San Diego, October 16, 2017
Today we are announcing our “Aircloak Privacy Challenge” at the IAPP’s Privacy. Security. Risk. 2017 conference. This unique bounty program rewards privacy professionals, researchers and hackers who manage to break the company’s patented privacy protection methodology, with a total of 15,000 USD. Applications for the challenge to re-identify anonymized data start today.
Aircloak, in joint research with the Max Planck Institute for Software Systems, designed Diffix, a new privacy analytics methodology that achieves a strong level of anonymity while maintaining a high level of information content in the data, and is simple to deploy and to use. Marketed as Aircloak Insights, Diffix is the only technology confirmed by a European data protection authority to deliver GPDR-level anonymization for all data types and use cases. It is deployed by financial institutions and communications providers worldwide.
Launching the “Aircloak Privacy Challenge” today
“At Aircloak we believe that data security is best served through methods and implementations that are transparent and that can withstand public scrutiny. This is why Aircloak made its methodology public and available for review when Aircloak Insights was launched.“,
says Felix Bauer, co-founder and CEO of Aircloak.
Now Aircloak is taking this a step further through its Aircloak Privacy Challenge initiative, a bounty program incentivizing participating “attackers” to find weaknesses in its anonymization methodology. For this purposes Aircloak will make its platform available and attackers are encouraged to try to compromise it along the three criteria for GDPR-level anonymity:
- Singling out an individual,
- Linking records relating to an individual, and
- Inferring information concerning an individual
while suppling their own data sets to attack, or use one of the data sets supplied by Aircloak. The attacker may assume substantial prior knowledge of the data set.
Starting today participants can apply at https://challenge.aircloak.com/ or email firstname.lastname@example.org. The Challenge is scheduled to go live in November 2017, and will run for 6 months. Total rewards of $15,000 are available for successful attackers, with individual bounties ranging from $100 to US$ 5,000 depending on the number of users that can be singled out and the amount of prior knowledge assumed. Higher bounties are paid when the attacker can single out more users with less prior knowledge.
“The benefit of this program for organizations looking to protect their personal data is that they can increase their confidence level in the Aircloak product. It is equally valuable to Aircloak to be able to uncover and address potential issues very early on, and in a safe sandbox environment without the risk of compromising actual private customer data in a live operational setting.”,