Privacy-Preserving Surveillance Using Selective Revelation

Date of Original Version



Working Paper

Abstract or Table of Contents

Following the events of September 11, 2001, many in the American public falsely believe they must choose between safety and privacy. This paper proposes an approach to technology (termed “Selective Revelation”) that allows data to be shared for surveillance purposes such that shared data have provable assurances of privacy protection while remaining practically useful. Data are provided to a surveillance system with a sliding scale of identifiability, where the level of anonymity matches scientific and evidentiary need. During normal operation, surveillance is conducted on sufficiently anonymous data that is provably useful. When sufficient and necessary scientific evidence merits, the system drills down increasingly more identifiable data. This is a computational model of the "probable cause predicate" performed in American jurisprudence. Under Selective Revelation, human judges, who make decisions as to whether information will be shared with lawenforcement, are replaced with technology that makes these decisions for broader surveillance purposes.