Publication | Open Access
Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization
1K
Citations
0
References
2009
Year
EngineeringBroken PromisesInformation SecurityLawInformation ForensicsInformation PrivacyCommunicationTechnology LawPseudonymizationData ScienceSurprising FailureData AnonymizationInformation Privacy LawData ManagementPublic PolicyPrivacy IssueComputer ScientistsData PrivacyTrustPrivacy AnonymityPrivacy ConcernPrivacyData SecurityCryptographySocial Security NumbersArtsData Privacy Law
Anonymization techniques, which remove identifiers from large databases, have been shown by computer scientists to be ineffective at protecting privacy, a flaw that has gone largely unnoticed in privacy law and regulation. The article argues that recognizing the failure of anonymization reveals a fundamental misunderstanding of privacy and calls for a response by providing practical tools. The article offers a set of tools to address the failure of anonymization. Researchers have shown that individuals can be reidentified from anonymized data with surprising ease.
Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often 'reidentify' or 'deanonymize' individuals hidden in anonymized data with astonishing ease. By understanding this research, we will realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed. This mistake pervades nearly every information privacy law, regulation, and debate, yet regulators and legal scholars have paid it scant attention. We must respond to the surprising failure of anonymization, and this Article provides the tools to do so.