Inferences on Non-Sensitive Data

28 11 2012

Before there was technology, just by your name itself, at least, 2 things can be infer about you – your gender and your race. For example, the name, Muhammad Hafiz, tells that the person is male and he is either Asian or Arab. But for me to make such inference, I would have to have cultural knowledge about the origin of the name and where it is most commonly used and etc.

With face-recognition technology, an anonymous person on the street can be identified by their name. In an experiment, picture of a subject was taken onsite and then it was uploaded to a cloud-computing cluster. The picture was then compared with searchable Facebook profile pictures to find a match and afterwards subject is asked to confirm their picture in the result set. A ratio of 1:3 out of 93 subjects has acknowledged their picture [1].

Sensitive data is defined as “any data that must be kept secure” [2]. Thus, name and face are considered as non-sensitive data. This is because you cannot possibly keep your name secure; people need to call by your name to make a conversation and a letter or parcel needs a name for someone to claim that it belongs to them. As for your face, unless you wear a mask all the time or your are wearing a “burqa”, a clothing that covers your face and shows only your eyes, there is no way you can keep it secure too.

When we talk about privacy and security, the concern is mostly on sensitive data. Examples of sensitive data are birth date, SSN and geo-location. Birth date and SSN are kept protected so that attacker cannot steal your identity, while you would want to keep your location protected because you do not want people to find out where you are and infer what your are doing at the location. However, there are increasing examples of how non-sensitive data can betray your privacy and thus leads to the disclosure of your sensitive data.

Example #1: Accelerometer in your mobile device

Accelerometer is what makes the screen on your mobile device to change to landscape or portrait when you tilt it horizontally or vertically. To be more accurate, accelerometer is “a device that can measure the force of acceleration, weather caused by gravity or by movement” [3]. In a paper, accelerometer is known to be able to infer the location of a mobile device. This is done by analyzing the motion signature of the device. The motion signature can tell us whether the person is on public transportation like bus or subway or if the person is near us [4].

Example #2: Loyalty card

In my Economic Analysis class, Professor Lim has mentioned about the benefit of loyalty card to the merchant endorsing it. To the customers, the benefit of using the card is to get discount on items, buying bundled items and collecting reward points. But merchants are actually collecting the information to study about our buying pattern or to measure the price elasticity of the item.

In conclusion, when making privacy policy, there is a need to protect non-sensitive data too because the proliferation of these data knowingly leads the disclosure of sensitive data that we have work hard to secure in the first place.


  1. Acquisti, Alessandro. Privacy in the Age of Augmented Reality. 2012. Web. <>
  2. Glossary. Web. <>
  3. What does the iPhone accelerometer do? Web. <>
  4. Jun Han, Emmanuel Owusu, Le T. Nguyen, Adrian Perrig, Joy Zhang. ACComplice: Location Inference using Accelerometers on Smartphones. 2012. Web. <>



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: