When a Web site operator needs to know only if a visitor’s age is above a certain threshold (e.g., 13), rather than the visitor’s age per se, collecting only an indicator of a threshold protects the visitor’s privacy. More generally, systems can be designed to enable an individual to prove that he or she possesses certain attributes (e.g., is authorized to enter a building, holds a diploma, is old enough to gamble or drink) without revealing anything more about the individual. Even online purchases could, in principle, be made anonymously using electronic cash.

However, the primary impediments to the adoption of such measures appear to be based in economics and policy rather than in technology. That is, even though measures such as those described above appear to be technically feasible, they are not in widespread use. The reason seems to be that most businesses benefit from the collection of detailed personal information about their customers and thus have little motivation to deploy privacy-protecting systems. Law enforcement agencies also have concerns about electronic cash systems that might facilitate anonymous money laundering.

3.8.2.7
Information Security Tools

Finally, the various tools supporting information security—encryption, access controls, and so on—have important privacy-protecting functions. Organizations charged with protecting sensitive personal information (e.g., individual medical records, financial records) can use encryption and access controls to reduce the likelihood that such information will be inappropriately compromised by third parties. A CD-ROM with personal information that is lost in transit is a potential treasure trove for identity thieves, but if the information is encrypted on the CD, the CD is useless to anyone without the decryption key. Medical records stored electronically and protected with good access controls that allow access only to authorized parties are arguably more private than paper records to which anyone has access. Electronic medical records might also be protected by audit trails that record all accesses and prevent forwarding to unauthorized parties or even their printing in hard copy.

With appropriate authentication technologies deployed, records of queries made by specific individuals can also be kept for future analysis.33 Retention of such records can deter individuals from making privacy-invasive queries in the course of their work—in the event that personal information is compromised, a record might exist of queries that might

33

The committee is not insensitive to the irony that keeping query logs is arguably privacy-invasive with respect to the individual making the queries.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement