[langsec-discuss] PII?

David Fetter david at fetter.org
Sat Nov 15 02:47:17 UTC 2014

On Fri, Nov 14, 2014 at 03:01:21PM -0800, travis+ml-langsec at subspacefield.org wrote:
> On Fri, Nov 07, 2014 at 01:49:02PM -0800, David Fetter wrote:
> > While there is such a thing as legal definitions of personally
> > identifiable information, is the idea that this division exists, i.e.
> > that information can be identified in a context-free way as implying
> > other information, while other information cannot, even plausible?
> If I understand your question correctly, no. Case in point, using
> Netflix ratings to identify political preferences:
> https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf

Yes, it's just this kind of thing that I had in mind.  It seems to me
that any information, however broad or trivial, could in some context
be the "last straw" that sets the K in your K-anonymity to 1.

> > My information theoretic background is pretty close to
> > nonexistent, but my intuition says no.
> My ordinary rule is to be skeptical of any broad, or universal
> claims - that such-and-such is always, or never, the case.  Such
> things are difficult to prove, though clearly falsifiable, something
> which physical sciences should have taught me, but which for some
> reason computer security still frequently surprises me with.

I hope some day that computer science will be an actual science.  At
the moment, it appears to be a kind of abstruse branch of mathematics,
which would be fine if it weren't *called* a science.  Science has
experiments that establish a model's connection to the universe in
which we live, and falsifiability, and stuff like that.  Mathematics
has logical consistency, which is not even remotely the same thing,
even though there's a school of flat-earth economics that says it is.

> The difficulty of proving such is usually what is meant by "proving a
> negative": negate(exist(A)) == universal(not(A))
> As a matter of pedantry, "it is not the case that this room is
> painted black everywhere" is proven by a spot of white:
> negate(universal(A)) == exist(not(A))
> Side channels, inference, and so on are deadly to theoretical
> arguments about logical impossibility in real systems.

Depends how you mean.  If you're talking about, for example, the
negation of Sassaman Conjecture, which negation amounts to "the
maximal K for K-anonymity in a packet-switched network is >1," might
be pretty straight-forward to falsify.  There are giant socioeconomic
issues rolled up in that seemingly abstruse question.

David Fetter <david at fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter at gmail.com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

More information about the langsec-discuss mailing list