We hear from research by PhD Candidate Jan Schmutzler and Professor Estrid Sørensen, both from Ruhr University Bochum.
Data anonymisation has long been the central measure for social scientist to protect the privacy of the subjects from whom they collect data. Recent years computational methods have made it increasingly easy to combine data sets, which also makes it easier to re-identify individuals in anonymised datasets (Rocher et al, 2019). No standard procedure exists for testing if anonymised datasets are sufficiently protected against re-identification (Emam et al, 2015). In practice the method is re-identification attacks.
We report from a white-hat re-identification hack conducted in collaboration with an organisation with a long tradition for hosting social science data, which provided it with good reasons to be confident that its data are sufficiently protected against re-identification. The hack was seen as a young students innocent exercise. But then the in hindsight foreseeable moment materialised, when his algorithm appeared to be able to de-anonymise the data.
Our contribution discusses the repercussions of the re-identification hack. Both the organisation, the student and the ethnographer had been naïve about the hack. They had been playing with fire and ignited mutual disbelieve and mistrust. The student and the ethnographer were now approached as potential criminals with one foot in jail. The organisation found measures to secure its data sets, yet the ethnographer remained disconcerted about the already published data.
Based on the empirical analysis, we address hacking and attacking more generally as methods for testing re-identification protection. Although the method seems technically and ethically sound, it has side-effects that are severely aggressive to social and organisational relations (cf. Schmitz-Berndt & Schiffner, 2020). In the case in question, we sought to mobilise careful practices to remedy the damages done, and we discuss if careful hacking has potentials for developing less harmful re-identification testing, or if it is indeed an oxymoron.
This episode is a live recording from Hacking Everything. The Cultures and Politics of Hackers and Software Workers panel organized at the European Association for the study of Science and Technology (EASST) 2022 conference in Madrid on 2022-07-07. The hosts are Paula Bialski, Andreas Bischof and Mace Ojala. Audio production by Heights Beats at Hotmilk Records, who also produced the theme track. We are grateful for Chemnitz University of Technology for funding.