As part of our suite of expert privacy services, Good Research offers motivated intruder tests, which simulate a real-life re-identification attack by a determined and creative individual.
Recommmended by the UK ICO as a way to road-test anonymization practices, the test employs inventive and exhaustive methods typical of a solo attacker with strong data analysis skills and time to dedicate to the attack.
The test assumes an attacker may have prior knowledge of a data subject, with no specialist hardware or deep domain knowledge.
To begin, we'll discuss the nature of your data and goals of your anonymization efforts. Essential domain expertise is also shared at this point to allow us enough perspective for us to accurately mimic attacks by a motivated intruder.
Once you provide us with a de-identified/anonymized dataset, our experts do their utmost to re-identify the records it holds. Attack techniques are tailored to the circumstances — re-identifying individuals, for example, demands different approaches to exposing locations or commercial secrets — and typically fall into two categories:
Just like a motivated intruder, our experts will make multiple re-identification attempts from several creative directions, over many hours or even days. All methods are legal, use public data, and are within reasonable reach of a tenacious amateur attacker. Techniques might include:
Privacy is our business. We aim to always stop short of full re-identification. After our simulated attacks, our experts allocate a score for each record, describing a level of confidence that we could re-identify the record with these techniques.
We present our team's findings through a Motivated Intruder Report, which describes:
Although no privacy approach offers 100% certainty, a motivated intruder test can help you say goodbye to guesswork. As a proven source of empirical evidence on the quality of your anonymization, the test puts your privacy models and assumptions on real-world trial.
Learn whether you've struck the right balance between data safety and utility, and gain confidence that your dataset resists unexpected vectors of attack. Should the test reveal significant vulnerabilities, you'll get immediate feedback on what was missed, and expert advice on how to fix the issues and prevent them from recurring.
Conducting further tests on an ongoing basis can even give you peace of mind that your data remains safe from evolving threats, new data sources, and ever more powerful analysis methods.
Good Research is a highly qualified and experienced team of privacy professionals, with expertise in privacy consulting, user research, software engineering, data science, and technology ethics.
We have conducted motivated intruder tests for companies across multiple sectors including pharmaceuticals, manufacturing, and logistics.
Contact Nathan Good to discuss a rigorous, inventive motivated intruder test on your de-identified data.