A recent study at the Massachusetts Institute of Technology, has shown that there is a huge difference between de-identified or ‘Anonymized’ meta data, and true anonymity. Focusing on credit card transactions amassed over a three month period, the MIT researchers were able to pinpoint individuals with information from just four of their transactions – and these were all systematically discovered in anonymized transaction records.
Anonymizing data is the art of stripping any identifying markers (such as names, correspondence address, or any other personal details) from the data, before making the records available to third parties. This “anonymized” data is then sometimes sold on for market research purposes.
For discretion, the exact location of where the research took place was left undisclosed, but MIT did confirm that it was a developed country, and that they used de-identified data from 10,000 shops that contained the details of a staggering 1.1 million credit card customers. According to lead researcher Yves-Alexandre de Montjoye, a person can be singled out quite easily if certain markers are successfully found, and the MIT team found that these could be discovered successfully using data from as few as 3 or 4 transactions.
Once a person has been individually identified, it becomes possible for all of that person’s transactions to be analyzed. It is a treasure trove of information on the habits of a single individual- which shops they have made purchases in and how much they have spent, etc. – everything becomes apparent!
So far, credit card companies have failed to release a comment on the MIT researchers findings, but according to Rebecca Herold, a respected privacy adviser and educator, the findings raise quite a few issues about “how metadata can be used to pinpoint specific individuals… [and] raises the question of how such data would be used within insurance actuarial calculations, insurance claims and adjustments, loan and mortgage application considerations, divorce proceedings.“
It certainly seems that if de-identified credit card records are so easily re-identified, then they haven’t been successfully anonymized in the first place, making their distribution a violation of credit card customers’ right to not have their personal details and shopping habits spread about like margarine.
Although the credit card companies may be at fault for not having stricter controls in place to stop this kind of sharing of confidential records, it would seem that the vendors who have been passing on their clients details have perhaps unwittingly been doing so in an unsafe manner, and need to make changes to how they treat those records. Lorrie Faith Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University, said,
“[This] is not surprising to those of us who spend our time doing privacy research… but I expect it would be surprising to most people, including companies who may be routinely releasing de-identified transaction data, thinking it is safe to do so.”
Privacy is a two way street ; firstly there must be a desire – we must be vocal and insistent on our privacy. Then the mechanisms that exist, whether they be political or capitalist, need to set control parameters that allow for our privacy as individuals to be respected, while also allowing business to be conducted properly. In commerce, as in politics, trust is essential, and a loss of trust can affect voters and shareholders alike.