Monday, January 30, 2006

Blindfolding Big Brother, Sort of

Jeff Jonas is an IBM engineer who specializes in software that infuses powerful search technology with anonymity.

By Kate Greene

In 1983, entrepreneur Jeff Jonas founded Systems Research and Development (SRD), a firm that provided software to identify people and determine who was in their circle of friends. In the early 1990s, the company moved to Las Vegas, where it worked on security software for casinos. Then, in January 2005, IBM acquired SRD and Jonas became chief scientist in the company's Entity Analytic Solutions group.

His newest technology, which allows entities such as government agencies to match an individual found in one database to that same person in another database, is getting a lot of attention from governments, banks, health-care providers, and, of course, privacy advocates. Jonas claims that his technology is as good at protecting privacy as it as at finding important information.

Technology Review: Your most recent project at IBM, Anonymous Resolution [formerly known as ANNA], is software that can match a given individual across different databases, but in the process safeguards personal identifiers -- for example, name and social security number -- in those databases. Who would use this software? What problem does it solve?

Jeff Jonas: The software is used by organizations that have data, have access to data, or have relationships with other entities with whom they want to exchange data. For example, a bank will take data about its customers and encrypt it. Then they'll send the data to a database marketing company. That company will decrypt it, and match the bank's customers to various records that the marketing company would have. For example, records that show what kind of magazines you subscribe to, how big your house is, the number of children you have, and so on. And then the marketing company will send back to the bank what's called a "database marketing append," so the bank will understand better who its customers are.

That's very commonplace. But the risk is that even though the data is encrypted while being transported, it is decrypted by the other party. If the people who are managing that data happen to be corrupt or they have a breech of their system's security, that data's at risk for an unintended disclosure event.

TR: How does your software solve this problem?

JJ: The technique that we have created allows the bank to anonymize its customer data. When I say "anonymize," I mean it changes the name and address and date of birth, or whatever data they have about an identity, into a numeric value that is nonhuman readable and nonreversible. You can't run the math backwards and compute from the anonymized value what the original input value was.

When I went to invent this software, I could have done this with encryption, where the data could be decrypted; but I felt like it would be a stronger privacy product if we didn't invent it that way. So the unique thing about the technique is that instead of me encrypting data and sending it to you, and you decrypting it to use it, the technique allows me to encrypt my data, you to encrypt your data, and this new technology is capable of performing robust matching of identities using only encrypted data.

To put [data] on the highest possible privacy grounds, instead of making it encrypted, we actually used one of the components of encryption called one-way hashing that is not reversible.