End user licence to open government data? A simulated penetration attack on two social survey datasets

Mark Elliot; Elaine Mackey; Susan O'Shea; Caroline Tudor; Keith Spicer

doi:10.1515/JOS-2016-0019

End user licence to open government data? A simulated penetration attack on two social survey datasets

Mark Elliot, Elaine Mackey, Susan O'Shea, Caroline Tudor, Keith Spicer

Office for National Statistics

Research output: Contribution to journal › Article › peer-review

Abstract

In the UK, the transparency agenda is forcing data stewardship organisations to review their dissemination policies and to consider whether to release data that is currently only available to a restricted community of researchers under licence as open data. Here we describe the results of a study providing evidence about the risks of such an approach via a simulated attack on two social survey datasets. This is also the first systematic attempt to simulate a jigsaw identification attack (one using a mashup of multiple data sources) on an anonymised dataset. The information that we draw on is collected from multiple online data sources and purchasable commercial data. The results indicate that such an attack against anonymised end user licence (EUL) datasets, if converted into open datasets, is possible and therefore we would recommend that penetration tests should be factored into any decision to make datasets (that are about people) open.

Original language	English
Pages (from-to)	329-348
Number of pages	20
Journal	Journal of Official Statistics
Volume	32
Issue number	2
Early online date	28 May 2016
DOIs	https://doi.org/10.1515/JOS-2016-0019
Publication status	Published - 1 Jun 2016

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1515/JOS-2016-0019Licence: CC BY-NC-ND

Cite this

@article{58489b3a3e9b4abea4457cfa1224227f,

title = "End user licence to open government data? A simulated penetration attack on two social survey datasets",

abstract = "In the UK, the transparency agenda is forcing data stewardship organisations to review their dissemination policies and to consider whether to release data that is currently only available to a restricted community of researchers under licence as open data. Here we describe the results of a study providing evidence about the risks of such an approach via a simulated attack on two social survey datasets. This is also the first systematic attempt to simulate a jigsaw identification attack (one using a mashup of multiple data sources) on an anonymised dataset. The information that we draw on is collected from multiple online data sources and purchasable commercial data. The results indicate that such an attack against anonymised end user licence (EUL) datasets, if converted into open datasets, is possible and therefore we would recommend that penetration tests should be factored into any decision to make datasets (that are about people) open.",

author = "Mark Elliot and Elaine Mackey and Susan O'Shea and Caroline Tudor and Keith Spicer",

year = "2016",

month = jun,

day = "1",

doi = "10.1515/JOS-2016-0019",

language = "English",

volume = "32",

pages = "329--348",

journal = "Journal of Official Statistics",

issn = "2001-7367",

publisher = "Sage Publications Ltd",

number = "2",

}

TY - JOUR

T1 - End user licence to open government data? A simulated penetration attack on two social survey datasets

AU - Elliot, Mark

AU - Mackey, Elaine

AU - O'Shea, Susan

AU - Tudor, Caroline

AU - Spicer, Keith

PY - 2016/6/1

Y1 - 2016/6/1

N2 - In the UK, the transparency agenda is forcing data stewardship organisations to review their dissemination policies and to consider whether to release data that is currently only available to a restricted community of researchers under licence as open data. Here we describe the results of a study providing evidence about the risks of such an approach via a simulated attack on two social survey datasets. This is also the first systematic attempt to simulate a jigsaw identification attack (one using a mashup of multiple data sources) on an anonymised dataset. The information that we draw on is collected from multiple online data sources and purchasable commercial data. The results indicate that such an attack against anonymised end user licence (EUL) datasets, if converted into open datasets, is possible and therefore we would recommend that penetration tests should be factored into any decision to make datasets (that are about people) open.

AB - In the UK, the transparency agenda is forcing data stewardship organisations to review their dissemination policies and to consider whether to release data that is currently only available to a restricted community of researchers under licence as open data. Here we describe the results of a study providing evidence about the risks of such an approach via a simulated attack on two social survey datasets. This is also the first systematic attempt to simulate a jigsaw identification attack (one using a mashup of multiple data sources) on an anonymised dataset. The information that we draw on is collected from multiple online data sources and purchasable commercial data. The results indicate that such an attack against anonymised end user licence (EUL) datasets, if converted into open datasets, is possible and therefore we would recommend that penetration tests should be factored into any decision to make datasets (that are about people) open.

UR - http://www.scopus.com/inward/record.url?scp=84973594598&partnerID=8YFLogxK

U2 - 10.1515/JOS-2016-0019

DO - 10.1515/JOS-2016-0019

M3 - Article

SN - 2001-7367

VL - 32

SP - 329

EP - 348

JO - Journal of Official Statistics

JF - Journal of Official Statistics

IS - 2

ER -

End user licence to open government data? A simulated penetration attack on two social survey datasets

Abstract

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this