More than Communication Surveillance:
 Data Protection
 in the Age of Big Data. Discussing about re-identification issues, with focus on database for development/aid/public services. Presented at "Next Generation Technologies for Empowering People" workshop (Frontiers Learning Series) — 14 November 2016, Asia Regional Training Center (ARTC) Bangkok, USAID Regional Development Mission for Asia (RDMA) https://sites.google.com/site/frontierslearningseries2016/

1. MORE THAN COMMUNICATION
SURVEILLANCE:
DATA PROTECTION
IN THE AGE OF BIG DATA
Frontiers Learning Series: Next Generation Technologies
for Empowering People — 14 November 2016, Bangkok
@bact
Arthit Suriyawongkul

2. INFORMATION SECURITY & PRIVACY
➤ Information Security
➤ Confidentiality
➤ Integrity
➤ Availability
➤ Information Privacy — the situation where we (the owner of
the data) can control those C, I, and A — we have power over
our own data (and our own life)

3. OPPORTUNITIES AND CHALLENGES
Data
Network
(go across national borders)
Computation
Net neutrality
(which activities are
prioritised?)
Infrastructure ownership
(who can get connected?)
Sensory
citizenship
(whose ‘votes’ got
counted?)
Big Data
(Volume, Variety,
Velocity)
LinkabilityIdentity
(do/how you exist?)
Citizen
science
Metadata
Bias / Discrimination
“Precrime”
(Predictive crime control,
systemic prejudgement,
algorithmic bias)
Anonymity
Peer-to-peer
network
Cloud
storage
Cloud
computing
Consumer rights
as Civil rights
Media
convergence
Behavior
Re-identification
Interface
Accessibility
Multicultural
environment

4. VIOLATIONS OVER PERSONAL DATA + PROTECTION MEASURES
➤ Identity theft
➤ Computer-crime prevention, fraud detection
➤ Data breach
➤ Information and network security (cybersecurity)
➤ Re-identification, de-anonymization
➤ Personal data protection
➤ Engineering (compute code)
➤ Policy (legal code)

5. BIG DATA
➤ Volume
➤ Velocity (update very frequently)
➤ Variety

6. RE-IDENTIFICATION / DE-ANONYMIZATION
➤ Decrypting
➤ Decoding
➤ Linking

7. DECRYPTING (SOUTH KOREAN PRESCRIPTION DATABASE)

8. DECODING (SOUTH KOREAN PRESCRIPTION DATABASE)

9. LINKING

13. PROTECTION MECHANISM
User Access Control
Algorithm auditing
Oversight
Board
Design for
Clarity+Consent
Privacy Impact
Assessment
Software validation
and verification
Social engineering
prevention
Cryptography
Firewall
Hardening
Physical Security
ObfuscationTransparency
Report

14. INITIATIVES TO MAKE CONSUMERS/CITIZENS MORE INFORMED
➤ Transparency Report / Law Enforcement Requests Report
➤ Ranking Digital Rights — Corporate Accountability Index

15. INITIATIVES
➤ Thai Netizen
Network
studies on
privacy
policy and
technological
security
measures of
45 websites
in 2014

16. REFERENCES
➤ A Privacy-Preserving eHealth Protocol compliant with the Belgian Healthcare System
De Decker, B. et al. Fifth European PKI Workshop. June 16-17, 2008. http://
www.item.ntnu.no/europki08/presentations/europki08-layouni.pdf
➤ Advanced Applications for e-ID Cards in Flanders.
De Decker, B. et al. ADAPID Deliverable D6. E-Health I. 2007. https://
www.cosic.esat.kuleuven.be/adapid/docs/adapid-d6.pdf
➤ Simple Demographics Often Identify People Uniquely.
Sweeney, L. Carnegie Mellon University, Data Privacy Working Paper 3. Pittsburgh
2000. http://dataprivacylab.org/projects/identifiability/
➤ De-anonymizing South Korean Resident Registration Numbers Shared in Prescription
Data.
Sweeney L and Yoo J. Technology Science, 2015092901. September 29, 2015. http://
techscience.org/a/2015092901/
➤ Ranking Digital Rights https://rankingdigitalrights.org/
➤ Thai Netizen Privacy Report https://thainetizen.org/privacy-report-2014/

17. FOLLOW @THAINETIZEN
Thai Netizen Network
Foundation for Internet and Civic Culture
This presentation by Thai Netizen Network is licensed under
the Creative Commons Attribution 4.0 International License.