I will argue with Robin that "current laws describing 'personal data' omit a lot of data types that can adversely affect privacy". Take for example the work of Xie at al. about "De-anonymizing the Internet Using Unreliable IDs", (http://research.microsoft.com/pubs/80964/sigcomm09.pdf) who managed to track hosts using their application layer activity. As another example (and since we are talking about Internet protocols), I believe a user would not experience any problem if in every HTTP request was providing different, but compatible, user-agents (and in some cases even non-existing user-agents) (Yen et al. in "Host Fingerprinting and Tracking on the Web: Privacy and Security Implications" (http://research.microsoft.com/pubs/156901/ndss2012.pdf) mentioned that “ 60%-70% of HTTP user-agent strings can accurately identify hosts in our datasets”)
Finally there are already networking applications in which such ideas are applied. Take for example the "Differentially Private Network-Trace-Analysis Tools", developed by Microsoft http://research.microsoft.com/en-us/downloads/b25759f8-db91-48a0-a1b5-87c21f9e3292/ A network mangement protocol based on "fuzzy data" seems realistic to me. Best, Nikos On Thu, Aug 9, 2012 at 1:49 AM, Rhys Smith <[email protected]> wrote: > There are a few different approaches to this idea of data perturbation, but > they are not always applicable, as Ashok points out. Typically this is mainly > done in the database world where people are more interested in statistics > over data sets rather than particular data elements. In this case, there are > a few approaches - you can add "noise" with essentially a mean of zero thus > not affecting the overall stats, you can swap data between data elements, and > so on. These approaches do end up changing the statistical information > eventually though, so it's usually a trade-off between privacy and utility > (as always). > > I personally think it might be worth quickly mentioning the idea, but not in > too much detail, just providing a link for further reading - this is a rich > research topic in its own right and probably a bit much for most people… > > Best, > Rhys. > -- > Dr Rhys Smith > Identity, Access, and Middleware Specialist > Cardiff University & Janet - the UK's research and education network > > email: [email protected] / [email protected] > GPG: 0xDE2F024C > > On 8 Aug 2012, at 23:37, Ashok Malhotra <[email protected]> wrote: > >> In the Geolocation work, one of the features that was discussed was an >> option that would >> provide an indistinct location such as the town or the county or perhaps >> even only the country. >> This adds fuzziness although not noise. If you add noise then, in the >> location case, you could end >> up with an incorrect location which may not be acceptable >> >> All the best, Ashok >> >> On 8/8/2012 3:07 PM, Robin Wilton wrote: >>> Hi Nikos, >>> >>> I think that's a very interesting idea. Like you, I also think we probably >>> underestimate the extent to which data minimisation and anonymisation >>> techniques genuinely obscure personal data. And yet very often, they are >>> the only answers to the question "What is 'Privacy By Design?'"... >>> >>> It could be that introducing noise or fuzziness into personal data is >>> another candidate. Certainly, current laws describing 'personal data' omit >>> a lot of data types that can adversely affect privacy - so rather than wait >>> for the law to redefine 'personal data', perhaps we should change the >>> nature of the data as you suggest. >>> >>> Yrs., >>> Robin >>> >>> Sent from my iPod >>> >>> On 8 Aug 2012, at 22:48, Nikos Fotiou<[email protected]> wrote: >>> >>>> Dear all, >>>> This the first time I send something in this list, so I ask you >>>> beforehand to excuse me if this mail is out of scope. >>>> >>>> I was reading draft-iab-privacy-considerations-03.txt and I found it >>>> very interesting. However I have the feeling that Section 5 does not >>>> take into account the advances of the “private data analysis” research >>>> field. To my understanding research efforts in this field argue that >>>> data minimization and anonymization are not always enough, bringing as >>>> an example the incidence of the AOL anonymized logs. What is proposed, >>>> in order to protect users' privacy, is to lower the “data utility” by >>>> adding “noise”. >>>> >>>> IMHO a useful guideline for protocol designers would have been to >>>> encourage them to design protocols that can tolerate a level of noise >>>> (obscurity if you will) in the data provided by the users. >>>> >>>> Best, >>>> Nikos Fotiou >>>> >>>> On Thu, Jul 19, 2012 at 5:37 PM, Alissa Cooper<[email protected]> wrote: >>>>> Feedback on this draft is welcome. >>>>> >>>>> Begin forwarded message: >>>>> >>>>>> From: [email protected] >>>>>> Date: July 16, 2012 3:04:37 PM EDT >>>>>> To: [email protected] >>>>>> Cc: [email protected], [email protected], >>>>>> [email protected], [email protected], [email protected], >>>>>> [email protected] >>>>>> Subject: New Version Notification for >>>>>> draft-iab-privacy-considerations-03.txt >>>>>> >>>>>> >>>>>> A new version of I-D, draft-iab-privacy-considerations-03.txt >>>>>> has been successfully submitted by Alissa Cooper and posted to the >>>>>> IETF repository. >>>>>> >>>>>> Filename: draft-iab-privacy-considerations >>>>>> Revision: 03 >>>>>> Title: Privacy Considerations for Internet Protocols >>>>>> Creation date: 2012-07-16 >>>>>> WG ID: Individual Submission >>>>>> Number of pages: 36 >>>>>> URL: >>>>>> http://www.ietf.org/internet-drafts/draft-iab-privacy-considerations-03.txt >>>>>> Status: >>>>>> http://datatracker.ietf.org/doc/draft-iab-privacy-considerations >>>>>> Htmlized: >>>>>> http://tools.ietf.org/html/draft-iab-privacy-considerations-03 >>>>>> Diff: >>>>>> http://tools.ietf.org/rfcdiff?url2=draft-iab-privacy-considerations-03 >>>>>> >>>>>> Abstract: >>>>>> This document offers guidance for developing privacy considerations >>>>>> for inclusion in IETF documents and aims to make protocol designers >>>>>> aware of privacy-related design choices. >>>>>> >>>>>> Discussion of this document is taking place on the IETF Privacy >>>>>> Discussion mailing list (see >>>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy). >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> The IETF Secretariat >>>>>> >>>>> >>>>> _______________________________________________ >>>>> ietf-privacy mailing list >>>>> [email protected] >>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy >>>> _______________________________________________ >>>> ietf-privacy mailing list >>>> [email protected] >>>> https://www.ietf.org/mailman/listinfo/ietf-privacy >>> _______________________________________________ >>> ietf-privacy mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/ietf-privacy >> _______________________________________________ >> ietf-privacy mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ietf-privacy > > _______________________________________________ > ietf-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-privacy _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
