This article discusses an issue in the realm of online
surveys in that they are more than not cryptographically anonymous. A professor
at Cornell Universtiy, Rafael Pass, was asked by one of his students if the
surveys were truly anonymous, to which he had to respond that “the data is
there”[1]
if anyone wanted to find out who responded to the survey and how. In reaction
to this, Pass created a cryptographically anonymous survey system called
Anonize which, unlike other online surveys, does not require a unique
identifier (like and email address) and is now being used at Cornell and
eventually University of Virginia.
The first point worth noting is that Anonize, unlike Survey
Monkey, does not collect enough individual data for the responses to be traced
back to the user. They do this by assigning each user an individual key when
they download the app that the instructor can then see as an authorized
respondent. This key then changes per survey so they can’t be matched on other
email lists. The second notable point is that while this is all technologically
sound and anonymous, if anyone were able to get their hands on a responders
phone they could matched their key to the responses. This point is important
because, while very difficult, it is still possible to find out how a
participant responded. Third and finally, the article emphasizes a warning from
Pass and the other developers of the app that seemingly private data doesn’t
stay private for long. He references the data breaches to companies Ashley
Madison in which hackers gained access “30 gigabytes of company and customer
data”[2]
and a similar breach to their severs at Cornell.
This article could have went into more depth as to how a
system like this could not only benefit a school in the way their students
respond to surveys, but as to how this software could be used to benefit
companies that may be prone to security breaches in the future. Another point
that was over-looked was the argument that Survey Monkey is not as secure as
Pass claims it is. I would have liked to seen an explanation as to how a hacker
(or instructor) would be able to trace the data back to its source.
[1]
http://www.wired.com/2015/09/new-crypto-tool-makes-anonymous-surveys-truly-anonymous/
“Students had to blindly trust that the university wouldn’t access their
identifying information. “The data is there,” Pass says he admitted.”
[2]
http://www.wired.com/2015/08/ashley-madison-hack-everything-you-need-to-know-your-questions-explained/
“For a siTE that
touted itself as the premier cheating site for married people seeking partners
for infidelity, Ashley Madison was relatively unknown until hackers broke into
its servers and released more than 30 gigabytes of customer and company data
this week, propelling it into the spotlight.”
I think another important aspect of this new crypto app will be its usage outside of just anonymous surveys. Most anonymous apps, such as YikYak or WhatsGoodly, will also start to implement this technology into the own apps because of the anonymity that is offered. College kids are mainly the users of the two examples above, but with a bit of work, someone could figure out from where posts and comments are being sent from and possibly locate the exact person. Another example could be fitness apps wanting to keep their customers data secure and anonymous.
ReplyDelete