What Not to Send: Writing Requirements for the Negative Space
Haven't finished writing this yet but here is what I plan to talk about:
Major themes: suppression rules need collection-grade precision plus negative tests; the four families of suppression; enforce close to the source and in depth; consent as runtime architecture, not just requirements; a moving regulatory target
