Another place I see this kind of a call to arms is in electronic voting.
Both these areas share one major problem: It is hard to convince funding organizations like the NSF to fund this research because it is considered applied research instead of basic research. Applied research should be funded by industry, they say. The way I see the voting people solving this problem is through framing... that is, voting combines anonymity, auditiability, veracity and auditability. It's basically the hardest computer security problem out there.
Is there a similar framing that can be done with privacy research? I think there is and that sensor network policy/privacy is the area to start... now we just need to distill something out of that that will be digestible by funding organizations.
]]>Peter Squire
Jeff Jonas
On the one hand, Corporate America does not want to ship its data off, wholesale to the government. On the other hand, the government’s idea of data sharing is a giant game of “go fish.” We are not using the information we have effectively and we do not want to give the government information it does not absolutely need.
Jonas goes through an explanation of how you can use one-way hashes in order to render data anonymous while still enabling record reconciliation to establish connections between different pieces of data and establish context around information.
Doug Tiger
Tiger talked about the need for more privacy research. We are facing a critical juncture for which we are unprepared—privacy is under-researched, both by government and private organizations.
Tiger advocates more government investment in privacy research. We investigate computer security all the time. If we invested more in privacy research, it is likely that there could be significant advances in developing applications that preserve privacy.
He advocates research in three areas:
- Systems for controlling the degree of revelation of information
- Stronger audit technologies
- Better tools for privacy management
Stewart Baker
Baker criticized old approaches to privacy. He posits that there were two main approaches. The first old approach, which he named the “just say no” approach had privacy advocates looking at government and private activity and criticizing it and then trying to outlaw it. The second, slightly younger, but equally ill devised approach, is trying to cabin it activity using judicial mean (i.e. using the 4th Amendment). He contends that focusing the debate of excluding evidence from trial does little to promote privacy for the masses who will probably never end up in a criminal trail.
Baker reminds us that “information about you wants to be free, too.” And argues that we should avoid trying to preclude the government from engaging in data usage that private entities are free to engage in. He points to the ridiculousness of saying that the government should be prohibited from doing a Google search on an individual absent probably cause. Baker posits that as information gets cheaper it is going to become inevitable that the government will get access to it.
Baker advocates technological solutions to bolster privacy protections. He argues that better the auditing systems will provide better protection of privacy because such systems will make people be more searchers about their searches. Similarly, better access controls will make people more careful about their searches. In a nut shell, he posits that taking away the privacy of the searchers will increase privacy for the masses.
Baker also notes that “Watching the watchers” is something you can sell as an IT project: “Hansen could not happen again if there were better audits.”
Laura Flint
Flint contends that technological solutions do not exist for all of the problems we see with datamining activities (false positives, faulty inferences, misappropriation of data, and mission creep). We are living in a society where we anticipate surveillance, and hence potentially sensor ourselves to avoid being caught in a datamining trap.