On Mar 29, 2011, at 9:58 PM, Carey Lening wrote: > > My one and only (slightly self-interested) recommendation is that you also > not forget the lawyers ... PbD is a big deal (or is developing into one), and > one of the hallmarks for successful implementation is including all the > diverse groups together to develop best privacy practices and implement > effective technological steps from the ground up.
While valuable as a point of information, the policy discussions have arguably fallen too far behind the technology to be constructive. When I was working on this problem five years ago, mostly with national governments, the primary issue was that politically acceptable policy could be distilled down to solving a couple Hard Problems in mathematics. A pragmatic group of people could arrive at an adequate, though imperfect, solution by simply ignoring some bureaucratic factions that made the problem overly difficult. Since then, the mathematics and theoretical computer science has advanced to such a point that privacy is generally not possible even in principle. The old problem was organizations securing their databases; the new problem is that anyone can automagically reconstruct the contents of those databases and much information not in any database from ambient and latent data with remarkable fidelity. Most people not working in this space do not appreciate how rapidly capability has advanced and one cannot meaningfully control technology when the required tool chain is both inexpensive and ubiquitous across the industrialized world. There is cognitive dissonance between my natural predilection for strong privacy and my intimate familiarity with the implausibility of it. Privacy has been reduced to *only* policy, with the weakness implied, because technical controls have become impractical. J. Andrew Rogers
