Privacy-Preserving Data Governance

Last updated: August 2023

A collaboration with Lips.social 

Overview

How can cryptographic techniques, such as zero-knowledge (ZK), multi-party computation (MPC), and fully homomorphic encryption (FHE) enable new structures for community privacy, agency, and consent? 

Emerging models for collective data governance, including data trusts, data coops, data coalitions, and data commons, create opportunities for new forms and paradigms for stewardship and agency over data use and access; progress in cryptographic techniques, including zero-knowledge proofs, multi-party computations, and fully homomorphic encryption, enable new models for community privacy. What kind of ecosystems can we build that integrate these frameworks, especially in service of underserved communities, such as QTBIPOC, sex workers, labor unions, journalists, populations under military regime, and more?

This project focuses on researching and prototyping models for digital stewardship and collective consent—in particular, on interfaces for data consent as well as cryptography-enabled frameworks for privacy-preserving data governance

Project Outline

The main deliverables for this project include:

  1. Facilitating community co-design sessions 

  2. Publishing an ecosystem map 

  3. Design prototyping: interfaces for data consent

  4. Technical prototyping: privacy-preserving data collectives 

  5. Identifying partners and co-launching a pilot program

  6. Whitepaper, blog posts, publications, zines, and community workshops along the way 

Community Research and Co-Design

Community research begins with a co-facilitated series of community interviews to understand the needs, wants, challenges, priorities, and opportunities for vulnerable populations around data consent, usage, access, collection, and stewardship. These co-design sessions serve as opportunities for deep listening, and frame this process as relationship- and trust-building as well, to set a strong foundation for longer-term relational work and partnership. 

The community most of interest in building with in this work are sex workers, especially from queer, trans, and BIPOC communities. Other domains of interest include community members seeking transgender or gender-affirming care, as well as those seeking or advocating for abortion access, bodily autonomy, and reproductive health. These communities are often some of the most vulnerable and most in need of privacy protections around health and safety, facing institutional barriers and legislative attacks, such as SESTA/FOSTA, abortion bans, and a growing wave of anti-transgender bills across the country, further restricting the access and agency of those already marginalized.  

Ecosystem Mapping

The learnings from community co-design sessions will guide the processes of mapping out the existing ecosystem of privacy, cryptography, and data tools currently available and identifying clear opportunities for further work in the development of the privacy-preserving ecosystem. 

Even when technical frameworks exist, they may not be adopted or integrated in our communities in an accessible way. For example, while end-to-end encrypted messaging has existed for decades, it’s relatively recent that this technology is being incorporated in mainstream messaging systems, such as Signal Messenger. Emerging privacy-enhancing technologies (PETs) in development today will also benefit from working and designing with directly impacted communities, creating technology tools that are accessible to those who need them most. 

Prototyping and Iteration

The community co-designs and ecosystem map will then guide the process of building prototypes, gathering feedback, and iterating. The process begins with building out interfaces for data consent, leading into and informing a technical prototype, then a working proof-of-concept, ideally in collaboration, or at least in community, with fellow designers, engineers, and community members. 

This work will be developed in public, open-sourcing the work along the way and documenting the technology, tools, and processes to be accessible and understandable to the public. 

Pilot Program

After a few rounds of iteration and feedback, the project will lead into the development of a pilot program, working with one or multiple communities to assess if the prototypes for privacy-preserving data governance are sustainable, accessible, usable, and useful. 

The details of the pilot will likely take shape given the learnings along the way, informed by community research, participatory design, public workshops and discourse, and community feedback. 

Publishing Research and Writing

Throughout the entire process, lessons and learnings will be documented and shared along the way, in the form of writing and publishing blog posts, research papers, reports, and/or whitepapers. 

A part of this project may involve co-creating a publication on the intersections of the solidarity economy, sex work, cooperatives, privacy, collective care, and community organizing, inviting and compensating contributors from a variety of backgrounds and distributing this publication widely, physically and digitally. Additionally, it may involve co-creating a small educational zine series on privacy tools, privacy for sex workers, the solidarity economy, and sex work, for easy access and distribution. 

A priority of this project will be to distribute knowledge and get feedback in ways that can feel accessible to the public, such as through community workshops, zines, and other forms of public discussion. Community engagement with this work is a priority, both in presenting work, and, more importantly, receiving and incorporating feedback to better create privacy tools that work for all. 

Collaborative Processes and Participatory Design

An existing collaborator is Val Elefante at Lips.social, a social media platform by and for sex workers that hosts media and data such as images, videos, and text—sensitive data that could benefit from both privacy protections as well as collective stewardship and governance around data consent, collection, access, and use. A huge benefit of this collaboration is having a community of practice for this work, where research is more than theoretical and can be directly applied in collaboration with queer sex workers we are in community with. 

This project will also involve further collaboration and consulting with a wider network of sex workers, privacy researchers, solidarity economy and mutual aid groups, queer and QTBIPOC collectives, and transgender and reproductive healthcare advocates. For sex worker solidarity, communities to collaborate with of interest include: Hacking/Husting, Decoding Stigma, SWOP Behind Bars, PeepMe, Hot Bits, Aorta Films, Mondo Fetiche, Sex Tech Party, Red Canary Song, and the Red Umbrella Project. With respect to data privacy around transgender healthcare and abortion access, organizations that come to mind include: Fight for the Future, Techies for Reproductive Justice, Planned Parenthood, and the ACLU. 

This work is inherently collaborative, and privacy tools and frameworks exist within a larger holistic ecosystem. 

Considerations

An important consideration with this project is making sure it can actually serve vulnerable populations, rather than becoming another instance of tech solutionism. Some self-awareness of the limitations of technology is essential: at what point can technical tools for privacy and cryptography help vulnerable communities, and at what point are the remaining challenges outside the scope of technology? What cultural, social, legal, and other infrastructural barriers exist, and how can they be addressed in tandem? These are questions ideally explored with the guidance of the community co-design and community research sessions. 

The hope is to collaboratively build a holistic ecosystem, with consideration to social, cultural, legal, and technical infrastructure, around privacy-preserving data governance.