comey clapper others

MIT Information Policy Project Comments to the White House Big Data Privacy Review

Daniel J. Weitzner, Hal Abelson, Cynthia Dwork, Cameron Kerry, Daniela Rus, Sandy Pentland, and Salil Vadhan

In response to the White House Office of Science and Technology Policy Request for Information on Big Data Privacy a group of us filed these comments based on presentations and discussions at the White House-­MIT Workshop “Big Data Privacy Workshop: Advancing the State of the Art in Technology and Practice” and subsequent workshops co-­sponsored with Data & Society and NYU Information Law Institute and the UC Berkeley iSchool. This is a summary of the points we made:

1. Big data analytics offers significant new opportunities for advances in scientific research in many fields. Presentations offered at the MIT workshop showed unique benefits for improved healthcare quality, advances in the understanding of diseases through genomics research, potential to improve educational effectiveness, and more efficient, safe transportation systems.

2. There are real privacy risks raised by ubiquitous collection of personal data and use of big data analytic techniques. Key risks include:

  • Re-­identification attacks
  • Inaccurate data or models
  • Unfair use of sensitive inferences
  • Chilling effects on individual behavior
  • Excess government power over citizens
  • Large-­scale data breach

3. The White House Consumer Privacy Bill of Rights offers policy approaches to address each of these risks. Some of the principles such as transparency, respect for context, security, access, and accountability will play especially important roles in big data issues. Transparency should be augmented beyond just visibility into policies, to also enable individuals and regulators to see how personal data actually flows and is used. The respect for context principle should be implemented with particular attention to developing and enforcing limits on how personal data is used, especially in circumstances where collection limits and ex ante consent are difficult to achieve.

4. Technical contributions from computer science can assess and in some cases control the privacy impact of data usage in a rigorous, quantitative manner. But as technology will not
replace the need for laws and social norms protecting privacy, basic and applied research must be conducted in a cross-­disciplinary context so that technical designs will meet social policy needs.

Cross posted from InfoPolicy@MIT blog.  Interested in learning more about Big Data and Privacy?  Read the whole report.