Privacy vs. Security vs. Anonymity
posted by Sasha Romanosky
When I first began my PhD, I was keen to properly sort and define any new terms and reconcile them with my own education and experience. Three terms that always seemed to be intermingled were: Privacy, Security and Anonymity. Certainly they are related, but I wanted to be a little more specific and understand exactly when and how they overlapped.
First, let’s establish some basic definitions. For the purpose of this blog post, the following definitions will suffice (I’ll address alternative definitions later):
• Privacy: having control over one’s personal information or actions
• Security: freedom from risk or danger
• Anonymity: being unidentifiable in one’s actions
Next, create a Venn diagram with three overlapping circles (each circle representing one term). Then, within each area, try to provide examples that reflecte those properties. That is, imagine some situation where you would have security without privacy, or security without anonymity. When can you have all three? When can you be anonymous but lack privacy?
This may not be as easy as it seems. Certainly it helps once the definitions are set, but if nothing else, I think it’s a useful way to separate and identify the essence of these words (at least, as each of us sees them) and the contexts in which they may or may not exist. Before you continue, take a minute, examine the diagram above, and try to think of examples to fit each area.
Here are some of my examples:
Privacy only: Two students whispering to each other in class.
Security only: Pope-mobile (he’s completely protected, but everyone knows him and can see him); Bullet-proof vests.
Anonymity only: Riding the bus during rush-hour (you have little security or privacy but no one knows who you are); Paying with cash.
Privacy and Security
- At home with the shades drawn (neighbors know you live there, though you are protected)
- Paying bills online through your bank (you communicate over an encrypted channel)
Privacy and Anonymity
- Camping in the woods with a tent (there may be no one around to identify you, but the tent’s walls offer little protection from a bear)
- Using Tor from a kiosk and not revealing any personal information
Readers will notice two things. First, I mix physical and digital (online) examples. Indeed, security, privacy and anonymity obviously apply to both physical and online domains. Next, I deliberately left a few areas blank. I welcome examples to fill the voids, or additional/better examples than I have given.
I’ve been involved with a privacy class here at CMU for a number of years and I find that getting students to think through this process is very helpful – especially those who are new to privacy and data security. Rather than having them recite the different kinds of privacy intrusions or definitions back to me, this exercise helps them internalize each term.
Here’s the next challenge: likely your definitions of privacy, security and anonymity are different than mine. If you substitute in your own definitions, would the diagram or examples change?
Let me know if they do.