It's Friday again, so another update on this project! lol
I put together what I think is a pretty good explanation and framing of the
problem and a possible solution!
https://chimpy.me/blog/
--Ray
On Fri, Sep 22, 2023 at 9:43 AM Ray Voelker <[log in to unmask]> wrote:
> Hi code4lib folks .. and again ... happy Friday!!
>
> I just wanted to post an update to this. I wrote in to the Security Now!
> podcast (fantastic show by the way and fully worth listening to on a
> regular basis) about this notion, and it was made the main topic of show
> number 940!
>
> https://twit.tv/shows/security-now/episodes/940?autostart=false
>
> The discussion starts around the 1:36 mark.
>
> Here's what I wrote to Steve Gibson:
>
> In addition to being an avid listener to Security Now, I'm also a System
>> Administrator for a large public library system in Ohio. Libraries often
>> struggle with data—being especially sensitive around data related to
>> patrons and patron behavior in terms of borrowing, library program
>> attendance, reference questions, etc. The common practice is for libraries
>> to aggregate and then promptly destroy this data within a short time
>> frame—which is typically one month. However, administrators and local
>> government officials, who are often instrumental in allocating library
>> funding and guiding operational strategies, frequently ask questions on a
>> larger time scale than one month to validate the library's significance and
>> its operational strategies. Disaggregation of this data to answer these
>> types of questions is very difficult and arguably impossible. This puts
>> people like me, and many others like me, in a tough spot in terms of
>> storing and later using sensitive data to provide the answers to these
>> questions of pretty serious consequence—like, what should we spend money
>> on, or why we should continue to exist.
>
>
> I’m sure you’re aware, but there are many interesting historical reasons
>> for this sensitivity, and organizations like the American Library
>> Association (ALA) and other international library associations have even
>> codified the protection of patron privacy into their codes of ethics. For
>> example, the ALA's Code of Ethics states: "We protect each library user's
>> right to privacy and confidentiality with respect to information sought or
>> received and resources consulted, borrowed, acquired or transmitted." While
>> I deeply respect and admire this stance, it doesn't provide a solution for
>> those of us wrestling with the aforementioned existential questions.
>>
>
> In this context, I'd be immensely grateful if you could share your
>> insights on the technique of "Pseudonymization" ( https://
>> en.wikipedia.org/wiki/Pseudonymization <https://t.co/gVKvpmzoxp>) for
>> PII data. Additionally, I'd appreciate a brief review of a Python module
>> I'm developing, which aims to assist me (and potentially other library
>> professionals) in retaining crucial data for subsequent analysis while
>> ensuring data subject privacy. https://gist.github.com/rayvoelker/80c
>> 0dfa5cb47e63c7e498bd064d3c0b6 <https://t.co/aAapRKgElr> Thank you once
>> again, Steve, for your invaluable contributions to the security community.
>> I eagerly await your feedback!
>>
>
> I think the even better solution compared to Pseudonymization involves
> the Birthday Paradox. It's a direction I hadn't even thought of for this!
>
> --Ray
>
> On Fri, Sep 15, 2023 at 2:43 PM Ray Voelker <[log in to unmask]> wrote:
>
>> Hi code4lib folks .. happy Friday!
>>
>> I started putting together a little Python utility for doing
>> Pseudonymization tasks (https://en.wikipedia.org/wiki/Pseudonymization).
>> The goal is to be able to do more analysis on data related to circulation
>> while securely maintaining patron privacy.
>>
>> For a little bit of background I wanted something *like a hash* (but
>> more secure than a hash), for replacing select fields related to patron
>> records. I also wanted something that could possibly be reversed given an
>> encrypted private key that would be stored well outside of the scope of the
>> project. I'm thinking that if you wanted to geocode addresses for example,
>> you could temporarily decrypt each field needed for the task, use the
>> *pseudonymized* patron id as the identifier, and then send your data off
>> to the geocoder of your choice. Another example would be to store a
>> pseudonymized patron id as the identifier in things like circulation data
>> used for later analysis, or for transmitting to trusted 3rd parties who may
>> do analysis for you.
>>
>> I'm humbly asking for anyone with some background in using encryption to
>> review the code I have and maybe offer some comments / concerns /
>> suggestions / jokes about this.
>>
>> Thanks in advance!
>>
>> https://gist.github.com/rayvoelker/80c0dfa5cb47e63c7e498bd064d3c0b6
>>
>> --
>> Ray Voelker
>>
>
>
> --
> Ray Voelker
> (937) 620-1830
>
--
Ray Voelker
(937) 620-1830
|