What can remote working by psychoanalysts teach us about protecting privacy?
Working from home has become the norm for millions, perhaps billions, of people around the world. This huge shift in how people spend most of their waking hours naturally brings with it an equally major shift in privacy problems. Some of these were discussed on this blog a year ago, when the videoconferencing tool Zoom became a central feature of working from home. Back then, its security left much to be desired, although things seem to be better now, not least because people and companies made it clear that privacy was not optional.
One group for whom security and privacy are absolutely key are medical practitioners. Patient confidentiality is crucial, and that means the new privacy challenges of remote working have to be dealt with. For this reason, the International Psychoanalytical Association (IPA) asked Ross Anderson, Professor of Security Engineering at the University of Cambridge, and a well-known expert on privacy issues, to write a report reviewing IPA policies for remote working by psychoanalysts. Given the psychoanalysts’ stringent requirements for confidentiality, the report’s comments and recommendations offer useful advice for everyone who is working at home and wishes to protect their privacy as much as possible. For example, the following is a central issue:
Most attacks will involve compromise of either the patient’s privacy or the therapist’s rather than of the communications between them, and many compromises will not be technical. A child psychologist said her most frequent privacy concern was often whether a parent, step-parent or other adult was in earshot, or even in the room out of view of the camera. A surgeon noted that he had twice done phone appointments with patients who took an expected call in rather unexpected places: one in the supermarket, and the other while driving in their car. A GP noted that consultations often stray unexpectedly into psychological territory, and when the consultation is remote the clinician must be much more guarded if others may be present.
Anderson points out that the most extreme threats to confidentiality with remote working come from people closest to the patient. Domestic abuse is sadly common and poses particular threats to privacy, as a previous blog post on Privacy News Online explained. In particular, if an abuser knows a person’s passwords, and password recovery question, then the ability to authenticate people is lost. If an abuser has control over a digital device, and can install stalkerware on it, either by force or fraud, the situation is even worse.
Confidentiality may also be compromised at the psychoanalyst’s end. There is a particular difficulty with keeping sensitive records, which may be stored on a system controlled by someone else – for example, hospitals or insurers. The only way to maximise the privacy of patients is for therapists to ensure that they are the only ones with direct access to their notes. Anderson emphasizes that it is very hard to use clinical material for research purposes without infringing on a patient’s privacy. In particular, anonymization is hard to impossible, because of the richness of the clinical data. This makes it much easier to re-identify someone from supposedly anonymized information. One of the most general pieces of advice offered by Anderson is the following:
The one recommendation in the [IPA’s] Interim Guidance to which most security engineers would probably object is the advice to change passwords regularly. It has been known for many years that password aging policies tend to lead to weak passwords, such as ‘kevin06’ for June, ‘kevin07’ for July and so on. Unfortunately, in 2003 the US National Institute of Standards and Technology issued a standard calling for password aging, which the Big Four accountancy firms then tried to impose on their audit clients worldwide. Following substantial pushback from the security usability community, NIST recanted. It retracted its wrong advice in 2017, but the Big Four are still catching up.
Anderson also has some thoughts on the use of anti-virus software. He says this is relevant for therapists and patients running Microsoft Windows, but less necessary for smartphones, tablets and Macs (and presumably for systems based on GNU/Linux). Instead, he emphasizes the importance of keeping software fully updated: he goes so far as to say that “even for Windows laptops this is more important than running antivirus software”.
There is a major debate underway as to what extent working from home should be the norm, or at least an option. Some argue that it provides much-needed flexibility for people to balance work and family life. Others cite the lack of direct human contact, and the exhausting nature of dealing with people virtually, not least because of “Zoom fatigue“. Whatever the outcome of that debate, which is likely to rage for some time, and lead to different conclusions in different parts of the world, it’s important to ensure that the lessons of widespread working from home are understood and retained. That’s particularly the case for privacy. When videoconferencing is used casually, as was the norm until recently, little thought is given to security and privacy. Now that people are aware of the issues, and companies have started to come up with solutions to help bolster security during calls, these insights must be retained. If we can all upgrade our online working to the level of doctor-patient interactions recommended in Anderson’s report, that will be a real win for privacy.
Featured image by Wellcome Images.