Prof. Dali Kaafar & Chris Cubbage
Dali Kaafar has disclosed “In a nutshell, the algorithm named TBE, perturbing answers to the queries by adding noise distributed within a bounded range is faulty and puts the highly sensitive original census data at major risk of being revealed. We demonstrated how an attacker, who may not know the perturbation parameters, can not only find any hidden parameters of the algorithm but also remove the noise to obtain the original answer to any query of choice. None of the attacks we presented depend on any background information. Implications of go beyond re-identification risks. The attack reveals values intended to be hidden by the TBE algorithm and hence reconstructs the original census data. While the attack is applicable to the actual Australian census data available through TableBuilder, for ethical considerations we only show the success of the attack on synthetic data. We note however, that the perturbation method used in ABS TableBuilder tool is proven vulnerable to this attack.
In response to the research, an ABS spokesperson stated, “The ABS is strongly committed to privacy. With emerging data analytics techniques, the ABS needs to be on the front foot of any emerging risks to the data we hold. We have been working, and will continue to work, with leading experts to ensure we are using the best approaches possible to protect individuals’ data.
The ABS has been working with Dr Kaafar and his co-researchers on Table Builder, and strategies to mitigate the vulnerability discovered by the researchers since early 2017. The ABS has already implemented measures to address the vulnerability. This includes reducing the amount of details to be accessed by certain Table Builder applications, strengthening the terms of use of Table Builder and also regularly monitoring the job logs to forestall any possible attacks.
There is no evidence of anyone’s privacy being compromised with the use of Table Builder.”
