OCEAN: Open-source Collation of eGovernment data And Networks - Understanding Privacy Leaks in Open Government Data

The awareness and sense of privacy has increased in the minds of people over the past few years. Earlier, people were not very restrictive in sharing their personal information, but now they are more cautious in sharing it with strangers, either in person or online. With such privacy expectations and attitude of people, it is difficult to embrace the fact that a lot of information is publicly available on the web. Information portals in the form of the e-governance websites run by Delhi Government in India provide access to such PII without any anonymization. Several databases e.g., Voterrolls, Driving Licence number, MTNL phone directory, PAN card serve as repositories of personal information of Delhi residents. This large amount of available personal information can be exploited due to the absence of proper written law on privacy in India. PII can also be collected from various social networking sites like Facebook, Twitter, GooglePlus etc. where the users share some information about them. Since users themselves put this information, it may not be considered as a privacy breach, but if the information is aggregated, it may give out much more information resulting in a bigger threat. For e.g., data from social networks and open government databases can be combined together to connect an online identity to a real world identity. Even though the awareness about privacy has increased, the threats possible due to the availability of this large amount of personal data is still unknown. To bring such issues to public notice, we developed Open-source Collation of eGovernment data And Networks (OCEAN), 1 a system where the user enters little information (e.g. Name) about a person and gets large amount of personal information about him / her like name, age, address, date of birth, mother’s name, father’s name, voter ID, driving licence number, PAN. On aggregation of information within the Voter ID database, OCEAN 2 creates a family tree of the user giving out the details of his / her family members as well. We also calculated a privacy score, which calculates the risk associated with that individual in terms of how much PII of that person is revealed from open government data sources. 1,693 users had the highest privacy score making them the most vulnerable to risks. Using OCEAN, 3 we could collect 8,195,053 Voterrolls; 2,24,982 Driving licence; 53,419 PAN card numbers; 1,557,715 Twitter; 3,377,102 Facebook; 29,393 Foursquare; 1,86,798 LinkedIn and 28,900 GooglePlus records. There exist several websites like Yasni, 4 PeekYou, 5 Pipl 6 which help in searching a person on the Internet but are not focused for people living in Delhi. We performed a user evaluation of OCEAN 7 in a survey study to evaluate the usability, effectiveness and impact of OCEAN 8 and showed that users like and find it convenient to use it in real-world. We received 661 total hits (657 unique visitors) from the day we released the system, January 21, 2013, until October 10, 2013. To the best of our knowledge, this is the first real world deployed tool which provides personal information about residents of Delhi to everyone free of cost. http://precog.iiitd.edu.in/research/ocean. OCEAN: Best poster award, IIT Kanpur Symposium on Cyber Security, 2013 OCEAN: Work covered in national newspaper of Delhi, Hindustan in April 2013 http://www.yasni.com/. http://www.peekyou.com/india. https://pipl.com/. OCEAN: Work highlighted on IIIT Delhi website, Research section OCEAN: Accepted poster at IBM I-care, 2012