Random Privacy

[AARG! Anonymous]

Greg Broiles wrote about randomizing survey answers:

> That doesn't sound like a solution to me - they haven't provided anything
> to motivate people to answer honestly, nor do they address the basic
> problem, which is relying on the good will and good behavior of the
> marketers - if a website visitor is unwilling to trust a privacy policy
> which says "We'll never use this data to annoy or harm you", they're
> likely to be unimpressed with a privacy policy which says "We'll use
> fancy math tricks to hide the information you give us from ourselves."
>
> That's not going to change unless they move the randomizing behavior
> off of the marketer's machine and onto the visitor's machine,
> allowing the visitor to observe and verify the correct operation of
> the privacy technology .. which is about as likely as a real audit of
> security-sensitive source code, where that likelihood is tiny now and
> shrinking rapidly the closer we get to the TCPA/Palladium nirvana.


On the contrary, TCPA/Palladium can solve exactly this problem.  It allows
the marketers to *prove* that they are running a software package that
will randomize the data before storing it.  And because Palladium works
in opposition to their (narrowly defined) interests, they can't defraud
the user by claiming to randomize the data while actually storing it
for marketing purposes.

Ironically, those who like to say that Palladium "gives away root on your
computer" would have to say in this example that the marketers are giving
away root to private individuals.  In answering their survey questions,
you in effect have root privileges on the surveyor's computers, by this
simplistic analysis.  This further illustrates how misleading is this
characterization of Palladium technology in terms of root privileges.