Why is WPI worried?

Privacy is important to the ASSISTments team and WPI. Clearly smart people with both good and nefarious intentions can breach databases containing personal information. For example, two computer scientists breached the anonymity of searches by AOL users in 2006, Netflix users viewing habits in 2007. Even more recently the Census and Office of Personnel Management were also breached.

In 2006, America Online (AOL) released files containing searchers by approximately a third of their users over a few month period. They assured users that the data did not contain personally identifying information; however, the searches contained information such as credit card numbers, social security data, and information on criminal activities.

In 2007, two computer scientists in Texas used what was seemingly benign information of IMDB searches and matched that with Nextflix aggregated data. The Netflix database only used an anonymous identifier for users. The scientists use this identifier and the list of movies people watched to match to searchers on the IMDB website. Combining this information led to the scientists being able to identify users and potentially breach secure and presumed private information.

While these examples touch on the beginnings of awareness of online information security, databases with personal information are still being breached. In 2015 hackers were able to breach the US Census Bureau and while no personally sensitive information was downloaded this comes on right after the Office of Personnel Management was hacked and the personal information of millions of federal employees was accessed.

We expect that scientists using the ASSISTments TestBed are as smart as the hackers involved in these data breaches. We fully expect that with effort and a dash of deviousness, the data could be deanonymized, which is why we are asking you to agree to not to even try and remind you that you agreed to not try.