On 03/30/11 19:30, J. Andrew Rogers wrote: > If it is not possible to usefully anonymize data, of what use is a > policy which states that all data must be anonymous? If a person > actively puts their personal data in the public domain, intentionally > or unintentionally, how is one supposed to prevent that? How > effective is regulation of official databases when someone can > reconstruct much of the content of those databases without official > access? A big challenge is that almost everyone's intuition about > what would constitute an effective privacy policy is incorrect.
Yeah, I've felt that a lot of privacy/data protection rhetoric attempts to bolt the stable door once the horse has fled, as it where. To be honest, if any data about me leaves my own property, I don't really have high hopes of it remaining private unless I've explicitly entered into some kind of contract with the recipient, anyways. I believe it's bad manners to peer into somebody's home through an uncovered window, but I don't feel I have *great* cause to complain if people make use of information encoded in photons I carelessly broadcast out onto a public right of way. If I want to perform embarrassingly perverse sex acts with my wife, I close the curtains first... Anything I do in public could be witnessed by anybody anyway, so I see no greater harm in it being recorded and then broadcast to the Internet etc. In fact, it might be healthier for society if things like CCTV footage and logs of public activity (such as Oyster card activity logs) were, as a legal requirement due to them being logs of public activity anyway, placed in the public domain and made easily accessible by their collectors! The costs of doing so might kerb the excesses of over-monitoring a little, and it would discourage the false sense of privacy some people seem to have - and it would make it hard for organisations to keep quiet about the data they gather :-) What privacy provisions would I like in law, then? More encouragement for the use of cryptography, I guess. Standard legal frameworks for privacy agreements being negotiated; when I buy something from an online shop or whatever, it'd be nice if there was a standard contract of privacy about the transaction implied by the making of a sale, any exceptions to which would have to be declared boldly... I think that would be a subtly better approach than the data protection act. > It would probably be more constructive at this point to work on > policies that ensure the increasing loss of privacy is symmetric (or > asymmetric in favor of the private citizen) rather than trying to > guarantee a level of privacy that is no longer practical. Yes. ABS -- Alaric Snell-Pym http://www.snell-pym.org.uk/alaric/