There are a few different approaches to this idea of data perturbation, but they are not always applicable, as Ashok points out. Typically this is mainly done in the database world where people are more interested in statistics over data sets rather than particular data elements. In this case, there are a few approaches - you can add "noise" with essentially a mean of zero thus not affecting the overall stats, you can swap data between data elements, and so on. These approaches do end up changing the statistical information eventually though, so it's usually a trade-off between privacy and utility (as always).
I personally think it might be worth quickly mentioning the idea, but not in too much detail, just providing a link for further reading - this is a rich research topic in its own right and probably a bit much for most people… Best, Rhys. -- Dr Rhys Smith Identity, Access, and Middleware Specialist Cardiff University & Janet - the UK's research and education network email: [email protected] / [email protected] GPG: 0xDE2F024C On 8 Aug 2012, at 23:37, Ashok Malhotra <[email protected]> wrote: > In the Geolocation work, one of the features that was discussed was an option > that would > provide an indistinct location such as the town or the county or perhaps even > only the country. > This adds fuzziness although not noise. If you add noise then, in the > location case, you could end > up with an incorrect location which may not be acceptable > > All the best, Ashok > > On 8/8/2012 3:07 PM, Robin Wilton wrote: >> Hi Nikos, >> >> I think that's a very interesting idea. Like you, I also think we probably >> underestimate the extent to which data minimisation and anonymisation >> techniques genuinely obscure personal data. And yet very often, they are the >> only answers to the question "What is 'Privacy By Design?'"... >> >> It could be that introducing noise or fuzziness into personal data is >> another candidate. Certainly, current laws describing 'personal data' omit a >> lot of data types that can adversely affect privacy - so rather than wait >> for the law to redefine 'personal data', perhaps we should change the nature >> of the data as you suggest. >> >> Yrs., >> Robin >> >> Sent from my iPod >> >> On 8 Aug 2012, at 22:48, Nikos Fotiou<[email protected]> wrote: >> >>> Dear all, >>> This the first time I send something in this list, so I ask you >>> beforehand to excuse me if this mail is out of scope. >>> >>> I was reading draft-iab-privacy-considerations-03.txt and I found it >>> very interesting. However I have the feeling that Section 5 does not >>> take into account the advances of the “private data analysis” research >>> field. To my understanding research efforts in this field argue that >>> data minimization and anonymization are not always enough, bringing as >>> an example the incidence of the AOL anonymized logs. What is proposed, >>> in order to protect users' privacy, is to lower the “data utility” by >>> adding “noise”. >>> >>> IMHO a useful guideline for protocol designers would have been to >>> encourage them to design protocols that can tolerate a level of noise >>> (obscurity if you will) in the data provided by the users. >>> >>> Best, >>> Nikos Fotiou >>> >>> On Thu, Jul 19, 2012 at 5:37 PM, Alissa Cooper<[email protected]> wrote: >>>> Feedback on this draft is welcome. >>>> >>>> Begin forwarded message: >>>> >>>>> From: [email protected] >>>>> Date: July 16, 2012 3:04:37 PM EDT >>>>> To: [email protected] >>>>> Cc: [email protected], [email protected], >>>>> [email protected], [email protected], [email protected], >>>>> [email protected] >>>>> Subject: New Version Notification for >>>>> draft-iab-privacy-considerations-03.txt >>>>> >>>>> >>>>> A new version of I-D, draft-iab-privacy-considerations-03.txt >>>>> has been successfully submitted by Alissa Cooper and posted to the >>>>> IETF repository. >>>>> >>>>> Filename: draft-iab-privacy-considerations >>>>> Revision: 03 >>>>> Title: Privacy Considerations for Internet Protocols >>>>> Creation date: 2012-07-16 >>>>> WG ID: Individual Submission >>>>> Number of pages: 36 >>>>> URL: >>>>> http://www.ietf.org/internet-drafts/draft-iab-privacy-considerations-03.txt >>>>> Status: >>>>> http://datatracker.ietf.org/doc/draft-iab-privacy-considerations >>>>> Htmlized: >>>>> http://tools.ietf.org/html/draft-iab-privacy-considerations-03 >>>>> Diff: >>>>> http://tools.ietf.org/rfcdiff?url2=draft-iab-privacy-considerations-03 >>>>> >>>>> Abstract: >>>>> This document offers guidance for developing privacy considerations >>>>> for inclusion in IETF documents and aims to make protocol designers >>>>> aware of privacy-related design choices. >>>>> >>>>> Discussion of this document is taking place on the IETF Privacy >>>>> Discussion mailing list (see >>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy). >>>>> >>>>> >>>>> >>>>> >>>>> The IETF Secretariat >>>>> >>>> >>>> _______________________________________________ >>>> ietf-privacy mailing list >>>> [email protected] >>>> https://www.ietf.org/mailman/listinfo/ietf-privacy >>> _______________________________________________ >>> ietf-privacy mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/ietf-privacy >> _______________________________________________ >> ietf-privacy mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ietf-privacy > _______________________________________________ > ietf-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-privacy _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
