Imagine a world where both the data and the accessing people were constrained by the needs to keep illicit re-identification below an “acceptable level” for that data.

In practice this would mean storing more data in a de-identified way until it was needed. Not linking datasets until they were required to be linked. Vetting the staff to minimise the means, motive and opportunities for illicit re-identification. Imagine new auditing requirements for particularly large or sensitive holders of linked person-level data.

Having just been impressed by Cameron’s Avatar movie and the depiction of perfect communication for all creatures on the planet Pandora, I can see that when/if we get there, privacy concerns may diminish. Who would misinterpret your wishes mistakenly? They would know too much to err that way. You would only need protection against the malicious or hungry. Maybe there would be too few of those to worry about. But maybe not. The rise of Internet crime from Spammers and Phishers tells us something about the dreary predictability of ne’er-do-well’s looking for an easy route to better wealth. However you might also need some shielding against the incessant targeted marketing of products eerily timed and somewhat interesting.

Until (and maybe even when) we reach Nirvana each person remains at risk of others: making bad choices for them (i.e. removing options), interferring with their daily activities (to prove their innocence, reject offers) or simply trying to steal stuff. It therefore is most appropriate to defend against the potential harms (of snooping) through legislation whilst we speed towards a “total information awareness” society.

We all know about third-party cookies which are all too common on the web, and there are other techniques, such as:
http://www.h-online.com/security/news/item/Indiscrete-web-browsers-assist-de-anonymisation-919669.html

These surveillance mechanisms are slowly making their way into every aspect of life, for example via mobile devices, using bluetooth hosts scattered around the city.

Both government and corporate aggregated data might leak out and be used for criminal intent. I believe a more robust solution than government regulation should be taken.

One idea is creating “Social White Noise” – filling databases with false data that will confuse anyone querying the database. This would have implications to one’s accessability via the web (are you the real slim shady?), but offers a valid trade-off in exchange for privacy.

I have also written about this topic in my own blog recently:
http://shmichael.com/2010/02/social-white-noise/

Governments are unlikely to restrict their use of available information in the face of what they see as pressing priorities, for example:

http://washingtontimes.com/news/2010/feb/03/germany-pursues-tax-evaders-data/

If we decide to permit the use of ‘this kind of data’ for the pursuit/prosecution of terrorists, why not for child abusers, or large scale embezzlers, etc. Obviously, slipperly-slope arguments can be taken to extremes, but in truth I think that this is a situation where the slope is both exceedingly slippery and exceedingly steep. What might be even worse is how this sort of data could be used OUTSIDE of a courtroom by a unethical prosecutor or even just a government apparachik with sufficient tech savvy and ambition. Of course none of this even begins to cover how private actors might misuse data like this…

Regulations restricting data release/use/dissemination will always have carve-outs for various legitimate uses, and over time, these carve-outs will expand as more and more actors catch on to the potential returns. A political solution thus strikes me as a poor choice for coping with either public or private malefactors.

Perhaps there isn’t an easy way out here, other than becoming a society less concerned about privacy, something that I suspect we are going to have to do anyway…