Thoughts on the Future

  • George T. DuncanEmail author
  • Mark Elliot
  • Juan-José Salazar-González
Part of the Statistics for Social and Behavioral Sciences book series (SSBS)


The future will surely bring challenges to statistical confidentiality. Some challenges will be familiar, much like the ones described in Chapter 1. But as the lead quotation suggests, we must prepare for exponential change in our responsibilities, the technology we employ, and the problems we face. Specifically, we must prepare for dramatic changes both in information technology and in our social, economic and political environment. This chapter lays out our view of how these changes will multiply the tensions between the demand for the protections of confidentiality and the demand for access to data. Interestingly, much of what we discuss was only hinted at two decades ago by Duncan and Pearson (1991). Their glimpse to the future is today’s reality. Anticipating tomorrow requires a new and expanded forecast.


Administrative Data Synthetic Data Geospatial Data Identity Theft Disclosure Risk 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Acquisti, A.: Security of personal information and privacy: technological solutions and economic incentives. In: Camp, J., Lewis, R. (eds.) The Economics of Information Security, pp. 179–186. Kluwer, Dordrecht (2004)CrossRefGoogle Scholar
  2. Adam, N.R., Wortmann, J.C.: Security-control methods for statistical databases: a comparative study. ACM Comput. Surv. 21, 515–556 (1989)CrossRefGoogle Scholar
  3. Agrawal, R., Srikant, R.: Privacy-preserving data mining. Proceedings of the 2000 ACM SIGMOD on Management of Data, Dallas, TX, 15–18 May 2000Google Scholar
  4. Backstrom, L., Dwork, C., Kleinberg, J.: Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. Proceedings of the 16th International Conference on World Wide Web, Banff, AB, 08–12 May 2007Google Scholar
  5. Blakemore, M.: The potential and perils of remote access. In: Doyle, P., Lane, J., Theeuwes, J., Zayatz, L. (eds.) Confidentiality, Disclosure, and Data Access: Theory and Practical Application for Statistical Agencies, pp. 315–337. Elsevier, Amsterdam (2001)Google Scholar
  6. Boruch, R.F., Cecil, J.S.: Assuring the Confidentiality of Social Research Data, University of Pennsylvania Press, Philadelphia, PA 1979Google Scholar
  7. Brin, D.: The Transparent Society. Addison-Wesley, Reading, MA (1998)Google Scholar
  8. Brownstein, J.S., Cassa, C.A., Mandl, K.D.: No place to hide – reverse identification of patients from published maps. New Engl. J. Med. 19 October 355(16), 1741–1742 (2006)Google Scholar
  9. Clifton, C., Kantarcioglu, M., Vaidya, J., Lin, X., Zhu, M.Y.: Tools for privacy preserving data mining. SIGKDD Explor. 4(2), 28–34 (2002)CrossRefGoogle Scholar
  10. CNSTAT: Reengineering the survey of income and program participation committee on national statistics. Citro, C.F., Scholz, J.K. (eds.). National Academies Press, Washington, DC (2009)Google Scholar
  11. Duncan, G.T.: Privacy by design. Science 317, 1178–1179. August 31 (2007)CrossRefGoogle Scholar
  12. Duncan, G.T., Lambert, D.: Disclosure-limited data dissemination (with discussion). J. Am. Stat. Assoc. 81(393), 10–28 (1986)CrossRefGoogle Scholar
  13. Duncan, G.T., Mukherjee, S.: Optimal disclosure limitation strategy in statistical databases: deterring tracker attacks through additive noise. J. Am. Stat. Assoc. 95, 720–729 (2000)CrossRefGoogle Scholar
  14. Dwork, C., McSherry, F., Talwar, K.: Differentially Private Marginals Release with Mutual Consistency and Error Independent of Sample Size. Proceedings of UNECE worksession on statistical confidentiality, December 2007, pp 193–204. Manchester (2009)Google Scholar
  15. Duncan, G.T., Pearson, R.W.: Enhancing access to microdata while protecting confidentiality: prospects for the future (with discussion). Stat. Sci. 6, 219–239 (1991)CrossRefGoogle Scholar
  16. Dwork, C.: Ask a better question, get a better answer a new approach to private data analysis. In: Schwentik, T., Suziu, D. (eds.) 11th Proceedings of the International Conference on Database Theory, ICDT 2007, January 10–12, 2007. Lecture Notes in Computer Science, vol. 4353, pp. 18–27. Barcelona, Spain (2006)Google Scholar
  17. Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. Proceedings of the 3rd International Conference on Very Large Data Bases, Tokyo, Japan, pp. 265–284 (2006)Google Scholar
  18. Elliot, M.J., Dale, A.: Scenarios of attack: a data intruder’s perspective on statistical disclosure risk. Netherlands Official Stat. 14, 6–10 (1999)Google Scholar
  19. Evfimievski, A., Gehrke, J., Srikant, R.: Limiting privacy breaches in privacy preserving data mining. Proceedings of the 22nd ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS 2006), San Diego, CA, June 2003Google Scholar
  20. Federal Committee on Statistical Methodology: Statistical Policy Working Paper 22: Report on Statistical Disclosure Limitation Methodology, U.S. Office of Management and Budget, Washington, DC 1994Google Scholar
  21. Fienberg, S.E.: Confidentiality and disclosure limitation methodology: challenges for national statistics and statistical research. Commissioned by Committee on National Statistics of the National Academy of Sciences (1997)Google Scholar
  22. Fienberg, S.E., Makov, U.E., Sanil, A.P.: A Bayesian approach to data disclosure: optimal intruder behavior for continuous data. J. Official Stat. 14, 75–89 (1997)Google Scholar
  23. Fienberg, S.E., Makov, U.E., Steel, R.J.: Disclosure limitation using perturbation and related methods for categorical data. J. Official Stat. 14, 485–502 (1998)Google Scholar
  24. Freeman, L.: The Development of Social Network Analysis. Empirical Press, Vancouver, BC (2006)Google Scholar
  25. Gehrke, J.: Models and methods for privacy-preserving data publishing and analysis (tutorial slides). Twelfth Annual SIGKDD International Conference on Knowledge Discovery and Data Mining (SIGKDD 2006), Philadelphia 2006Google Scholar
  26. Huizinga, D., et al.: Childhood maltreatment, subsequent antisocial behavior, and the role of monoamine oxidase A genotype. Biol. Psychiatry 60(7), 677–683 1 Oct (2006)CrossRefGoogle Scholar
  27. Kleinberg, J.M.: Challenges in mining social network data: processes, privacy, and paradoxes. Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Jose, CA, 12–15 August, pp. 4–5 2007Google Scholar
  28. Little, R.J.A., Liu, F.: Selective multiple imputation of keys for statistical disclosure-control in microdata. Proceedings of the Section on Survey Research Methods, CD-ROM, American Statistical Association, Alexandria, VA 2002Google Scholar
  29. Little, R.J.A., Liu, F.: Comparison of SMIKe with data-swapping and PRAM for statistical disclosure control of simulated microdata. Proceedings of the Section on Survey Research Methods, American Statistical Association, Seattle (2003)Google Scholar
  30. Machanavajjhala, A., Kifer, D., JAbowd, J., Gehrke, J., Vilhuber, L.: Privacy: from theory to practice on the map. ICDE Conference 2008. Cancun, Mexico, April 2008. (2008)
  31. Mackie, C., Bradburn, N.: Improving Access to and Confidentiality of Research Data. National Academy Press, Washington, DC (2000)Google Scholar
  32. McLuhan, M.: Understanding Media: The Extensions of Man. McGraw-Hill, New York, NY (1964)Google Scholar
  33. National Research Council: Putting people on the map: protecting confidentiality with linked social-spatial data. Panel on confidentiality issues arising from the integration of remotely sensed and self-identifying data. In: Gutmann, M.P., Stern, P.C. (eds.) Committee on the Human Dimensions of Global Change, Division of Behavioral and Social Sciences and Education. The National Academies Press, Washington, DC. (2007)
  34. O’Keefe, C., Good, N.M.: A remote analysis server – what does regression output look like? In: Domingo-Ferrer, J., Saygýn, Y. (eds.) PSD 2008. Lecture Notes in Computer Science, vol. 5262, pp. 270–283. Springer, Berlin (2008)Google Scholar
  35. Paass, G.: Disclosure risk and disclosure avoidance for microdata. J. Bus. Econ. Stat. 6(4), 487–500 (1988)CrossRefGoogle Scholar
  36. Pickle, L.W., Waller, L.A., Lawson, A.B.: Current practices in cancer spatial data analysis: a call for guidance. Int. J. Health Geogr. 4, 3 (2005)CrossRefGoogle Scholar
  37. Polettini, S.: Maximum entropy simulation for microdata protection. Stat. Comput. 13(4), 307–320 (2003)CrossRefMathSciNetGoogle Scholar
  38. Raghunathan, T.E., Reiter, J.P., Rubin, D.R.: Multiple imputation for statistical disclosure limitation. J. Official Stat. 19, 1–16 (2003)Google Scholar
  39. Rastogi, V., Suciu, D., Hong, S.: The boundary between privacy and utility in data publishing. Technical Report, University of Washington, Washington, DC 2007Google Scholar
  40. Reiter, J.P.: Inference for partially synthetic, public use microdata sets. Surv. Methodol. 29, 181–188 (2003)Google Scholar
  41. Rubin, D.B.: Discussion of statistical disclosure limitation. J. Official Stat. 9(2), 461–468 (1993)Google Scholar
  42. Sieber, J.E.: Privacy and Confidentiality: As Related to Human Research in Social and Behavioral Science (Research Involving Human Participants V2): Online Ethics Center for Engineering, May 25, National Academy of Engineering Accessed Sept 25, 2007 (2007)
  43. Simard, M.: Development of a real time remote access infrastructure at statistics Canada. Paper presented at the joint UNECE/Eurostat Work Session on Statistical Data Confidentiality, Bilbao, Spain, 2–4 December 2009Google Scholar
  44. Sparks, R., Carter, C., Donnelly, J., O’Keefe, C.M., Duncan, J., Keighley, T., McAullay, D.: Remote access methods for exploratory data analysis and statistical modelling: privacy-preserving analytics TM. Comput. Methods Progr. Biomed. Arch. 91(3), 208–222 (2008)CrossRefGoogle Scholar
  45. Tranmer, M., Steel, D., Chambers, R., Clark, R., Elliot, M.: The role of individuals, geographical groups, households and social networks in social statistics. Paper presented to the 30th Sunbelt Conference Riva del Garda, Italy, June 2010Google Scholar
  46. Vaidya, J., Clifton, C., Zhu, M.: Privacy Preserving Data Mining. Springer, Heidelberg (2006)zbMATHGoogle Scholar
  47. Winkler, W.E.: Masking and re-identification methods for public-use microdata: overview and research problems. In: Domingo-Ferrer, J., Torra, V. (eds.) Privacy in Statistical Databases. Lecture Notes in Computer Science, vol. 3050, pp. 231–246. Springer, Berlin, Heidelberg. (2004a)
  48. Winkler, W.E.: Re-identification methods for masked microdata. In: Domingo-Ferrer, J., Torra, V. (eds.) Privacy in Statistical Databases, pp. 216–230. Springer, New York, NY (2004b)CrossRefGoogle Scholar
  49. Xiao, X., Wang, G., Gehrke, J.: Interactive anonymization of sensitive data. SIGMOD’09 June 29–July 2, 2009, Providence, Rhode Island, USA. ACM 978-1-60558-551-2/09/06 (2009)Google Scholar
  50. Zayatz, L.V., Rowland, S.: Disclosure limitation for American FactFinder. Paper presented at the American Statistical Association Joint Statistical Meetings, Baltimore, MD, 8 August 1999Google Scholar
  51. Elliot, M.J.: Privacy, Identity and Disclosure. Keynote speech to the International Conference on Communication, Computing and Security. Rourkela, February 2011. (2011)
  52. Greely H., Collecting biomeasures in the panel study of income dynamics: ethical and legal concerns. Biodemography Soc. Biol. 55(2), 270–288 (2009)CrossRefGoogle Scholar
  53. Martin, D., Kifer, D., Machanavajjhala, A., Gehrke, J., Halpern, J.: Worst case background knowledge for privacy preserving data publishing. In Proceedings of the 23rd International conference on Data Engineering, ICDE 2007, April 15–20, Istanbul, Turkey (2007)Google Scholar
  54. Benedetti, R., Franconi, L., Capobianchi, A.: Individual risk of disclosure using sampling design information. Istat Contributi n. 14/2003. Available at (2003)

Copyright information

© Springer New York 2011

Authors and Affiliations

  • George T. Duncan
    • 1
    Email author
  • Mark Elliot
    • 2
  • Juan-José Salazar-González
    • 3
  1. 1.Carnegie Mellon UniversitySanta FeUSA
  2. 2.University of ManchesterManchesterUK
  3. 3.University of La LagunaLa LagunaSpain

Personalised recommendations