- There is no known effective method to anonymize location data, and no evidence that it’s meaningfully achievable.
- Computing re-identification probabilities based on proof-of-concept demonstrations is silly.
- Cavoukian and Castro ignore many realistic threats by focusing narrowly on a particular model of re-identification.
- Cavoukian and Castro concede that de-identification is inadequate for high-dimensional data. But nowadays most interesting datasets are high-dimensional.
- Penetrate-and-patch is not an option.
- Computer science knowledge is relevant and highly available.
- Cavoukian and Castro apply different standards to big data and re-identification techniques.
- Quantification of re-identification probabilities, which permeates Cavoukian and Castro’s arguments, is a fundamentally meaningless exercise.
Tuesday, July 15, 2014
Now here's an article I think every manager should read.
Trust but Verify: How Security Loopholes Can Undermine Online Compliance Training
Compliance training and supervision has always been the first line of enterprise- defense against legal, operational and reputational risk. Now, it is increasingly the final line of defense that determines how enforcement officials view an institution and, in turn, exercise their considerable discretion in assigning liability for regulatory violations.
Corporations face an evidentiary burden built upon the foundations of the late Senator Howard Baker’s Watergate inquiries. Institutions must not only be able to respond to the question, “What did you know, and when did you know it?”– they also must have a credible answer for: “What did you do to prevent this?”
By the same logic, does this ban the taking of fingerprints? How about mug shots?
VT: Pre-conviction DNA testing of arrestees after arraignment violates the search provision of state constitution
John Wesley Hall writes:
In a comprehensive opinion, the Vermont Supreme Court held Friday that pre-conviction DNA testing of arrestees after arraignment violates the search provision of the Vermont Constitution. It failed every point of analysis. State v. Medina, 2014 VT 69, 2014 Vt. LEXIS 71 (July 11, 2014)
Read more about this case on FourthAmendment.com.
Apparently, there is no specific penalty for stupidity. (There but for 50 or 60 IQ points, go I?)
Mex Cooper reports:
A medical centre that kept sensitive health records of nearly 1000 patients in a garden shed on a disused property in Melbourne’s south-east has been reprimanded for breaching privacy laws.
Boxes of records containing the personal details of patients were discovered at the Narre Warren South site when the shed at the Amberley Park Drive property was broken into in November 2013.
Australian Privacy Commissioner Timothy Pilgrim investigated and found the medical centre that owned the property had breached the Privacy Act by failing to properly secure the information.
The neglected files included names, addresses, Medicare numbers, dates of birth, occupations and results of medical investigations of about 960 patients who used the Amberley Park Medical Centre that operated at the address until April 2011. Most of the records related to patients who visited the centre prior to 2004.
Read more on The Age. I’d say the centre got off really easy – too easy – if all it has to do is do what it should have done in the first instance. What do you think?
“Look, you're just an ignorant parent. We're trained educators. You don't need to see the data we've been gathering for the government. Just trust that anything we tell you must be true.”
Student Data Tied To Common Core Off-Limits To Parents
States that were awarded grants from President Obama’s Race to the Top (RttT) stimulus bill program agreed to implement the Common Core standards and to comply with the “Four Assurances,” one of which was the requirement of “Building data systems that measure student growth and success.”
The problem? Private student data is off-limits to parents.
In July of 2009, U.S. Secretary of Education Arne Duncan said, ”[W]e have more than $300 million available to help states build data systems that will drive reforms.”
In Colorado, for example, in addition to its $73 million RttT award, the state also received $17.4 million additional dollars to build the State Longitudinal Data System (SLDS) in 2010. Since all states now have an SLDS database, regional data centers have also formed that allow states to share and compare student data, creating what amounts to a national database of student information.
As Watchdog Wire reported in late June, local Colorado school districts are collecting detailed educational and psychological data on their students for use by private companies and the federal government. Parents, however, are having a hard time getting their hands on their own children’s information.
I think this takes us back to a “Black Hole” for data. Load the data without alteration into a trusted database. Provide only summarized answers to researchers – no actual data fields. Of course it's not perfect but is it adequate?
No silver bullet: De-identification still doesn’t work
by Sabrina I. Pacifici on Jul 14, 2014
“Paul Ohm’s 2009 article Broken Promises of Privacy spurred a debate in legal and policy circles on the appropriate response to computer science research on re-identification techniques. In this debate, the empirical research has often been misunderstood or misrepresented. A new report by Ann Cavoukian and Daniel Castro is full of such inaccuracies, despite its claims of “setting the record straight.” In a response to this piece, Ed Felten and I point out eight of our most serious points of disagreement with Cavoukian and Castro. The thrust of our arguments is that (i) there is no evidence that de-identification works either in theory or in practice and (ii) attempts to quantify its efficacy are unscientific and promote a false sense of security by assuming unrealistic, artificially constrained models of what an adversary might do. Specifically, we argue that:
Data privacy is a hard problem. Data custodians face a choice between roughly three alternatives: sticking with the old habit of de-identification and hoping for the best; turning to emerging technologies like differential privacy that involve some trade-offs in utility and convenience; and using legal agreements to limit the flow and use of sensitive data. These solutions aren’t fully satisfactory, either individually or in combination, nor is any one approach the best in all circumstances. Change is difficult. When faced with the challenge of fostering data science while preventing privacy risks, the urge to preserve the status quo is understandable. However, this is incompatible with the reality of re-identification science. If a “best of both worlds” solution exists, de-identification is certainly not that solution. Instead of looking for a silver bullet, policy makers must confront hard choices.”
From a collection of articles...
[For my Ethical Hackers:
British Spies Manipulate The Internet
Another day, another revelation into how the security services are affecting our everyday lives. This one concerns British spies working at GCHQ (Government Communications Headquarters) who, according to documents obtained by NSA whistleblower Edward Snowden, regularly manipulate the Internet.
As detailed by The Intercept, the Joint Threat Research Intelligence Group (JTRIG) allegedly has the capability to
“change [the] outcome of online polls,” [and online elections? Bob]
enact the “disruption of video-based websites hosting extremist content,”
“artificially increase traffic to a website,” and
launch a “distributed denial of service using P2P,” amongst other things.
This document has been revealed at a time when the British Government is rushing through legislation giving them greater surveillance powers over ordinary citizens.
Oh, the horror, the horror... Wait a minute. Maybe they just like my blog?
Your Interest in Privacy Will Ensure You’re Targeted By The NSA
Have you ever wondered if you’re on an NSA observation list? Turns out that if you’ve even thought about it (or online privacy in general), you’re probably more likely to be on one. A few concerning news updates regarding mass surveillance by the NSA within the past week, including revelations from an analysis of the XKeyscore data collection system, have given us an idea of who might be among the NSA’s “targeted” individuals.
Dilbert illustrates the slippery slope of Privacy.
If I know all your friends, can't I easily deduce your identity by seeing who is NOT listed?
Secret App Raises $25 Million, Shifts Focus
The fast-growing anonymous mobile app Secret said Monday it had raised $25 million in venture capital and would expand as a social network connecting Facebook friends.
A new feature announced by Secret -- which up to now was an anonymous messaging board -- allows users to log in with Facebook and share with friends without revealing their identities.
"Facebook Login has been our top requested feature, for good reason," the Secret team said in a blog post. "Our community members want more friend content in their stream, beyond simply the contacts from their phone.
Facebook Login gives any user the option to (completely anonymously) connect Secret to Facebook and populate your stream with Facebook friends."
Next, Congress will want the FDA to approve all hand-held technology.
Got a rash? iPad, other devices might be the cause
Recent reports in medical journals detail nickel allergies from a variety of personal electronic devices, including laptops and cellphones.
… Jacob said evidence suggests nickel allergies are become more common, or increasingly recognized. She cited national data showing that about 25 percent of children who get skin tests for allergies have nickel allergies, versus about 17 percent a decade ago.
For my students and a few friends I've been trying to talk into writing a blog. (You know who you are!)
Turn Your Blog Into a Book
BlogBooker is a free service that allows you to turn your the contents of your Blogger blog into a PDF. Using BlogBooker is a fairly straight-forward process. BlogBooker walks you through each step of the process except for the very first step which might sound a little too "techy" for some Blogger users, but it's actually quite easy. The first step in using BlogBooker is to export the contents of your blog as an XML file. This is actually easy to do in Blogger. Step one is to open the "settings" menu of your Blogger blog. Step two is to select "export blog" under "basic" menu. Step three is to click "download." Don't worry, exporting the contents of your blog will not remove any content from your blog. After you've completed the export process, jump over to BlogBooker and follow their directions for completing the transition from XML file to PDF.
Applications for Education
Turning a classroom blog into a book is a great way to show students and their parents how much they have written in a semester.
Perhaps someone who actually teaches this stuff can set me straight. Is this useful?
Storyboard That Releases New Teacher Guides
Storyboard That provides templates in which you can create your stories in a comic strip style. To help you create your story Storyboard That provides dozens of scenes, characters, and text bubbles to fill your storyboard's frames. Each element that you drag into your storyboard's frames can be re-sized, rotated, and re-positioned to your heart's content. Your completed storyboard can be saved as a comic strip, saved as a set of images (one image for each frame), or saved as a set of PPTX slides.
This week Storyboard That added three new guides for teaching classic literature with storyboards. The new guides provide great ideas for teaching Macbeth, Romeo & Juliet, and The Great Gatsby with storyboards. Each of the guides include a set of essential questions, alignment to Common Core standards, and templates for character analysis. The templates also include ideas for using comics in which students analyze the elements of plot in each story.
A heads-up for my students.
Scams target people struggling with student loan debt, Illinois says
… Broadsword Student Advantage LLC, requested money upfront, Brown said. It wanted $299 the first month, $199 the second month, then $99 — then the student-loan reduction would kick in, she said.
"If it sounds too good to be true, it probably is," she said.
When she called the U.S. Department of Education, a representative warned her against giving money to debt-settlement firms. The federal program that the company said she could use — the Public Service Loan Forgiveness Program — wouldn't take effect until 2017, he said, according to Brown.
For my students, who never heard of note taking Apps...
5 Ways To Get Productive With Microsoft OneNote
… It was about two years ago that Saikat described just how awesome OneNote can be. In that article, he explained that you could sync your offline OneNote to itsAndroid or iPhone apps – transforming this desktop organizational tool into a mobile productivity toolkit.