The Information Technology & Innovation Foundation (ITIF) – a non-partisan, Washington, DC-based think tank that aims to formulate and promote public policies to advance technological innovation and productivity globally – has released a short report calling for a R&D roadmap for privacy, together with a companion website enabling researchers to openly collaborate on creating a privacy research agenda. Noting that “effectively addressing privacy concerns … will require a mix of new technologies and policies to ensure data is properly safeguarded and consumers are protected,” the report emphasizes that a roadmap would “help address consumer privacy concerns, better align R&D investments with strategic objectives, and enable more innovation.”
According to the report (following the link):
The increasing use of data by the public and private sectors has put privacy issues at the front and center of many policy debates, including on health care, home energy efficiency, cyber security, transportation, and of course, e-commerce. Learning how to properly collect, manage and use data is an important challenge for many organizations. If privacy concerns are not adequately addressed, they may stall or disrupt the deployment of new technologies that offer many potential economic and quality-of-life benefits to consumers. But at the same time, if policymakers promulgate overly strict privacy regulations, they may stall or disrupt these same technologies…
While many privacy-enhancing technologies exist today, development of additional tools could positively impact consumer privacy. Additional development of privacy tools could also have a positive economic impact. Investments in developing technological solutions to privacy problems would help create a network of developers with expertise in this domain…
Advances in privacy research and technology could strengthen consumer trust and better protect consumer privacy while enabling continued innovation. For example, better privacy tools would help ensure that organizations could better manage data and give regulators more options for protecting consumer privacy. While some type of privacy metrics exist today (e.g. k-anonymity, l-diversity, t-closeness), more robust metrics would help organizations (and regulators) assess how well data has been anonymized. If new technology better addresses the concerns of regulators, then organizations may be able to continue to use data to develop new products and services.
The U.S. government funds millions of dollars of research in computer science and related disciplines, a portion of which is directly relevant to the privacy concerns of the public and private sectors. Many areas of privacy research would be useful across many different domains. For example, every government agency that uses personally identifiable information (PII) might benefit, either directly or indirectly, from advances in privacypreserving data mining or new techniques to securely de-identify data. Similarly, industries such as health care and financial services would benefit from this research as well.
However, a set of clear research goals and objectives is needed to maximize the social and economic benefits of federal funds for privacy research. Given the potential benefits of more coordinated research in this field, stakeholders from the public and private sectors facing privacy challenges should work together to define shared objectives and direct funds to find solutions to common challenges. To that end, the U.S. government should create and fund a research and development (R&D) roadmap for privacy…
The report goes on to delineate, as a starting point, a list of areas for further research in privacy:
As technologies changes, new research is needed to better understand how to effectively protect consumer privacy. For example, research on differential privacy could improve the accuracy of queries from statistical databases while preserving the privacy of individual records; enhanced algorithmic and statistical approaches to de-identifying data could better preserve the utility of the data, especially for sparse data sets or data sets containing geo-location data. Similarly, additional research into computer-readable privacy policies could result in the ability to create policies bound to data so that, for example, data that has been de-identified stays de-identified. Or additional research on chains of trust could establish accountability among multiple parties that share data, such as in cloud-based systems. And just as federal-funded research on information security focuses on both “offensive” and “defensive” capabilities, privacy research should include research that not only finds weaknesses with current systems but also proposes solutions to improve consumer privacy.
Some of the research areas where further technology-based R&D could have wide-reaching implications for improving consumer privacy are:
- Data de-identification
- Privacy-preserving data mining
- Usability and accessibility of privacy-enhancing technologies
- Secure, multi-party authentication
- Interoperable digital credentials
- Privacy metrics
In addition, many privacy problems are interdisciplinary in nature. For example, advances in human-computer interaction can improve the usability of privacy controls on mobile devices and social networks. Finding solutions will require bringing together researchers from different disciplines outside of computer science, including design, economics, behavioral sciences, and law.
(Contributed by Erwin Gianchandani, CCC Director)