Silencing the Risk, Not the Whistle: A Semi-automated Text Sanitization Tool for Mitigating the Risk of Whistleblower Re-Identification
Pages 733 - 745
Abstract
Whistleblowing is essential for ensuring transparency and accountability in both public and private sectors. However, (potential) whistleblowers often fear or face retaliation, even when reporting anonymously. The specific content of their disclosures and their distinct writing style may re-identify them as the source. Legal measures, such as the EU Whistleblower Directive, are limited in their scope and effectiveness. Therefore, computational methods to prevent re-identification are important complementary tools for encouraging whistleblowers to come forward. However, current text sanitization tools follow a one-size-fits-all approach and take an overly limited view of anonymity. They aim to mitigate identification risk by replacing typical high-risk words (such as person names and other labels of named entities) and combinations thereof with placeholders. Such an approach, however, is inadequate for the whistleblowing scenario since it neglects further re-identification potential in textual features, including the whistleblower’s writing style. Therefore, we propose, implement, and evaluate a novel classification and mitigation strategy for rewriting texts that involves the whistleblower in the assessment of the risk and utility. Our prototypical tool semi-automatically evaluates risk at the word/term level and applies risk-adapted anonymization techniques to produce a grammatically disjointed yet appropriately sanitized text. We then use a Large Language Model (LLM) that we fine-tuned for paraphrasing to render this text coherent and style-neutral. We evaluate our tool’s effectiveness using court cases from the European Court of Human Rights (ECHR) and excerpts from a real-world whistleblower testimony and measure the protection against authorship attribution attacks and utility loss statistically using the popular IMDb62 movie reviews dataset, which consists of 62 individuals. Our method can significantly reduce authorship attribution accuracy from 98.81% to 31.22%, while preserving up to 73.1% of the original content’s semantics, as measured by the established cosine similarity of sentence embeddings.
References
[1]
Vigjilenca Abazi. 2020. The European Union whistleblower directive: a ‘game changer’for whistleblowing protection?Industrial Law Journal 49, 4 (2020), 640–656.
[2]
Allison Adams, Eric Aili, Daniel Aioanei, Rebecca Jonsson, Lina Mickelsson, Dagmar Mikmekova, Fred Roberts, Javier Fernandez Valencia, and Roger Wechsler. 2019. AnonyMate: A toolkit for anonymizing unstructured chat data. In Proceedings of the Workshop on NLP and Pseudonymisation. Linköping University Electronic Press, Linköping, 1–7.
[3]
Malik Altakrori, Jackie Chi Kit Cheung, and Benjamin CM Fung. 2021. The topic confusion task: A novel evaluation scenario for authorship attribution. In Findings of the Association for Computational Linguistics: EMNLP 2021. Association for Computational Linguistics, Punta Cana, Dominican Republic, 4242–4256. https://doi.org/10.18653/v1/2021.findings-emnlp.359
[4]
Iyadh Ben Cheikh Larbi, Aljoscha Burchardt, and Roland Roller. 2022. Which anonymization technique is best for which NLP task?–It depends. A Systematic Study on Clinical Text Processing. arXiv e-prints (2022), arXiv–2209.
[5]
Bettina Berendt and Stefan Schiffner. 2022. Whistleblower protection in the digital age-why “anonymous” is not enough.: From technology to a wider view of governance. The International Review of Information Ethics 31, 1 (2022).
[6]
Rachelle Bosua, Simon Milton, Suelette Dreyfus, and Reeva Lederman. 2014. Going public: Researching external whistleblowing in a new media age. In International handbook on whistleblowing research. Edward Elgar Publishing, 250–272.
[7]
Can Eyupoglu Can, Muhammed Ali Aydin, Abdul Halim Zaim, and Ahmet Sertbas. 2018. An Efficient Big Data Anonymization Algorithm Based on Chaos and Perturbation Techniques. Entropy 20, 5 (2018), 373. article no.: 373; https://www.mdpi.com/1099-4300/20/5/373.
[8]
Hyung Won Chung, Le Hou, Shayne Longpre, Barret Zoph, Yi Tay, William Fedus, Eric Li, Xuezhi Wang, Mostafa Dehghani, Siddhartha Brahma, 2022. Scaling instruction-finetuned language models. arXiv preprint arXiv:2210.11416 (2022).
[9]
Kate Crawford, Roel Dobbe, Theodora Dryer, Genevieve Fried, Ben Green, Elizabeth Kaziunas, Amba Kak, Varoon Mathur, Erin McElroy, Andrea Nill Sánchez, Deborah Raji, Joy Lisi Rankin, Rashida Richardson, Jason Schultz, Sarah Myers West, and Meredith Whittaker. 2019. AI Now 2019 Report. https://ainowinstitute.org/publication/ai-now-2019-report-2
[10]
Mary Cummings. 2004. Automation Bias in Intelligent Time Critical Decision Support Systems. In Proc. of the AIAA 1st Intelligent Systems Technical Conference.
[11]
Rita de Sousa Costa and Inês de Castro Ruivo. 2020. Preliminary Remarks and Practical Insights on How the Whistleblower Protection Directive Adopts the GDPR Principles. In Privacy Technologies and Policy - 8th Annual Privacy Forum, APF 2020, Lisbon, Portugal, October 22-23, 2020, Proceedings(Lecture Notes in Computer Science, Vol. 12121), Luís Antunes, Maurizio Naldi, Giuseppe F. Italiano, Kai Rannenberg, and Prokopios Drogkaris (Eds.). Springer, 95–109. https://doi.org/10.1007/978-3-030-55196-4_6
[12]
Franck Dernoncourt, Ji Young Lee, Ozlem Uzuner, and Peter Szolovits. 2017. De-identification of patient notes with recurrent neural networks. Journal of the American Medical Informatics Association 24, 3 (2017), 596–606.
[13]
Jesse Dodge, Maarten Sap, Ana Marasović, William Agnew, Gabriel Ilharco, Dirk Groeneveld, Margaret Mitchell, and Matt Gardner. 2021. Documenting large webtext corpora: A case study on the colossal clean crawled corpus. arXiv preprint arXiv:2104.08758 (2021).
[14]
Josep Domingo-Ferrer. 2007. A three-dimensional conceptual framework for database privacy. In Secure Data Management: 4th VLDB Workshop, SDM 2007, Vienna, Austria, September 23-24, 2007. Proceedings 4. Springer, 193–202.
[15]
Josep Domingo-Ferrer, David Sánchez, and Jordi Soria-Comas. 2016. Database anonymization: privacy models, data utility, and microaggregation-based inter-model connections. Synthesis Lectures on Information Security, Privacy, & Trust 8, 1 (2016), 1–136.
[16]
Cynthia Dwork. 2006. Differential privacy. In Automata, Languages and Programming: 33rd International Colloquium, ICALP 2006, Venice, Italy, July 10-14, 2006, Proceedings, Part II 33. Springer, 1–12.
[17]
European Data Protection Supervisor (EDPS) and Spanish Data Protection Agency (AEPD). 2021. 10 Misunderstandings Related to Anonymisation. https://edps.europa.eu/system/files/2021-04/21-04-27_aepd-edps_anonymisation_en_5.pdf. Joint statement on anonymisation of personal data according to EU GDPR.
[18]
Maël Fabien, Esaú Villatoro-Tello, Petr Motlicek, and Shantipriya Parida. 2020. BertAA: BERT fine-tuning for Authorship Attribution. In Proceedings of the 17th International Conference on Natural Language Processing (ICON). 127–137.
[19]
Ronen Feldman and James Sanger. 2007. The text mining handbook: advanced approaches in analyzing unstructured data. Cambridge university press.
[20]
Natasha Fernandes, Mark Dras, and Annabelle McIver. 2019. Generalised differential privacy for text document processing. In Principles of Security and Trust: 8th International Conference, POST 2019, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019, Prague, Czech Republic, April 6–11, 2019, Proceedings 8. Springer International Publishing, 123–148.
[21]
Christian Hauser, Nadine Hergovits, and Helene Blumer. 2019. Whistleblowing Report 2019. http://whistleblowingreport.org/
[22]
IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems. 2019. Ethically aligned design: A vision for prioritizing human well-being with autonomous and intelligent systems. Technical Report. IEEE. https://standards.ieee.org/wp-content/uploads/import/documents/other/ead_v2.pdf
[23]
Alistair EW Johnson, Lucas Bulgarelli, and Tom J Pollard. 2020. Deidentification of free-text medical records using pre-trained bidirectional transformers. In Proceedings of the ACM Conference on Health, Inference, and Learning. 214–221.
[24]
Bennett Kleinberg, Toby Davies, and Maximilian Mozes. 2022. Textwash–automated open-source text anonymisation. arXiv preprint arXiv:2208.13081 (2022).
[25]
Ksenia Lagutina, Nadezhda Lagutina, Elena Boychuk, Inna Vorontsova, Elena Shliakhtina, Olga Belyaeva, Ilya Paramonov, and PG Demidov. 2019. A survey on stylometric text features. In 2019 25th Conference of Open Innovations Association (FRUCT). IEEE, 184–195.
[26]
Alaor Leite. 2021. Whistleblowing und das System der Rechtfertigungsgründe Das erlaubte Whistleblowing nach dem Geschaftsgeheimnisgesetz als, fürdernder Rechtfertigungsgrund”. Goltdammer’s Archiv für Strafrecht 168, 3 (2021), 129–146.
[27]
Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian. 2006. t-closeness: Privacy beyond k-anonymity and l-diversity. In 2007 IEEE 23rd international conference on data engineering. IEEE, 106–115.
[28]
Pierre Lison, Ildikó Pilán, David Sánchez, Montserrat Batet, and Lilja Øvrelid. 2021. Anonymisation models for text data: State of the art, challenges and future directions. In Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (Volume 1: Long Papers). 4188–4203.
[29]
Yinhan Liu, Myle Ott, Naman Goyal, Jingfei Du, Mandar Joshi, Danqi Chen, Omer Levy, Mike Lewis, Luke Zettlemoyer, and Veselin Stoyanov. 2019. Roberta: A robustly optimized bert pretraining approach. arXiv preprint arXiv:1907.11692 (2019).
[30]
Zengjian Liu, Buzhou Tang, Xiaolong Wang, and Qingcai Chen. 2017. De-identification of clinical notes via recurrent neural network and conditional random field. Journal of biomedical informatics 75 (2017), S34–S42.
[31]
Ashwin Machanavajjhala, Daniel Kifer, Johannes Gehrke, and Muthuramakrishnan Venkitasubramaniam. 2007. l-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data (TKDD) 1, 1 (2007), 3–es.
[32]
Rui Mao, Qian Liu, Kai He, Wei Li, and Erik Cambria. 2022. The biases of pre-trained language models: An empirical study on prompt-based sentiment analysis and emotion detection. IEEE Transactions on Affective Computing (2022).
[33]
Tanya M Marcum and Jacob Young. 2019. Blowing the whistle in the digital age: are you really anonymous? The perils and pitfalls of anonymity in whistleblowing law. DePaul Bus. & Comm. LJ 17 (2019), 1.
[34]
Brian Martin. 2003. Illusions of whistleblower protection. UTS L. Rev. 5 (2003), 119.
[35]
Justus Mattern, Benjamin Weggenmann, and Florian Kerschbaum. 2022. The Limits of Word Level Differential Privacy. In Findings of the Association for Computational Linguistics: NAACL 2022. 867–881.
[36]
Andrew WE McDonald, Sadia Afroz, Aylin Caliskan, Ariel Stolerman, and Rachel Greenstadt. 2012. Use fewer instances of the letter “i”: Toward writing style anonymization. In Privacy Enhancing Technologies: 12th International Symposium, PETS 2012, Vigo, Spain, July 11-13, 2012. Proceedings 12. Springer, 299–318.
[37]
Joseph McGlynn III and Brian K Richardson. 2014. Private support, public alienation: Whistle-blowers and the paradox of social support. Western Journal of Communication 78, 2 (2014), 213–237.
[38]
Brijesh Mehta, Udai Pratap Rao, Ruchika Gupta, and Mauro Conti. 2019. Towards privacy preserving unstructured big data publishing. Journal of Intelligent & Fuzzy Systems 36, 4 (2019), 3471–3482.
[39]
Gayani Nanayakkara, Nirmalie Wiratunga, David Corsar, Kyle Martin, and Anjana Wijekoon. 2022. Clinical dialogue transcription error correction using Seq2Seq models. In Multimodal AI in healthcare: A paradigm shift in health intelligence. Springer, 41–57.
[40]
Arvind Narayanan and Vitaly Shmatikov. 2010. Myths and fallacies of" personally identifiable information". Commun. ACM 53, 6 (2010), 24–26.
[41]
Janet P Near and Marcia P Miceli. 1985. Organizational dissidence: The case of whistle-blowing. Journal of business ethics 4, 1 (1985), 1–16.
[42]
Hoang Nguyen and Sandro Cavallari. 2020. Neural multi-task text normalization and sanitization with pointer-generator. In Proceedings of the First Workshop on Natural Language Interfaces. 37–47.
[43]
Annika Willoch Olstad, Anthi Papadopoulou, and Pierre Lison. 2023. Generation of Replacement Options in Text Sanitization. In Proceedings of the 24th Nordic Conference on Computational Linguistics (NoDaLiDa). 292–300.
[44]
Anthi Papadopoulou, Yunhao Yu, Pierre Lison, and Lilja Øvrelid. 2022. Neural Text Sanitization with Explicit Measures of Privacy Risk. In Proceedings of the 2nd Conference of the Asia-Pacific Chapter of the Association for Computational Linguistics and the 12th International Joint Conference on Natural Language Processing. 217–229.
[45]
Constantinos Patsakis and Nikolaos Lykousas. 2023. Man vs the machine: The Struggle for Effective Text Anonymisation in the Age of Large Language Models. arXiv preprint arXiv:2303.12429 (2023).
[46]
Andreas Pfitzmann and Marit Hansen. 2005. Anonymity, unlinkability, unobservability, pseudonymity, and identity management-a consolidated proposal for terminology – v. 0.28. Technical Report. https://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.28.pdf
[47]
David J. Phillips. 2004. Privacy policy and PETs: the influence of policy regimes on the development and social implications of privacy enhancing technologies. New Media and Society 6, 6 (2004), 691––706.
[48]
Ildikó Pilán, Pierre Lison, Lilja Ovrelid, Anthi Papadopoulou, David Sánchez, and Montserrat Batet. 2022. The text anonymization benchmark (tab): A dedicated corpus and evaluation framework for text anonymization. Computational Linguistics 48, 4 (2022), 1053–1101.
[49]
Sravana Reddy and Kevin Knight. 2016. Obfuscating gender in social media writing. In Proceedings of the First Workshop on NLP and Computational Social Science. 17–26.
[50]
Joyce Rothschild and Terance D Miethe. 1999. Whistle-blower disclosures and management retaliation: The battle to control information about organization corruption. Work and occupations 26, 1 (1999), 107–128.
[51]
Mary Saade. 2023. Women & Whistleblowing. Hastings Journal on Gender and the Law 34, 1 (2023), 43.
[52]
Shikha Sachdeva and Narendra Singh Chaudhary. 2022. Exploring whistleblowing intentions of Indian nurses: a qualitative study. International Journal of Organizational Analysisahead-of-print (2022).
[53]
Pierangela Samarati and Latanya Sweeney. 1998. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical Report. Harvard Data Privacy Lab. https://dataprivacylab.org/dataprivacy/projects/kanonymity/paper3.pdf
[54]
David Sánchez and Montserrat Batet. 2016. C-sanitized: A privacy model for document redaction and sanitization. Journal of the Association for Information Science and Technology 67, 1 (2016), 148–163.
[55]
David Sánchez, Montserrat Batet, and Alexandre Viejo. 2012. Detecting sensitive information from textual documents: an information-theoretic approach. In Modeling Decisions for Artificial Intelligence: 9th International Conference, MDAI 2012, Girona, Catalonia, Spain, November 21-23, 2012. Proceedings 9. Springer, 173–184.
[56]
David Sánchez, Montserrat Batet, and Alexandre Viejo. 2013. Automatic general-purpose sanitization of textual documents. IEEE Transactions on Information Forensics and Security 8, 6 (2013), 853–862.
[57]
David Sánchez, Montserrat Batet, and Alexandre Viejo. 2014. Utility-preserving privacy protection of textual healthcare documents. Journal of biomedical informatics 52 (2014), 189–198.
[58]
Kim R Sawyer, Jackie Johnson, and Mark Holub. 2010. The necessary illegitimacy of the whistleblower. Business & Professional Ethics Journal (2010), 85–107.
[59]
Yanir Seroussi, Ingrid Zukerman, and Fabian Bohnert. 2014. Authorship attribution with topic models. Computational Linguistics 40, 2 (2014), 269–310.
[60]
Rakshith Shetty, Bernt Schiele, and Mario Fritz. 2018. A4nt: author attribute anonymity by adversarial training of neural machine translation. In 27th { USENIX} Security Symposium ({ USENIX} Security 18). 1633–1650.
[61]
Lauren M Stuart, Saltanat Tazhibayeva, Amy R Wagoner, and Julia M Taylor. 2013. On identifying authors with style. In 2013 IEEE International Conference on Systems, Man, and Cybernetics. IEEE, 3048–3053.
[62]
Amber Stubbs, Christopher Kotfila, and Özlem Uzuner. 2015. Automated systems for the de-identification of longitudinal clinical narratives: Overview of 2014 i2b2/UTHealth shared task Track 1. Journal of biomedical informatics 58 (2015), S11–S19.
[63]
Marie Terracol. 2019. Building on the EU directive for whistleblower protection: analysis and recommendations. (2019).
[64]
Jacob Tyo, Bhuwan Dhingra, and Zachary C Lipton. 2022. On the state of the art in authorship attribution and authorship verification. arXiv preprint arXiv:2209.06869 (2022).
[65]
Özlem Uzuner, Tawanda C Sibanda, Yuan Luo, and Peter Szolovits. 2008. A de-identifier for medical discharge summaries. Artificial intelligence in medicine 42, 1 (2008), 13–35.
[66]
Meghan Van Portfliet and Kate Kenny. 2022. Whistleblowing advocacy: Solidarity and fascinance. Organization 29, 2 (2022), 345–366.
[67]
Haifeng Wang, Hua Wu, Zhongjun He, Liang Huang, and Kenneth Ward Church. 2021. Progress in machine translation. Engineering (2021).
[68]
Benjamin Weggenmann and Florian Kerschbaum. 2018. Syntf: Synthetic and differentially private term frequency vectors for privacy-preserving text mining. In The 41st International ACM SIGIR Conference on Research & Development in Information Retrieval. 305–314.
[69]
Martin Weingardt. 2004. Fehler zeichnen uns aus: Transdisziplinäre Grundlagen zur Theorie und Produktivität des Fehlers in Schule und Arbeitswelt. Julius Klinkhardt.
[70]
Simone White. 2018. A matter of life & death: whistleblowing legislation in the EU. In Eucrim: The European Criminal Law Associations’ Forum, Vol. 3. 170–177.
[71]
Qiongkai Xu, Lizhen Qu, Chenchen Xu, and Ran Cui. 2019. Privacy-aware text rewriting. In Proceedings of the 12th International Conference on Natural Language Generation. 247–257.
[72]
Shubham Yadav, Santosh Singh Rathore, and Satyendra Singh Chouhan. 2020. Authorship Identification Using Stylometry and Document Fingerprinting. In Big Data Analytics: 8th International Conference, BDA 2020, Sonepat, India, December 15–18, 2020, Proceedings 8. Springer, 278–288.
[73]
Xiang Yue, Minxin Du, Tianhao Wang, Yaliang Li, Huan Sun, and Sherman SM Chow. 2021. Differential privacy for text analytics via natural text sanitization. arXiv preprint arXiv:2106.01221 (2021).
[74]
Ying Zhao and Jinjun Chen. 2022. A survey on differential privacy for unstructured data content. ACM Computing Surveys (CSUR) 54, 10s (2022), 1–28.
Index Terms
- Silencing the Risk, Not the Whistle: A Semi-automated Text Sanitization Tool for Mitigating the Risk of Whistleblower Re-Identification
Recommendations
Enforcing transparent access to private content in social networks by means of automatic sanitization
A system to enforce privacy protection in existing social networks.An automatic method to assess the privacy risks of users' publications.A transparent data storage and accessing mechanism according to users' credentials.Feasibility study and two ...
Enforcing transparent access to private content in social networks by means of automatic sanitization
A system to enforce privacy protection in existing social networks.An automatic method to assess the privacy risks of users' publications.A transparent data storage and accessing mechanism according to users' credentials.Feasibility study and two ...
Comments
Information & Contributors
Information
Published In
June 2024
2580 pages
ISBN:9798400704505
DOI:10.1145/3630106
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-NoDerivatives International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- German Federal Ministry of Education and Research (BMBF)
- Land Salzburg
Conference
FAccT '24
FAccT '24: The 2024 ACM Conference on Fairness, Accountability, and Transparency
June 3 - 6, 2024
Rio de Janeiro, Brazil
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 325Total Downloads
- Downloads (Last 12 months)325
- Downloads (Last 6 weeks)60
Reflects downloads up to 02 Feb 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in