BTW, here is the transcript:
https://www.grc.com/sn/sn-940-notes.pdf
Page 12 is where Ray's project discussion starts.
On Friday, September 22, 2023 at 09:43, Ray Voelker eloquently inscribed:
> Hi code4lib folks .. and again ... happy Friday!!
>
> I just wanted to post an update to this. I wrote in to the Security Now!
> podcast (fantastic show by the way and fully worth listening to on a
> regular basis) about this notion, and it was made the main topic of show
> number 940!
>
> https://twit.tv/shows/security-now/episodes/940?autostart=false
>
> The discussion starts around the 1:36 mark.
>
> Here's what I wrote to Steve Gibson:
>
> In addition to being an avid listener to Security Now, I'm also a System
>> Administrator for a large public library system in Ohio. Libraries
>> often struggle with data—being especially sensitive around data related
>> to patrons and patron behavior in terms of borrowing, library program
>> attendance, reference questions, etc. The common practice is for
>> libraries to aggregate and then promptly destroy this data within a
>> short time frame—which is typically one month. However, administrators
>> and local government officials, who are often instrumental in
>> allocating library funding and guiding operational strategies,
>> frequently ask questions on a larger time scale than one month to
>> validate the library's significance and its operational strategies.
>> Disaggregation of this data to answer these types of questions is very
>> difficult and arguably impossible. This puts people like me, and many
>> others like me, in a tough spot in terms of storing and later using
>> sensitive data to provide the answers to these questions of pretty
>> serious consequence—like, what should we spend money on, or why we
>> should continue to exist.
>
> I’m sure you’re aware, but there are many interesting historical reasons
>> for this sensitivity, and organizations like the American Library
>> Association (ALA) and other international library associations have
>> even codified the protection of patron privacy into their codes of
>> ethics. For example, the ALA's Code of Ethics states: "We protect each
>> library user's right to privacy and confidentiality with respect to
>> information sought or received and resources consulted, borrowed,
>> acquired or transmitted." While I deeply respect and admire this
>> stance, it doesn't provide a solution for those of us wrestling with
>> the aforementioned existential questions.
>>
>
> In this context, I'd be immensely grateful if you could share your insights
>> on the technique of "Pseudonymization" ( https://
>> en.wikipedia.org/wiki/Pseudonymization <https://t.co/gVKvpmzoxp>) for
>> PII data. Additionally, I'd appreciate a brief review of a Python
>> module I'm developing, which aims to assist me (and potentially other
>> library professionals) in retaining crucial data for subsequent
>> analysis while ensuring data subject privacy.
>> https://gist.github.com/rayvoelker/80c 0dfa5cb47e63c7e498bd064d3c0b6
>> <https://t.co/aAapRKgElr> Thank you once again, Steve, for your
>> invaluable contributions to the security community. I eagerly await
>> your feedback!
>>
>>
> I think the even better solution compared to Pseudonymization involves the
> Birthday Paradox. It's a direction I hadn't even thought of for this!
>
> --Ray
>
> On Fri, Sep 15, 2023 at 2:43 PM Ray Voelker <[log in to unmask]> wrote:
>
>> Hi code4lib folks .. happy Friday!
>>
>> I started putting together a little Python utility for doing
>> Pseudonymization tasks
>> (https://en.wikipedia.org/wiki/Pseudonymization). The goal is to be
>> able to do more analysis on data related to circulation while securely
>> maintaining patron privacy.
>>
>> For a little bit of background I wanted something *like a hash* (but
>> more secure than a hash), for replacing select fields related to patron
>> records. I also wanted something that could possibly be reversed given
>> an encrypted private key that would be stored well outside of the scope
>> of the project. I'm thinking that if you wanted to geocode addresses
>> for example, you could temporarily decrypt each field needed for the
>> task, use the *pseudonymized* patron id as the identifier, and then
>> send your data off to the geocoder of your choice. Another example
>> would be to store a pseudonymized patron id as the identifier in things
>> like circulation data used for later analysis, or for transmitting to
>> trusted 3rd parties who may do analysis for you.
>>
>> I'm humbly asking for anyone with some background in using encryption to
>> review the code I have and maybe offer some comments / concerns /
>> suggestions / jokes about this.
>>
>> Thanks in advance!
>>
>> https://gist.github.com/rayvoelker/80c0dfa5cb47e63c7e498bd064d3c0b6
>>
>> --
>> Ray Voelker
>>
>
>
|