Hidden signatures

Evidence or at least a hint

When I paid for a speeding fine at easypass Germany, I left an e-mail address unique for my visit to their site. Two years later I started receiving spam on this address.

Easypass, an non-governmental organisation, is hired by the German authorities to collect high way speeding tickets. They leaked my e-mail address to a spammer. Please read GDPR: they leaked is equivalent to some criminal harvested e-mail addresses and came across a list of their accounts.

This is why, among others, GDPR is a good thing.

You can put signatures in your data in order to establish most of the trail around the leaking of it.

A signature should allow you to discover the following about the leaking:

  • date
  • authentication involved; including person and level of authorization

We could add personnel or customer records of fake people. If we change these every other week, we can use this to identify a date. We could also implement different fake people popping up for different logged on users, or at least coupled to the authorisation level.

This screws up statistics and all other data science like operations on the data.

We can hit two birds with one stone however:

We can anonymise and tag simultaneously.

About this title

The first four or five titles were written in some kind of rage after visiting the Big Data Expo, Utrecht 2017. I then knew about GDPR and had implemented various mechanisms to avoid running risks. The commercial heavy lifting on that expo was terrible. People should be informed about GDPR without FUD.