Tuesday, January 9, 2007

Provably Private?

From the Guardian, I read this curious article on privacy and contextual
integrity.
"Linear temporal logic," eh? I wish I could groove to what that means. So I read Wikipedia, then I started researching the folks mentioned in the article, finding the paper mentioned in the Guardian article: Privacy and Contextual Integrity: Framework and Applications.

Two things I liked, from what I've been able to digest so far (but I'm a lover, not a logician, so I am likely indigesting as well).
First:

"Unlike a number of prominent normative accounts of privacy, the approach taken here rejects the idea that a simple dichotomy-usually between public and private (sensitive, intimate) information-is sufficient for adjudicating privacy claims. Instead, there is potentially an indefinite variety of types of information that could feature in the informational norms of a given context."

That sounds right to me, but I'm going to have read more to make sure fully understand the if the words mean what I think. I also really like the idea of time as a factor to enter into the privacy question.
I also found figure 4 irresistible and disturbing:
Irresistible? Because I like the idea of the fistful of regulations and laws boiled down to a set of numbers, letters, (and especially) symbols.

Disturbing? Because it looks too much like compliance. Wrestling the GLB down to a series of equations is noble and mostly cool. However, if it falls in to the wrong hands, it could launch a raft of ill advised applications that get the auditor's seal of approval, are "provably compliant" and yet don't do much in the way of privacy. (This is a knee-jerk reaction.)

The paper covers the US privacy law hit parade (COPA, HIPAA, GLBA), but wait! What about everybody's favorite - SB 1386?

"Finally, our current language faces a limitation common to many policy languages. Consider SB 1386, a California law requiring businesses that inappropriately disclose personal information to notify the subjects of the information. This provision cannot be expressed properly in the language because it takes effect only when an agent violates norms. In our model, agents never violate norms and thus would never be required to notify individuals. However, such notifications are common in California. To express such “defense in depth” provisions, we plan to extend our model to account for agents who occasionally (perhaps unintentionally) violate the norms. We expect this to require modifications to the current logic."

Hmmm.

No comments: