On 11/02/2015 04:22 AM, Andrew Sullivan wrote: > Despite my comments against the hum at the mic, I have read this > document and think it should certainly be adopted. I just don't want > Yet Another Meaningless Commitment.
I think the document is useful, particularly in its overview of many different aspects of privacy and pointers to thinking about information linkage, rather than just the sensitivity of any given data point. A few additional concepts might be helpful in the section on quantification (around p7). * k-anonymity [Sweeney]: k measures the smallest subset among which information identifies an individual in a population; smaller subsets offer less crowd-privacy. * external or auxiliary information: information outside the specified transaction or query that may be linked with that returned by the query. (For example, time-stamped web server logs could be linked with similarly timed DNS queries, making the query record more sensitive.) * differential privacy [Dwork]: a measure of privacy over interactive database queries, where the database-holder can tune the output to avoid revealing more than (epsilon) about a subject, over repeated queries. Possibly worth noting that's not what we're likely to be able to measure/offer here. * unicity [Montjoye]: knowing an individual is in the data-set, how many data-points are necessary to identify them uniquely. p5: Is it worth saying explicitly that "PII" is different from "sensitive information"? By saying that information is personally identifying, we're indicating that it uniquely identifies an individual. That opens the door to linkage with sensitive information, even if the PII is itself non-sensitive. p11 Mix networks. worth mentioning the latency-privacy tradeoff? p11 Dummy Traffic. In many instances, dummy traffic (or chaff) is easily distinguished from real traffic, or still permits identification, particularly with repeated observations. [Oya] References: [Sweeney] http://dataprivacylab.org/dataprivacy/projects/kanonymity/kanonymity.pdf [Dwork] http://research.microsoft.com/pubs/64346/dwork.pdf [Oya] https://petsymposium.org/2014/papers/Oya.pdf [Montjoye] http://www.nature.com/articles/srep01376?ial=1 (unicity) A few typos: p4 s/suite/suit/ also, the paragraph is incomplete. p6 s/computed a monitor/computed by a monitor/ p9 s/obeserver/observer/ p11 s/recordr/record requested/ Best, --Wendy -- Wendy Seltzer -- wselt...@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) http://wendy.seltzer.org/ +1.617.863.0613 (mobile) _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy