32 comments

[ 3.6 ms ] story [ 79.5 ms ] thread
I see no evidence that the problem is that people were unwilling to fund uncomfortable results, but that they didn't see the point of funding a calculation that as the article notes, could be done on the back of the envelope, and without any proposed solution. Basically, what would the funding add to this statistic?
What's significant is this:

> Over 20 journals turned down her paper on the Weld study ...

And this:

> A decade ago, funding sources refused to fund re-identification experiments unless there was a promise that results would likely show that no risk existed or that all problems could be solved by some promising new theoretical technology under development.

And she didn't just do a "back-of-the-envelope calculation". She re-identified an actual public dataset, including the then governor of Massachusetts :)

I agree that 20 rejections is significant. But I think it's a bit naive to think that 20 journals (about 60 peers reviewers) were fools who rejected because they were uncomfortable with the results. Are we really to believe these scientific experts were bumbling, "gee, this shows that it's easy to deidentify someone! better reject since I'm feeling uncomfortable now."

And yes, showing this with a real dataset is nice, since it validates the estimation. But it still doesn't explain why it's worthy to fund. Funding is very competitive, and generally goes towards prospective research that can lead to innovation in the field. The article suggests that funding should go towards already-finished descriptive dataset analytics confirming back-of-envelope estimations, with no clear plan to find a solution.

It's also possible that this article is not expressing the nuance behind the actual work and reasons behind the rejections, so I'm not judging the researcher's work, but rather judging the claims in this article.

Isn't there a preliminary step before peer reviewers review an article for publication (otherwise they'll be flooded). My impression from the post was that it stopped at some point in the marketing/editorial pipeline - I.E. it wasn't adequate enough (for business reasons) to send to peer review.

Though even so, your comment still stands (since I'm assuming whomever is in an editorial position has some kind of science background, at least at some of those journals).

> But I think it's a bit naive to think that 20 journals (about 60 peers reviewers) were fools who rejected because they were uncomfortable with the results.

As a social scientist, I'm not so sure...

Have you encountered concrete examples of such rejections in your field? Care to share some tales?
Peer reviewers are humans, there are many examples humans denying, avoiding, turning away “uncomfortable” evidence.
Do you not think that people who are doing this professionally as their career, spending their entire lives working, reviewing, and discussing this type of research, do not realize that there is a potential bias and do everything they can to address it? It seems like some of the people here believe that we've discovered something that the researchers don't already realize, and aren't already trying to address. It's kind of strange to me that you're attributing a simplemindedness to the experts doing peer review panels that is unrealistic.

It reminds me of the times when people who aren't programmers seem to make this discovery that there is such thing as technical debt, and that programmers should be focused on programming in a way that avoids technical debt ("these programmers should focus on writing maintainable code! Not just short term hacks"). It's an oversimplication of the situation that is not helpful.

What are the incentives to address it? I can think of entire subfields where the whole premise is - IMHO - bullshit. (There are people who literally run lab experiments with 20 students in order to study how nations will contribute to climate change over the next century.) Do you think any of them want to admit that? To see how bad it can get, consider New Real Peer Review (https://twitter.com/realpeerreview). This is the extreme version, but it is the lower tail of a continuous distribution.
The incentive is that they're academics and want to do the right thing. Maybe more pessemistically, they don't want to be called out by other academics doing the right thing. If we go back to the original topic, which is that deidentifying data with some known fields is possible, do you think a reputable academic will want to be known for denying a simple arithmetic estimation? They'd be the laughingstock in their department and community.
In order to publish in a scientific journal the work needs to be novel. Based on this article, the work doesn’t seem novel...

I’d like to see the rejections, my guess is they mostly said “this is not novel or unexpected”.

To make the work novel you might suggest a new approach to anonymizing data for example...

Not novel or unexpected, or "would disrupt everyone's research and make it impossible to publish data"?
I think it was only trivial in hindsight. Scientific publishing is rife with articles the reveal a problem without offering a solution; to expect one seems outright weird.
> my guess is they mostly said “this is not novel or unexpected”.

Well, given how widely vulnerable de-identification was being implemented, that seems unlikely.

Filtering research grant application based on personal/organizational beliefs is serious thing that can alter understanding of science. Highlighting these problems in application review process is important for public to understand to not to trust research blindly without accessing for any hidden bias.
I thought this was famous work that stopped a lot of anonymized data being released and was part of the reason that the programme around differential privacy kicked off?
Eventually people caught on but not in 1997. I think Dr. Sweeney spent years in the wilderness. I wonder if her work got more attention after the deanonymized Netflix data in 2006 got headlines.
It became famous because she was clever enough to get the governor's data, which meant her work became interesting to the general press. The specialist press remained uninterested for reasons discussed in the article and elsewhere in this discussion.
The statement in the original article linked is more interesting:

“In the few experiments a decade ago where publication would have been possible, academic journals refused to do so for reasons having nothing to do with the scientific quality of the work. Computer-science publications refused to publish re-identification experiments unless the paper also included a technological solution, notwithstanding assertions that publishing these experiments would inspire technological innovation to address the real-world problem. Health-policy publications refused to publish re-identification experiments related to health data from fear that reaction might make data sharing more difficult, despite assertions that because technology was fostering unprecedented levels of data-sharing, it was timely to scientifically re-examine data-sharing practices. Even my Weld example and related demographic analyses, despite making significant contributions to privacy regulations worldwide, were refused publication by more than 20 academic publications at the time.”

Personally if feels like the work was an important journalistic effort, but its scientific merit is less clear.

That's not how I would read it. Instead, the article fell between the gaps between two different disciplines. The computer science guys wanted a tech fix - reasonably enough, that's kind of what computer science is about. The health policy guys' reaction is harder to understand: they didn't want to publish it because they feared the consequences of publicity, rather than because of flaws in the methods. That's almost never a legitimate reason to reject a paper.
That’s what the author said, but it seems suspect to me. I’d like to read the rejections and understand if this is just the authors interpretation.

But looking at what was done, it doesn’t seem novel. It’s just combining two datasets, and while journalistically important, doesn’t seem to be sufficiently novel for publication in most journals.

> doesn’t seem to be sufficiently novel for publication in most journals.

The question is why you think novelty is relevant. Replication studies aren't novel but are critically important to real science. Novelty is not and should not be mandatory.

Maybe, but it generally is. In most scientific disciplines I think you’d find it hard to publish simple replication of someone else’s work. You’d need to add some novel aspect, or extend the work slightly.

For a healthcare replication study, I would guess you be hard pressed to get a replication study published for the same demographic, and same sample size as a previous study.

> I think you’d find it hard to publish simple replication of someone else’s work.

Yes, but this shouldn't be the case. The replication crisis clearly points out the problems with this.

> the article fell between the gaps between two different disciplines

This is exactly right - Dr Sweeney went on to cofound a PhD program at CMU focused on this intersection, called "Computation, Organizations and Society". It's not just that policy folks aren't tech literate and that applied cs folks don't know law -- there are interesting technical results that evince at the intersection, like differential privacy frameworks and mechanism design.

A challenge of this kind of work is that it's difficult to prove generality or prediction power, because you are studying distributed systems that don't repeat themselves. Economists and sociologists are used to this problem, but it's hard to intersect with the more technical applied sciences that you would like to vet the work. So most practitioners have to pick one side or the other (hard vs "soft" communities) one publication at a time.

This is almost certainly a health and research policy issue. Any of the journals that do cover policy should be interested: Science or Nature for example.

You can't solve a problem without discovering what the problem is.

(comment deleted)
In the 80:s, when I was a child, I was part of study about something called DAMP - Deficits in Attention Motor control and Perception). The DAMP diagnosis was roughly similar to ADHD, and kind of a precursor to it, invented by psychologists in the university in the city I grew up on. Back then, this Swedish university was very influential in the area of child psychology. Several renowned text books are written by researches on this university and so on. Luckily for me, I was part of the control group and not among the kids they thought suffered from DAMP.

Anyway, Gillberg the professor who led the study had promised all participating families total anonymity. But in the mid nineties, other researchers started to doubt the veracity of Gillberg's results. They thought they had found flaws in his methodology and wanted access to the raw material to double-check his results. Gillberg refused, realizing that anonymizing the data sufficiently so as to not leak any identifying details would be impossible.

Eventually, the other researchers went to court and got a court order demanding that Gillberg give up his data. At which point he destroyed all the raw data thereby completely removing any scientific underpinnings the DAMP diagnosis had. There is a lot more to be said about this controversy, but one thing is clear and that is that you shouldn't promise anonymity if you can't keep it.

> …one thing is clear and that is that you shouldn't promise anonymity if you can't keep it.

Although it sounds like he did keep it, at significant cost.

One thing I don't quite understand is why aren't the wealthiest citizens lobbying for privacy legislation? I'm sure there are plenty of wealthy people who have a lot to lose having their medical or financial information leaked. This seems like the kind of bipartisan cross-class issue nearly everyone can get behind.
Because they can pay to either insulate themselves (private clinic, fake names, etc), or pay to have such things silenced/changed/denied would be my guess? Especially if their businesses somehow benefit from not having privacy legislations...