That’s the title of my Slaw post for today.   It reads as  follows:

Data about individuals can be a valuable resource. Organizations holding personal information often aggregate or anonymize that data in order to gain valuable information on various trends. From a privacy perspective, that’s perfectly acceptable, as individuals can no longer be identified. Or can they?

The caveat is that is has been known for some time that it is not as easy to anonymize individual data as one might think. Reidentification of individuals by comparing anonymized data to other sources of data has been surprisingly easy in some cases.

Slashdot points to an ars technica article that talks about a paper by a University of Colorado Law School professor entitled Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization . The abstract reads as follows:

Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often ‘reidentify’ or ‘deanonymize’ individuals hidden in anonymized data with astonishing ease. By understanding this research, we will realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed. This mistake pervades nearly every information privacy law, regulation, and debate, yet regulators and legal scholars have paid it scant attention. We must respond to the surprising failure of anonymization, and this Article provides the tools to do so.

So the lesson for any organization that anonymizes personal data is that they must think their anonymization process through very carefully.

The Webnames.ca newsletter points out that starting September 23, 1 character .biz names will be auctioned off.   That means addresses such as 1.biz, and a.biz .

It will be interesting to see what kind of money these go for.  On the one hand, single character domain names are as easy to remember as they come.  But on the other hand, they are not intuitively descriptive or obvious ones to try unless a business has some customer connection with a letter or number.  And most people don’t think of .biz as a TLD of choice.

Cory Doctorow has an article in the Guardian entitled Not every cloud has a silver lining that is worth a read.

Cloud computing is a current shiny object.  But its not for everyone, or every application.

The article starts with:

The tech press is full of people who want to tell you how completely awesome life is going to be when everything moves to “the cloud” – that is, when all your important storage, processing and other needs are handled by vast, professionally managed data-centres.

Then goes on to tell how and why the cloud is oversold.

That’s the title of my Slaw post for today.  It reads as follows:

Simon posted US Homeland Security’s new rules on laptop searches for those crossing the border into the US. While there are some guidelines, they basically have the unfettered discretion to look at everything that is on one’s laptop.

Frankly, I don’t get it. It strikes me as a total waste of time and effort on their part. It inconveniences and intrudes on normal people crossing the border – with little chance of finding any terrorist or criminal information. And how are issues like trade-mark and copyright infringement relevant to crossing the border?

This strikes me as more security theatre.

The press release says in part:

“Keeping Americans safe in an increasingly digital world depends on our ability to lawfully screen materials entering the United States,” said Secretary Napolitano. “The new directives announced today strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders.”

Searches of electronic media, permitted by law and carried out at borders and ports of entry, are vital to detecting information that poses serious harm to the United States, including terrorist plans, or constitutes criminal activity—such as possession of child pornography and trademark or copyright infringement.

The new directives will also allow DHS to develop automated, comprehensive data collection and analytic tools to facilitate accurate, thorough reporting on electronic media searched at the border, the outcomes of those searches and the nature of the data searched—further enhancing transparency and accountability.

I tend to agree with the views of Mike Masnick of Techdirt. He comments in part:

I, like many others, have no problem with border searches of actual physical containers and luggage at the border. That makes perfect sense, because it’s physical goods that you’re purposely trying to bring directly into the country. You packed them with the specific idea of bringing them into the country.

But stuff on your laptop is different in two very important ways:

1.You mostly store everything on your laptop. So, unlike a suitcase that you’re bringing with you, it’s the opposite. You might specifically choose what to exclude, but you don’t really choose what to include.
2.The reason you bring the contents on your laptop over the border is because you’re bringing your laptop over the border. If you wanted the content of your laptop to go over the border you’d just send it using the internet. There are no “border guards” on the internet itself, so content flows mostly freely across international boundaries. Thus if anyone wants to get certain content into a country via the internet, they’re not doing it by entering that country through border control.

Thus, it makes little sense for border control to search the contents of your laptop other than if the gov’t wants a random “free pass” at checking out some content about you.
… The whole claim that this has anything to do with screening materials entering the US is totally bogus.