Zach Wener-Fligner

Yale computer scientists Aaron Segal, Bryan Ford, and Joan Feigenbaum paint an idyllic picture of a potential surveillance environment that’s heavy on reach and light on breach.

The paper, “Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance,” proposes combining a system of checks and balances with cryptographic techniques to let investigators identify records of interest without exposing anyone else’s data.

Big data -- the kind that statisticians and computer scientists scour for insights on human beings and our societies -- is cooked up using a recipe that’s been used a thousand times.

Here’s how it goes: Acquire a trove of people’s highly personal data -- say, medical records or shopping history. Run that huge set through a “de-identification” process to anonymize the data. And voila -- individuals become anonymous, chartable, and unencumbered by personal privacy concerns. So what’s the problem? It turns out that all that de-identified data may not be so anonymous after all.

So argues Arvind Narayanan, a Princeton computer scientist who first made waves in the privacy community by co-authoring a 2006 paper showing that Netflix users and their entire rental histories could be identified by cross-referencing supposedly anonymous Netflix ratings with the Internet Movie Database.

Narayanan and fellow Princeton professor Edward Felten delivered the latest blow to the case of de-identification proponents (those who maintain that de-identification is viable) with a July 9 paper that makes a serious case for data paranoia. They argue that de-identification doesn’t work -- in theory or in practice -- and that those who say it does are promoting a “false sense of security” by naively underestimating the attackers who might try to deduce personal information from big data.