🇬🇧👁Differential Privacy and Individual Profiling
Archive, November 15, 2017, to know to protect yourself
Differential privacy is a data collection methodology : it relates to the phase of the evaluation finalized at analysis. The specifications that define it are :
- it applies to big data;
- the data originate almost exclusively from data sets and the SIGINT and SOCMINT operation ;
- it acts on the metadata of the evaluated files.
The purpose of differential privacy is the extraction of meaningful information for analysis through a statistical process that, starting from the metadata, highlights anomalies in a defined perimeter of the data set however composed (for technicalities to links).
The classic example which explains digital privacy is what if A lives in a neighborhood with an average income level of X and moves into a Y-level neighborhood you can say, with high reliability, that the income level of A has changed from X to Y : this even if you don’t know the income of the subject and the subject itself.
The intersection of multiple data sets allows for the extraction of differential data under different optics, compared to the subject of analysis, so even not knowing who is the subject and the content of the data made available is possible to profile, also tracing back to its identity, with great accuracy.
In a context of privacy and intelligence some considerations are due. The first relates to government agencies (national security, police, tax, etc.) that use the methodology : if they done it in the framework of the legislation nothing to be overtaken. If providers, technology or commercial or mixed (the supermarket with loyalty card or Amazon or the phone company or Facebook), use differential privacy toward customers with the consent due, in accordance with the statutory protections, also nothing to say. Problems start when you talk about the ‘data broker’, companies that have the purpose of enterprise trading data : they buy them, they profiling subjects according to specifics and revelling data and profiles to public and private entities.
In this case the limits of the regulations in being, and therefore of those who sell and buy data and information, become a bit nebulous : nothing prevents shopping, in giving and having, in legislations where the concept of privacy is fairly vague (example Russia and Ukraine, not to mention Southeast Asia or the MEDA area), with the consequence that each one with a minimal digital activity can safely say goodbye, in the current situation, to safeguarding their data.
Going against the current, to prefigure increasingly restrictive scenarios for providers or the pursuit of the data brokers, as currently happens at government and over-government level, it’s ridiculous : the regulators do not have the means and capabilities to protect the individual, as a result of reporting, to prosecute but even investigate the reported (anyone tries to ask information at a Vietnamese or Ukrainian date broker in practice).
The process is the child of innovations, globalization and digitalization, which are now consolidated and for which it’s necessary need to change the rules of engagement : those in place are not workable.
The scenarios that can currently be imagined are two : the first to allow, even if you don’t live in Azerbaijan, to put in place counter-espionage operations in your own protection. Imaginative hypotheses given the pseudo-guarantee construct that permeates the existence, above any other territory, of those who live in the EU.
The second, more feasible even if very articulated in its hypothetical achievement, corresponds a value to the subjects, however minimal, with regard to the data collected in exchange for their use. You will return to the topic.
This post was originally published on November 15, 2017, in Italian version on www.thescanner.info .This is adaptation of a neuronal Italian/English AI translation by IBM Watson.