Claiming a technology breakthrough in privacy and security, IBM on Tuesday introduced software that allows corporate users to share information with each other and government agencies without having to reveal private personal details.
The technology, called DB2 Anonymous Resolution, could serve to address the range of security problems involved in handling personal information in markets such as health care, financial services and even national security.
The technology is an extension of IBM's analytics software that makes use of irreversible "digital signatures" and other techniques for correlating the data while it remains in an "anonymized" form. This results in enhancing privacy but it also prevents data from being observed in its original form, thereby reducing the risk of misuse or accidental exposure, company officials explained.
"Everyone wants and needs to share data but the more it is shared the higher the chances it will get out of your control. There are lots of people with information who would like to know when they have two records in common, for instance, but they don't want to share all their information just to discover that," said Jeff Jonas, chief scientist for Entity Analytics and Distinguished IBM Engineer, who invented the technology.
Offering one example of how the technology works and what its benefit could be, Jonas said banks who want to market services to their own customers typically turn to a company with large databases such as Nexus-Lexis to obtain more specific information about those customers, such as what magazines they might subscribe to or how many children they have. But many times banks are reluctant to disclose their customer names.
"With this technique, a bank doesn't have to tell them who their customers are. The bank can just send the anonymized data and if there is a match then someone like Nexus-Lexis can just send the demographics. But if there is not a match the database marketer (Nexus-Lexis) can't discover who the bank's customers are," Jonas said.
Historically, Jonas said, cryptography has been used as the technical solution to such problems where one party encrypts its data and the other party would encrypt its data and then send it to each other. But Jonas claims his approach is the first where each party encrypts their own data using advanced correlation and only cryptographic data.
"Specifically, what is different with this approach is, instead of correlating the data and then anonymizing the results, you anonymize the data and then you correlate it while it is being anonymized. That is very different," Jonas said.
DB2 Anonymous Resolution also supports a number of strategic and regulatory initiatives, including privacy compliance, information sharing in support of homeland security, regulatory compliance, due diligence in mergers and acquisitions and clinical research, IBM officials said.
"With the recent rise in identity theft and unintentional information disclosure, users across all industries are telling us that the ability to safely and securely share data is a top priority for them," said John Slitz, an IBM vice president responsible for Entity Analytics.
Slitz said the new software is designed to aid users in meeting the security and privacy demands associated with opening up their data repositories and allowing them to take better advantage of emerging business opportunities. In one example, in the healthcare market, "anonymization" may be used by public health organizations to share and correlate data that has been stripped of personal information for medical research.
The software enables such an initiative in order to determine when two people are the same despite using only the anonymized data, which addresses double-counting of records that has often dogged medical research efforts.
DB2 Anonymous Resolution should allow users to reach higher levels of innovation by being able to share and analyze information based on the widest variety of sources.
"The ability to integrate information across silos while reducing the risk of unintended disclosure is essential," said a spokesman for the Singapore Ministry of Defense. "We have evaluated this technology and see great potential in it," he said.
DB2 Anonymous Resolution will be part of IBM's Entity Analytics Solutions business. The technology has been under development by Systems Research and Development (SRD), a startup company IBM acquired earlier this year. SRD has had extensive experience in creating software to quickly detect relationships existing among data residing in large repositories.
The software builds on some of the features of IBM's DB2 Identity Resolution and DB2 Relationship Resolution by anonymously comparing the records and detecting direct matches or relationships among individuals while providing a higher level of protection to individual privacy and security of the underlying information, company officials said.
For more information about DB2 Anonymous Resolution, users can go to www-306.ibm.com/software/data/db2/eas
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.