Now you read the data, now you don’t

John Slitz, vice president, Entity Analytic Solutions, IBM's Software Group.

In a post September 11th world, we’re weighing the need to protect ourselves against terrorism while upholding long-held rights of privacy. Governments and the courts are working through those issues, which can differ from country to country.

In general, data sharing can provide a powerful enhancement to the arsenal in fighting world terrorism, recognise and eliminate fraud, reduce errors and increase the effectiveness and economy of government programmes and reveal business opportunities. But inherent in traditional data sharing is a concern about the security of the data being exchanged.

While the societal debate continues, help is available.

There’s a first-of-a-kind software technology that is designed to enhance the privacy of personal data which is shared between companies, organizations and governments. This revolutionary software helps organizations to rapidly and securely compare information with other organisations while protecting, or keeping anonymous, the identity of individuals within their respective data repositories. Security insiders have even coined a new word for this activity: they call it "anonymizing" the data.

This software was invented by a scientist by the name of Jeff Jonas, founder of a privately held company called SRD in Las Vegas. From the beginning, SRD worked on specialised software that could quickly detect relationships between people in large databases of information. Early customers included Las Vegas casinos, which spend millions of dollars each year to try to prevent fraud and employee theft. SRD’s software was designed to sort through large storehouses of information, such as databases of known felons, to try to detect any links to casino employees.

Earlier this year, IBM acquired SRD.

The software continues to grow more sophisticated. We use a method that makes it safer to share personal information in a manner that is more secure than transferring clear text or even encrypted data. Here’s how it works, without getting too technical: “one-way hashing” is a software term used to describe a method of creating unique digital signatures from any inputted data. The value of “hashing” is that it is impossible to go from the created digital signature back to the source data. Personal information can now be “hashed” into what looks like a string of random characters without names, addresses or Social Security numbers. The “strings” of information can be fed through a programme to detect a matching pattern of strings. The innovation in this technique is our ability to get “fuzzy” matches in the anonimized space. Simply it means that Dick, Rick and Richie will all match to Richard.

The new “anonymous resolution” has potential for use in many industries, particularly those that place a high value on security, such as financial services, health care, retail and transportation. For example, by using this technology, an airline company could compare the US Department of Homeland Security watch list with an overseas passenger list. The technology could trigger “hits” between the Homeland Security watch list members and airline passengers, without violating the privacy of passengers who do not appear on the watch list, because their names would not be revealed. Passengers could be identified by a number, so when there’s a “match,” only then would a personally identifiable file be exchanged for further investigation.

Anonymous resolution software enhances privacy because it prevents data from being deciphered or viewed in its original form, precluding the data from being misused or accidentally exposed. Such capability creates secure information sharing between organisations and supports key strategic and regulatory efforts, including privacy compliance, regulatory compliance, due diligence in mergers and acquisitions and clinical research.

And, as identity theft continues to grow as a problem, with headlines frequently outlining the latest security breach of customer or employee personal data, the technology could be used to reduce the risk of ID theft. If personal data held in repositories were made anonymous, it would be a lot tougher to “steal” a person's identity.

We’ve all heard the horror stories of people’s lives being ruined because their identity was stolen or their privacy was accidentally breached. It’s time to take action to protect our data. The ability to use anonimization technology to increase both security and the privacy of personal information is a significant step forward in this very important application area.