Re: Random Privacy

[Julian Assange]

This is an old statistical technique.

You need to know ahead of time which answer is more likely and have a
bias in your randomizer. A classic example:

Did you cheat on your wife last year? If you were born
between January and September reverse your answer.


--
 Julian Assange|If you want to build a ship, don't drum up people
   |together to collect wood or assign them tasks and
 [EMAIL PROTECTED]  |work, but rather teach them to long for the endless
 [EMAIL PROTECTED]  |immensity of the sea. -- Antoine de Saint Exupery

Re: Random Privacy

[Scott A Crosby]

On Sat, 21 Sep 2002 13:15:18 -0700, AARG!Anonymous <[EMAIL PROTECTED]> writes:

> On the contrary, TCPA/Palladium can solve exactly this problem.  It allows
> the marketers to *prove* that they are running a software package that
> will randomize the data before storing it.  And because Palladium works
> in opposition to their (narrowly defined) interests, they can't defraud
> the user by claiming to randomize the data while actually storing it
> for marketing purposes.

Yup.. This bit I agree with (in contrary to the other reply to your message). 

There are still issues over the correctness of that aforementioned
randomizing package; is it correctly designed and implemented. AFAIK
Pd would let a user know it was being run.

> Ironically, those who like to say that Palladium "gives away root on your
> computer" would have to say in this example that the marketers are giving
> away root to private individuals.  In answering their survey questions,
> you in effect have root privileges on the surveyor's computers, by this
> simplistic analysis.  This further illustrates how misleading is this
> characterization of Palladium technology in terms of root privileges.

Actually, I'd exactly call Palladium as being root over my machine,
maybe a part of my machine (a Tor/NUB/whatever), but root.. It could
be claimed that I have a choice as to whether or not I wish to run the
'other' software. However, I've always had that choice (the power
switch). Its still root.

The idea I believe is that I'm supposed to be mollified by the idea
(as you suggest) that I can get root on someone elses machine, to
control what they can and can't do.. However, little is said that the
reverse applies to me; someone has root on *my* machine.

Now, that might not be bad, if it weren't for the power inbalance
between me and them. Why do I have a 'bonus saver' card for 3 grocery
store chains? Why am I stuck with draconian EULA's that promise
nothing and take away everything.

Scott

Re: Random Privacy

[Greg Vassie]

> At 11:00 PM -0400 on 9/22/02, Kommisar Shostack wrote:
> 
> > Does anyplace in the US have an information and data protection
> > commissioner?
> 
> 
> 
> I think we have a winner, here...

Here's the site for the Information and Privacy Commissioner for the
Province of Ontario.  The front page has a picture and greeting by none 
other than Dr. Ann Cavoukian...  

http://www.ipc.on.ca/


-- 

[EMAIL PROTECTED] // RSA Key: 0x1606F91D // DSS Key: 0x83BB5BE4

"... in making the freedom-for-safety swap, we haven't just dishonored
the dead of 9/11.  We've helped something else die too."
-- Nick Gillespie

Re: Random Privacy

[R. A. Hettinga]

At 11:00 PM -0400 on 9/22/02, Kommisar Shostack wrote:


> Does anyplace in the US have an information and data protection
> commissioner?



I think we have a winner, here...

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Random Privacy

[Adam Shostack]

On Sun, Sep 22, 2002 at 10:25:32PM -0400, Sam Ritchie wrote:
| On 9/21/02 11:08 AM, "Greg Vassie" <[EMAIL PROTECTED]> wrote:
| 
| >> Interesting little article from
| >> http://pass.maths.org.uk/issue21/news/random_privacy/index.html:
| >> 
| >> Excerpt:
| >> "Right now, the rate of falsification on Web surveys is extremely high,"
| >> says Dr Ann Coavoukian, the commissioner of information and privacy in
| >> Ontario, U.S.A. "People are lying and vendors don't know what is false [or
| >> what is] accurate, so the information is useless."
| > 
| > As a resident of Ontario, Canada, I'm quite surprised to learn that
| > Ontario has been annexed by the United States.
| > 
| 
| 
| ACTUALLY, not to split hairs or anything, but Ontario's also a city in
| Southern California. (East of LA...)
| 

Does anyplace in the US have an information and data protection
commissioner?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: Random Privacy

[Sam Ritchie]

On 9/21/02 11:08 AM, "Greg Vassie" <[EMAIL PROTECTED]> wrote:

>> Interesting little article from
>> http://pass.maths.org.uk/issue21/news/random_privacy/index.html:
>> 
>> Excerpt:
>> "Right now, the rate of falsification on Web surveys is extremely high,"
>> says Dr Ann Coavoukian, the commissioner of information and privacy in
>> Ontario, U.S.A. "People are lying and vendors don't know what is false [or
>> what is] accurate, so the information is useless."
> 
> As a resident of Ontario, Canada, I'm quite surprised to learn that
> Ontario has been annexed by the United States.
> 


ACTUALLY, not to split hairs or anything, but Ontario's also a city in
Southern California. (East of LA...)

~SAM

Re: Random Privacy

[Greg Vassie]

> > | As a resident of Ontario, Canada, I'm quite surprised to learn that
> > | Ontario has been annexed by the United States.
> >
> > Randomized geography.  :)
> 
> Ontario, California?

I could see where people who read the article might assume that, I
just happened to know that Dr. Ann Cavoukian is the Information &
Privacy Commissioner for Ontario, Canada.

> Of course, California is another country. :-).

Heh, no kidding  ;)


-- 

[EMAIL PROTECTED] // RSA Key: 0x1606F91D // DSS Key: 0x83BB5BE4

"The kind of man who wants the government to adopt and enforce his
ideas is always the kind of man whose ideas are idiotic."
-- H.L. Mencken

Re: Random Privacy

[Adam Shostack]

On Sat, Sep 21, 2002 at 01:15:18PM -0700, AARG!Anonymous wrote:
| Greg Broiles wrote about randomizing survey answers:
| 
| > That doesn't sound like a solution to me - they haven't provided anything
| > to motivate people to answer honestly, nor do they address the basic
| > problem, which is relying on the good will and good behavior of the
| > marketers - if a website visitor is unwilling to trust a privacy policy
| > which says "We'll never use this data to annoy or harm you", they're
| > likely to be unimpressed with a privacy policy which says "We'll use
| > fancy math tricks to hide the information you give us from ourselves."
| >
| > That's not going to change unless they move the randomizing behavior
| > off of the marketer's machine and onto the visitor's machine,
| > allowing the visitor to observe and verify the correct operation of
| > the privacy technology .. which is about as likely as a real audit of
| > security-sensitive source code, where that likelihood is tiny now and
| > shrinking rapidly the closer we get to the TCPA/Palladium nirvana.
| 
| 
| On the contrary, TCPA/Palladium can solve exactly this problem.  It allows
| the marketers to *prove* that they are running a software package that
| will randomize the data before storing it.  And because Palladium works
| in opposition to their (narrowly defined) interests, they can't defraud
| the user by claiming to randomize the data while actually storing it
| for marketing purposes.

No, it allows security geeks to talk about proof.  My mom stil won't
get it.

Pd doesn't allow you to prove that there's no sniffer doing other
things with the data, that nothing is logged at the wrong time, etc

If you really want to randomize the data, do it close to me.  Or
better yet, run some software from Credentica and accept a proof of
whatever data is in question.

But the reality is that people hand over most of their data now.

So why would I invest in this expensive technology?  (Mike Freedman,
Joan Feigenbaum, Tomas Sander and I did a paper which touches on the
power imbalance between the companies that offer DRM technology and
their customers...same analysis applies
here... http://www.homeport.org/~adam/privacyeng-wspdrm01.pdf )

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: Random Privacy

[AARG! Anonymous]

Greg Broiles wrote about randomizing survey answers:

> That doesn't sound like a solution to me - they haven't provided anything
> to motivate people to answer honestly, nor do they address the basic
> problem, which is relying on the good will and good behavior of the
> marketers - if a website visitor is unwilling to trust a privacy policy
> which says "We'll never use this data to annoy or harm you", they're
> likely to be unimpressed with a privacy policy which says "We'll use
> fancy math tricks to hide the information you give us from ourselves."
>
> That's not going to change unless they move the randomizing behavior
> off of the marketer's machine and onto the visitor's machine,
> allowing the visitor to observe and verify the correct operation of
> the privacy technology .. which is about as likely as a real audit of
> security-sensitive source code, where that likelihood is tiny now and
> shrinking rapidly the closer we get to the TCPA/Palladium nirvana.


On the contrary, TCPA/Palladium can solve exactly this problem.  It allows
the marketers to *prove* that they are running a software package that
will randomize the data before storing it.  And because Palladium works
in opposition to their (narrowly defined) interests, they can't defraud
the user by claiming to randomize the data while actually storing it
for marketing purposes.

Ironically, those who like to say that Palladium "gives away root on your
computer" would have to say in this example that the marketers are giving
away root to private individuals.  In answering their survey questions,
you in effect have root privileges on the surveyor's computers, by this
simplistic analysis.  This further illustrates how misleading is this
characterization of Palladium technology in terms of root privileges.

Re: Random Privacy

[Eugen Leitl]

On Sat, 21 Sep 2002, R. A. Hettinga wrote:

> Ontario, California?

You will laugh, but some unattentive air travellers sometimes confuse 
these two :)
 
> Of course, California is another country. :-).

Re: Random Privacy

[Greg Broiles]

At 02:16 AM 9/21/2002 -0700, Blanc wrote:
>But researchers at IBM think they have the solution. They have developed an
>ingenious method to protect our privacy, while still giving companies the
>information they crave.

That doesn't sound like a solution to me - they haven't provided anything 
to motivate
people to answer honestly, nor do they address the basic problem, which is 
relying on
the good will and good behavior of the marketers - if a website visitor is 
unwilling
to trust a privacy policy which says "We'll never use this data to annoy or 
harm you",
they're likely to be unimpressed with a privacy policy which says "We'll 
use fancy
math tricks to hide the information you give us from ourselves."

That's not going to change unless they move the randomizing behavior off of 
the marketer's machine and
onto the visitor's machine, allowing the visitor to observe and verify the 
correct
operation of the privacy technology .. which is about as likely as a real 
audit of security-sensitive source code, where that likelihood is tiny now 
and shrinking rapidly the closer we get to the TCPA/Palladium nirvana.

So, no, fancy tricks won't solve the basic problem, which is that once you 
give information to other people, you've got no control over what they do 
with it.

--
Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961

Re: Random Privacy

[Adam Shostack]

On Sat, Sep 21, 2002 at 11:08:54AM -0400, Greg Vassie wrote:
| > Interesting little article from
| > http://pass.maths.org.uk/issue21/news/random_privacy/index.html:
| > 
| > Excerpt:
| > "Right now, the rate of falsification on Web surveys is extremely high,"
| > says Dr Ann Coavoukian, the commissioner of information and privacy in
| > Ontario, U.S.A. "People are lying and vendors don't know what is false [or
| > what is] accurate, so the information is useless."
| 
| As a resident of Ontario, Canada, I'm quite surprised to learn that
| Ontario has been annexed by the United States.

Randomized geography.  :)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: Random Privacy

[Tim May]

On Saturday, September 21, 2002, at 02:16  AM, Blanc wrote:

> Interesting little article from
> http://pass.maths.org.uk/issue21/news/random_privacy/index.html:
>
> Excerpt:
> How old are you? How much do you earn?
>

Not a new idea. Ted Nelson (IIRC) wrote about using coin flips to 
randomize AIDS poll questions. ("Have you engaged in unprotected sex?" 
Flip a coin and XOR it with your actual answer.) I remember talking to 
Eric Hughes, Phil Salin, and others around 1990-91 about this.

(However, IBM is probably busily copyrighting their new invention, just 
as Intel copyright their recent "invention" of the anonymous remailer.)

Of course, both the IBM approach and the Nelson approach are unworkable 
for 98% of the population, who neither understand such abstractions nor 
are willing to trust them.

BTW, folks should be careful not to click on or clip the part of the 
URL line that includes the colon.

I just did some Web spelunking, looking for the above-referenced 
connection. Couldn't find it, but found my own references from around 
1994 (in the Cyphernomicon, natch). Here's a more recent item I sent to 
the list, an excerpt:

"

(BTW, as you probably know or can imagine, there have been crypto
methods proposed for safeguarding certain kinds of data collection,
e.g., schemes using "random coin flip protocols" for answering questions
like "Are you homosexual?" (supposedly "useful" for public health
planners trying to deal with HIV/AIDS issues. The idea is that the
pollee XORs his answer with a random bit. His answer then doesn't
_implicate_ him, but overall statistics can still be deduced from a
large enough sample. Ho hum. Better to simply tell the poller "None of
your fucking business...get off my property.")

The core point is the familiar one: we are coming to, or have reached, a
fork in the road. Down one path lies the Surveillance State, the
Panopticon, with ubiquitous cameras, intrusive questions, restrictions
on untraceable spending, and other detritus of the police state. Down
the other path lies a universe of strong crypto with a web of "opaque
pipes" linking "opaque objects."

Technologists can make the second path the reality. Lawyers and
lawmakers will try to take us down the first path.
"



--Tim May
"He who fights with monsters might take care lest he thereby become a 
monster. And if you gaze for long into an abyss, the abyss gazes also 
into you." -- Nietzsche

RE: Random Privacy

[Blanc]

Said Greg Vassie:

>> "Right now, the rate of falsification on Web surveys is extremely high,"
>> says Dr Ann Coavoukian, the commissioner of information and privacy in
>> Ontario, U.S.A. "People are lying and vendors don't know what is 
>>false [or what is] accurate, so the information is useless."
>
>As a resident of Ontario, Canada, I'm quite surprised to learn that
>Ontario has been annexed by the United States.

..


Heh-heh:  the author must be lying.

  ..
Blanc

Re: Random Privacy

[Greg Vassie]

> Interesting little article from
> http://pass.maths.org.uk/issue21/news/random_privacy/index.html:
> 
> Excerpt:
> "Right now, the rate of falsification on Web surveys is extremely high,"
> says Dr Ann Coavoukian, the commissioner of information and privacy in
> Ontario, U.S.A. "People are lying and vendors don't know what is false [or
> what is] accurate, so the information is useless."

As a resident of Ontario, Canada, I'm quite surprised to learn that
Ontario has been annexed by the United States.


-- 

[EMAIL PROTECTED] // RSA Key: 0x1606F91D // DSS Key: 0x83BB5BE4

"... in making the freedom-for-safety swap, we haven't just dishonored
the dead of 9/11.  We've helped something else die too."
-- Nick Gillespie

Random Privacy

[Blanc]

Interesting little article from
http://pass.maths.org.uk/issue21/news/random_privacy/index.html:

Excerpt:
How old are you? How much do you earn?

What would you answer if asked asked these questions at website when you
were buying your next TV or ordering groceries online? A lot of us would
lie, and for a very good reason - to protect our privacy.

But the companies posing these questions also think they have a good reason.
Information about customer profiles is becoming increasingly important in
business, both for marketing and for development and improvement of
services.

"Right now, the rate of falsification on Web surveys is extremely high,"
says Dr Ann Coavoukian, the commissioner of information and privacy in
Ontario, U.S.A. "People are lying and vendors don't know what is false [or
what is] accurate, so the information is useless."

But researchers at IBM think they have the solution. They have developed an
ingenious method to protect our privacy, while still giving companies the
information they crave.
[. . .]
---


  ..
Blanc