Anonymization and pseudonymization

Anonymization and pseudonymization are data protection measures .

The anonymity is the modification of personal data so that the data can not be associated with longer or only with disproportionate investment of time, cost and labor to an identified or identifiable natural person. In the case of pseudonymisation , the name or other identification feature is replaced by a pseudonym (usually a code consisting of a combination of letters or numbers) in order to exclude or make it much more difficult to determine the identity of the person concerned (for Germany see Section 3 (6a) BDSG or corresponding state law).

In contrast to anonymization, with pseudonymization, references to different data records that have been pseudonymized in the same way are retained.

The pseudonymization thus enables - with the help of a key - the assignment of data to a person, which is impossible or only possible with difficulty without this key, since data and identification features are separated. It is therefore crucial that a combination of person and data is still possible.

The more meaningful the data collection (e.g. income, medical history, place of residence, size), the greater the theoretical possibility of assigning and identifying a specific person without a code . In order to maintain anonymity, this data might have to be separated or falsified in order to make it more difficult to establish identity.

The deliberate removal of a previous anonymization is called deanonymization .

Examples

Examples of pseudonymization

A pseudonym is used as the e-mail address and nickname on the Internet. The communication partners do not know the real identity. If this is known to the service provider, it will be made known upon request (e.g. in the case of civil law suits, criminal investigations). Alternatively or in addition, remailers can be used, which prevent the traceability of the message content by anonymizing the header (headers).
If a professor at a university would like to make the results of a (written) examination easily accessible to the students, he asks them to write down a self-chosen pseudonym on the sheets during the examination. After the correction, the professor can publish a notice (possibly also on the Internet) in which all results are listed according to the scheme <Pseudonym> <Note>. Thus, the assignment of the pseudonym to the respective student can only be established by the professor or, in individual cases, by the student.

Examples of anonymization

Are personal data without assignment of a data element , such as B. a customer number , deleted or if there is no key , orders can no longer be assigned to a specific person. The customers have been anonymized.
If, in the "Professor" example above, the examination sheets with the pseudonyms noted by the students were destroyed, the information on the notice board would be anonymized for the general public, as it would no longer be possible to assign them to the respective students. However, since each student has memorized his pseudonym, he will be able to recognize his entry on the notice board.
A secret ballot in elections is based on the principle of anonymization (see voting secrecy ). It can still be traced who voted, but it is no longer possible to match the ballot paper with the voter.

Reputation of the internet user

Pseudonyms are considered permissible on the Internet and their use is even anchored in Section 13 of the Telemedia Act. The prerequisite is that the "service providers have no knowledge of the illegal act or the information and, in the case of claims for damages, are not aware of any facts or circumstances from which the illegal act or the information becomes obvious, or that they acted immediately to remove the information or block access to it as soon as they gain knowledge of it. ”But the actual use of pseudonyms provokes reactions in society:

Anonymous: A person's reputation seems to go down when they act anonymously. Because the desire to “want to hide something” means for many people that “you have something to hide”. The rule of law is also trying to intervene, as complete anonymization hinders criminal prosecution. In the discussion about data retention in particular , it became clear that the criminal authorities are increasingly trying to gain access to data.

Pseudonym: Since the rule of law access to the connection data of real people is possible with pseudonymization, the There may be suspicions of “trying to hide something.” However, the fact remains that some people who use pseudonyms think they are “anonymous” and act accordingly. Therefore, some complain about the decline of the “culture of behavior” on the Internet associated with the pseudonym or create rules for correct behavior on the Internet. In contrast, some defend the use of pseudonyms as a prerequisite for shielding individual freedom of expression and personal development from state, social or political restrictions.

As can be seen from the above examples, there is a place in the systems used by the so-called anonymization or pseudonymization services that is open: System administrators have an insight into the data and activities of Internet users. Since internal abuse represents a serious threat from the Internet alongside hackers, service providers try to protect themselves.

Possible protective measures from service providers

Providers of services that are committed to privacy on the Internet want to use anonymization on the Internet to ensure that Internet users trust them. The important question here is who has access to the data. The following mechanisms play a role in protection:

Laws of the respective country where the servers are located (see also data protection law )
Internal guidelines or technical organizational measures
technical exclusion of the operator's employees

Individual evidence

↑ Eric Schmidt (board member at Google): "If you have something that you don't want anyone to know, maybe you shouldn't be doing it on the first place." on Youtube
↑ Interior Minister Friedrich calls for the end of anonymity on the Internet. In: spiegel.de. August 7, 2011, accessed April 8, 2018 .
↑ Reader's article Anonymität Internet on zeit.de
↑ etiquette from Knigge: Eetiquette
^ Jillian C. York: A Case for Pseudonyms. In: Electronic Frontier Foundation , July 29, 2011.
↑ Data protection: Can we really trust cloud services? In: express.de. June 29, 2012, Retrieved April 8, 2018 .
↑ Technical and organizational measures
↑ see Sealed Cloud

literature

Andreas Pfitzmann , Marit Hansen : Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology (PDF; 824 kB) . TU Dresden, ULD Kiel, 2008.

[1] Eric Schmidt (board member at Google): "If you have something that you don't want anyone to know, maybe you shouldn't be doing it on the first place." on Youtube

[2] Interior Minister Friedrich calls for the end of anonymity on the Internet. In: spiegel.de. August 7, 2011, accessed April 8, 2018 .

[3] Reader's article Anonymität Internet on zeit.de

[4] tiquette from Knigge: Eetiquette

[5] Jillian C. York: A Case for Pseudonyms. In: Electronic Frontier Foundation , July 29, 2011.

[6] Data protection: Can we really trust cloud services? In: express.de. June 29, 2012, Retrieved April 8, 2018 .

[7] Technical and organizational measures

[8] see Sealed Cloud