Privacy Algorithms

Computerworld - In the ongoing debate over how to protect personal information, much of the attention has focused on whether - and to what degree - the government should limit the amount of personal information companies can ask for or share.
Recently however, a small group of computer scientists has been taking a different tack. They're building software tools that promise to keep names, addresses, health status and other information secret while allowing patterns to emerge within large data sets that can help predict broad social trends, buying behaviors or massive health or terrorist threats.
Some of this software has been patented and used by government agencies in the U.S.; other algorithms are several years from practical implementation. The tools may someday be used by health care providers, financial services firms and the government for collecting and using data gleaned from individuals.
Some of the existing tools enhance anonymity. For example, the Freedom browser from Zero-Knowledge Systems Inc. in Montreal prevents sending of personal information over an Internet connection without the user's consent.

Latanya Sweeney, a professor at Carnegie Mellon University

The techniques under development can change personal and private data in various ways, including making personal information anonymous, possibly using cryptography or by disguising it in other ways.
For example, researchers at the IBM Privacy Research Institute in San Jose are perfecting an approach that "randomizes" data before it's communicated. A Web business might use it to extract valuable demographic data without knowing the underlying personal data of the consumer.
A user would enter his age, salary or weight, and software would randomize it by adding or subtracting that number from a random value. The random value would differ for every user, while the range of randomization wouldn't change. The software would use the randomized values and the range of randomization to find a close approximation of the true distribution, IBM officials say. Experiments show a 5% to 10% loss in accuracy of data even when all values are randomized, says Rakesh Agrawal, an IBM researcher on the project.
Carnegie Mellon University in Pittsburgh is focusing on protecting personal information that's already public, such as voter registration information and hospital discharge data. "One of the biggest problems is that people think their data might be anonymous when it is not," says Latanya Sweeney, a computer science professor and director of the school's Laboratory for International Data Privacy.
Sweeney estimates that 87% of the U.S. population can be uniquely identified if only a date of birth, gender and five-digit ZIP code are known.