[mayanksinghal]

> Is it okay to collect anonymous XYZ data? Anonymity is not binary.

- What lower level of anonymity is acceptable? Is 1 in 30 acceptable?

- What about edge cases where it becomes much lower? Say only one person in a small county has an account to a web service because it is largely targeted at people elsewhere?

- What about academic improvements that keep decreasing anonymity by improving understanding of collected data? What time limit would NSA get to update its systems in case of such improvements? What happens if the speed of academic improvements is larger than the speed of updates in NSA systems? Is the system scrapped right away?

I agree that formal definitions seem lucrative. But these aren't simplified mathematical static models that we are talking about.

[minor_nitwit]

Right, those are exactly the questions that need to be asked, discussed before implementation, and then included in the law if it passes.

What meta-data is truly anonymous and what is not? Is the agency permitted to built a tool to de-anonymize data based on academic research, or is the data in some ways protected against these tools?

They may get to the end of this process and in this instance find that such a government tool, even based on anonymous data is uncontainable, and should not be implemented. If you just grant blanket power and rely upon a courts interpretation of your two paragraph scribble to straighten things out, the intent of the law can be completely lost.

[jamieb]

Yes. This is my point. =) Only by actually working out all these details can we have just laws, and IMHO, we would discover that most of our laws are not just.

We want law that prevents criminals from breaking into banks and stealing your cash, but what we got was a law able to be used to persecute young people to the point of suicide for accessing an "open" system belonging to an educational establishment.

The laws we have now cannot do what they claim to do without being impossibly broad or impossible to implement. As was was discussed elsewhere today, the joke of a "Do what I mean" button, is that nobody, in fact, knows what they mean, and this goes exponentially so for a congress of 500 or so people.

[krapp]

But the most 'just' laws aren't always the ones least open to interpretation. Also, let's not conflate Aaron Swartz's suicide into an example of the law working as designed and intended, rather than being the result of heavy-handed interpretation intersecting with his own fragile state.

The way I look at it, making laws more and more complex and attempting to codify every possible instance is a bit like adding massive bloat to a software project for the sake of maximum backwards compatibility. Just as more lines of code introduce more bugs and increase the possible attack surface of an application, so more complex laws introduce more opportunities to manipulate and undermine those laws through legalistic means (while giving the people who have to interpret those laws on their face little leeway for context-specific interpretation.)

In Florida, to use an obvious example, the law as intended makes it legal in a certain context to kill an unarmed teenager without any ramifications, whereas firing a gun into the air can get you 40 years in prison. This is what the people of Florida wanted, and this is what their legislators gave them. America's prisons are stuffed with minor drug offenders for whom the sentencing laws were absolutely unambiguous. How complex is the tax code and how many ways are there to dance around it? Most of those holes are there on purpose.

[jacques_chester]

> Right, those are exactly the questions that need to be asked, discussed before implementation, and then included in the law if it passes.

Legislation is not the only source of law.

That said, more structured analysis is no bad thing. But it's not a panacea either. There's an existing analytical mechanism for legislation: depending on where you are, it's called "Parliament" or "Congress".

To participate, you must first be elected to that body. Or work for someone who does.