Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Wants To Criminalize Re-Identification of Anonymized User Data (bleepingcomputer.com)

Posted by BeauHD on from the statements-of-intent dept.

An anonymous reader writes: European countries are currently implementing new data protection laws. Recently, despite leaving the European Union, the United Kingdom has expressed intent to implement the law called General Data Protection Regulation. As an extension, the UK wants to to ban re-identification (with a penalty of unlimited fines), the method of reversing anonymization, or pointing out the weakness of the used anonymisation process. One famous example was research re-identifying Netflix users from published datasets. By banning re-identification, UK follows the lead of Australia which is considering enacting similarly controversial law that can lead to making privacy research difficult or impossible. Privacy researchers express concerns about the effectiveness of the law that could even complicate security, a view shared by privacy advocates.

22 of 120 comments (clear)

  1. Privacy researchers express concerns... by fustakrakich · · Score: 2

    Well, they'll just have to work, anonymously...

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:Privacy researchers express concerns... by fustakrakich · · Score: 2

      find a nation that fully supports science and that respects academic publication.

      On this planet?

      --
      “He’s not deformed, he’s just drunk!”
  2. Disempowers the masses by aberglas · · Score: 2, Insightful

    The extreme focus on privacy disempowers ordinary people from making their on inquiries. And strongly contrasts with the total access demanded by government. Combined with censorship of the web which has become a major form of communication, this shifts the balance of power away from the common man towards government bureaucrats.

    1. Re:Disempowers the masses by Anonymous Coward · · Score: 4, Insightful

      And anyway, it mostly just makes beneficial security research harder, while doing nothing to protect privacy (since criminals and governments will just do this anyway).

      All they really want to do is punish ordinary people when they discover embarrassing things about politicians using public data. Everything else is just hot air.

    2. Re:Disempowers the masses by dunkelfalke · · Score: 2

      How exactly can collecting user names from data be used for beneficial security research? Security research is fine with anonymous data, re-identification is only interesting for advertisers.

      Also, your logic is very cute because it works for basically everything. I mean, why forbid murder/rape/whatever, criminals and government will just do this anyway.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    3. Re: Disempowers the masses by dunkelfalke · · Score: 3, Insightful

      The law is about all people who don't want unneeded intrusion in their lives. Americans don't get it and this is why they get dozens of robocalls a week. I get one a year in worst case.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  3. Make being bad unlawful... by XSportSeeker · · Score: 2

    Let's just criminalize being bad in general, since it seems these politicians think it'll solve all the problems in the world.

    A law is useless if there is no way to enforce it.

    1. Re:Make being bad unlawful... by jandersen · · Score: 2

      It seems to be a common misunderstanding, that laws are there to stop people from doing things; they aren't. The laws are meant to be:

      - a toolset for for the police and the courts: under the rule of law, the police and judges can only act as the law prescribes. This means they cannot arrest people on a whim, at least in principle, and a judge cannot pronounce a sentence that is contrary to the law.

      - a ruleset to guide everybody, when they are in doubt. Most of the time, people know what is right and don't need the law to tell them, but sometimes one person's idea of right clashes with another's, at which point they can consult the rules to see who is right.

      And sometimes a law is little more than a statement of intent or an invitation to debate, that says "we have identified this as a problem, now let us find a solution". This is the way a society - especially a democratic one - evolves, by trying to organise itself, agreeing on common rules, identifying and solving problems. If you know a better way, please tell.

  4. What the what? by Anonymous Coward · · Score: 5, Insightful

    . As an extension, the UK wants to to ban re-identification...or pointing out the weakness of the used anonymisation process.

    There is this persistent undercurrent from governments that security researchers are the enemies. As if weaknesses don't exist until someone points them out. The apparent opinion is that we'd be safer if only people weren't free to point out the flaws in the system. The actual reality is the reverse.

    1. Re:What the what? by coastwalker · · Score: 2

      Given the fun everybody is having shouting at each other about how leftist SJW are going to die and the alt-right are ignorant swine it is refreshing to find the most significant comment buried down here in the noise. Of course the purpose is to prevent any research into potential government methods in identifying opponents. The government is often accused of being stupid and ignorant of the function and behavior of the internet and its inhabitants. Nothing could be further from the truth, they understand it entirely too well. They just don't care what internet "experts" think, they take their council from tabloid newspapers because that is how they get elected.

      Businesses don't worry about dropping cookies on you these days because they can identify you without them. The government can do the same and research into this and similar methods has been made a criminal offense so you will not be able to take mitigating actions. The government is not entirely evil, it believes that this will protect the children and catch terrorists. Meanwhile Facebook owns your soul whether you use it or not. A bit of a dilemma really.

      --
      Facts are history now plebs have politics for religion on social media.
  5. Like ROT-13 is encryption by Kjella · · Score: 4, Insightful

    The biggest problem I see with this is that it flips the responsibility over to the one who says the emperor has no clothes. While it is difficult to create truly anonymous data and it would be nice to stop large law-abiding companies from trying to break down any compartmentalization you've done, I fear the effect will be quite the opposite. Because now if you call anyone out on poor anonymization it must be because you've tried exactly what this law prohibits, so white hats will be silenced. The companies will get lazier, because it's cheaper. And the black hats will have a field day with it.

    --
    Live today, because you never know what tomorrow brings
  6. So I can do it, and use it for evil... by tlambert · · Score: 2, Funny

    So I can do it, and use it for evil... so long as the UK government doesn't find out about it?

    Got it.

    So when I write that paper on "de-anonymization made easy", all I have to do is anonymize my authorship of the paper, and I'll be safe, because the U.K. government won't break their own laws ... correct?

  7. Another "Amazon" Law by seoras · · Score: 5, Interesting

    I interviewed with Amazon a few years ago and, coming from Cisco, their engineers were very keen to pick my brains on how to identify individuals using network trickery.
    It was very obvious during the interview that this was their holy grail, the identification of individuals for targeted marketing particularly in the EU/UK where stiff laws on cookie usage had recently come into effect.
    One wonders if this too is another political swipe at Amazon?
    It's certainly not in the public interest what with the UK Gov's repeated statement of war on person encryption.

  8. Re:Thoughtcrime by gurps_npc · · Score: 2

    No. Thought crime does not mean what you think it means.

    Thought crime refers to the practice of making thoughts themselves illegal, not actions. You are arrested not for protesting but instead for not applauding the dear leader and telling him how great he is.

    In this case, if they made it illegal for you to know HOW to de-anonymize, that would be a thought crime. But this law does not do that, it criminalizes acting on those thoughts, something very different.

    --
    excitingthingstodo.blogspot.com
  9. This might be a problem for Facebook... by __aaclcg7560 · · Score: 2, Interesting

    From what I read in "Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley" by Antonio Garcia Martinez, Facebook takes its own data and combines it with third-party data to create profiles on every user, whether logged in or browsing anonymously.

  10. Re:This empowers the Individual. by mrthoughtful · · Score: 2

    Your assumption that the views of the parent are leftist do more to betray your own ideology than cast any light on the author.
    Meanwhile, the lack of technical content and complete lack of reasoning in your narrative, mixed with declarative rhetorical statements strongly suggests that the Conservatives suit you down to the ground.

    Regardless, and in light of your fascination with politics, I strongly recommend you read Jonathon Haidt's well-received book "The Righteous Mind: Why Good People are Divided by Politics and Religion". Not because I want you to shift your political views - but merely so that you can understand why some great thinkers, scientists, philosophers, (and yes, morons) vote Left. The book is ingenious in that it allows us to empathise and relate to each side of the political (and religious) divide in a meaningful and well structured manner.

    As for the business of criminalising reversing anonymisation, I agree, it's a good idea in principle, but it is essentially a straw man: The exemptions will include the police and intelligence services, who don't break domestic laws by spying on their neighbours, but then swap the data over. Meanwhile, big business (e.g., the likes of Facebook, etc) don't need to even try to reverse anonymity - they already know more about you than your mother does, and for all the wrong reasons.

    One of the difficulties facing the challenge of modern PI obfuscation is that it's pretty trivial to reverse anonymity, which itself makes it very hard to develop clinical environments for social and medical research. Take, for instance, a clinical trial: If the sponsor (the pharmaceutical company) is able to identify an individual patient engaged in the trial, then the trial has, essentially, failed (Why? Because there is no way of subsequently demonstrating that the sponsor has then not used a back-channel to skew the data), which can be very expensive indeed.

    This set of laws does very little to address those issues - because it's making it illegal to reverse anonymity - a bit like locking the door after the horse has bolted.

    Instead, it would be far more useful to develop and publish a set of standards for anonymising data (and many other aspects of the IT industry), just as we find in e.g. the construction industry. The difficulty with that is that the big players (the likes of Oracle, Microsoft, and so on) use their significant lobbying power to provide standards that implicitly require a lock-in to their own platforms. (We can see analogous examples of this in, for instance, MOD field and operations computers which are often stuck to running Windows 95).

    It's early days - we are still very much in the cowboy era of the 'new frontier'. Legislation, and the legislative process altogether is ineffective and inefficient as a means of mitigation, because technology is changing far too rapidly for legislation to ever catch up. Try Charlie Stross' text: Accelerando as a great (and entertaining) source for this. (Free, as in beer, copy: http://www.antipope.org/charli... )

    --
    This comment was written with the intention to opt out of advertising.
  11. Irony by Rande · · Score: 2

    And just the other day, the head of GCHQ was complaining that he couldn't hire hackers with previous experience and that the schools weren't turning out students who knew how to do unexpected things with computers.

  12. Re:This empowers the Individual. by AmiMoJo · · Score: 2

    This isn't about privacy really, it's to help facilitate business. The government sees big data as a growth area, but there are legal problems with sharing the data. By making de-anonymization illegal they can give their usual "don't worry, safeguards are in place" message and then let the orgy of personal data mining commence.

    In other words, it's actually anti-privacy.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  13. 'despite leaving the EU' by Anonymous Coward · · Score: 3, Informative

    We haven't left yet. We won't leave til 2019 at the earliest.

  14. You can tell this is an American site by Anonymous Coward · · Score: 5, Informative

    "Recently, despite leaving the European Union"

    Fucking ignoranace at the highest level

  15. Re:Does the "UK" not realize this is their problem by Applehu+Akbar · · Score: 2

    Why is UK law relentlessly criminalizing everything except actual criminality? One of the major things the UK does criminalize is fighting back against criminals. Small wonder that gangs of kids on mopeds are ripping down London's sidewalks, snatching phones, purses and briefcases from pedestrians - and there's nothing that people can do about them.

  16. Re:Does the "UK" not realize this is their problem by ckatko · · Score: 4, Insightful

    Guess you guys shouldn't have given up your guns, eh?

    I'll never be able to figure out how liberals think gun ownership is pointless when you have a police force (actual US supreme court justice dissenting opinion in D.C. v Heller), but at the same time think the police force is inept and the bastion of racism and sexism.

    Which is it? Can we depend on them or not? Why would you take all the guns away from people, and then give them to the people accused of shooting blacks for fun? Wouldn't it make more sense to give citizens the right to defend themselves--even from corrupt cops and corrupt "institutions"?