TED Conversations TED Conversations

“Could threat data be anonymized?”: Comment of the week, Feb. 1, 2017

This week’s comment comes from Joe, who has enough understanding of the topic of Caleb Barlow’s talk, “Where is cybercrime really coming from?” to pose a great question to the speaker. Particularly on topics I’m less familiar with, it’s great to come to the comments and hear from people who have much more experience with the ideas presented.
Joe asks: "Could the threat data be anonymized? That is, could companies and individuals send this data through an 'opaque' slot to one or more aggregation sites for meta-analysis (along the lines of what I assume exists for whistleblowers contacting sites like wikileaks)? Caleb's reply: "Joe - that's an excellent point and actually something that is being widely discussed. The challenge is that you need to maintain the REPUTATION of the source will also hiding the true identity. Without also maintaining the reputation you run the risk of bad buys flooding you with bogus data. There are several emerging theories on how this could be accomplished."

Joe asks: “Could the threat data be anonymized? That is, could companies and individuals send this data through an ‘opaque’ slot to one or more aggregation sites for meta-analysis (along the lines of what I assume exists for whistleblowers contacting sites like wikileaks)?
Caleb’s reply: “Joe – that’s an excellent point and actually something that is being widely discussed. The challenge is that you need to maintain the REPUTATION of the source will also hiding the true identity. Without also maintaining the reputation you run the risk of bad buys flooding you with bogus data. There are several emerging theories on how this could be accomplished.”

At the end of a talk like Caleb’s, I find myself wondering how likely it is that the solutions he mentioned will be implemented, or how quickly they could be. However, it’s tough to answer my own questions because I know very little about the liabilities involved, or the logistical feats that are likely required to pull this off. Where I’d normally be quite discouraged by my own “ignorance overload,” both Joe’s comment and Caleb’s reply give me a push in the right direction. Joe asks a question I wish I’d known to ask myself, and with the information shared in the thread — anonymizing data, establishing a source’s reputation, and the fact that this method is already being discussed — I have somewhere to start.
It can be hard to have a deep understanding of the solutions in more complicated and technical talks, but with a comment community you can ask questions of, and a starting line to walk towards, hopefully we all will keep trying. The nuances of implementing the idea can be just as fascinating as the ideas themselves, and if something sparks your interest, I’d say you owe it to yourself to keep digging. Or at least to scroll down to the comments :)
Thanks for asking, Joe!