Episode 4 (2022) Jan Schmutzler and Estrid Sørensen - Playing with fire. Re-identification hacks and organisational micro-politics

We hear from research by PhD Candidate Jan Schmutzler and
Professor Estrid Sørensen, both from Ruhr University
Bochum.

Data anonymisation has long been the central measure for social
scientist to protect the privacy of the subjects from whom they
collect data. Recent years computational methods have made it
increasingly easy to combine data sets, which also makes it
easier to re-identify individuals in anonymised datasets (Rocher
et al, 2019). No standard procedure exists for testing if
anonymised datasets are sufficiently protected against
re-identification (Emam et al, 2015). In practice the method is
re-identification attacks.

We report from a white-hat re-identification hack conducted in
collaboration with an organisation with a long tradition for
hosting social science data, which provided it with good reasons
to be confident that its data are sufficiently protected against
re-identification. The hack was seen as a young students innocent
exercise. But then the in hindsight foreseeable moment
materialised, when his algorithm appeared to be able to
de-anonymise the data.

Our contribution discusses the repercussions of the
re-identification hack. Both the organisation, the student and
the ethnographer had been naïve about the hack. They had been
playing with fire and ignited mutual disbelieve and mistrust. The
student and the ethnographer were now approached as potential
criminals with one foot in jail. The organisation found measures
to secure its data sets, yet the ethnographer remained
disconcerted about the already published data.

Based on the empirical analysis, we address hacking and attacking
more generally as methods for testing re-identification
protection. Although the method seems technically and ethically
sound, it has side-effects that are severely aggressive to social
and organisational relations (cf. Schmitz-Berndt & Schiffner,
2020). In the case in question, we sought to mobilise careful
practices to remedy the damages done, and we discuss if careful
hacking has potentials for developing less harmful
re-identification testing, or if it is indeed an oxymoron.

This episode is a live recording from Hacking Everything. The
Cultures and Politics of Hackers and Software Workers panel
organized at the European Association for the study of Science
and Technology (EASST) 2022 conference in Madrid on
2022-07-07. The hosts are Paula Bialski, Andreas Bischof and Mace
Ojala. Audio production by Heights Beats at Hotmilk Records, who
also produced the theme track. We are grateful for Chemnitz
University of Technology for funding.