REPHRAIN will address fundamental tensions and imbalances pertaining to protecting citizens online through three over-arching missions. We represent these as high-level dimensions:
Mission 1
Deliver privacy at scale while mitigating its misuse to inflict harms
REPHRAIN will reconcile the tension between data privacy and lawful expectations of transparency by drawing heavily on advances in privacy-enhancing technologies (PETs) but also leveraging the full range of socio-technical instruments to rethink how to best address the trade-offs. These include citizens’ evolving views, attitudes, and behaviours towards information disclosure online; a rapidly evolving technological, legal, and regulatory landscape; and potential misuse of privacy technologies to inflict harms.
Mission 1 co-leads: Adam Joinson, Tariq Elahi
New socio-technical capacities via PETs and beyond
PETs are not a panacea for addressing online harms, especially given their potential abuse to inflict harms. REPHRAIN will develop a broader set of socio-technical capabilities – combining advances in PETs with new privacy awareness tools/approaches and legitimate policy/law enforcement actions to disrupt mal-actors – that address existing harms, their potential evolution and new/emergent harms from future digital innovations.
Addressing fragmentation of online harm reduction approaches
Common building blocks to underpin multiple use-cases are lacking, e.g., techniques to analyse linguistic indicators of harm for use across cyberbullying, grooming, fraud; privacy-preserving information storage or telemetry for use in a range of social media platforms. REPHRAIN will develop such new shared resources to deliver a step change in development and adoption of online harm reduction mechanisms.
Mitigating the abuse of PETs
PETs are often used in sensitive environments by at-risk individuals (and hence a target of attacks). They may also be misused by criminals to hide their activities while inflicting online harms. REPHRAIN will develop new privacy-preserving monitoring and analysis approaches that not only account for vectors of attack and misuse at a technical level but also incorporate investigative, legal and regulatory dimensions to mitigate abuse.
Mission 2
Minimise harms while maximising benefits from a sharing-driven digital economy
REPHRAIN will redress citizens’ rights in transactions in the data-driven economic model by transforming the narrative from privacy as confidentiality only to also include agency, control, transparency, and ethical and social values. This will enable a more sophisticated assessment of data use (and potential misuse) leading to new types of PETs and mechanisms to build these into the infrastructure for seamless integration of privacy and harm reduction measures into applications (similar to developer-centred security).
Mission 2 co-leads: Steven Murdoch, José Such
Novel tools and solutions for more transparent and self-explainable data ecosystems
While confidentiality is important to achieve privacy, it is not enough – privacy is also context-dependent and a known boundary regulation and informational self-determination mechanism. REPHRAIN will develop new approaches that provide evidence of ethical/responsible use of technologies, the data they create, and costs/benefits of new privacy-preservation techniques for both citizens and businesses.
Embedding Privacy (through PETs) into infrastructures
PETs solutions are often bespoke; implementation in other use cases is difficult to orchestrate. Furthermore, developers of applications that could benefit from PETs often lack privacy know-how or technical skills in PETs. REPHRAIN will develop approaches to introduce PETs at the infrastructure level—making it easier for developers to [5,6] incorporate PETs functionality in a way that is both appropriate and friction-free.
New PETs and (re)setting expectations of existing ones
PETs are often deployed reactively (in response to emergent privacy threats) and their capabilities and limitations are hard to explain to lay persons and experts alike. REPHRAIN will develop sound and scalable approaches that enable new applications (e.g., information sharing in a crisis) and empirically-grounded evidence on the real capabilities/limitations of (new and existing) PETs. This, in turn, will lead to new evaluation standards, fostering PETs’ adoption into domains with strong regulatory privacy requirements.
Mission 3
Balance individual agency vs. social good
REPHRAIN will develop a rigorous understanding of what privacy represents for different groups in society (including those hard to reach), the different online harms to which they may be exposed, the cultural and societal nuances impacting effectiveness of harm-reduction approaches and contexts in which harm reduction in one group may open up potential harms for another. This will lead to novel socio-technical (including legal/regulatory/investigatory) solutions that not only empower individuals to protect their privacy but also work in tandem with a culture of shared responsibility for online safety.
Mission 3 co-leads: Mark Coté, Emiliano De Cristofaro
Understanding online harms at a micro (individual) and macro (community/society) level
Online harms may differentially impact diverse societal groups, including both the range and extent of potential impacts. REPHRAIN will develop an empirical understanding of individuals/groups most vulnerable to particular online harms, the extent and circumstances driving this vulnerability, and the likely challenges faced in any targeted or generic interventions and mitigations.
Supporting citizens in understanding / managing the value / threats / opportunities of their data
It is difficult, nigh impossible, for citizens to make sense of what data is held/shared about them across platforms and its potential for exploitation. REPHRAIN will develop new approaches to improve user agency to remain safe online, e.g., privacy & harm awareness programmes, privacy awareness & management tools, and PETs for specific contexts (e.g., to give effect to key GDPR provisions).
Technologies & interventions to disrupt mal-actors
REPHRAIN will develop dedicated threat models and best practice guidelines for industry actors and other stakeholders to anticipate harms and adverse outcomes when designing digital systems. This will be complemented by new approaches to remove ‘front-line’ criminals from online services and platforms and identifying & disrupting the supply chains enabling criminal enterprise (e.g., financial processing, criminal infrastructure).