• United States



by Dave Gradijan

Anonymization: Protecting Customer Privacy While Sharing Data

Mar 09, 20075 mins
CSO and CISOData and Information Security

Jeff Jonas, the chief scientist and distinguished engineer at IBM’s entity analytic solutions group, has developed a means of sharing corporate data without revealing what that data contains.

This technology, called anonymization, effectively “shreds” information, making it possible for companies to share information about their customers with governments or other companies without giving away any personal data. Over time, Jonas believes companies will increasingly use anonymization to defend their data, and corporate well-being, from competitors and identity thieves.

Jonas recently sat down with IDG News Service in Singapore to discuss anonymization and how protecting customer privacy will make companies more competitive.

IDG: How does anonymization work?

Jeff Jonas: Normally, somebody with data encrypts it, and then they transfer it. Then, the recipient decrypts the data to use it. But while it’s in transit—in flight—it’s encrypted. Cryptographers have invented math that allows you to shred something, and then unshred it: Encrypt it, and then decrypt it.

Part of cryptography is something else that creates digital signatures. Smart math people have invented algorithms that are called one-way hashes. It looks like encryption because you put in data and what comes out is not readable to humans. But there’s no way to take what came out and take the math and run it backward, and get the input value. That’s why I use the example of a pig and a sausage. If I give you the sausage and the grinder, you can’t go backward and make a pig.

I just took advantage of something that someone else has made, and I just used it in a slightly different way to get a new result.

IDG: In effect, the process of anonymization creates digital signatures of information that can be compared against other signatures for possible matches. At the same time, the signatures cannot be used to re-create the original data.

Jonas: Normally, I have data and you have data and we want to figure out what our data means together. But I don’t want to give you mine and you don’t want to give me yours. This is why information sharing will fail: Everyone wants to be the recipient.

Sometimes a government may pass a law that says I, as a company, have to give you my data. Maybe you have a watch list, and you don’t want me to see it. That’s how I ended up creating this. I was getting ready to take my kids on a cruise. I made the reservations and then saw in a newspaper that there was a threat against Port Canaveral, Florida, from terrorist scuba divers. I was thinking, “Oh no, I’m taking my kids on a cruise.”

The U.S. government has this really cool, big list of bad guys. They don’t send it to the cruise line, and the cruise line has all these reservations, and they don’t send it all to the government. You could take 10 bad guys, they could just sneak across the border, use their real names and get on the cruise ship. That was the tension point. All of the work I had done prior allows an organization to share data with itself. What happens if you want to share data across two organizations and only find things in common? How would you do that?

IDG: In the past, you’ve noted that personal information will get more valuable over time. Where is the incentive for companies to make anonymization of data a common practice?

Jonas: Well, this is my theory. The pressures to an organization, every time it makes a copy of its data and sends it someplace else, the risk of someone stealing it grows. It’s now twice as hard to protect, because you’ve just made a copy. You think it’s hard to protect this copy, but now you have two copies. Then you make another copy and send it to a database-marketing company—now there are three copies.

That creates real stress for an enterprise that’s trying to manage its data.

IDG: The incentive for companies to use anonymization then becomes protection of its own resources, rather than defending the privacy of customers?

Jonas: Right. Corporations spend more time trying to be competitive than protecting privacy. If they spent all their time protecting privacy, they couldn’t become more competitive. They would become nonexistent. I spend 40 percent of my time now working on privacy and civil liberties. You’re right on the crux of this point: How do you create things that companies want to deploy, that make them more competitive and are good for privacy at the same time?

Consumers traded privacy left and right, for convenience.

IDG: And there’s no way to get it back at this point.

Jonas: Yeah. The toothpaste is out of the tube. Companies don’t just say they want to spend money on privacy. They don’t, and I don’t see that as a trend. You have to create something that can make them more competitive. Corporations are very risk averse. The notion of losing all their customer data, either to a competitor or identity thieves, and then having to make a public announcement that they lost all of their banking data, or all of their medical data, it can destroy their entire brand.

If you can show them how to be more competitive, and at the same time reduce their risk exposure, then you are taking them on a journey, like in the case of anonymization, that is more responsible than not.

It’s a very new thing to be able to analyze data after it’s been shredded. I am trying to teach the technique, and I’ve heard other companies have announced they’re going to create products like that, which is really good. There’s a growing number of people using anonymization, and I think the wave is coming.

-Sumner Lemon, IDG News Service