Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Difficulty In Getting a Machine To Forget Anything

Posted by timothy on from the if-it-can-be-seen-it-can-be-copied dept.

An anonymous reader writes: When personal information ends up in the analytical whirlpool of big data, it almost inevitably becomes orphaned from any permissions framework that the discloser granted for its original use; machine learning systems, commercial and otherwise, end up deriving properties and models from the data until the replication, duplication and derivation of that data can never hoped to be controlled or 'called back' by the originator. But researchers now propose a revision which can be imposed upon existing machine-learning frameworks, interposing a 'summation' layer between user data and the learning system, effectively tokenising the information without anonymising it, and providing an auditable path whereby withdrawal of the user information would ripple through all iterations of systems which have utilized it — genuine 'cancellation' of data.

16 of 79 comments (clear)

  1. Or by penguinoid · · Score: 5, Insightful

    Or, you could "accidentally" keep the data, and sell it.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  2. How about if we OWN our personal information? by elwinc · · Score: 5, Interesting

    Imagine if we owned our personal information as a form of intellectual property? Big corporations have gotten pretty good at protecting their intellectual property rights. Maybe it's time for us ordinary folks to own our personal information. Then we could license it to companies for particular uses, but they wouldn't have the right to sell it without our permission.

    --
    --- Often in error; never in doubt!
    1. Re:How about if we OWN our personal information? by lesincompetent · · Score: 2

      You should move to the EU, we actually have something like that.

    2. Re:How about if we OWN our personal information? by jellomizer · · Score: 3, Interesting

      We do Own our personal information, but we usually sell it in trade of the electronic services you want to use.

      You find there is value in Google Internet searching, then your payment is knowing your searches would be part of google marketing,

      There is that news website that you don't want to pay for, well those adds will pay for the services.

      You don't need to use these consumer services on the internet. So you can keep your personal information to yourself.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    3. Re:How about if we OWN our personal information? by Nutria · · Score: 2

      IOW, if what you get is free, then you are the real product.

      --
      "I don't know, therefore Aliens" Wafflebox1
    4. Re:How about if we OWN our personal information? by _anomaly_ · · Score: 2

      No, what you get is still the product (or service). You are the real payment.

      --
      "I have no special gift, I am only passionately curious." - Albert Einstein
    5. Re:How about if we OWN our personal information? by alex67500 · · Score: 2

      In essence, yes. If one of their citizens wants to use their right to be forgotten, then the French government want that to be worldwide. But then imagine a Russian official trying to hide a controversial article about himself.

      It's the same kind of debate when the US want Apple to backdoor iChat for wiretaps. If you can coerce them into doing it, then so can a less democratic countries where Apple have business...

    6. Re: How about if we OWN our personal information? by ememisya · · Score: 2

      You would think US would be the first country in the world to make that a law, given to respect individuality has always been a core value of ours. We instinctively believe that our private information is owned by us as individuals. What we do have are FOIA and Privact Act requests from any agency which will just about everytime will be treated with suspicion, not to mention it can easily be denied. So what we really have is a mechanism for an agency to audit the individual raising suspicion, erm I mean requesting for their records.

  3. I made a copy ... by PPH · · Score: 3, Insightful

    ... of the database on archival optical media. What now?

    --
    Have gnu, will travel.
  4. Good luck with that ... by gstoddart · · Score: 5, Insightful

    Without laws enforcing it, even if you had a mechanism none of those corporations would follow it.

    They seem to think it is their right to buy and sell our information.

    Even if you had laws enforcing it, I bet half of them would lie and keep it anyway. The shady assholes feeding the "big data" industry have far too much money at stake to ever allow constraints on how they use "our" data.

    They'd just pay off the politicians to pass laws clarifying it's their data, they're entitled to it, and we don't get a vote.

    Just like always.

    --
    Lost at C:>. Found at C.
  5. May not act as expected by Bookwyrm · · Score: 2

    A system needs to be able to remember what it is supposed to forget in order to make sure it is forgotten.

    Imagine a waiter robot that is supposed to go into a room and make sure it gets everyone's order:
    a) Enters room, goes from person to person, asks drink preferences.
    b) John Doe tells robot: "I don't want you to track my preferences. Forget everything about me!"
    c) Robot obeys and continues on.
    d) Prior to exiting the room, the robot verifies it has gotten everyone's preferences.
    e) Robot sees John Doe. Robot has no record of John Doe because it has forgotten everything about John Doe. The robot must get the preferences of everyone in the room.
    f) Robot asks John Doe for his drink preferences.
    g) Goto b).

    The systems have to remember that they aren't allowed to (re)learn the data that they are supposed to have forgotten, which means they cannot completely forget things - the information is always there.

  6. Email blockchains by xxxJonBoyxxx · · Score: 2

    FWIW, this paper on Bitcoin-like email blockchains appears to really be TFA: http://web.media.mit.edu/~guyz...

    I think if providers just held on to "Message IDs" (e.g., http://forensicswiki.org/wiki/...) they'd have most of this capability today. I'm not sure what blockchains bring to the table here other than authenticity, and that doesn't seem to be the issue here.

  7. I actually prefer non-revokability... by pla · · Score: 3, Insightful

    TFA doesn't really deal with the problem of deleting personally identifiable information, so much as aggregate statistics derived from personal data.

    And in that context, I far, far prefer that they can't remove my contribution from their aggregates (although I do opt out of personalized collection whenever possible).

    Why, you might ask? Simple - I lie to companies that ask me for information. A lot. I do my damnedest to poison their databases to the greatest extent possible. Now why on Earth would I want to make it easy for them to redact the "facts" that I own a Veryron and a solid gold iWatch despite living in a cardboard box beneath a highway overpass?

    Sometimes, the box of chocolates has Ex-Lax in it.

  8. End of all anonymity and privacy by bjdevil66 · · Score: 2

    How could this be done - some form of meta-tagging EVERYTHING in the digital realm with some kind of signature - without having some master database to reference it by? What could possibly go wrong with a universal, non-anonymous Big Brother - I mean, Big Data - system like that?

    The only positive to come out of a system like this would be for making it more valuable for the data owners as a resellable commodity.

  9. Except for.... by pastafazou · · Score: 2

    ...the thousands of tapes that were generated from backing up the systems that housed that data, prior to it being cancelled.

  10. What we need... by ThomasBHardy · · Score: 2

    Is for someone with a legal background and an axe to grind to start a case where their personal information is deemed confidential and personal property just as all corporate identities claim that their information is confidential and their property.

    When corporations want to be treated like people it's deemed ok, so time to turn the tables.

    --
    Warning: Teh poster of this messaeg is lysdexic