificates, and symptom trackers - the balance between public health and privacy was repeatedly questioned.

James Kingston, Deputy Director at HatLab, highlighted the risk of introducing extreme measures during a crisis without a clear plan of how to remove them. The point was echoed by Fortanix Security Architect, Dr. Richard Searle, who noted the importance of looking ahead when considering current interventions: “It’s the unforeseen consequences of contact tracing that we need to be wary of,” he said; “...the downstream consequences that we don’t know about and we can’t foresee.”

Guy Cohen, Head of Policy at Privitar, contended that the privacy risks inherent in COVID-19 technologies must be balanced against the notion of ‘public good’:

“Privacy is a human right, and an incredibly important one. But it’s not an absolute right. It’s balanced against other rights and public goods. And I think public health is clearly a very important public good that will warrant some reduction in privacy - some impact on privacy. But that needs to be proportionate, necessary and strictly limited.”

Cohen went on to observe: “I think there’s another element to this. It isn’t just that balancing between the public good of the potential impact of the app and the potential privacy risk of it, it’s also the need for public trust.”

Without high levels of adoption, contact-tracing apps are destined to fail, and generating the requisite public will is likely to be a challenge. Data from Singapore - a country with relatively high levels of public trust in government - suggests that the primary contact-tracing app was only adopted by 20% of the population. In many countries around the world, adoption figures are likely to be far lower.

But Cohen was careful to point out that there are steps that can be taken to enhance public trust and, by extension, technology adoption:

“It’s really important that people trust this app,” Cohen said, “and I think the key to that is transparency - making sure people understand what the benefit is, how it will work, and exactly what is going on.”

Trust, oversight, and transparency - these ideas were central to the discussion around COVID-19 technologies. A number of speakers echoed the importance of pragmatism and proactiveness on the part of the identity community, with James Kingston commenting: “There are all sorts of new technologies that can be used and all sorts of governance systems, that means we needn’t sleepwalk into a privacy disaster.”