Time to take privacy technology seriously
Our privacy is at risk in all of the online databases that store information about everything from our Web shopping habits to our income...
San Jose Mercury News
Our privacy is at risk in all of the online databases that store information about everything from our Web shopping habits to our income. That's why we're lucky to have someone like Cynthia Dwork.
Most companies see this as a security problem and focus their research accordingly. But Dwork, who works at Microsoft Research in Mountain View, Calif., looks at it as a privacy issue, a different thing altogether from protecting data against would-be hackers.
Dwork, a cryptographer, focuses on how privacy can be protected even while accurate statistics are made available.
"We call it privacy-preserving data analysis," she said.
In the early 1990s, Dwork became interested in mathematical techniques for fighting spam. More than five years ago, about the same time she joined Microsoft's research division, she started thinking about privacy.
Initially, she approached the issue by looking to the mathematical theory underlying large databases, such as the U.S. Census. How could the government provide access to this huge trove of information without compromising individual privacy?
This may put you to sleep. And no amount of theory will help if nobody pays attention to privacy-protection policies.
Some of us are so fatalistic about our loss of privacy — exemplified in everything from the Hewlett-Packard pretexting scandal to the almost daily loss of laptops with sensitive information on them — that our eyes glaze over at anyone trying to hold back the tide of data exposure. (As Sun Microsystems Chairman Scott McNealy said, "You have no privacy — get over it!")
Whitfield Diffie, the chief security officer at Sun, said he admires Dwork's work. But he notes the communications revolution will diminish privacy.
So will the "blind force of Moore's Law," the prediction by Intel co-founder Gordon Moore that computing power will double every couple of years, said Phil Zimmermann, the encryption expert who created the security technology dubbed "pretty good privacy."
"Information wants to be free and flow everywhere," Zimmermann added. "It becomes frictionless, and there is a temptation to take advantage of it."
Dwork says she and other privacy researchers in academia hope they can establish some basic rules for information retrieval that can help protect against accidental breaches of privacy.
She's trying to design databases that could allow an insurance adjuster, for example, to get enough information to determine the risks of providing insurance to smokers, but not enough to know anything specific about a given individual in the database.
If the adjuster searches in such a way as to pinpoint an individual, the database is smart enough to know it shouldn't give that precise information.
"You can release information without worrying that someone will use it to reverse-engineer it and break someone's privacy," Dwork said.
Dwork has some prototypes of smart databases. They can do things like audit questions to decide whether it is safe to answer them.
Her bosses, Roy Levin, head of Microsoft Research in Mountain View, and Rick Rashid, the head of all the company's research, say they're excited about Dwork's work and want it to spread.
I think it's about time other major corporations, including HP in the aftermath of its pretexting scandal, get serious about privacy research.
It's worth noting HP had no chief privacy officer during the height of its pretexting operations, in which its hired investigators used questionable tactics to obtain the cellphone records of reporters.
All of the experts I've interviewed, from Dwork to Zimmermann, say it's possible to design technology that takes into account privacy protection from the start.
Consider the cellphone, which can reveal your location to the cellphone company. But phone companies could design their networks so that locator information appears to them only when you call 911, otherwise protecting your privacy.
"If you combine good security practices and good privacy technology, the world can be a better place," Dwork said.
But she added: "I also believe that those of us alive now have very little privacy. It doesn't mean that we can't develop technology that would allow the next generation to have more privacy. I believe that privacy research is just beginning to blossom."
Let's hope so.
Seattle Times transportation reporter Mike Lindblom describes some of the factors that may have led to the collapse of the I-5 bridge over the Skagit River in Mount Vernon on Thursday, May 23.