Privacy Technology ‘Not There Yet,’ Says PCAST Head
Privacy technologies are not advanced enough to properly protect data sets, and creating privacy policies remains tricky as a result, said Marjory Blumenthal, executive director of the President’s Council of Advisors on Science and Technology (PCAST). “The bottom line is we're not there yet,” Blumenthal said at a Software & Information Industry Association event Thursday. Data de-identification, data deletion, and notice and consent are not sufficient privacy measures, Blumenthal said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The degree to which companies can de-identify and delete data to keep sensitive information private has been central to recent debates over data brokers, big data (CD May 5 p10) and facial recognition software. Even prominent researchers disagree over the degree to which de-identification is possible and useful.
De-identification “was a big concept in the small data world,” Blumenthal said. But once a small data set “gets combined with other data, you can re-identify what you de-identified,” she said. In light of that concern, some have encouraged companies to focus on deleting all unneeded data, Blumenthal said. “To date, the benefits themselves [of deletion] are somewhat ephemeral,” she said. “What can be displayed can be captured.” Similarly, an insistence on notice and consent to control data collection and use “does not work well in a world … where people just click through,” Blumenthal said. “There may be no connection with the collector of the data."
Blumenthal oversaw the 90-day PCAST review of big data, which resulted in a report stressing the need to focus on limiting abusive data uses, not data collection (CD May 2 p3). The “most feasible place” to provide “intervention” is “where the data are used,” she said. “We cannot always recognize which data are privacy sensitive when they are collected because sometimes those insights will emerge through analytics.”
Privacy is paramount to ensure the growth of data-based products, Blumenthal said. The government should weigh several options, she said. “A lot of people look first to cryptography,” Blumenthal said. However, “none of the more interesting ones are ready for widespread economical practical use.”
"The U.S. should adopt policies that stimulate the use of practical privacy technologies that exist today,” Blumenthal said. These policies should encourage research and training on privacy issues, she said. Sen. Orrin Hatch, R-Utah, speaking at the same event, cautioned that “regulation will likely stifle innovation.” He said “any new data policy should consider consumer privacy and the benefits of big data in people’s lives.”