Setting the Record Straight: De-Identification Does Work

June 16, 2014
| Reports

In the coming years, analytics will offer an enormous opportunity to generate economic and social value from data. But much of the success of data analytics will depend on the ability to ensure that individuals’ privacy is respected. One of the most effective ways in which to do this is through strong “de-identification” of the data – in essence, storing and sharing the data without revealing the identity of the individuals involved.

A number of researchers have been investigating techniques to re-identify de-identified datasets. Unfortunately, some commentators have misconstrued their findings to suggest that de-identification is ineffective. Contrary to what misleading headlines and pronouncements in the media almost regularly suggest, datasets containing personal information may be de-identified in a manner that minimizes the risk of re-identification, often while maintaining a high level of data quality.

Despite previous efforts to dispel the myth that datasets cannot be reliably de-identified no matter the methods employed to de-identify the data, this view continues to be promulgated. It is increasingly apparent that one of the reasons for the staying power of this myth is not factual inaccuracies or errors within the primary literature, but rather a tendency on the part of commentators on that literature to overstate the findings. While nothing is perfect, the risk of re-identification of individuals from properly de-identified data is significantly lower than indicated by commentators on the primary literature.

At the same time, advancements in data analytics are unlocking opportunities to use de-identified datasets in ways never before possible. Where appropriate safeguards exist, the evidence-based insights and innovations made possible through such analysis create substantial social and economic benefits. However, the continued lack of trust in de-identification and focus on re-identification risks may make data custodians less inclined to provide researchers with access to much needed information, even if it has been strongly de-identified; or worse, to believe that they should not waste their time even attempting to de-identify personal information before making it available for secondary research purposes. This could have a highly negative impact on the availability of de-identified information for potentially beneficial secondary uses. 

Protecting Data Innovation and Privacy

Vodafone Report Sparks Global Surveillance Debate

New York Times
“Companies are recognizing they have a responsibility to disclose government access," says Daniel Castro.

Microsoft to Government Spies: Back Off

June 5, 2014
Daniel Castro discussed the economic impact of the PRISM revelations on the U.S. technology sector with NPR-Seattle.

Daniel Castro discussed the economic impact of the PRISM revelations on the U.S. technology sector with NPR-Seattle.

The Location Privacy Protection Act of 2014

June 4, 2014
| Testimony and Filings

Rob Atkinson testified before the Senate Judiciary Committee’s Subcommittee on Privacy, Technology and the Law regarding the Location Privacy Protection Act of 2014. Atkinson argued that while a number of the provisions regarding preventing electronic stalking by individuals are important, limiting the collection and use of geo-location data by for commercial purposes would unnecessarily stifle innovation and hamper the development of the mobile economy.

Time to Forget the "Right to be Forgotten"

May 30, 2014
| Blogs & Op-eds

In ruling that individuals have the right to have information about themselves removed from a search engine if they do not think it is relevant, the European Court of Justice has rejected the compelling logic of the maxim "you are entitled to your own opinions, but not your own facts." In doing so, the ECJ has single-handedly dismantled society's "right to know" and replaced it with an individual's "right to be forgotten." This is bad for the Internet and bad for the public at large.

NSA Fallout Continues, Threatening US Tech Leadership

IDG News Service
ITIF has estimated that the US cloud sector could lose up to $35bn over three years in the wake of PRISM.

House Passes USA Freedom Act

Multichannel News
“The legislation is a step towards ending the broad intelligence gathering that angers so many Americans," says Daniel Castro.

ITIF Files Amicus Brief in Google v. Joffe Supreme Court Petition

May 7, 2014
| Testimony and Filings

ITIF has filed an amicus brief supporting Google's petition to be heard by the U.S. Supreme Court in the Google Inc. v. Joffe et al case. In that case, Google is accused of illegally intercepting transmissions from open WiFi networks during its Street View project. ITIF believes that the Ninth Circuit Court of Appeals needlessly treats modern digital communications different from old analog communications, creating confusion and uncertainty for innovators and IT security professionals and warranting review by the Supreme Court.

The Wiretap Act generally allows anyone to listen to radio communications that are not secured to be made private. However, the Ninth Circuit Court of Appeals has concluded that WiFi transmissions are not considered "radio communications." 

ITIF contends that the Ninth Circuit was incorrect in holding that only "predominantly auditory broadcasts" like AM/FM radio are considered "radio communications." The court's reading is contrary to the plain meaning of the term "radio communication" and difficult to square with the rest of the Wiretap act. The law has a difficult enough time keeping up with technology without the introduction of arbitrary distinctions based on outmoded radio technologies. We should generally favor policies and interpretations that treat similar technologies alike. When WiFi access points are not encrypted, the communications it sends are available to the public using off-the-shelf equipment similar to a CB radio or walkie-talkie. The Supreme Court should clarify that these radio technologies are treated the same under the Wiretap Act.

What “radio communication” means  is  an important question of federal law because the narrow definition adopted by the court of appeals calls into question the legality of standard techniques used by  IT professionals across the country every day to secure and optimize wireless networks. The lack of clarity that results from the court of appeals’ decision makes it harder for IT professionals to secure wireless networks, threatening the security of our nation’s wireless infrastructure.

View ITIF's amicus brief on Google v. Joffe filed with the U.S. Court of Appeals for the Ninth Circuit. 

In Our Search Data, Researchers See a Post-Snowden Chilling Effect

Motherboard Magazine
The PRISM revelations continue to impact Internet activity.