February 21, 2018

No silver bullet: De-identification still doesn't work

Paul Ohm’s 2009 article Broken Promises of Privacy spurred a debate in legal and policy circles on the appropriate response to computer science research on re-identification techniques. In this debate, the empirical research has often been misunderstood or misrepresented. A new report by Ann Cavoukian and Daniel Castro is full of such inaccuracies, despite its claims of “setting the record straight.”

In a response to this piece, Ed Felten and I point out eight of our most serious points of disagreement with Cavoukian and Castro. The thrust of our arguments is that (i) there is no evidence that de-identification works either in theory or in practice and (ii) attempts to quantify its efficacy are unscientific and promote a false sense of security by assuming unrealistic, artificially constrained models of what an adversary might do. [Read more…]

Wickr: Putting the “non” in anonymity

[Let’s welcome new CITP blogger Pete Zimmerman, a first-year graduate student in the computer security group at Princeton. — Arvind Narayanan]

Following the revelations of wide-scale surveillance by US intelligence agencies and their allies, a myriad of services offering end-to-end encrypted communications have cropped up to take advantage of the increasing demand for privacy from surveillance. When coupled with anonymity, end-to-end encryption can prevent a central service provider from obtaining any information about its users or their communications.  However, maintaining anonymity is difficult while simultaneously offering a straightforward way for users to find each other.

Enter Wickr.  This startup offers a simple app featuring “military grade encryption” of text, photo, video, and voice messages as well as anonymous registration for its users. Wickr claims that it cannot identify who has registered with the service or which of its users are communicating with each other.  During registration, users enter their email address and/or phone number (non-Wickr IDs).  The app utilizes a cryptographic hash function (SHA-256 in this case) to obtain “anonymous” Wickr IDs from the non-Wickr IDs.  Wickr IDs are then stored server-side and used for discovery.  When your friends want to find you, they enter your phone number or email address, which is then put through the same hash function, resulting in the same output (Wickr ID).  Wickr looks this up in its database to determine if you’ve registered with the service to facilitate message exchange. This process simplifies the discovery of other users, supposedly without Wickr having the ability to identify the users of the anonymous service.

The problem here is that while it’s not always possible to determine the input to a hash function given the output, we can leverage the fact that the same input always yields the same output. If the number of possible inputs is small, we can simply try all of them.  Unfortunately, this is a recurring theme in a variety of applications as a result of misunderstanding cryptography — specifically, the fact that hash functions are not one-way if the input space is small.  A great explanation on the use of cryptographic hash functions in attempts to anonymize data can be found here.
[Read more…]

The importance of anonymous cryptocurrencies

Recently I was part of a collaboration on Mixcoin, a set of proposals for improving Bitcoin’s anonymity. A natural question to ask is: why do this research? Before I address that, an even more basic question is whether or not Bitcoin is already anonymous. You may have seen back-and-forth arguments on this question. So which is it?

An analogy with Internet anonymity is useful. The Bitcoin protocol doesn’t require users to provide identities, just like the Internet Protocol doesn’t. This is what people usually mean when they say Bitcoin is anonymous. But that statement by itself tells us little. A meaningful answer cannot be found at the protocol level, but by analyzing the ecosystem of services that develop around the protocol. [*]

[Read more…]