W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2010

Re: anonymous or no?

From: Wendy Seltzer <wendy@seltzer.com>
Date: Fri, 13 Aug 2010 15:23:18 -0400
Message-ID: <4C659BA6.4050805@seltzer.com>
To: public-privacy@w3.org
On 08/13/2010 03:07 PM, Richard Barnes wrote:
> David,
> 
> In principle, I think you're exactly right that re-identification can
> be a big problem, especially with the rich data sets that many
> organizations are collecting nowadays.  (Our position paper [1]
> touches on this issue briefly, in a slightly different context.)
> 
> As I understand it, however, (and I'm certainly not an expert) the
> challenge for making/implementing policy with regard to
> re-identification is that the mathematics are a little subtle and very
> dependent on they types of data and the underlying population
> distributions.  There's a fairly large body of work on how to do
> anonymization in specific domains (e.g., the techniques applied at the
> Census Bureau [2]), but I'm not aware of a general enough methodology
> to cover the diversity of data collected by entities in the Web.
> (Again, not an expert!)

Paul Ohm has been doing some work on re-identificaiton from the legal /
policy side.  He suggests that those who hold "bottleneck" data that
pose particular risks of use in re-identification should be held
responsible for those risks.
<http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006> (the policy
recommendations may be in a newer version than is on SSRN).

--Wendy

-- 
Wendy Seltzer -- wendy@seltzer.org
phone: +1.914.374.0613
Fellow, Silicon Flatirons Center at University of Colorado Law School
Fellow, Berkman Center for Internet & Society at Harvard University
http://cyber.law.harvard.edu/seltzer.html
http://www.chillingeffects.org/
https://www.torproject.org/
Received on Friday, 13 August 2010 21:40:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:51 UTC