[e2e] was double blind, now reproduceable results

Karen R. Sollins sollins at csail.mit.edu
Wed May 26 12:18:50 PDT 2004

With respect to anonymizing and releasing data, let me recommend to 
you a few pages of a CSTB report, "Information Technology Research 
for Federal Statistics", National Academy Press, 2000.  See 
The focus in that report was to a large extent on data about people, 
so privacy was often considered paramount, but I believe the 
techniques and state of technology with respect to statistics are 
applicable here as well.  I recommend to you pp. 34 - 40, the section 
titled "Limiting Disclosure" in Chapter 2, "Research Opportunities". 
The conclusion to draw from their examples is that at least in the 
domains over which they were looking, it is not well understood how 
to truly hide the information one wants to hide.  Rather than 
possibly misrepresenting the story to you, I recommend you read it 
for yourselves.


At 10:21 AM -0700 5/26/04, Joe Touch wrote:
>RJ Atkinson wrote:
>>On May 26, 2004, at 11:52, Joe Touch wrote:
>>>Impossible is the case I was referring to. Certainly IF transforms are
>>>possible then they should be used and the data made available. However,
>>>some data sources aren't comfortable with these transforms, since there
>>>may be data correlation that ends up compromising the transform.
>>>Notably those that correlate data to existing Internet routing tables -
>>>if you found something that preserved not only prefixes but also the
>>>aggregation, and published it, you'd have to publish the routing tables
>>>similarly transformed. However, since the untransformed routing tables
>>>are available publicly anyway, you've compromised your transform.
>>     Whether the transform is compromised would depend greatly on which
>>particular routing tables one was working with.
>Yes. Bob was saying that there exists. I'm claiming there are cases 
>where there does not exist - i.e., not for all.
>The issue is what to do with a paper published in the case I'm 
>considering; we all know what to do when you CAN safely anonymize.
>However, note that you don't always know when it's safe - just 
>because _you_ can't correlate the info doesn't mean someone else 
>Content-Type: application/pgp-signature; name="signature.asc"
>Content-Description: OpenPGP digital signature
>Content-Disposition: attachment; filename="signature.asc"
>Attachment converted: Macintosh HD:signature.asc (    /    ) (0011E338)

Karen R. Sollins, Ph.D.
Principal Research Scientist
MIT CSAIL, The Stata Center
32 Vassar St., 32-G818
Cambridge, MA 02139, USA
V: +1 617 253 6006
F: +1 617 253 2673
E: sollins at csail.mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.postel.org/pipermail/end2end-interest/attachments/20040526/32b3be22/attachment.html

More information about the end2end-interest mailing list