Privacy Appliance Is OK
PARC wants the privacy appliance to be owned and operated by data owners.In recent columns, eWEEKs Cameron Sturdevant articulated concerns about research into privacy appliances funded by the Defense Advanced Research Projects Agency. Though I share many of Sturdevants concerns, I regret that he misrepresented important work taking place at Xeroxs Palo Alto Research Center. His call for PARCs work in privacy protection to be "vehemently opposed by IT leaders" ignores our role in addressing many of the issues hes raised. DARPA is working with a number of organizations to investigate whether access to information in privately held data sources would measurably increase the governments ability to deter terrorists activities. PARCs research is focused on how to protect individual privacy if such access were allowed. We are working to create a system that respects the needs of data owners and provides a high degree of protection for individuals. PARC proposes that the privacy appliance would be owned and operated by data owners. They would control what access, if any, they would allow the government. Protections enforced by the privacy appliance would be in addition to any controls that the owners put in place. Thus, if a company grants broad access, the privacy appliance would intervene and prevent the disclosure of inappropriate information. Only with a legal mandate equivalent to a search warrant would an analyst be able to view personally identifiable dataand then within only limited bounds.
The most critical technologies in the privacy appliance are those that shelter individual privacy. The privacy appliance would obstruct the direct and indirect disclosure of personal identities. To assure queries across multiple sources do not violate privacy, such queries would be filtered by an additional privacy appliance managed by a trusted, independent organization. Immutable audit logs reduce the risk of system abuses and introduce a high level of accountability. No one would be able to misuse data without the strong probability of exposure. The audit trail can serve as an accountability tool and a real-time protective mechanism.