SlideShare a Scribd company logo

Anonos NIST Comment Letter – De–Identification Of Personally Identifiable Information

Ted Myerson
Ted Myerson

NIST LETTER – DE–IDENTIFICATION OF PERSONALLY IDENTIFIABLE INFORMATION

Technology
1 of 11
Download to read offline
  anonos.com   1     Submitted  via  overnight  delivery  /  email  to  draft-­‐nistir-­‐deidentify@nist.gov       May  15,  2015     National  Institute  of  Standards  and  Technology  (NIST)   Attn:  Computer  Security  Division,  Information  Technology  Laboratory   100  Bureau  Drive  (Mail  Stop  8930)   Gaithersburg,  MD  20899-­‐8930       Re:    Draft  NISTIR  8053  De-­‐Identification  of  Personally  Identifiable  Information       We  appreciate  the  opportunity  to  submit  comments  to  the  National  Institute  of  Standards  and   Technology  (NIST)  in  the  context  of  the  draft  publication  entitled  Draft  NISTIR  8053  De-­‐Identification  of   Personally  Identifiable  Information  (NIST  Draft  Report).     This  letter  is  separated  into  the  following  three  sections:     I. Proposal  to  Include  Dynamic  Data  Obscurity  in  NIST  Draft  Report;   II. History  of  the  term  Dynamic  Data  Obscurity;  and   III. The  Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  Approach  to  Dynamic  Data  Obscurity.       I.   Proposal  to  Include  Dynamic  Data  Obscurity  in  NIST  Draft  Report   We  propose  that  the  NIST  Draft  Report  include  Dynamic  Data  Obscurity  –  temporally  dynamic  data   obscuring  technology  that  actively  limits  the  risk  of  re-­‐identification.  As  noted  in  the  NIST  Draft  Report,   static  de-­‐identification  techniques  suffer  from  numerous  shortcomings;  however,  dynamic  obscuring   technology  helps  maintain  data  privacy  and  security  while  reducing  risks  involved  in  collecting,  storing,   processing,  and  analyzing  data.     Dynamic  Data  Obscurity  turns  data  into  business  intelligence  (BI)1  by  transforming  static  access   controls  into  technologically  enforced  dynamic  permissions  applied  per-­‐element  instead  of  across   entire  records  or  applications.  This  maximizes  the  utility  of  underlying  data  by  allowing  intelligent,   adaptable,  and  compliant  permissions  while  fundamentally  enforcing  core  protections  for  personally   identifiable  and  sensitive  information.     1  Business  intelligence  (BI)  is  an  umbrella  term  that  includes  the  applications,  infrastructure  and  tools,  and  best  practices   that  enable  access  to  and  analysis  of  information  to  improve  and  optimize  decisions  and  performance.  See   http://www.gartner.com/it-­‐glossary/business-­‐intelligence-­‐bi  
  anonos.com   2     Technologically  enforced  Dynamic  Data  Obscurity  rules  can  account  for  access,  use,  display,  time,  and   location  restrictions,  across  any  industry  or  regulatory  standard,  thereby  helping  to  overcome   shortcomings  of  static  de-­‐identification  such  as  the  following:   a) Re-­‐Identification.  With  static  de-­‐identification,  as  long  as  any  utility  remains  in  the  data,  there   exists  the  possibility  that  some  information  might  result  in  re-­‐identification  of  original   identities.2     b) Lost  Data  Value.  Generally,  privacy  protection  improves  as  more  aggressive  static  de-­‐ identification  techniques  are  employed,  but  less  utility  remains  in  the  resulting  data  set3  due  to   the  fact  that  static  de-­‐identification  techniques  remove  identifying  information  from  data.4   c) Security  Breach  Exposure.  The  scope  and  frequency  of  data  security  breaches  have  changed  the   privacy  paradigm.  Some  view  theft  of  personal  data  by  cybercriminals  as  the  number  one  threat   to  privacy.5  However,  static  de-­‐identification  techniques  are  not  designed  to  improve  data   security.   d) International  Acceptance.  Compliance  with  privacy  laws  in  one  jurisdiction  by  relying  on  click-­‐ through  terms  and  conditions  and/or  static  de-­‐identification  may  provide  insufficient  grounds   to  legally  use  data  in  other  jurisdictions.  For  example,  General  Data  Protection  Regulations,   currently  under  negotiation  between  the  European  Parliament  and  the  Council  of  the  EU,  are   expected  to  allow  EU  citizens  to  seek  redress  with  their  national  regulators  over  a  company’s   handling  of  their  data,  rather  than  being  subject  to  laws  in  the  country  where  the  company  has   its  headquarters.6   Existing  technology  does  not  effectively  address  shortcomings  of  static  de-­‐identification  nor  does  it   adequately  reconcile  conflicts  between  protecting  personal  data  and  enabling  commerce.  Because  of   this,  companies  can  be  placed  in  the  uncomfortable  position  of  choosing  between  delivering  products   and  services  to  consumers  or  complying  with  data  privacy  laws  in:   a) Jurisdictions  that  require  unambiguous  consent  to  use  personal  data  like  in  the  EU;   b) Industries  subject  to  specific  regulatory  restrictions  on  data  use  like  healthcare,  education  and   finance  in  the  United  States;  and   c) Other  data  use  scenarios  subject  to  uncertain  future.   2  NIST  Draft  Report  at  line  151.   3  NIST  Draft  Report  at  line  150.   4  NIST  Draft  Report  at  line  76.   5  Robinson,  Teri.  “Privacy  Matters.”  SC  Magazine.  May  1,  2015.  http://www.scmagazine.com/privacy-­‐ matters/article/409041/   6  Meyer,  David.  “Belgium  Targets  Facebook  Tracking.”  Politico.  May  15,  2015.  http://www.politico.eu/article/belgium-­‐ targets-­‐facebook-­‐tracking/  
  anonos.com   3     Dynamic  Data  Obscurity  is  a  new  technological  approach  to  protecting  personal  data,  while  at  the   same  time  bridging  the  gap  between  commerce  and  regulations.  Instead  of  yet  another  application   layer  on  top  of  legacy  data  sources,  Dynamic  Data  Obscurity  can  limit  the  ability  to  infer,  single  out,  or   link  to  personally  identifiable  or  sensitive  information.   Current  approaches  to  protecting  data  are  binary  in  nature  –  data  is  either  valuable  or  private  –  for   example:   • Encrypted  data  is  either  protected  but  unusable  or  usable  but  unprotected  when  decrypted;   and   • With  digital  information,  data  is  generally  not  de-­‐identified  but  available  to  customize  offerings   for  the  benefit  of  consumers,  or  is  de-­‐identified  but  unavailable  to  fully  benefit  consumers,   companies,  and  society  at  large.         In  a  report  submitted  to  President  Obama  in  May  2014  entitled  Big  Data  and  Privacy:  A  Technological   Perspective,7  a  working  group  of  the  President's  Council  of  Advisors  on  Science  and  Technology  (PCAST)   noted:   The  beneficial  uses  of  near-­‐ubiquitous  data  collection  are  large,  and  they   fuel  an  increasingly  important  set  of  economic  activities.  Taken  together,   these  considerations  suggest  that  a  policy  focus  on  limiting  data   collection  will  not  be  a  broadly  applicable  or  scalable  strategy  –  nor  one   likely  to  achieve  the  right  balance  between  beneficial  results  and   unintended  negative  consequences  (such  as  inhibiting  economic  growth).     More  broadly,  PCAST  believes  that  it  is  the  use  of  data  (including  born-­‐ digital  or  born-­‐analog  data  and  the  products  of  data  fusion  and  analysis)   that  is  the  locus  where  consequences  are  produced.  This  locus  is  the   technically  most  feasible  place  to  protect  privacy.  Technologies  are   emerging,  both  in  the  research  community  and  in  the  commercial  world,   7  https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-­‐_may_2014.pdf  
  anonos.com   4     to  describe  privacy  policies,  to  record  the  origins  (provenance)  of  data,   their  access,  and  their  further  use  by  programs,  including  analytics,  and  to   determine  whether  those  uses  conform  to  privacy  policies.  Some   approaches  are  already  in  practical  use.   Dynamic  Data  Obscurity  can  help  provide  flexible  technology-­‐enforced  controls  necessary  to  support   economic  growth  requiring  sophisticated  handling  of  various  data  privacy  requirements.  For  example,   the  ability  to  deliver  on  the  many  promises  of  “health  big  data”  is  predicated  on  the  ability  to  support   differing  privacy  requirements  depending  on  the  source  of  health-­‐related  data:   • Consumer  health  data  collected  using  personal  health  record  tools,  mobile  health  applications,   and  social  networking  sites  are  subject  to  privacy  policies  /  terms  and  conditions  of  applicable   websites,  devices  and  applications;   • Protected  health  information  (PHI)  is  subject  to  privacy  and  security  requirements  under  the   Health  Insurance  Portability  and  Accountability  Act  (HIPAA);  and   • Health  data  from  federally  funded  research  is  subject  to  separate  privacy  requirements  of  The   Federal  Policy  for  the  Protection  of  Human  Subjects  or  “Common  Rule.”   Each  of  the  above  categories  of  privacy  and  security  requirements  can  be  supported  via  Dynamic  Data   Obscurity  despite  differences  in  requirements  –  therefore  opening  up  new  opportunities  for  economic   growth  and  advances  in  research  and  healthcare.   Dynamic  Data  Obscurity  could  even  be  helpful  in  resolving  the  future  of  Europe's  Safe  Harbor   Agreement  with  the  U.S.  as  well  as  data  protection  practices  of  global,  internet-­‐based  companies   operating  in  Europe  like  Apple,  Google,  Yahoo,  Skype  and  Microsoft  by  facilitating  sharing  of  personal   data  only  under  authorized  conditions  in  compliance  with  both  "lead"  and  "concerned"  Data   Protection  Authorities  thereby  accommodating  differing  requirements  in  multiple  EU  jurisdictions.     II.   History  of  the  term  Dynamic  Data  Obscurity   One  of  the  earliest  mentions  of  the  power  of  obscuring  data  was  in  a  2013  California  Law  Review   article  entitled  The  Case  for  Online  Obscurity8  by  Woodrow  Hartzog  and  Frederic  Stutzman,  in  which   they  stated:   On  the  Internet,  obscure  information  has  a  minimal  risk  of  being   discovered  or  understood  by  unintended  recipients.  Empirical  research   demonstrates  that  Internet  users  rely  on  obscurity  perhaps  more  than   anything  else  to  protect  their  privacy.  Yet,  online  obscurity  has  been   8  http://www.californialawreview.org/wp-­‐content/uploads/2014/10/01-­‐HartzogStutzman.pdf  
  anonos.com   5     largely  ignored  by  courts  and  lawmakers.  In  this  Article,  we  argue  that   obscurity  is  a  critical  component  of  online  privacy,  but  it  has  not  been   embraced  by  courts  and  lawmakers  because  it  has  never  been  adequately   defined  or  conceptualized.   The  term  Dynamic  Data  Obscurity  was  coined  in  an  October  15,  2014  blog  by  Martin  Abrams,  the   Executive  Director  of  the  Information  Accountability  Foundation,  which  stated:   The  fact  is  that  we  data  protection  professionals  cannot  accept  the  status   quo.  We  need  to  be  able  to  demonstrate  our  trustworthiness,  and   effective  tools  are  part  of  that.   The  Information  Accountability  Foundation’s  mission  is  research  and   education  on  policy  solutions  that  facilitate  innovation  while  protecting   individuals  from  inappropriate  processing.  As  we  have  worked  through   big  data  ethics,  it  has  reinforced  our  view  that  outside  of  the  box   technology  solutions  must  be  available.  Data  needs  to  be  visible  when  it  is   being  used  within  bounds,  and  obscured  when  it  is  not.  Technology  does   not  replace  policy  enforcement;  it  makes  the  enforcement  possible  and   actionable.   A  number  of  us  have  been  thinking  about  the  dilemma  for  the  past  six   months  and  looking  for  solutions.  We  believe  the  solutions  are  part  of  a   field  we  have  begun  to  call  “Dynamic  Data  Obscurity.”  Dynamic  data   obscurity  involves  obscuring  data  down  to  the  element  level  when  that   level  of  security  is  necessary  and  making  sure  that  rules  which  control   when  elements  can  be  seen  are  real  and  enforced.  Dynamic  data   obscurity  is  also  about  making  the  technology  controls  harder  to  break   but  still  allowing  for  appropriate  uses.  It  requires  both  new  technologies   combined  with  effective  internal  monitoring  and  enforcement.9   The  next  public  use  of  the  term  Dynamic  Data  Obscurity  took  place  in  an  October  20,  2014   International  Association  of  Privacy  Professionals  (IAPP)  Privacy  Perspectives  article10  written  by  Gary   LaFever,  Co-­‐Founder  and  Chief  Executive  Officer  of  Anonos  -­‐  a  pioneer  in  developing  practical   applications  of  Dynamic  Data  Obscurity  technology,  in  which  he  stated:     We’re  not  discounting  the  value  of  anonymization;  it  powered  the  growth   of  the  Internet.  But  today,  technology,  markets,  applications  and  threats   have  evolved  while  the  protocols  to  keep  personally  identifiable  data   9  http://informationaccountability.org/taking-­‐accountability-­‐controls-­‐to-­‐the-­‐next-­‐level-­‐dynamic-­‐data-­‐obscurity/   10  https://privacyassociation.org/news/a/what-­‐anonymization-­‐and-­‐the-­‐tsa-­‐have-­‐in-­‐common/
  anonos.com   6     anonymous  have  not.  If  we  are  to  mine  the  vast  potential  of  data   analytics  to  create  high-­‐value  products  and  services  that  improve  and   even  save  lives  while  meeting  the  privacy  expectations  of  the  public  and   regulators,  we  need  new  tools  and  thinking.     Dynamic  data  obscurity  improves  upon  static  anonymity  by  moving   beyond  protecting  data  at  the  data  record  level  to  enable  data  protection   at  the  data  element  level.  Dynamic  data  obscurity  empowers  privacy   officers  to  improve  the  “optics”  of  data  protection  for  data  subjects,   regulators  and  the  news  media  while  deploying  next-­‐generation   technology  solutions  that  deliver  more  effective  data  privacy  controls   while  maximizing  data  value.     Vibrant  and  growing  areas  of  economic  activity—the  “trust  economy,”  life   sciences  research,  personalized  medicine/education,  the  Internet  of   Things,  personalization  of  goods  and  services—are  based  on  individuals   trusting  that  their  data  is  private,  protected  and  used  only  for  authorized   purposes  that  bring  them  maximum  value.  This  trust  cannot  be   maintained  using  static  anonymity.  We  must  embrace  new  approaches   like  dynamic  data  obscurity  to  both  maintain  and  earn  trust  and  more   effectively  serve  businesses,  researchers,  healthcare  providers  and  anyone   who  relies  on  the  integrity  of  data.     The  Information  Accountability  Foundation  held  a  framing  discussion  in  January  2015  in  Washington   DC  at  which  invited  government,  education  and  business  leaders  discussed  that:     Early  analytics,  dating  from  the  1980s,  were  dependent  on  anonymization   and  de-­‐identification  to  ensure  compliance  and  individual  protection.  For   example,  information  used  for  credit  marketing  needed  to  be  de-­‐ identified  to  comply  with  the  Federal  Fair  Credit  Reporting  Act.   Technology  provided  the  tools  to  de-­‐identify,  and  the  assurance  came   from  the  requirements  of  the  FCRA.  Effective  de-­‐identification  and   anonymization  tools  have  always  rested  on  this  marriage  of  policy  and   technology.     Today’s  analytics,  driven  by  observation,  makes  the  mandate  for  the  “belt   and  suspenders”  of  policy  and  technology  even  more  compelling.  The   technologies  are  challenged  internally  by  organizations’  need  for   knowledge  and  externally  by  very  smart  cyber  criminals.  Even  with  the   belt  of  policy,  the  suspenders  of  technology  need  upgrading  to  match   today’s  challenges.  If  we  do  not  meet  that  challenge,  we  could  see  real  
  anonos.com   7     resistance  to  the  information  age’s  dual  mandates  for  innovation  and   fairness.  The  policy  community  needs  to  explore  Dynamic  Data  Obscurity   (DDO)  to  see  if  it  will  enhance  data  security  and  privacy  to  facilitate   increased  data  value  and  protection  compared  to  legacy  approaches.11       The  term  Dynamic  Data  Obscurity  has  since  been  used  at  international  conferences,12  in  comment   letters  submitted  to  international  data  privacy  regulators,13  and  in  White  Papers14  on  the  subject  of   Dynamic  Data  Obscurity.     III.   The  Anonos15  Just-­‐In-­‐Time-­‐Identity  (JITI)  Approach  to  Dynamic  Data  Obscurity   Anonos has been working on Just-­‐In-­‐Time-­‐Identity  (JITI)  technology  –  the  Anonos  approach  to   implementing  Dynamic Data Obscurity  –  since  2012.  Anonos  is  currently  engaged  in  a  Proof  of  Concept   with  an  international  Data  Protection  Authority  together  with  multinational  companies  to  show  that   Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  technologies,  layered  on  top  of  an  underlying  information  platform,   can  deliver  three  interlinked  benefits:   a) Role-­‐based  technical  and  organizational  measures  to  enforce  policies  for  use  of  personal  data;   b) Functional  separation  between  low-­‐  and  high-­‐risk  data  uses  for  re-­‐identification;  and   c) Secure  storage  of  underlying  data.   All  three  benefits  increase  the  utility  of  the  information  platform  while  at  the  same  time  increasing  the   privacy  and  security  controls  available  to  protect  personal  data.   Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  is  an  architecturally  enforced  private-­‐by-­‐default  technology  that   retains  utility  under  authorized  conditions,  and  supports  all  queries  and  actions  with  centralized  audit   logging.  Policies  and  rules  can  be  customized  to  limit  or  eliminate  re-­‐identification  via  inference,   singling  out,  or  linking  of  personal  data.   11  http://informationaccountability.org/iaf-­‐will-­‐convene-­‐ddo-­‐discussion-­‐in-­‐2015/   12  http://informationaccountability.org/video-­‐of-­‐panel-­‐on-­‐dynamic-­‐data-­‐obscurity/   13  http://www.anonos.com/anonos-­‐enabling-­‐bigdata/   14  http://www.anonos.com/anonos-­‐dynamic-­‐data-­‐obscurity/   15  Anonos,  Just-­‐In-­‐Time-­‐Identity,  JITI,  Dynamic  De-­‐Identifier,  DDID,  and  other  marks  are  trademarks  of  Anonos  Inc.   protected  under  U.S.  and  international  trademark  laws  and  treaties.  Anonos  Just-­‐In-­‐Time-­‐Identity  technology  is   protected  under  U.S.  and  international  copyright  and  patent  laws  and  treaties.  Other  marks  that  appear  in  this  letter   and  not  owned  by  Anonos  are  the  property  of  their  respective  owners.  Anonos  makes  no  claim  of  relationship  to,  or   affiliation  with,  owners  of  marks  not  owned  by  us  Anonos.
  anonos.com   8           • Anonos  data  stores  are  obscured  by  default,  and  reveal  original  or  perturbed  data  values  only  in   accordance  with  technically  enforced  rules  in  response  to  authorized  queries.  Improper  use  of  data   is  architecturally  prevented.     • There  is  little  incentive  to  steal  Anonos-­‐enabled  data  stores  since  data  is  obscured  at  all  times.   Without  access  to  Just-­‐In-­‐Time-­‐Identify  (JITI)  dynamic  de-­‐identification  (DDID)  keys  the  data  is   minimally  valuable.     • In  the  event  of  an  Anonos-­‐enabled  data  store  breach,  data  is  unreadable  and  unusable  to   unauthorized  parties.       • Anonos  data  stores  can  be  created  from  scratch  or  derived  from  existing  data  stores  on  standard   platforms.     • Anonos  data  store  controls  can  reflect  regulatory  standards  that  will  indicate  to  companies  what   flow-­‐through  protections  are  required  in  order  for  them  to  remain  compliant  when  crafting  internal   rules  and  policies.     Complying  with  regulations  using  current  approaches  to  de-­‐identification,  data  privacy  and  security  can   be  complicated  and  expensive.  Anonos  anonymizing  capabilities  retain  full  data  value  and  utility  with   support  for  various  use  cases  –  all  while  minimizing  risk  of  data  misuse,  abuse  or  compromise  –  Anonos   refers  to  this  as  “anõnosizing”  data.   • Anonos  data  store  level  architectural  controls  facilitate  both  internal  audits  and  external  regulator   reviews.     • Anonos  enables  sharing  of  portable  data  stores  with  multiple  parties  having  differing  authorization   privileges  by  providing  unique  JITI  DDID  key  combinations  to  each  party,  any  of  which  may  be   revoked  manually  or  via  an  automatic  trigger  at  any  time.     • Anonos  facilitates  compliance  with  data  privacy  laws,  rules  and  regulations  by  companies  of  all   sizes  without  requiring  them  to  have  large  in-­‐house  data  privacy  /  security  teams.  
  anonos.com   9      
  anonos.com   10     Potential  Applications  of  Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  Dynamic  Data  Obscurity  Technology   Example  #1:  Internal  Data  Misuse   Walt  Disney  offers  visitors  to  its  parks  “MagicBands”   –  wrist-­‐worn  authentication  devices,  providing  access   to  hotels,  rides,  transportation,  as  well  as  an  ability   to  pay  for  food,  beverages,  and  souvenirs  via  a  linked   payment  card.  Within  a  single  park,  there  might  be   hundreds  of  different  uses  for  a  MagicBand,  each  of   which  might  have  distinct  access  rules.  For  example,   a  ride  might  need  to  know  the  height  of  the  patron;  a   bar  might  only  allow  children  in  during  lunch;  and   payments  of  certain  types  might  require  both  the   child’s  and  parent’s  MagicBand.  Finally,  a  lost  child   with  a  MagicBand  can  be  easily  reunited  with  trusted   family.  The  danger  in  this  system  comes  from  trusted  insiders,  because  customers  demand  full  utility   while  the  park  has  a  duty  to  manage  the  risk  of  exposing  too  much  personal  information  to  employees.   From  a  staff  management  perspective,  the  incentive  is  to  have  fewer  roles  with  greater  access  and   authority,  but  that  enables  employees  with  the  right  access  to  aggregate  the  required  data  from   different  MagicBand  uses  and  track  the  movement  of  guests,  know  when  they’re  not  in  their  hotel   rooms,  or  even  manipulate  parameters  to  create  dangerous  authorizations  for  small  children  to  go  on   adult-­‐sized  rides.  Anonos-­‐enabled  data  stores  for  each  of  these  use  cases  would  eliminate  such  risks,   because  employee  roles  would  be  defined  on  a  per-­‐use-­‐case  context  basis,  and  casual  browsing  of  the   wider  family  records  would  be  prevented.       Example  #2:  Re-­‐identification   The  January  2015  Science  journal  includes  a  3  month   study  of  credit  card  records  for  1.1  million  people   that  shows  four  spatiotemporal  points  are  enough  to   uniquely  re-­‐identify  90%  of  credit  card  customers.   Anonos  de-­‐identifiers  (DDIDs)  de-­‐identify  credit  card   customers  for  each  transaction  –  providing  a  Just-­‐In-­‐ Time-­‐Identity  (JITI)  for  each  transaction.  As  a  result,   customers  cannot  be  re-­‐identified  by  means  of   correlating  static  anonymous  identifiers.  The  Anonos   approach  makes  limiting  the  ability  to  single  out,  link   or  infer  a  data  subject  a  policy  choice  instead  of  a   statistical  risk.     See  http://www.anonos.com/unicity  for  interactive  version  of  this  example  
  anonos.com   11     Example  #3:  Data  Breach   Firms  like  health  insurer  Anthem  suffer  when  their   facilities  are  breached  (as  do  their  millions  of   subscribers  /  customers  whose  identities  are   “hacked”)  and  data  is  kept  in  unencrypted  form  to   enable  use  of  the  data.  As  a  result,  attackers  can  gain   unauthorized  access  to  personal  data  in  “cleartext”   form  –  i.e.,  unencrypted  information  that  is  “in  the   clear”  and  understandable.  In  contrast  to  standard   encryption,  which  is  generally  fully  “on”  or  "off,"  or   traditional  data  masking  techniques  which  do  not   protect  data  at  the  data  store  level,  Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  can  protect  against  data  loss   from  external  breaches  without  losing  use  of  data  for  authorized  purposes  within  the  company.  With   JITI,  an  attacker  may  gain  access  to  data  but  would  not  gain  access  to  JITI  keys  (kept  securely  in   separate  virtual  or  physical  locations)  necessary  to  reveal  personal  information.       _______________       Anonos  appreciates  the  opportunity  to  submit  this  letter  to  the  National  Institute  of  Standards  and   Technology.       Respectfully  Submitted,                                              M.  Gary  LaFever                Ted  Myerson                          Co-­‐Founder                Co-­‐Founder  

Recommended

Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyClaudiu Popa
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Praveenkumar Hosangadi
 
NIST article I wrote
NIST article I wroteNIST article I wrote
NIST article I wroteLisa LaForge, JD, CIPP/E, CIPM
 

Recommended

Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Ulf Mattsson
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyClaudiu Popa
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Praveenkumar Hosangadi
 
NIST article I wrote
NIST article I wroteNIST article I wrote
NIST article I wroteLisa LaForge, JD, CIPP/E, CIPM
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
S719a
S719aS719a
S719aecommerce
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
GDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projectsGDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projectsLorenzo Mannella
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!BrightPay Payroll and Auto Enrolment Software
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Khaled El Emam
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research dataTomppa Järvinen
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & PrivacyAbzetdin Adamov
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data PrivacyMaganathin Veeraragaloo
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Ted Myerson
 
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionAnonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionTed Myerson
 

More Related Content

What's hot

Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
GDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projectsGDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projectsLorenzo Mannella
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Khaled El Emam
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research dataTomppa Järvinen
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 

What's hot (20)

Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
S719a
S719aS719a
S719a
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
 
GDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projectsGDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projects
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research data
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data Privacy
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 

Similar to Anonos NIST Comment Letter – De–Identification Of Personally Identifiable Information

Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Ted Myerson
 
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionAnonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionTed Myerson
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Ethics In DW & DM
Ethics In DW & DMEthics In DW & DM
Ethics In DW & DMabethan
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
ETHICAL ISSUES WITH CUSTOMER DATA COLLECTION
ETHICAL ISSUES WITH CUSTOMER DATA COLLECTIONETHICAL ISSUES WITH CUSTOMER DATA COLLECTION
ETHICAL ISSUES WITH CUSTOMER DATA COLLECTIONPranav Godse
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
Big data analytics for life insurers
Big data analytics for life insurersBig data analytics for life insurers
Big data analytics for life insurersdipak sahoo
 
Big_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_publishedBig_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_publishedShradha Verma
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Ravinder (Ravi) Singh
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...e-SIDES.eu
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
 

Similar to Anonos NIST Comment Letter – De–Identification Of Personally Identifiable Information (20)

Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...
 
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionAnonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Ethics In DW & DM
Ethics In DW & DMEthics In DW & DM
Ethics In DW & DM
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
ETHICAL ISSUES WITH CUSTOMER DATA COLLECTION
ETHICAL ISSUES WITH CUSTOMER DATA COLLECTIONETHICAL ISSUES WITH CUSTOMER DATA COLLECTION
ETHICAL ISSUES WITH CUSTOMER DATA COLLECTION
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of Things
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
 
Big data analytics for life insurers
Big data analytics for life insurersBig data analytics for life insurers
Big data analytics for life insurers
 
Big_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_publishedBig_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_published
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
 

More from Ted Myerson

Anonos U.S. Patent Number 9,087,216
Anonos U.S. Patent Number 9,087,216Anonos U.S. Patent Number 9,087,216
Anonos U.S. Patent Number 9,087,216Ted Myerson
 
Anonos U.S. Patent Number 9,087,215
Anonos U.S. Patent Number 9,087,215Anonos U.S. Patent Number 9,087,215
Anonos U.S. Patent Number 9,087,215Ted Myerson
 
Anonos PR Newswire Press Release 07-09-15
Anonos PR Newswire Press Release 07-09-15Anonos PR Newswire Press Release 07-09-15
Anonos PR Newswire Press Release 07-09-15Ted Myerson
 
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...Ted Myerson
 
Anonos Letter To International Privacy Regulators
Anonos Letter To International Privacy RegulatorsAnonos Letter To International Privacy Regulators
Anonos Letter To International Privacy RegulatorsTed Myerson
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldTed Myerson
 

More from Ted Myerson (6)

Anonos U.S. Patent Number 9,087,216
Anonos U.S. Patent Number 9,087,216Anonos U.S. Patent Number 9,087,216
Anonos U.S. Patent Number 9,087,216
 
Anonos U.S. Patent Number 9,087,215
Anonos U.S. Patent Number 9,087,215Anonos U.S. Patent Number 9,087,215
Anonos U.S. Patent Number 9,087,215
 
Anonos PR Newswire Press Release 07-09-15
Anonos PR Newswire Press Release 07-09-15Anonos PR Newswire Press Release 07-09-15
Anonos PR Newswire Press Release 07-09-15
 
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
DATA PRIVACY IN AN AGE OF INCREASINGLY SPECIFIC AND PUBLICLY AVAILABLE DATA: ...
 
Anonos Letter To International Privacy Regulators
Anonos Letter To International Privacy RegulatorsAnonos Letter To International Privacy Regulators
Anonos Letter To International Privacy Regulators
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
 

Recently uploaded

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Anonos NIST Comment Letter – De–Identification Of Personally Identifiable Information

  • 1.   anonos.com   1     Submitted  via  overnight  delivery  /  email  to  draft-­‐nistir-­‐deidentify@nist.gov       May  15,  2015     National  Institute  of  Standards  and  Technology  (NIST)   Attn:  Computer  Security  Division,  Information  Technology  Laboratory   100  Bureau  Drive  (Mail  Stop  8930)   Gaithersburg,  MD  20899-­‐8930       Re:    Draft  NISTIR  8053  De-­‐Identification  of  Personally  Identifiable  Information       We  appreciate  the  opportunity  to  submit  comments  to  the  National  Institute  of  Standards  and   Technology  (NIST)  in  the  context  of  the  draft  publication  entitled  Draft  NISTIR  8053  De-­‐Identification  of   Personally  Identifiable  Information  (NIST  Draft  Report).     This  letter  is  separated  into  the  following  three  sections:     I. Proposal  to  Include  Dynamic  Data  Obscurity  in  NIST  Draft  Report;   II. History  of  the  term  Dynamic  Data  Obscurity;  and   III. The  Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  Approach  to  Dynamic  Data  Obscurity.       I.   Proposal  to  Include  Dynamic  Data  Obscurity  in  NIST  Draft  Report   We  propose  that  the  NIST  Draft  Report  include  Dynamic  Data  Obscurity  –  temporally  dynamic  data   obscuring  technology  that  actively  limits  the  risk  of  re-­‐identification.  As  noted  in  the  NIST  Draft  Report,   static  de-­‐identification  techniques  suffer  from  numerous  shortcomings;  however,  dynamic  obscuring   technology  helps  maintain  data  privacy  and  security  while  reducing  risks  involved  in  collecting,  storing,   processing,  and  analyzing  data.     Dynamic  Data  Obscurity  turns  data  into  business  intelligence  (BI)1  by  transforming  static  access   controls  into  technologically  enforced  dynamic  permissions  applied  per-­‐element  instead  of  across   entire  records  or  applications.  This  maximizes  the  utility  of  underlying  data  by  allowing  intelligent,   adaptable,  and  compliant  permissions  while  fundamentally  enforcing  core  protections  for  personally   identifiable  and  sensitive  information.     1  Business  intelligence  (BI)  is  an  umbrella  term  that  includes  the  applications,  infrastructure  and  tools,  and  best  practices   that  enable  access  to  and  analysis  of  information  to  improve  and  optimize  decisions  and  performance.  See   http://www.gartner.com/it-­‐glossary/business-­‐intelligence-­‐bi  
  • 2.   anonos.com   2     Technologically  enforced  Dynamic  Data  Obscurity  rules  can  account  for  access,  use,  display,  time,  and   location  restrictions,  across  any  industry  or  regulatory  standard,  thereby  helping  to  overcome   shortcomings  of  static  de-­‐identification  such  as  the  following:   a) Re-­‐Identification.  With  static  de-­‐identification,  as  long  as  any  utility  remains  in  the  data,  there   exists  the  possibility  that  some  information  might  result  in  re-­‐identification  of  original   identities.2     b) Lost  Data  Value.  Generally,  privacy  protection  improves  as  more  aggressive  static  de-­‐ identification  techniques  are  employed,  but  less  utility  remains  in  the  resulting  data  set3  due  to   the  fact  that  static  de-­‐identification  techniques  remove  identifying  information  from  data.4   c) Security  Breach  Exposure.  The  scope  and  frequency  of  data  security  breaches  have  changed  the   privacy  paradigm.  Some  view  theft  of  personal  data  by  cybercriminals  as  the  number  one  threat   to  privacy.5  However,  static  de-­‐identification  techniques  are  not  designed  to  improve  data   security.   d) International  Acceptance.  Compliance  with  privacy  laws  in  one  jurisdiction  by  relying  on  click-­‐ through  terms  and  conditions  and/or  static  de-­‐identification  may  provide  insufficient  grounds   to  legally  use  data  in  other  jurisdictions.  For  example,  General  Data  Protection  Regulations,   currently  under  negotiation  between  the  European  Parliament  and  the  Council  of  the  EU,  are   expected  to  allow  EU  citizens  to  seek  redress  with  their  national  regulators  over  a  company’s   handling  of  their  data,  rather  than  being  subject  to  laws  in  the  country  where  the  company  has   its  headquarters.6   Existing  technology  does  not  effectively  address  shortcomings  of  static  de-­‐identification  nor  does  it   adequately  reconcile  conflicts  between  protecting  personal  data  and  enabling  commerce.  Because  of   this,  companies  can  be  placed  in  the  uncomfortable  position  of  choosing  between  delivering  products   and  services  to  consumers  or  complying  with  data  privacy  laws  in:   a) Jurisdictions  that  require  unambiguous  consent  to  use  personal  data  like  in  the  EU;   b) Industries  subject  to  specific  regulatory  restrictions  on  data  use  like  healthcare,  education  and   finance  in  the  United  States;  and   c) Other  data  use  scenarios  subject  to  uncertain  future.   2  NIST  Draft  Report  at  line  151.   3  NIST  Draft  Report  at  line  150.   4  NIST  Draft  Report  at  line  76.   5  Robinson,  Teri.  “Privacy  Matters.”  SC  Magazine.  May  1,  2015.  http://www.scmagazine.com/privacy-­‐ matters/article/409041/   6  Meyer,  David.  “Belgium  Targets  Facebook  Tracking.”  Politico.  May  15,  2015.  http://www.politico.eu/article/belgium-­‐ targets-­‐facebook-­‐tracking/  
  • 3.   anonos.com   3     Dynamic  Data  Obscurity  is  a  new  technological  approach  to  protecting  personal  data,  while  at  the   same  time  bridging  the  gap  between  commerce  and  regulations.  Instead  of  yet  another  application   layer  on  top  of  legacy  data  sources,  Dynamic  Data  Obscurity  can  limit  the  ability  to  infer,  single  out,  or   link  to  personally  identifiable  or  sensitive  information.   Current  approaches  to  protecting  data  are  binary  in  nature  –  data  is  either  valuable  or  private  –  for   example:   • Encrypted  data  is  either  protected  but  unusable  or  usable  but  unprotected  when  decrypted;   and   • With  digital  information,  data  is  generally  not  de-­‐identified  but  available  to  customize  offerings   for  the  benefit  of  consumers,  or  is  de-­‐identified  but  unavailable  to  fully  benefit  consumers,   companies,  and  society  at  large.         In  a  report  submitted  to  President  Obama  in  May  2014  entitled  Big  Data  and  Privacy:  A  Technological   Perspective,7  a  working  group  of  the  President's  Council  of  Advisors  on  Science  and  Technology  (PCAST)   noted:   The  beneficial  uses  of  near-­‐ubiquitous  data  collection  are  large,  and  they   fuel  an  increasingly  important  set  of  economic  activities.  Taken  together,   these  considerations  suggest  that  a  policy  focus  on  limiting  data   collection  will  not  be  a  broadly  applicable  or  scalable  strategy  –  nor  one   likely  to  achieve  the  right  balance  between  beneficial  results  and   unintended  negative  consequences  (such  as  inhibiting  economic  growth).     More  broadly,  PCAST  believes  that  it  is  the  use  of  data  (including  born-­‐ digital  or  born-­‐analog  data  and  the  products  of  data  fusion  and  analysis)   that  is  the  locus  where  consequences  are  produced.  This  locus  is  the   technically  most  feasible  place  to  protect  privacy.  Technologies  are   emerging,  both  in  the  research  community  and  in  the  commercial  world,   7  https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-­‐_may_2014.pdf  
  • 4.   anonos.com   4     to  describe  privacy  policies,  to  record  the  origins  (provenance)  of  data,   their  access,  and  their  further  use  by  programs,  including  analytics,  and  to   determine  whether  those  uses  conform  to  privacy  policies.  Some   approaches  are  already  in  practical  use.   Dynamic  Data  Obscurity  can  help  provide  flexible  technology-­‐enforced  controls  necessary  to  support   economic  growth  requiring  sophisticated  handling  of  various  data  privacy  requirements.  For  example,   the  ability  to  deliver  on  the  many  promises  of  “health  big  data”  is  predicated  on  the  ability  to  support   differing  privacy  requirements  depending  on  the  source  of  health-­‐related  data:   • Consumer  health  data  collected  using  personal  health  record  tools,  mobile  health  applications,   and  social  networking  sites  are  subject  to  privacy  policies  /  terms  and  conditions  of  applicable   websites,  devices  and  applications;   • Protected  health  information  (PHI)  is  subject  to  privacy  and  security  requirements  under  the   Health  Insurance  Portability  and  Accountability  Act  (HIPAA);  and   • Health  data  from  federally  funded  research  is  subject  to  separate  privacy  requirements  of  The   Federal  Policy  for  the  Protection  of  Human  Subjects  or  “Common  Rule.”   Each  of  the  above  categories  of  privacy  and  security  requirements  can  be  supported  via  Dynamic  Data   Obscurity  despite  differences  in  requirements  –  therefore  opening  up  new  opportunities  for  economic   growth  and  advances  in  research  and  healthcare.   Dynamic  Data  Obscurity  could  even  be  helpful  in  resolving  the  future  of  Europe's  Safe  Harbor   Agreement  with  the  U.S.  as  well  as  data  protection  practices  of  global,  internet-­‐based  companies   operating  in  Europe  like  Apple,  Google,  Yahoo,  Skype  and  Microsoft  by  facilitating  sharing  of  personal   data  only  under  authorized  conditions  in  compliance  with  both  "lead"  and  "concerned"  Data   Protection  Authorities  thereby  accommodating  differing  requirements  in  multiple  EU  jurisdictions.     II.   History  of  the  term  Dynamic  Data  Obscurity   One  of  the  earliest  mentions  of  the  power  of  obscuring  data  was  in  a  2013  California  Law  Review   article  entitled  The  Case  for  Online  Obscurity8  by  Woodrow  Hartzog  and  Frederic  Stutzman,  in  which   they  stated:   On  the  Internet,  obscure  information  has  a  minimal  risk  of  being   discovered  or  understood  by  unintended  recipients.  Empirical  research   demonstrates  that  Internet  users  rely  on  obscurity  perhaps  more  than   anything  else  to  protect  their  privacy.  Yet,  online  obscurity  has  been   8  http://www.californialawreview.org/wp-­‐content/uploads/2014/10/01-­‐HartzogStutzman.pdf  
  • 5.   anonos.com   5     largely  ignored  by  courts  and  lawmakers.  In  this  Article,  we  argue  that   obscurity  is  a  critical  component  of  online  privacy,  but  it  has  not  been   embraced  by  courts  and  lawmakers  because  it  has  never  been  adequately   defined  or  conceptualized.   The  term  Dynamic  Data  Obscurity  was  coined  in  an  October  15,  2014  blog  by  Martin  Abrams,  the   Executive  Director  of  the  Information  Accountability  Foundation,  which  stated:   The  fact  is  that  we  data  protection  professionals  cannot  accept  the  status   quo.  We  need  to  be  able  to  demonstrate  our  trustworthiness,  and   effective  tools  are  part  of  that.   The  Information  Accountability  Foundation’s  mission  is  research  and   education  on  policy  solutions  that  facilitate  innovation  while  protecting   individuals  from  inappropriate  processing.  As  we  have  worked  through   big  data  ethics,  it  has  reinforced  our  view  that  outside  of  the  box   technology  solutions  must  be  available.  Data  needs  to  be  visible  when  it  is   being  used  within  bounds,  and  obscured  when  it  is  not.  Technology  does   not  replace  policy  enforcement;  it  makes  the  enforcement  possible  and   actionable.   A  number  of  us  have  been  thinking  about  the  dilemma  for  the  past  six   months  and  looking  for  solutions.  We  believe  the  solutions  are  part  of  a   field  we  have  begun  to  call  “Dynamic  Data  Obscurity.”  Dynamic  data   obscurity  involves  obscuring  data  down  to  the  element  level  when  that   level  of  security  is  necessary  and  making  sure  that  rules  which  control   when  elements  can  be  seen  are  real  and  enforced.  Dynamic  data   obscurity  is  also  about  making  the  technology  controls  harder  to  break   but  still  allowing  for  appropriate  uses.  It  requires  both  new  technologies   combined  with  effective  internal  monitoring  and  enforcement.9   The  next  public  use  of  the  term  Dynamic  Data  Obscurity  took  place  in  an  October  20,  2014   International  Association  of  Privacy  Professionals  (IAPP)  Privacy  Perspectives  article10  written  by  Gary   LaFever,  Co-­‐Founder  and  Chief  Executive  Officer  of  Anonos  -­‐  a  pioneer  in  developing  practical   applications  of  Dynamic  Data  Obscurity  technology,  in  which  he  stated:     We’re  not  discounting  the  value  of  anonymization;  it  powered  the  growth   of  the  Internet.  But  today,  technology,  markets,  applications  and  threats   have  evolved  while  the  protocols  to  keep  personally  identifiable  data   9  http://informationaccountability.org/taking-­‐accountability-­‐controls-­‐to-­‐the-­‐next-­‐level-­‐dynamic-­‐data-­‐obscurity/   10  https://privacyassociation.org/news/a/what-­‐anonymization-­‐and-­‐the-­‐tsa-­‐have-­‐in-­‐common/
  • 6.   anonos.com   6     anonymous  have  not.  If  we  are  to  mine  the  vast  potential  of  data   analytics  to  create  high-­‐value  products  and  services  that  improve  and   even  save  lives  while  meeting  the  privacy  expectations  of  the  public  and   regulators,  we  need  new  tools  and  thinking.     Dynamic  data  obscurity  improves  upon  static  anonymity  by  moving   beyond  protecting  data  at  the  data  record  level  to  enable  data  protection   at  the  data  element  level.  Dynamic  data  obscurity  empowers  privacy   officers  to  improve  the  “optics”  of  data  protection  for  data  subjects,   regulators  and  the  news  media  while  deploying  next-­‐generation   technology  solutions  that  deliver  more  effective  data  privacy  controls   while  maximizing  data  value.     Vibrant  and  growing  areas  of  economic  activity—the  “trust  economy,”  life   sciences  research,  personalized  medicine/education,  the  Internet  of   Things,  personalization  of  goods  and  services—are  based  on  individuals   trusting  that  their  data  is  private,  protected  and  used  only  for  authorized   purposes  that  bring  them  maximum  value.  This  trust  cannot  be   maintained  using  static  anonymity.  We  must  embrace  new  approaches   like  dynamic  data  obscurity  to  both  maintain  and  earn  trust  and  more   effectively  serve  businesses,  researchers,  healthcare  providers  and  anyone   who  relies  on  the  integrity  of  data.     The  Information  Accountability  Foundation  held  a  framing  discussion  in  January  2015  in  Washington   DC  at  which  invited  government,  education  and  business  leaders  discussed  that:     Early  analytics,  dating  from  the  1980s,  were  dependent  on  anonymization   and  de-­‐identification  to  ensure  compliance  and  individual  protection.  For   example,  information  used  for  credit  marketing  needed  to  be  de-­‐ identified  to  comply  with  the  Federal  Fair  Credit  Reporting  Act.   Technology  provided  the  tools  to  de-­‐identify,  and  the  assurance  came   from  the  requirements  of  the  FCRA.  Effective  de-­‐identification  and   anonymization  tools  have  always  rested  on  this  marriage  of  policy  and   technology.     Today’s  analytics,  driven  by  observation,  makes  the  mandate  for  the  “belt   and  suspenders”  of  policy  and  technology  even  more  compelling.  The   technologies  are  challenged  internally  by  organizations’  need  for   knowledge  and  externally  by  very  smart  cyber  criminals.  Even  with  the   belt  of  policy,  the  suspenders  of  technology  need  upgrading  to  match   today’s  challenges.  If  we  do  not  meet  that  challenge,  we  could  see  real  
  • 7.   anonos.com   7     resistance  to  the  information  age’s  dual  mandates  for  innovation  and   fairness.  The  policy  community  needs  to  explore  Dynamic  Data  Obscurity   (DDO)  to  see  if  it  will  enhance  data  security  and  privacy  to  facilitate   increased  data  value  and  protection  compared  to  legacy  approaches.11       The  term  Dynamic  Data  Obscurity  has  since  been  used  at  international  conferences,12  in  comment   letters  submitted  to  international  data  privacy  regulators,13  and  in  White  Papers14  on  the  subject  of   Dynamic  Data  Obscurity.     III.   The  Anonos15  Just-­‐In-­‐Time-­‐Identity  (JITI)  Approach  to  Dynamic  Data  Obscurity   Anonos has been working on Just-­‐In-­‐Time-­‐Identity  (JITI)  technology  –  the  Anonos  approach  to   implementing  Dynamic Data Obscurity  –  since  2012.  Anonos  is  currently  engaged  in  a  Proof  of  Concept   with  an  international  Data  Protection  Authority  together  with  multinational  companies  to  show  that   Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  technologies,  layered  on  top  of  an  underlying  information  platform,   can  deliver  three  interlinked  benefits:   a) Role-­‐based  technical  and  organizational  measures  to  enforce  policies  for  use  of  personal  data;   b) Functional  separation  between  low-­‐  and  high-­‐risk  data  uses  for  re-­‐identification;  and   c) Secure  storage  of  underlying  data.   All  three  benefits  increase  the  utility  of  the  information  platform  while  at  the  same  time  increasing  the   privacy  and  security  controls  available  to  protect  personal  data.   Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  is  an  architecturally  enforced  private-­‐by-­‐default  technology  that   retains  utility  under  authorized  conditions,  and  supports  all  queries  and  actions  with  centralized  audit   logging.  Policies  and  rules  can  be  customized  to  limit  or  eliminate  re-­‐identification  via  inference,   singling  out,  or  linking  of  personal  data.   11  http://informationaccountability.org/iaf-­‐will-­‐convene-­‐ddo-­‐discussion-­‐in-­‐2015/   12  http://informationaccountability.org/video-­‐of-­‐panel-­‐on-­‐dynamic-­‐data-­‐obscurity/   13  http://www.anonos.com/anonos-­‐enabling-­‐bigdata/   14  http://www.anonos.com/anonos-­‐dynamic-­‐data-­‐obscurity/   15  Anonos,  Just-­‐In-­‐Time-­‐Identity,  JITI,  Dynamic  De-­‐Identifier,  DDID,  and  other  marks  are  trademarks  of  Anonos  Inc.   protected  under  U.S.  and  international  trademark  laws  and  treaties.  Anonos  Just-­‐In-­‐Time-­‐Identity  technology  is   protected  under  U.S.  and  international  copyright  and  patent  laws  and  treaties.  Other  marks  that  appear  in  this  letter   and  not  owned  by  Anonos  are  the  property  of  their  respective  owners.  Anonos  makes  no  claim  of  relationship  to,  or   affiliation  with,  owners  of  marks  not  owned  by  us  Anonos.
  • 8.   anonos.com   8           • Anonos  data  stores  are  obscured  by  default,  and  reveal  original  or  perturbed  data  values  only  in   accordance  with  technically  enforced  rules  in  response  to  authorized  queries.  Improper  use  of  data   is  architecturally  prevented.     • There  is  little  incentive  to  steal  Anonos-­‐enabled  data  stores  since  data  is  obscured  at  all  times.   Without  access  to  Just-­‐In-­‐Time-­‐Identify  (JITI)  dynamic  de-­‐identification  (DDID)  keys  the  data  is   minimally  valuable.     • In  the  event  of  an  Anonos-­‐enabled  data  store  breach,  data  is  unreadable  and  unusable  to   unauthorized  parties.       • Anonos  data  stores  can  be  created  from  scratch  or  derived  from  existing  data  stores  on  standard   platforms.     • Anonos  data  store  controls  can  reflect  regulatory  standards  that  will  indicate  to  companies  what   flow-­‐through  protections  are  required  in  order  for  them  to  remain  compliant  when  crafting  internal   rules  and  policies.     Complying  with  regulations  using  current  approaches  to  de-­‐identification,  data  privacy  and  security  can   be  complicated  and  expensive.  Anonos  anonymizing  capabilities  retain  full  data  value  and  utility  with   support  for  various  use  cases  –  all  while  minimizing  risk  of  data  misuse,  abuse  or  compromise  –  Anonos   refers  to  this  as  “anõnosizing”  data.   • Anonos  data  store  level  architectural  controls  facilitate  both  internal  audits  and  external  regulator   reviews.     • Anonos  enables  sharing  of  portable  data  stores  with  multiple  parties  having  differing  authorization   privileges  by  providing  unique  JITI  DDID  key  combinations  to  each  party,  any  of  which  may  be   revoked  manually  or  via  an  automatic  trigger  at  any  time.     • Anonos  facilitates  compliance  with  data  privacy  laws,  rules  and  regulations  by  companies  of  all   sizes  without  requiring  them  to  have  large  in-­‐house  data  privacy  /  security  teams.  
  • 10.   anonos.com   10     Potential  Applications  of  Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  Dynamic  Data  Obscurity  Technology   Example  #1:  Internal  Data  Misuse   Walt  Disney  offers  visitors  to  its  parks  “MagicBands”   –  wrist-­‐worn  authentication  devices,  providing  access   to  hotels,  rides,  transportation,  as  well  as  an  ability   to  pay  for  food,  beverages,  and  souvenirs  via  a  linked   payment  card.  Within  a  single  park,  there  might  be   hundreds  of  different  uses  for  a  MagicBand,  each  of   which  might  have  distinct  access  rules.  For  example,   a  ride  might  need  to  know  the  height  of  the  patron;  a   bar  might  only  allow  children  in  during  lunch;  and   payments  of  certain  types  might  require  both  the   child’s  and  parent’s  MagicBand.  Finally,  a  lost  child   with  a  MagicBand  can  be  easily  reunited  with  trusted   family.  The  danger  in  this  system  comes  from  trusted  insiders,  because  customers  demand  full  utility   while  the  park  has  a  duty  to  manage  the  risk  of  exposing  too  much  personal  information  to  employees.   From  a  staff  management  perspective,  the  incentive  is  to  have  fewer  roles  with  greater  access  and   authority,  but  that  enables  employees  with  the  right  access  to  aggregate  the  required  data  from   different  MagicBand  uses  and  track  the  movement  of  guests,  know  when  they’re  not  in  their  hotel   rooms,  or  even  manipulate  parameters  to  create  dangerous  authorizations  for  small  children  to  go  on   adult-­‐sized  rides.  Anonos-­‐enabled  data  stores  for  each  of  these  use  cases  would  eliminate  such  risks,   because  employee  roles  would  be  defined  on  a  per-­‐use-­‐case  context  basis,  and  casual  browsing  of  the   wider  family  records  would  be  prevented.       Example  #2:  Re-­‐identification   The  January  2015  Science  journal  includes  a  3  month   study  of  credit  card  records  for  1.1  million  people   that  shows  four  spatiotemporal  points  are  enough  to   uniquely  re-­‐identify  90%  of  credit  card  customers.   Anonos  de-­‐identifiers  (DDIDs)  de-­‐identify  credit  card   customers  for  each  transaction  –  providing  a  Just-­‐In-­‐ Time-­‐Identity  (JITI)  for  each  transaction.  As  a  result,   customers  cannot  be  re-­‐identified  by  means  of   correlating  static  anonymous  identifiers.  The  Anonos   approach  makes  limiting  the  ability  to  single  out,  link   or  infer  a  data  subject  a  policy  choice  instead  of  a   statistical  risk.     See  http://www.anonos.com/unicity  for  interactive  version  of  this  example  
  • 11.   anonos.com   11     Example  #3:  Data  Breach   Firms  like  health  insurer  Anthem  suffer  when  their   facilities  are  breached  (as  do  their  millions  of   subscribers  /  customers  whose  identities  are   “hacked”)  and  data  is  kept  in  unencrypted  form  to   enable  use  of  the  data.  As  a  result,  attackers  can  gain   unauthorized  access  to  personal  data  in  “cleartext”   form  –  i.e.,  unencrypted  information  that  is  “in  the   clear”  and  understandable.  In  contrast  to  standard   encryption,  which  is  generally  fully  “on”  or  "off,"  or   traditional  data  masking  techniques  which  do  not   protect  data  at  the  data  store  level,  Anonos  Just-­‐In-­‐Time-­‐Identity  (JITI)  can  protect  against  data  loss   from  external  breaches  without  losing  use  of  data  for  authorized  purposes  within  the  company.  With   JITI,  an  attacker  may  gain  access  to  data  but  would  not  gain  access  to  JITI  keys  (kept  securely  in   separate  virtual  or  physical  locations)  necessary  to  reveal  personal  information.       _______________       Anonos  appreciates  the  opportunity  to  submit  this  letter  to  the  National  Institute  of  Standards  and   Technology.       Respectfully  Submitted,                                              M.  Gary  LaFever                Ted  Myerson                          Co-­‐Founder                Co-­‐Founder