People thinking about the identity problem will want to skim/read Bruce Schneier’s description of how the muscle behind the medical privacy laws is being gutted. I don’t see how we can expect to get reasonable levels of privacy without the regulatory schemes modeled by the various Privacy Protection Acts. But in the current climate the industries effected by the PPAs seem to have an easy time capturing the resulting regulatory agencies and gutting them. These are not problems that technology can solve.