I will *agree with Robin
On Thu, Aug 9, 2012 at 2:48 AM, Nikos Fotiou <[email protected]> wrote: > I will argue with Robin that "current laws describing 'personal data' > omit a lot of data types that can adversely affect privacy". Take for > example the work of Xie at al. about "De-anonymizing the Internet > Using Unreliable IDs", > (http://research.microsoft.com/pubs/80964/sigcomm09.pdf) who managed > to track hosts using their application layer activity. As another > example (and since we are talking about Internet protocols), I believe > a user would not experience any problem if in every HTTP request was > providing different, but compatible, user-agents (and in some cases > even non-existing user-agents) (Yen et al. in "Host Fingerprinting and > Tracking on the Web: Privacy and Security Implications" > (http://research.microsoft.com/pubs/156901/ndss2012.pdf) mentioned > that “ 60%-70% of HTTP user-agent strings can accurately identify > hosts in our datasets”) > > Finally there are already networking applications in which such ideas > are applied. Take for example the "Differentially Private > Network-Trace-Analysis Tools", developed by Microsoft > http://research.microsoft.com/en-us/downloads/b25759f8-db91-48a0-a1b5-87c21f9e3292/ > A network mangement protocol based on "fuzzy data" seems realistic to > me. > > Best, > Nikos > > On Thu, Aug 9, 2012 at 1:49 AM, Rhys Smith <[email protected]> wrote: >> There are a few different approaches to this idea of data perturbation, but >> they are not always applicable, as Ashok points out. Typically this is >> mainly done in the database world where people are more interested in >> statistics over data sets rather than particular data elements. In this >> case, there are a few approaches - you can add "noise" with essentially a >> mean of zero thus not affecting the overall stats, you can swap data between >> data elements, and so on. These approaches do end up changing the >> statistical information eventually though, so it's usually a trade-off >> between privacy and utility (as always). >> >> I personally think it might be worth quickly mentioning the idea, but not in >> too much detail, just providing a link for further reading - this is a rich >> research topic in its own right and probably a bit much for most people… >> >> Best, >> Rhys. >> -- >> Dr Rhys Smith >> Identity, Access, and Middleware Specialist >> Cardiff University & Janet - the UK's research and education network >> >> email: [email protected] / [email protected] >> GPG: 0xDE2F024C >> >> On 8 Aug 2012, at 23:37, Ashok Malhotra <[email protected]> wrote: >> >>> In the Geolocation work, one of the features that was discussed was an >>> option that would >>> provide an indistinct location such as the town or the county or perhaps >>> even only the country. >>> This adds fuzziness although not noise. If you add noise then, in the >>> location case, you could end >>> up with an incorrect location which may not be acceptable >>> >>> All the best, Ashok >>> >>> On 8/8/2012 3:07 PM, Robin Wilton wrote: >>>> Hi Nikos, >>>> >>>> I think that's a very interesting idea. Like you, I also think we probably >>>> underestimate the extent to which data minimisation and anonymisation >>>> techniques genuinely obscure personal data. And yet very often, they are >>>> the only answers to the question "What is 'Privacy By Design?'"... >>>> >>>> It could be that introducing noise or fuzziness into personal data is >>>> another candidate. Certainly, current laws describing 'personal data' omit >>>> a lot of data types that can adversely affect privacy - so rather than >>>> wait for the law to redefine 'personal data', perhaps we should change the >>>> nature of the data as you suggest. >>>> >>>> Yrs., >>>> Robin >>>> >>>> Sent from my iPod >>>> >>>> On 8 Aug 2012, at 22:48, Nikos Fotiou<[email protected]> wrote: >>>> >>>>> Dear all, >>>>> This the first time I send something in this list, so I ask you >>>>> beforehand to excuse me if this mail is out of scope. >>>>> >>>>> I was reading draft-iab-privacy-considerations-03.txt and I found it >>>>> very interesting. However I have the feeling that Section 5 does not >>>>> take into account the advances of the “private data analysis” research >>>>> field. To my understanding research efforts in this field argue that >>>>> data minimization and anonymization are not always enough, bringing as >>>>> an example the incidence of the AOL anonymized logs. What is proposed, >>>>> in order to protect users' privacy, is to lower the “data utility” by >>>>> adding “noise”. >>>>> >>>>> IMHO a useful guideline for protocol designers would have been to >>>>> encourage them to design protocols that can tolerate a level of noise >>>>> (obscurity if you will) in the data provided by the users. >>>>> >>>>> Best, >>>>> Nikos Fotiou >>>>> >>>>> On Thu, Jul 19, 2012 at 5:37 PM, Alissa Cooper<[email protected]> wrote: >>>>>> Feedback on this draft is welcome. >>>>>> >>>>>> Begin forwarded message: >>>>>> >>>>>>> From: [email protected] >>>>>>> Date: July 16, 2012 3:04:37 PM EDT >>>>>>> To: [email protected] >>>>>>> Cc: [email protected], [email protected], >>>>>>> [email protected], [email protected], [email protected], >>>>>>> [email protected] >>>>>>> Subject: New Version Notification for >>>>>>> draft-iab-privacy-considerations-03.txt >>>>>>> >>>>>>> >>>>>>> A new version of I-D, draft-iab-privacy-considerations-03.txt >>>>>>> has been successfully submitted by Alissa Cooper and posted to the >>>>>>> IETF repository. >>>>>>> >>>>>>> Filename: draft-iab-privacy-considerations >>>>>>> Revision: 03 >>>>>>> Title: Privacy Considerations for Internet Protocols >>>>>>> Creation date: 2012-07-16 >>>>>>> WG ID: Individual Submission >>>>>>> Number of pages: 36 >>>>>>> URL: >>>>>>> http://www.ietf.org/internet-drafts/draft-iab-privacy-considerations-03.txt >>>>>>> Status: >>>>>>> http://datatracker.ietf.org/doc/draft-iab-privacy-considerations >>>>>>> Htmlized: >>>>>>> http://tools.ietf.org/html/draft-iab-privacy-considerations-03 >>>>>>> Diff: >>>>>>> http://tools.ietf.org/rfcdiff?url2=draft-iab-privacy-considerations-03 >>>>>>> >>>>>>> Abstract: >>>>>>> This document offers guidance for developing privacy considerations >>>>>>> for inclusion in IETF documents and aims to make protocol designers >>>>>>> aware of privacy-related design choices. >>>>>>> >>>>>>> Discussion of this document is taking place on the IETF Privacy >>>>>>> Discussion mailing list (see >>>>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy). >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> The IETF Secretariat >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> ietf-privacy mailing list >>>>>> [email protected] >>>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy >>>>> _______________________________________________ >>>>> ietf-privacy mailing list >>>>> [email protected] >>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy >>>> _______________________________________________ >>>> ietf-privacy mailing list >>>> [email protected] >>>> https://www.ietf.org/mailman/listinfo/ietf-privacy >>> _______________________________________________ >>> ietf-privacy mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/ietf-privacy >> >> _______________________________________________ >> ietf-privacy mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ietf-privacy _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
