A new article in the UCLA Law Review argues says we need to rethink our laws because it's impossible to share databases without compromising privacy. "Data can be either useful or perfectly anonymous but never both," writes Paul Ohm, an associate professor at the University of Colorado Law School.
It's a fine article, summarizing examples and recent research showing how difficult it is to make data truly anonymous even when you scrub personally identifiable information. For example, he cites research by Carnegie Mellon professor Latanya Sweeney that used 1990 Census data to show that 87 percent of people in the U.S. can be uniquely identified using just their ZIP code, birthdate and sex. Ohm writes:
Just as human fingerprints left at a crime scene can uniquely identify a single person and link that person with “anonymous” information, so too do data subjects generate “data fingerprints”
The article's biggest weakness is that it fails to lay out the evidence proving that the public release of private facts is as harmful as his sometimes overwrought language suggests:
Our enemies will find it easier to connect us to facts that they can use to blackmail, harass, defame, frame, or discriminate against us. Powerful reidentification will draw every one of us closer to what I call our personal “databases of ruin.”
He asserts that regulators may have to "prevent privacy harm by squeezing and reducing the flow of information in society, even though in doing so they may need to sacrifice, at least a little, important counter values like innovation, free speech, and security."
That's a lot to claim for a value that has yet to find an explicit place in the U.S. Constitution.
0 comments:
Post a Comment