It's not often that a high-school dropout becomes a distinguished
engineer at IBM. But Jeff Jonas, the company's chief scientist of entity analytics, has done just that by developing ways to mine personal data while maintaining privacy.Jonas first developed "identity resolution" technology more than 20 years ago. He claims the software is now mature enough to let government agencies and corporations do sophisticated analysis on the reams of data they have — even sensitive personal information.
Jonas started his company, SRD, in 1983 to help corporate customers spot fraud. He then moved to Las Vegas to help law enforcement find bad guys who use multiple pseudonyms to elude police.
SRD received funding from the CIA's venture investing arm, In-Q-Tel, to expand the use of the product, helping intelligence agencies correlate disparate pieces of information to track terrorists and other criminals.
IBM bought privately held SRD in January of this year, in part by selling Jonas on the prospect of ramping up the use of his software in many industries.
Jonas has said that using the right techniques, government agencies and businesses can gather and analyse information on people without violating privacy. He spoke to ZDNet UK's sister site, CNET News.com, to explain.
Q: Casinos were some of your first customers. Can you tell me how you used your technology?
A: That's where we really cut our teeth on learning and
understanding how identities change through time... Vegas is quite a
sweet target to deploy some rather sophisticated attacks that have been
going on for years. People will create four or five different
identities. There's one person I know that has 30 different names. We
spent time with the gaming industry helping them to know who they were
doing business with. And they wanted to understand whether the people
transacting with them were on their bad guy list.
So you were able to create this correlation between all these different false names?
Well, there are cases where you can create an identity that is so pure
that is non-matchable. But bad guys have to remember an identity
package. And there are some things they do that compromise one identity
with another that allow you to put them together. Historically, you
first decrypt it to analyse it. We figured out how to do deep analytics
while it is encrypted.
How did you apply that identity resolution technology in other areas?
The Las Vegas work was before our anonymisation work. The anonymisation
is now called "relationship resolution." That class of technology is
designed for organisations that already have the data. They want to
bring more meaning out of the data.
For example?
They want to find out if the vendor [and]
the accounts payable manager are related. They want to figure out that
these 16 customers are really all the same. The anonymisation
technology is used by organisations that share data and match it, but
they are tense over the loss of it because it's sensitive.
So that allows them to them to analyze their information on people without having to be explicit about identity?
Yeah. So let me give you an example. I met with a financial services
company and they were estimating they were losing $10m (£6m) a year
around a certain kind of fraud. That's a very small part of their
total...
For more, click here...
