[194222] in North American Network Operators' Group
Re: EFF Call for sign-ons: ISPs, networking companies and engineers
daemon@ATHENA.MIT.EDU (Rich Kulawiec)
Tue Mar 28 17:45:29 2017
X-Original-To: nanog@nanog.org
Date: Tue, 28 Mar 2017 17:45:25 -0400
From: Rich Kulawiec <rsk@gsp.org>
To: nanog@nanog.org
In-Reply-To: <E335908F-143F-4491-95EC-422F6CE7A032@beckman.org>
Errors-To: nanog-bounces@nanog.org
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
> The claim oft presented by people favoring this customer abuse is that
> the sold data is anonymous. But it's been well-established that very
> simple data aggregation techniques can develop signatures that reveal
> the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity.
I've spent much of the past decade studying this issue and the most succinct
way I can put it is that however good you (generic "you") think
de-anonymization techniques are, you're wrong: they're way better than that.
Billions, and I am not exaggerating even a little bit, have been spent
on this problem, and they've been spent by smart people with essentially
unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized",
the default response should be to mock them, because there is a very high
probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course
with nearly 40 years in the field I'm a mere clueless newbie and despite
ripping them a new one about once every other month, I'm clearly a tool
of Google.
---rsk
