Speaker
Description
The rise in access to public data on the internet, and specifically online social networks (OSNs), is causing new pressures on the statistical disclosure control of microdata. Currently at Statistics Netherlands, a criterium is applied that looks at three properties of variables: rarity, visibility and searchability. Underlying this criterium are, similar to other methods used to assess the risks in data disclosure, assumptions on the knowledge of the attacker. We assume one is more likely to know information about one's neighbour, rather than an arbitrary person on the other side of the country.
However, OSNs have essentially made all of us virtual neighbours: the information that the average citizen supplies about themselves on the internet is often larger than can be glimpsed from a peek into their window. This wealth of knowledge put online by the public themselves, combined with the emergence of new techniques to gather and analyse this information collectively known as OSINT, leads us to conclude the assumptions made on the attacker knowledge might no longer be accurate.
This paper explores which threats these new methods pose for microdata, how these threaths can be analysed, and what can be done to more accurately include them in our risk analyses. Additionally, we discuss how NSIs could deal with these new developments. Should we let the ever-expanding amount of public data affect the way in which we implement statistical disclosure control - and if so, how?
