This is a memo on Privacy related stuff that I am thinking of. It will be changing constantly. It is still a very early sketch / work in progress.
1. Definitions
Let I = {i | integer such that i>0} .
Let ei, i ∈ I denote an entity i.
1.1 identity, set of attributes
Identity, xi of an entity i is a set of attributes related to ei .
1.2 identifiable entity information, identifier, unique identity
For a set X={xi } , if∀j≠i => xi≠ xj , then, xi is a identifiable entity information.
1.3 personally identifiable information, pii
identifiable entity information of a human
1.4 data linking
an action that creates zi = xi ∪ yi from two pii that relates to entity i
1.5 cognitive surface
surface that an entity projects input data to form a certain understanding about the source of the input data
1.6 recognition
result of mapping f:X->C that maps an identity x ∈ X onto a cognitive surface C of an entity E
1.7 right to control self image (right to express oneself)
right of a person to build an intended recognition by the entity E by controlling the available identity of him to E
1.8 privacy
freedom from unauthorized intrusion or intervention onto one’s sovereignty over oneself
Note: Synonymous to “Liberty” defined as “the sovereignty of man over himself”
1.9 right to privacy
right of complete immunity over oneself
Note: right to privacy (1.9) includes right to express oneself (1.7)
1.10 privacy infringement
trespass on the right to privacy (1.9)
Note: act of creating uninteded recognition, which is caused by adding, subtracting, or modifying the set of attributes that he provides to the entity will infringe the right to control self-image (1.7), thereby infringing the right to privacy. In the section 2, this will be used extensively to prove that an act forms a case of privacy infringement.
1.11 anonymity (k-anonymity)
state in which for xi ∈ X, there are more than n > k > 1 entities such that xi = xj
1.12 anonymization (k-anonymization)
operation that removes or obscures one or more attributes from the identity so that there will be more than k entities such that xi = xj
1.11 pseudonymous∈ X
state in which for entity i, there is no j such that xi = xj where i, j ∈ S ⊂ I and S ≠ I
Note: The set S ⊂ I and S ≠ I is integral portion of the definition of pseudonymous. If S = I, then it is not pseudonymous anymore but called veronymous. In this respect, “pseudonymous” makes sense only in relation to S. In identity management, often this is called sector.
2. Propositions
2.1 Unauthorized sharing of identity may constitute a privacy infringement
Suppose xi and yi were provided to entity F and G separately. Denote recognition mapping of F and G by f(x) and g(x). Then the recognition of i by F and G are f(xi) and g(yi) respectively.
Suppose E and F colluded and shared those information. Then, it will be possible to create a zi = xi ∪ yi , which may lead to a different recognition f(zi) ≠ f(xi) and g(zi) ≠ g(yi). This was not intended by the person, thus infringing the right to express oneself. Therefore, it may constitute a privacy infringement. ❏
2.2 Data leakage may constitute a privacy infringement
Suppose the entity E had xi , an identity of person i. Suppose that data about the person i, yi was leaked and obtained by the entity E. Then, entity E will have a zi = xi ∪ yi which was not intended to be provided to E by the person i. This enables E to form different recognition f(zi) ≠ f(xi) . Therefore, it may constitute a privacy infringement. ❏
2.3 Obtaining the identity yi without the consent of the person i may constitute a privacy infringement
Suppose the entity F only had xi as the information about entity i. This results in the recognition f(xi ). Now, suppose F obtained yi without the authorization or intent of the person i. Then, the recognition by F changes to f(xi ∪ yi ), which is in general not equal to f(xi ). This is an unitended change of the recognition. Thus, it constitutes a privacy infringement. ❏
2.4 Changing the purpose of the use of an identity xi constitutes a privacy infringement
Suppose i only allowed E to use xi for a specific purpose. This is essentially constraining the operation that E is permitted to perform on xi. Let f := { fk | k ∈ K} be the set of mapping that E may apply on xi. Assume that each mapping on xi result in different set fk(xi).
Let f(xi ) denote ∪k∈K fk(xi),
i.e., f1(xi) ∪f2(xi) ∪ … ∪fn(xi)
Then, constraining the purpose of the use is equivalent to constraining the allowed k to k ∈ K’ where K’ ⊂ K . Let us denote the ∪k∈K’ fk(xi) as f'(xi).
Change the purpose of the use then is equivalent to changing the constraint set K’ to another K” which results in f”(xi).
Clearly, f'(xi) = f”(xi) does not hold in general. Therefore, change of the purpose of the use of an identity xi constitutes a privacy infringement. ❏
One Reply to “Notes on Privacy”