Difference between revisions of "Anonymous"
(→Context) |
(→Context) |
||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
HTTP ( used on [[Web Site]]s) was designed to operate without any identification and the [[REST]] protocol enforces that paradigm. | HTTP ( used on [[Web Site]]s) was designed to operate without any identification and the [[REST]] protocol enforces that paradigm. | ||
| − | * Literally the term [[Anonymous]] means no name, but many uses now mean that the name cannot be tracked back to the user. The confusion remains irreconcilable. | + | * Literally the term [[Anonymous]] means no name, but many uses now mean that the name cannot be tracked back to the user. One would think that they term [[Pseudonymous]] would be what they mean, but somehow anonymous sounds more attractive to them. The confusion remains irreconcilable. |
==Problem== | ==Problem== | ||
Revision as of 14:03, 4 October 2021
Full Title or Meme
Literally Anonymous means no name.
Context
HTTP ( used on Web Sites) was designed to operate without any identification and the REST protocol enforces that paradigm.
- Literally the term Anonymous means no name, but many uses now mean that the name cannot be tracked back to the user. One would think that they term Pseudonymous would be what they mean, but somehow anonymous sounds more attractive to them. The confusion remains irreconcilable.
Problem
- While some users may think that their attributes on distinct Web Sites cannot be correlated, research has shown that this goal will not be possible[1] That reality does not prevent users from trying to use Pseudonyms to remain Anonymous, but it will never work against a determined adversary.
- All HTTP connections come with an IP address which is often unique to the location of the computer.
- All HTTPS (secure) connections come with a session Identifier which is needed to maintain the secure connection.
- Most Web Sites record all HTTP connections for security purposes.
- If the user supply some sort of credential to allow access to site, the REST protocol effectively requires the use of cookies installed on the user machine to carry the sign in data from one HTTP request to the next.
- If the user expects any continuity from one sign in session to the next, some sort of user Identifier is required.
- Perhaps the most clueless example of the false hope of anonymity is the sequencing company Nebula who offers to perform sequencing though the block chain for complete anonymity.[2] The problem, of course, is that there is no more sure indicator of your identity than you genome. In fact any police depart could immediate try to find you in a huge existing data base. But this is indicative of the utter cluelessness of the entire block-chain anonymity claims. In fact, they make searching for personal data easier than it has ever been before.
De-identification
Does HIPAA really allow PHI to be de-identified? (well - yes - sort of)
So long as information exists as PHI, its use and disclosure are both limited by the Privacy Rule. HIPAA safe harbor de-identification is the process of the removal of specified identifiers of the patient, and of the patient’s relatives, household members, and employers. The requirements of the HIPAA safe harbor de-identification process become fully satisfied if, and only if, after the removal of the specific identifiers, the covered entity has no actual knowledge that the remaining information could be used to identify the patient. Once protected health information has been de-identified, it is no longer considered to be PHI; as such, there are no longer restrictions on its use or disclosure. By definition, de-identified health information neither identifies nor provides a reasonable basis to identify a patient. Specific pieces of data (data elements) can, individually or in combination, be used to uniquely identify an individual. The following data elements can be used to uniquely identify, and, as such, must be de-identified under the safe harbor rule:
Names Geographic locators In the case of zip codes, covered entities are generally permitted to use the first three digits, provided the geographic unit formed by combining those first three digits contains more than 20,000 individuals. All elements of dates (except the year) that are related to an individual, including: admission and discharge dates, birth-date, date of death, all ages over 89 years old, and elements of dates (including year) that are indicative of age. Telephone, cellphone, and fax numbers Email addresses IP addresses (IP addresses can be used to identify physical addresses) Social Security Numbers Medical record numbers Health plan beneficiary numbers (i.e. the member ID on a patient’s health insurance card) Device identifiers and serial numbers (medical devices are assigned unique serial numbers) Certificate/license numbers (e.g., driver license numbers and birth certificate numbers) Account numbers (e.g., bank account numbers) Vehicle identifiers and serial numbers, including license plates Website URLs If a URL is logged within a specific application, the URL can be used to uniquely identify an individual Full face photos and comparable images Biometric identifiers (including fingerprints, voice prints, and retinal images) Any unique identifying numbers, characteristics or codes
Once these specific identifiers have been removed, the covered entity must have no actual knowledge that the remaining information could be used to identify the patient. If this “no actual knowledge” requirement has been satisfied, the PHI has been successfully de-identified under the safe harbor method. There's the catch. As AI technology advances, this bar continues to move down, to the point were the data is soon of very limited value. In other words, this safe harbor can only be used til the tide goes out, and this continues to be the direction the tide is taking.
- Before you accept the idea that it is possible for someone to collect data about you that does not identifier you, consider this: the more attributes that are linked together, the larger the pool of [people that are not you] gets. Eventually it gets to the point where you are the only one left in the pool of people that the attributes describe.
Solution
- The most trustworthy Web Sites will tell you when they identify you, but it has not be historically necessary that they do so.
- Current legislation from the EU and California requires Web Sites to be more forthcoming about how they collect and use data.
- Well-meaning Technology Solutions are proclaimed every few months, none really work for any extended period of time if there is any aggregation of data by individual. For example the State of Rhode Island cooperated with Brown University[3] to show how that state could overcome identification. Given the information in the first reference, it is only a matter of time before some other Academics will recover individual identities.
References
- ↑ Gina Kolata, Can Data be Fully Anonymous? New Algorithms can still identify you New York Times (2019-07-24) p A8.
- ↑ Megan Moteni,You can soon get Your DNA sequenced Anonymously (2019-09-19) https://www.wired.com/story/you-can-soon-get-your-dna-sequenced-anonymously
- ↑ Justine S. Hastings +4, Unlocking Data to Improve Public Policy. CACM 62 (2019-10) p. 48ff
