Privacy measures that serve to preserve the anonymity of smartphone users are no longer adequate for the digital age. To demonstrate the gaps in current legislation and systems is a study conducted by Imperial College London, under the guidance of Yves-Alexandre de Montjoye, published in the journal Nature Communication. The research shows the possibility of identifying the single person, having available only little information relating to the interaction activity of a user through the use of the mobile phone or a messaging app such as WhatsApp, despite the anonymization procedures.
An increasing amount of online activity data is monitored and collected by various companies and social networks to manage their services or for research purposes. The data that record user interactions – underline the researchers – could contain sensitive information on individual subjects. They are able to reveal who we talk to and who we meet, the exact time and time spent on the phone. Using this information it is also possible to infer demographic and wealth aspects of the individual, personality traits and propensities to consume and spend. Personal data (such as name, surname, images or social security number, IP address and vehicle license plate) that allow direct and indirect identification are subject to particular protection according to the EU legislation (GDPR), interpreted in an extensive way.
In India they will use facial recognition to count monkeys
by Pier Luigi Pisa
However, the interaction data can be shared or sold to third parties without users’ consent, as long as they are anonymous. However, according to the authors of the research, the anonymization techniques, which lead to the exclusion of the application of the GDPR principles, placed in defense of individual privacy, do not always constitute a barrier capable of preventing the identification of a user. As proof of this, the study by Imperial College London, examining a dataset of interaction data of over 40 thousand users and subjecting it to the analysis of an artificial neural network model, demonstrates the possibility of tracing a person’s identity on the basis of the behavior of her.
With only one direct contact the subject is identifiable 15 percent of the time, but including the first contacts of the primary network, a percentage of 52 percent is reached. The behavior pattern profiled by artificial intelligence remains stable over time so that 24 percent of people still remain identifiable after several months. The interaction data, even if anonymous – explains Stefano Marrone researcher in Information Processing Systems at the Federico II University of Naples who contributed to the study – can be re-associated with the person. With particular regard to the linkability criterion which makes it possible to distinguish whether the information relating to an individual (item of interest) is correlated. New profiling attacks, therefore, must be taken into due consideration if we want to strengthen the data protection strategy in support of individual privacy by updating it to the challenges of the constantly evolving digital society.
Cybercrime, the great fears of Italians: identity theft and credit card cloning
by Andrea Frollà