“Anonymized” data really isn’t—and here’s why not – Ars Technica

You have zero privacy anyway. Get over it.

So spoke Scott McNealy more than a decade ago. At the time he made this statement, he received a fair amount of criticism. Turns out, he might very well have had a point, though perhaps for reasons he might not have foreseen.

A recent paper highlights the issue of the “reidentification” or “deanonymization” of anonymized personal information. However, the issue goes beyond anonymized information to the very heart how one should define personal information that is or should be protected under privacy legislation.

“Anonymized” data really isn’t—and here’s why not – Ars Technica.

Canadian privacy legislation simply defines personal information as “information about an identifiable individual” (excluding certain information about someone in their capacity as an employee). However, what does “about an identifiable individual” mean? Does it mean that the person collecting the particular nugget of information can associate it with a person’s identity? Or, perhaps more disconcertingly, does it include data that has the potential to be associated with someone by analyzing that particular bit of information, which alone (or even in conjunction with all the other information collected by a given organization) could not be linked with a particular individual, with information available from other sources?

student rant = protected speech?

Alas, my dabbling with blogging took a bit of a nosedive lately. As things get busy with the day job something has to give, and as between playing a little bit with the boy and writing another entry in the blog, the boy always wins.

Anyway, to kick off a backlog of a zillion entries, E-Commerce News reports on a finding by the Indiana Court of Appeals:

The Indiana Court of Appeals has ruled that a student’s obscenity-filled MySpace post blasting a school principal is protected free speech. The student, who is identified as “A.B.” in court documents, was originally placed on probation by a lower court judge in Indiana after she commented about her body piercings and school policy on a MySpace page created by another student.

“While we have little regard for A.B.’s use of vulgar epithets, we conclude that her overall message constitutes political speech,” the Indiana Court of Appeals notes in its opinion on the case.

The key finding in this particular case is that A.B. was speaking out against her principal and his policies rather than causing actual harm.

This is rather interesting given that there have been one or two cases in Canada where students have been suspended for commenting negatively on their teachers. From what I recall, the stories characterized the activities or comments as “cyber-bullying”. In fact I believe The Toronto Star reported riot policing intervening at a protest by students over the suspension of one student for just this type of activity.

It will be interesting to see whether cases like this one will work their way up to Canada, and whether students, given the somewhat less litigious environment in Canada, will proceed with legal challenges of a similar nature.

Alarm Bells Over Vista’s “Fine Print”

I like Michael Geist. He’s a law professor at the University of Ottawa and writes a column in the Toronto Star. Not that agree with everything he says, but I certainly do respect the fellow. He’s a sort of Lawrence Lessig of the Great White North, for those of you from the US. A lot of what he says has merit, or at least is worthy of debate. But when I read his last column on how Vista’s legal fine print raises red flags, well, it left me scratching my head a bit. Don’t get me wrong, I don’t think Microsoft is the world’s saviour or anything, and from the perspective of a user I’m not that keen on all the DRM stuff in Vista and the headaches it will cause in using protected content, but OTOH I did raise a bit of an eyebrow to some of his comments on the Vista license. Such as:

Vista’s legal fine print includes extensive provisions granting Microsoft the right to regularly check the legitimacy of the software and holds the prospect of deleting certain programs without the user’s knowledge. During the installation process, users “activate” Vista by associating it with a particular computer or device and transmitting certain hardware information directly to Microsoft.

I don’t particularly like activation, but this is nothing new – Windows XP has activation and as for hardware information, I’m not sure how sensitive I would consider the make or model of my video card to be. I also find the reference to “deleting certain programs” to be a bit overstated. I wasn’t able to find anything about deleting programs in the Vista license I got from the MS website. It implies that Vista can suddenly go wild and start erasing other stuff you’ve installed. The only thing I was able to find was in Section 5(c), which says:

If, after a validation check, the software is found not to be properly licensed, the functionality of the software may be affected. For example, you may

  • need to reactivate the software, or
  • receive reminders to obtain a properly licensed copy of the software,

or you may not be able to

  • use or continue to use some of the features of the software,

Again, nothing particularly surprising – XP had the same thing – you don’t have validated software, you can’t use certain features of the software (i.e. Windows Vista, not other stuff).

Continuing on:

Even after installation, the legal agreement grants Microsoft the right to revalidate the software or to require users to reactivate it should they make changes to their computer components. In addition, it sets significant limits on the ability to copy or transfer the software, prohibiting anything more than a single backup copy and setting strict limits on transferring the software to different devices or users.

On revalidation, again, nothing new at least compared to XP – same complaints of course as well. As for backup copies – well, its pretty standard to only permit one backup. I’d prefer more but I don’t find it super-alarming to be limited to one. As for “strict limits on transferring” these are set out in Section 16:

a. Software Other Than Windows Anytime Upgrade. The first user of the software may
make a one time transfer of the software, and this agreement, directly to a third party. The first
user must uninstall the software before transferring it separately from the device. The first user
may not retain any copies.
b. Windows Anytime Upgrade Software. You may transfer the software directly to a third
party only with the licensed device. You may not keep any copies of the software or any earlier
c. Other Requirements. Before any permitted transfer, the other party must agree that this
agreement applies to the transfer and use of the software. The transfer must include the proof
of license.

I gotta say I don’t find any of the above particularly strict, onerous or burdensome. Before you transfer, you must uninstall and not retain any copies. The transferee must agree to the agreement. You must transfer proof of the license. Hmmm. Doesn’t seem that bad.

Then, onto Windows Defender:

Vista also incorporates Windows Defender, an anti-virus program that actively scans computers for “spyware, adware, and other potentially unwanted software.” The agreement does not define any of these terms, leaving it to Microsoft to determine what constitutes unwanted software.

C’mon. There is a general understanding of what constitutes spyware and adware. And yes, “potentially unwanted software” is vague. But how then, should it be defined? “Bad stuff”? Interestingly he fails to mention the language that follows:

If it finds potentially unwanted software, the software will ask you if you want to ignore, disable (quarantine) or remove it. Any potentially unwanted software rated “high” or “severe,” will automatically be removed after scanning unless you change the default setting. Removing or disabling potentially unwanted software may result in
· other software on your computer ceasing to work, or
· your breaching a license to use other software on your computer.
By using this software, it is possible that you will also remove or disable software that is not
potentially unwanted software.

So Defender will ask you what to do (which he doesn’t mention), except for “high” or “severe” software, which it removes unless you change the setting (which he does). Well, I can understand the auto-removal thing. If it was left off by default (i.e. didn’t remove), then fingers would be pointed at MS at having lousy default security settings – a criticism often levelled (and, I think, justifiably so) at XP’s security settings – the rock on the other side of the hard place Michael identifies.

Then this:

Once operational, the agreement warns that Windows Defender will, by default, automatically remove software rated “high” or “severe,” even though that may result in other software ceasing to work or mistakenly result in the removal of software that is not unwanted.

C’mon Michael, that’s a bit over the top, isn’t it? Even “nice” spyware removers, like Spybot (highly recommended, btw) specifically warn that removing spyware might remove or cause other software not to work any more. Of course. Because many of the filthy, evil, nasty folks who distribute spyware or adware bundle it up with software that people actually want to use, and bundle it up in such as way that you can’t get rid of the spyware without killing the other software. Go figure.


For greater certainty, the terms and conditions remove any doubt about who is in control by providing that “this agreement only gives you some rights to use the software. Microsoft reserves all other rights.” For those users frustrated by the software’s limitations, Microsoft cautions that “you may not work around any technical limitations in the software.”

Grr. Of course. Show me a commercial license that gives anyone “all” rights to use the software without restriction. Actually, even the GPL doesn’t permit that – there are still limitations and restrictions even in open source code as to what you can and can’t do. I don’t think its fair to point to this type of language and imply that Microsoft is up to no good here. Same goes with the last sentence. Sure, you can’t hack the software. Doesn’t surprise me.

I never thought I’d be defending Microsoft’s licensing practices. Not to mention questioning Mr. Geist’s criticisms of same. But there you go. Not that I necessarily think, OTOH, that you should go out and buy Vista. Though it is pretty.