Yesterday’s Technology Review Story: Blinding Big Brother, Sort of

http://www.technologyreview.com/InfoTech-Software/wtr_16209,300,p1.html?PM=GO

While this Q&A piece is mostly focused on the work I have done in the area of advanced analytics inside the anonymized data space, it makes brief mention of Immutable Audit Logs (IAL’s).  While audit logs are nothing new, the notion of “immutability” is a more recent concept which introduces the idea that an audit log could be tamper resistant (e.g., not easy for anyone to tamper with or erase history).  And while I believe that IAL’s will become best practice, I started thinking about the possible negative secondary consequences of such robust logs.  Imagine a log that contains all user activity and all data flows whereby this superset of information is retained for a potentially very long time.  What would prevent audit logs from being themselves the source for misuse, unintended disclosures or unanticipated repurposing?  This is an area I care a lot about, so stay tuned.