Legitimately accessible data is aggregated to derive
unauthorized information. Examples include getting the total departmental
salary figures just before and after a new employee is hired to derive the
salary of the new hire, attending a wide range of unclassified but private
meetings in a particular area in order to gain an overall picture of what
work a group is doing, and tracking movements of many people from a
particular organization and correlating that information with job titles and
other events to derive intelligence indicators.
aggregation can be quite complex both to perform and to protect against.
Some work on protecting against these attacks has led to identifying
NP-complete problems, while gathering information through this technique may
involve solving a large number of equations in a large number of unknowns
and is similar to integer programming problems in complexity.