Anonymized Data Proven To Not Be--Again

Posted 22 Aug 2018

Another Set Of Anonymized Data Is Deanonymized

Researchers from the University of Melbourne deanonymized medical records released by the Australian government, allowing them to learn about these people’s entire medical history without consent. The Guardian has released an article about it.

The government pulled the data from its website, but not before it had been downloaded 1,500 times.

This is not the first incident of its kind and certainly not the latest.

In 2006, The New York Times deanonymized a batch of anonymized search queries released by AOL. And again, the presumed unidentifiable data was removed from the public web by the entity that released it.

In 2007, Netflix published 100 million movie reviews by 500,000 subscribers, having stripped all personal details. Arvind Narayanan and Vitaly Shmatikov at the the University of Texas at Austin deanonymized it and were able to infer personal information about at least one individual.

First, we can immediately find his political orientation based on his strong opinions about “Power and Terror: Noam Chomsky in Our Times” and “Fahrenheit 9/11.” Strong guesses about his religious views can be made based on his ratings on “Jesus of Nazareth” and “The Gospel of John”. He did not like “Super Size Me” at all; perhaps this implies something about his physical size? Both items that we found with predominantly gay themes, “Bent” and “Queer as folk” were rated one star out of five. He is a cultish follower of “Mystery Science Theater 3000”. This is far from all we found about this one person, but having made our point, we will spare the reader further lurid details.

In 2013, computational privacy researcher Yves-Alexandre de Montjoye explained how to uniquely identify people through their behavioural patterns from their cell phones’ location data.

The Guardian article points out many more deanonymizations. Be sure to check it out.