- Related Stories
-
Liberty Alliance rings bell for new ID products
November 21, 2005 -
Sun, Lucent team up on secure e-mail service
November 16, 2005 -
Stolen PC holds sensitive consumer data
November 9, 2005 -
When deleting data is not enough
November 3, 2005
(continued from previous page)
It is relevant to health care. It is relevant to how the companies share data for marketing purposes. It is relevant to how government would share information. I'm starting to see more and more places where I'm like, "Wow, you could apply it there as well."
How does this anonymization technology work? How is it different from encryption?
That's a good question. So with encryption, I would normally encrypt my data and send it you and you would decrypt it to use it. The technique that we've developed is: I encrypt and you encrypt and all of the analysis is done only using the encrypted data. It's not decrypted first. Historically, you first decrypt it to analyze it. We figured out how to do deep analytics while it is encrypted.
Privacy, it seems, has at least as much to do with the right practices as the right technology. Do you coordinate with IBM's chief privacy officer (Harriet Pearson)?
Absolutely. How could I possibly be wearing a privacy hat without a regular dialogue?
I also have a privacy strategist that reports to me. This is rather unusual for most companies. But we've got a guy named John Bliss that works with me on privacy strategies. It kind of highlights the importance with which we see baking privacy into the creations. I don't invent something for our group, pass it off to engineering and later figure out how to make it protect privacy--or think about how we're going to message it to be privacy-protective.
John Bliss and I worked very closely together and with others in IBM, including IBM Research--they have some incredibly smart people doing work in the privacy areas in Almaden, Zurich and Watson. So by the time I bake something up for engineering, it has the best notion of, at that time, what would be a responsible way to deploy it.
Since you've been at IBM, have you found more awareness of this identity resolution technology by corporate customers?
They've just got a growing awareness. I'll tell you a funny thing. The first year that I invented it, I was generally told that it was impossible.
Well, one-way hashes are infinitely sensitive. "Bob" and "Bob " (with a space) produce entirely different hashes. So, the number of times that identity data is exactly the same on the left hand and the right hand is almost never, because one's got a period after their middle initial and the other one doesn't. So it was believed that it wouldn't have any real practical use, because it was believed that it would be too sensitive.
But now that I've been presenting the techniques and we have some trade secrets, some pending patents, we're encouraged that others are going after this as well. We think it'll be a real market. We moved from a year of, "That's not even possible, you're lying" to "OK, OK, you can do it; it'll work."
See more CNET content tagged:
identity, accounts payable, fraud, privacy, IBM Corp.
