We’ve discussed the pitfalls of various anonymization or “de-identification” techniques and how the information can be “deanonymized” or re-identified, leading to privacy problems for individuals. In 2009, University of Colorado law professor Paul Ohm discussed “the surprising failure of anonymization,” and said, “Data can either be useful or perfectly anonymous but never both.” He said anonymization’s failure “should trigger a sea change in the law, because nearly every information privacy law or regulation grants a get-out-of-jail-free card to those who anonymize their data.”
Now, IT News reports on a research paper, “No silver bullet: De-identification still doesn’t work” (pdf), by Princeton’s Arvind Narayanan and Edward W. Felten concerning the continued privacy problems with de-identification of personal information. (Felten was chief technologist for the Federal Trade Commission and has been a consultant for various federal agencies.) The new paper is a response to one recently published by ITIF researcher Daniel Castro and Ontario privacy commissioner Ann Cavoukian, “Big Data and Innovation, Setting the Record Straight: De-identification Does Work” (pdf).
IT News reports:
Scholars at Princeton University have delivered a stinging rebuke to the ‘big data’ movement, insisting that today’s data de-identification tools are not sufficient to ensure privacy. [...] Read more »