Cornell Tech security researchers Rafael Pass and Abhi Shelat say it is possible for a survey service or hacker who has access to its servers to reveal links between responses and identifying information. They have built a free survey alternative called Anonize, which they say makes it mathematically impossible for anyone to identify respondents, even with access to Anonize's servers.
Their system allows only a chosen group of respondents to submit answers, and only one response per person.
Respondents download the Anonize app to their smartphone, and the app generates a secret key derived from their email address that will never leave their device. When a survey administrator creates a survey, the Anonize server generates a PGP-style public key derived from the email addresses of all the authorized respondents, who write their answer in the Anonize app and either submit it from the phone or from a desktop by scanning a quick response code. A response string incorporates the survey's public key and changes with every survey to prevent survey creators from matching users between email lists. The string is created using a method of proving a mathematical statement is true without knowing anything else about it, which enables the server to check for proof someone is authorized without learning anything about their identity.
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found