Motivated Intruder Tests

Any juicy dataset will attract unwanted attention — are you defending against the right threats? Get an independent third party to find potential problems and issues before an attacker does.

Request a Test

As part of our suite of expert privacy services, Good Research offers motivated intruder tests, which simulate a real-life re-identification attack by a determined and creative individual.

Good Research is a leader in this field, having performed high-stakes motivated intruder tests in a variety of domains including health care and clinical data as well as transactional and geospatial datasets in transportation, advertising, and finance.

Our motivated intruder work on clinical data is cited in the ISO standard 27559 for data deidentification and is an integral part of any organization's data protection strategy. Recommended by the UK ICO and the ISO standard 27559 Privacy-enhancing data de-identification framework as a way to road-test anonymization practices, the test employs inventive and exhaustive methods typical of a solo attacker with strong data analysis skills and time to dedicate to the attack.

Similar to a security pen test, a motivated intruder test "pen-tests" your data by mimicking an attack by a motivated intruder to assess whether the motivated intruder is likely to be successful. They give you peace of mind that your data remains safe from evolving threats, new data sources, and ever more powerful analysis methods and adheres to ISO and ICO standards.

Good Research provides multiple services related to both UK ICO and ISO 27559 standards and recommendations. These services include:

How a motivated intruder test works

1. Discuss your goals for the dataset.

To begin, we'll discuss the nature of your data and goals of your anonymization efforts. Essential domain expertise is also shared at this point to allow us enough perspective for us to accurately mimic attacks by a motivated intruder.

2. Simulate a variety of attacks on the dataset.

Once you provide us with a de-identified/anonymized dataset, our experts do their utmost to re-identify the records it holds. Attack techniques are tailored to the circumstances — re-identifying individuals, for example, demands different approaches to exposing locations or commercial secrets — and typically fall into two categories:

  • A population-to-sample attack selects a known targets and tries to re-identify this target within the dataset. Population-to-sample attacks are typically stalkers, abusers, and hackers targeting celebrities.
  • A sample-to-population approach starts with the anonymized dataset and attempts to re-identify select records within it; a use case common among blackmailers and opportunistic hackers.

Just like a motivated intruder, our experts will make multiple re-identification attempts from several creative directions, over many hours or even days. All methods are legal, use public data, and are within reasonable reach of a tenacious amateur attacker. Techniques might include:

  • Online searchers for key identifiers (ZIP and postal codes, birth dates)
  • Scouring local and national press
  • Extracting potential identifiers from genealogy sites
  • Trawling social media for associations that aid re-identification
  • 'Jigsaw attacks' using public datasets such as electoral rolls or vehicle licensing data.

3. Produce a detailed report of findings and recommendations.

"Do you actually re-identify individuals?"

Privacy is our business. We aim to always stop short of full re-identification. After our simulated attacks, our experts allocate a score for each record, describing a level of confidence that we could re-identify the record with these techniques.

Motivated Intruder Report

We present our team's findings through a Motivated Intruder Report, which describes:

  • Various methods used
  • Re-identification confidence score for each record targeted
  • Percentage (%) of targeted records that pose a re-identification risk
  • Details of any vulnerabilities found
  • Recommendations to address the identified vulnerabilities
  • Effort involved per record
  • Overall evaluation, in light of the organization's intended risk threshold

Value for your organization

Although no privacy approach offers 100% certainty, a motivated intruder test can help you say goodbye to guesswork. As a proven source of empirical evidence on the quality of your anonymization, the test puts your privacy models and assumptions on real-world trial.

Learn whether you've struck the right balance between data safety and utility, and gain confidence that your dataset resists unexpected vectors of attack. Should the test reveal significant vulnerabilities, you'll get immediate feedback on what was missed, and expert advice on how to fix the issues and prevent them from recurring.

Conducting further tests on an ongoing basis can even give you peace of mind that your data remains safe from evolving threats, new data sources, and ever more powerful analysis methods.

Book a motivated intruder test

Good Research is a highly qualified and experienced team of privacy professionals, with expertise in privacy consulting, user research, software engineering, data science, and technology ethics.

We have conducted motivated intruder tests for companies across multiple sectors including pharmaceuticals, manufacturing, and logistics.

Contact Nathan Good to discuss a rigorous, inventive motivated intruder test on your de-identified data.

Find out more about motivated intruder tests