Greg Broiles wrote about randomizing survey answers:
That doesn't sound like a solution to me - they haven't provided anything to motivate people to answer honestly, nor do they address the basic problem, which is relying on the good will and good behavior of the marketers - if a website visitor is unwilling to trust a privacy policy which says "We'll never use this data to annoy or harm you", they're likely to be unimpressed with a privacy policy which says "We'll use fancy math tricks to hide the information you give us from ourselves."
That's not going to change unless they move the randomizing behavior off of the marketer's machine and onto the visitor's machine, allowing the visitor to observe and verify the correct operation of the privacy technology .. which is about as likely as a real audit of security-sensitive source code, where that likelihood is tiny now and shrinking rapidly the closer we get to the TCPA/Palladium nirvana.
On the contrary, TCPA/Palladium can solve exactly this problem. It allows the marketers to *prove* that they are running a software package that will randomize the data before storing it. And because Palladium works in opposition to their (narrowly defined) interests, they can't defraud the user by claiming to randomize the data while actually storing it for marketing purposes. Ironically, those who like to say that Palladium "gives away root on your computer" would have to say in this example that the marketers are giving away root to private individuals. In answering their survey questions, you in effect have root privileges on the surveyor's computers, by this simplistic analysis. This further illustrates how misleading is this characterization of Palladium technology in terms of root privileges.
On Sat, Sep 21, 2002 at 01:15:18PM -0700, AARG!Anonymous wrote: | Greg Broiles wrote about randomizing survey answers: | | > That doesn't sound like a solution to me - they haven't provided anything | > to motivate people to answer honestly, nor do they address the basic | > problem, which is relying on the good will and good behavior of the | > marketers - if a website visitor is unwilling to trust a privacy policy | > which says "We'll never use this data to annoy or harm you", they're | > likely to be unimpressed with a privacy policy which says "We'll use | > fancy math tricks to hide the information you give us from ourselves." | > | > That's not going to change unless they move the randomizing behavior | > off of the marketer's machine and onto the visitor's machine, | > allowing the visitor to observe and verify the correct operation of | > the privacy technology .. which is about as likely as a real audit of | > security-sensitive source code, where that likelihood is tiny now and | > shrinking rapidly the closer we get to the TCPA/Palladium nirvana. | | | On the contrary, TCPA/Palladium can solve exactly this problem. It allows | the marketers to *prove* that they are running a software package that | will randomize the data before storing it. And because Palladium works | in opposition to their (narrowly defined) interests, they can't defraud | the user by claiming to randomize the data while actually storing it | for marketing purposes. No, it allows security geeks to talk about proof. My mom stil won't get it. Pd doesn't allow you to prove that there's no sniffer doing other things with the data, that nothing is logged at the wrong time, etc If you really want to randomize the data, do it close to me. Or better yet, run some software from Credentica and accept a proof of whatever data is in question. But the reality is that people hand over most of their data now. So why would I invest in this expensive technology? (Mike Freedman, Joan Feigenbaum, Tomas Sander and I did a paper which touches on the power imbalance between the companies that offer DRM technology and their customers...same analysis applies here... http://www.homeport.org/~adam/privacyeng-wspdrm01.pdf ) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (2)
-
AARG! Anonymous -
Adam Shostack