However well we protect our data, sooner or later we run the risk of information we want to keep private ending up in the public domain. Researcher Harold van Heerde of the Centre for Telematics and Information Technology (CTIT) at the University of Twente in the Netherlands wants information to fade away over time: just let the details gradually disappear from view. This would drastically reduce privacy-related problems while ensuring that the information still retains its usefulness to some extent.
"Keeping things private doesn’t bother me. I have nothing to hide." That appears to be the attitude of many Dutch citizens with regard to information that can be accessed on the internet. Internet users post personal details and photos in profiles on social networking websites such as Facebook, Hyves, and LinkedIn, and are often blissfully unaware of how such information can be used or abused.
Yet at the same time, there is widespread fear among the general public of their patient details being included in an Electronic Health Record and privacy protection issues have even cropped up in political debates.
The main focus in such public discussions is always security. Harold van Heerde argues that the focus on security alone is too narrow. He even goes so far as to claim that sound security is more or less impossible to achieve. In his view, the discussion should focus on the type of information we store, the purpose behind storing it, and how long we store it for.
Footprints in the sand
He is therefore advocating a method whereby information is allowed to fade away over time "like footprints in the sand." This will allow the service provider who needs to use the information to make use of it for some time, while ensuring that useful details will no longer be accessible to those who might want to abuse them.
This method would entail making prior agreements about how long information should be kept and how quickly it should be allowed to fade away. The key is to strike a balance between the usefulness of the data and the length of time for which it is stored.
Harold van Heerde believes that this calls for a whole new approach to databases: current systems are optimized for long-term data storage and access, not for allowing data to simply fade away. That is why new techniques are needed to allow data to be efficiently and irretrievably erased. In his dissertation, van Heerde reviews storage structures, indexing methods and log mechanisms and shows that data degradation is a realistic model that can be implemented with an acceptable loss of performance.
This theory was the subject of van Heerde's dissertation, Privacy-aware data management by means of data degradation — making private information less sensitive over time, which he defended June 4 at the Faculty of Electronic Engineering, Mathematics and Computer Science at the University of Twente and is available in PDF format by request from the university. His research is a joint project involving CTIT and the Universite de Versailles Saint-Quentin. van Heerde presented a similarly themed paper at the International Conference on Computational Science and Engineering (CSE2009) in Vancouver last year, entitled A framework to balance privacy and data usability using data degradation.