After A-Rod, When (If Ever) Are Assurances of Confidentiality Credible?

I recently received a request from a reputable institution to participate in a survey on a range of education issues. I generally try to support such efforts, so I began to work my way through the survey. At the outset, the survey form asked for my name and affiliation so they could check me off the list — but assured me that my identity and institutional affiliation would be “maintained in confidence,” that any publication of data from the survey would be “conducted in such a way as to protect the confidentiality” of my identity and affiliation, and that the “results from this survey will be used solely for academic research purposes.”

Up until a few days ago, I wouldn’t have given this a second thought. And, in fact, I went ahead and completed the survey because its subject matter was far from sensitive and I have no reason to doubt the sincerity of the surveying institution — but not because I thought the confidentiality promises were particularly meaningful. The leaked results of Alex Rodriguez’s supposedly confidential drug tests now make me wonder whether any such assurances of confidentiality are worth the ink (or breath) it takes to communicate them. In 2003, Major League Baseball tested its players for performance-enhancing drugs, but promised them that the results would be kept not only confidential but also anonymous (i.e., that test samples would not be associated with players’ names) and that the program’s objective was solely to assess whether the number of players using performance-enhancing drugs exceeded a certain threshold. (if the number of positive test results exceeded 5% of those tested — and it did — then a full testing program with penalties for positive results would be implemented in 2004 — and it was). But the Rodriguez experience shows that there’s not much a trusting test-taker (or survey-completer) can do to enforce such blithe assurances of confidentiality– and even less once the results have actually been leaked.

(Don’t get me wrong — I’m not feeling terribly sorry for A-Rod. Having grown up in Seattle, I’m a fervent Mariners’ fan who remains bitter that Rodriguez (and many other great players) left before we could get to the World Series. If you’ve been following professional sports recently, you have a general idea of just how poorly Seattle sports fans are feeling these days; last year the Mariners lost over 100 games, the Seahawks finished 4-12, and the Sonics . . . .oh, wait, Seattle doesn’t have a professional basketball team any more).

You may also like...

1 Response

  1. joe says:

    Well, what about technologically-mediated assurances of confidentiality? For example, what if in an informed consent protocol they included a statement that showed under what circumstances a malicious adversary could breach confidentiality. That may sound naive or subject to the technical sophistication of the participant (the one agreeing to the informed consent protocol), but here me out with an example. wesabe.com does something that would make investors and insurers very uneasy: they combine personal finance and social networking. Crazy! However, the way they protect your records involves a pretty ingenious piece of wizardry: the financial information and such is stored completely separately from your personal information. The link between the two is a password hash (read: a function that can turn your password into gibberish that no one can predict). This is effectively a “privacy wall” where they can only associate your financial records with “you” (as in your personal information) when you’re logged in (they don’t know your password). This kind of thing could be extended such that any linking keys like this are discarded after the primary analysis is done. Obviously, that would make the data less useful down the road, but for very good reasons.