AMITIAE - Monday 2 February 2015

Cassandra: Use of Metadata to De-anonymize Credit Card Records

apple and chopsticks


By Graham K. Rogers


As we go about our business, we leave large amounts of metadata as a trail that if pieced together could give significant information - for good or for bad - to those who are able to identify and use such crumbs.

Our telephones, emails, photographs, for example, all contain metadata that is collected by some agencies, although we are assured that all they do is store it in case it is ever needed later (in itself not wholly reassuring).

On the other hand, in a debate on security and tracking, former head of the CIA, General Michael Hayden, was happy to tell the audience, "We kill people based on metadata" and his semi-retraction - "just not this metadata" - was insufficient to neutralize the chill his first comment had created.

In another warning about the risks that metadata might bring, researchers have found that with four pieces of information that showed people's movements on particular days, it was possible to re-identify 90% of credit card users whose names and card numbers had been previously been stripped from records.

Reporting for HelpNet Security, Zeljka Zorz, outlines the work done by researchers at MIT's Media Lab, suggesting that users should be made more aware of the potential risks created by the availability of such metadata; and that there is far greater need for proper consumer protection.


For more information and links to research, see Researchers show how easy it is to de-anonymize shoppers.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. He is now continuing that in the Bangkok Post supplement, Life.



Made on Mac

For further information, e-mail to

Back to eXtensions
Back to Home Page

All content copyright © G. K. Rogers 2015