Is it possible to protect our privacy with technological means?

Is privacy dead? Not sure: computer scientist Latanya Sweeney offers a solution. Is that enough? That's another question

Chip Walter, Scientific American Magazine

Latanya Sweeney is attracting a lot of attention. Maybe it's due to her intense fondness for esoteric and sophisticated mathematics, and maybe it's due to the black leather clothes she wears as she rides her Honda VTX 1300 motorcycle across the peaceful campus of Carnegie Mellon University, where she runs the International Data Privacy Lab. Either way, Sweeney believes that the attention helps her explain why the protection of people's privacy fascinates her so much, since at the heart of her work stands the vexing question: Is it possible to maintain privacy, freedom and safety today in our world focused on security issues and stored in databases that can be harvested Rural identities ripe?
A few years ago, Scott McNeely, the chairman of the Sun company, made the famous comment: "Privacy is dead. Get over yourself." Sweeney strongly disagrees with him. "Privacy is definitely not dead," she replies; Those who believe she is dead "have not thought the problem through to the end, or are not ready to accept the solution."
There's no doubt that privacy is under siege, and that's bad, says Sweeney. In the United States, there was a debate at the federal level about the "Patriot Act" (Patriot Act, enacted in October 2002 as part of the war on terror - the editors) and data mining.
At the state level, many conservative laws have been enacted that violate both sections: guaranteeing privacy and increasing security. Although the incidence of identity theft began to decline slowly starting in 2002, recent research shows that 8.4 million American adults were victims of some form of identity fraud in 2006. "The problem is getting bigger as technology explodes," says Sweeney, and every problem requires a new solution, meaning there's no way to predict where a new form of privacy invasion will emerge.

Scan identities and warn victims
This is what Sweeney and her people have been dealing with for the past six years. They have tackled and subdued some of the most pressing privacy issues, including identity theft, privacy of medical information and the rapid proliferation of security cameras. Other academic laboratories usually confront the problems at the theoretical level. Sweeney, 47, says the group she heads operates like a digital detective agency with teams of dedicated programmers who invent very clever software. The approach taken by the researchers is to analyze a technical analysis of the system, and then find a brilliant but practical solution.
For example, Sweeney's "Identity Angel" program scans the Internet and quickly collects thousands of identities by linking names from one database to addresses, ages, and social security numbers scattered across other platforms. These four pieces of information are all that is needed to steal an identity and open a credit account in the US. The laboratory regularly warns people who may be affected, so that they fix the required patch.
Another program performs "anonymization" of identities. The software was originally developed for the US Department of Defense after the terrorist attacks of September 11, with the aim of helping locate potential terrorists without compromising the privacy of innocent citizens.
The software prevents security cameras from revealing a person's identity unless authorities prove they need the image to press charges. Unlike other software, this software does not blur or erase a person's identifying characters, but creates a new face composed of other faces stored in the database, so that neither man nor machine can recognize them.
At the heart of Sweeney's lab are sophisticated algorithms that date back to her youth in Nashville, where she would daydream about creating an artificial intelligence black box that you could chat with. "I spent hours fantasizing about this box," she says.
Ten years later, she translated her mathematical talent and her lifelong love of artificial intelligence into a scholarship that helped finance her studies at the Massachusetts Institute of Technology (MIT), a stronghold of both fields. Apparently it was the perfect place to try to fulfill her childhood dream and create an intelligent machine. The problem was that Sweeney, fresh out of the polite world of a fair, all-girls high school in New England, was thrown unprepared into the waters of MIT's mostly male-dodging culture. This, plus an encounter with a racially insensitive lecturer (a black Sweeney) who it seemed she could never satisfy, led Sweeney to retire and open her own software consulting business.
After ten years in business, Sweeney returned to school and completed her undergraduate degree at Harvard University. She then completed her master's and doctorate at MIT, becoming the first African-American to do so. "When I came back, I told them I didn't intend to continue being a nurse," laughs Sweeney.
Upon her return to MIT, Sweeney was drawn for the first time to the issues of privacy and security. She earned membership in the US National Library of Medicine, and as a token of appreciation, volunteered to help several hospitals in Boston better protect their medical records—a problem that arose as the Internet took root in the mid-90s. Sweeney wrote software called Scrub System that applied her expertise in artificial intelligence to sophisticated searches for medical records, treatment reports and correspondence between doctors. Standard search-and-replace software would typically find 30% to 60% of personally identifiable information. But Scrub System "understands" what a name, address, or phone number is and deletes 99% to 100% of the revealing information.
The software has won praise from medical associations. "The research she did was very influential," says Betsy Humphreys, deputy director of the US National Library of Medicine. "A lot of people didn't realize how much life had changed (in the internet age) and Latanya's work raised their awareness." With Scrub System, "I thought I solved the privacy problem," Sweeney says with shy embarrassment. But the truth is that "I didn't actually understand anything in private."

The information files are available to all
This realization hit her one day when she was reviewing a young woman's medical history. "At the age of two this girl was sexually abused, at the age of three she stabbed her sister with scissors, at the age of four her parents divorced, and at the age of five she burned down the house," says Sweeney.
The main thing is the scraps of information we find in files and records scattered all over the Internet - in medical forms, credit applications, resumes and other documents. There wasn't a single particular detail that identified the girl on whom that report was written, but the bits of information were unique to her, and Sweeney was pretty sure she could use them to figure out the girl's identity, and similarly the identity of almost anyone.
Software like Identity Angel proved Sweeney right, and she spent a lot of time looking for ways to invade privacy. Sometimes she managed to get ahead of the bad guys, and sometimes she didn't. She tells of a banker accused in Maryland of cross-referencing information found in freely available hospital discharge records with his client list to see if any of them had cancer. He then demanded that the patients pay back their loans immediately.
In a project conducted in Sweeney's laboratory, a way was found, based on data from the state of Illinois, to identify patients with Huntington's disease even if all the information about them had been deleted from the files. Huntington's disease is caused by a short sequence in DNA that repeats itself. The more times the sequence repeats, the earlier the disease breaks out. In Sweeney's laboratory, they combined this data with the hospital discharge summaries, where the patient's age is written, and managed to match 90% of the Huntington's patients with the DNA data in the file. Misuse of the information is rare, admits Sweeney, but these two cases show what ugly things can be done when one database is used to leverage information in another.
The real solution, says Sweeney, does not lie in her lab or any other lab. In the end, the engineers and computer scientists will have to weave from the beginning and clearly the protection of privacy into the structure of the new technologies they invent and the way they are used. If they do, "the company can decide how to turn these controls on and off," says Sweeney. If not, the only way to gain a few moments of privacy may be to ride a motorcycle.
Chip Walter is the author of the book "Thumbs, Toes, Tears and the Other Features That Make Us Human" (Walker & Company, 2006). The article was published in "Scientific American" magazine.