http://emergentchaos.com/archives/2009/08/new-on-ssrn.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://emergentchaos.com/archives/2009/08/new-on-ssrn.html/comment-page-1#comment-6039 Paul Ohm Sat, 22 Aug 2009 12:02:39 +0000 http://emergentchaos.com/?p=3195#comment-6039 Adam, Thank you for the link to my paper. Khaled, I thank you for the opportunity to have a polite exchange about the strength of my work on your blog, but I'm a little less impressed with your blithe summary here: "the case is not as strong as it initially seems." In fact, on our exchange on your blog, you cite much more support for my thesis than refutation. For refutation, you continue to point to one paper you have co-authored summarizing a series of k-anonymity techniques--the very techniques that some of the recent reidentification research have cast doubt on. And I know from your post, response, and our private phone conversation that you in fact agree with almost all of what I have said in my paper, and with the heart of my analysis in particular: many data custodians do a woeful job anonymizing; these data custodians nevertheless place great faith in their ability to protect privacy; legislators and regulators are ill-informed about the weaknesses of many anonymization techniques; the concept of PII is flawed; a risk-assessment strategy is the best prescription in light of all of these changes. So I'm awfully puzzled at how we could have such a good, nuanced, careful back-and-forth exchanges which you then summarize with such relative carelessness. To everybody else, please read my paper and the exchange with Khaled, and make up your minds for yourself. Adam,
Thank you for the link to my paper.
Khaled,
I thank you for the opportunity to have a polite exchange about the strength of my work on your blog, but I’m a little less impressed with your blithe summary here: “the case is not as strong as it initially seems.” In fact, on our exchange on your blog, you cite much more support for my thesis than refutation. For refutation, you continue to point to one paper you have co-authored summarizing a series of k-anonymity techniques–the very techniques that some of the recent reidentification research have cast doubt on.
And I know from your post, response, and our private phone conversation that you in fact agree with almost all of what I have said in my paper, and with the heart of my analysis in particular: many data custodians do a woeful job anonymizing; these data custodians nevertheless place great faith in their ability to protect privacy; legislators and regulators are ill-informed about the weaknesses of many anonymization techniques; the concept of PII is flawed; a risk-assessment strategy is the best prescription in light of all of these changes.
So I’m awfully puzzled at how we could have such a good, nuanced, careful back-and-forth exchanges which you then summarize with such relative carelessness.
To everybody else, please read my paper and the exchange with Khaled, and make up your minds for yourself.

]]> http://emergentchaos.com/archives/2009/08/new-on-ssrn.html/comment-page-1#comment-6038 Khaled El Emam Sat, 22 Aug 2009 11:01:47 +0000 http://emergentchaos.com/?p=3195#comment-6038 For additional perspectives, please see comments, response by Paul Ohm, and additional remarks on the first paper at: <a href="http://ehip.blogs.com/ehip/2009/08/has-there-been-a-failure-of-anonymization.html" rel="nofollow">http://ehip.blogs.com/ehip/2009/08/has-there-been-a-failure-of-anonymization.html</a> I think the case is not as strong as it initially seems. For additional perspectives, please see comments, response by Paul Ohm, and additional remarks on the first paper at:
http://ehip.blogs.com/ehip/2009/08/has-there-been-a-failure-of-anonymization.html
I think the case is not as strong as it initially seems.

]]>