Project aims to protect personal info online by requiring less of it
European pilot program would verify identities with minimum disclosure
- By Kathleen Hickey
- Feb 01, 2011
Americans are more worried about their privacy being violated online than they are about terrorist attacks, losing their jobs or bankruptcy, according to a recent survey sponsored by the browser-maker Opera Software.
The survey, conducted by the research firm YouGov, asked people in the United States, Russia and Japan what worried them most in their daily lives. For U.S. respondents, only being hurt in a traffic accident (27 percent) was a bigger daily worry that online privacy violations (25 percent). Bankruptcy (23 percent), job loss (22 percent) and a terrorist attack (13 percent) were among the concerns further down the list.
The survey didn’t ask people to rank the potential severity of each concern, only how common they are. The results offer another example of how worries over the protection of personal information have grown with the online transactions.
Those worries were highlighted during the recent Data Privacy Day, an international event to raise awareness and promote data privacy education. The event is sponsored by the nonprofit Privacy Projects organization and has been recognized by Congress since 2009.
One way to protect personal information online would be to require less of it.
In many ways, today’s identity verification technologies are an all-or-nothing deal – a Social Security number can provide a vast amount of information about an individual, including name, age, address, phone number, criminal record (if any) – even, potentially, how much toilet paper he or she buys in a month.
Often, however, the entity requesting the information really only needs a small piece of that data – such as whether an individual is of legal drinking age or is a local resident.
A new four-year pilot project announced Jan. 28 aims to address this gap. The project would use technology from Microsoft and IBM to allow individuals to provide less information about themselves for identity verification.
The European Research Consortium project, ABC4Trust, will be piloted at a Greek university and Swedish secondary school. Attribute-Based Credentials (ABC), based on IBM’s Identity Mixer and Microsoft’s U-Prove technologies, will enable identity verification with minimum disclosure. Personal attributes, such as behavior profiles and an individual’s identity, would not be exposed to an Internet service provider without his or her consent.
“Revealing more information than necessary not only harms users’ privacy but also increases the risk of abuse of information, such as identity fraud, when personal information falls in the wrong hands,” said Dr. Kai Rannenberg of the T-Mobile Chair of Mobile Business & Multilateral Security at Goethe University Frankfurt and the project's coordinator.
Begun in November, ABC4Trust is an $18.3 million project, with $12 million provided by the European Union’s Seventh Framework Program.
The Swedish project will allow students and parents to securely access a social network for pupils and verify their identity for school services such as medical services and counseling. The Greek project will enable students to poll and rank the courses they took and their respective lecturers without revealing their identities. In both cases the technology can be used to issue credentials and can be stored on a smart card or mobile phone.
"The problem with today's solutions is that they don't make these kinds of distinctions," said Ronny Bjones, a Microsoft security technology architect, in a report by Declan McCullagh on CNET. "We leave such a digital footprint around on all these different sites."
"Our goal [with ABC] is to provide the technical tools but also the societal discussions about how we can achieve privacy in an electronic society," added Jan Camenisch, a Zurich-based cryptographer with IBM Research, in the same article.
Federal agencies also have begun initiatives to improve online data protection. The Commerce Department and the Defense Advanced Research Projects Agency have begun initiatives in response to President Barack Obama’s May 2010 National Security Strategy.
And in December the Federal Trade Commission issued a report proposing a “Do Not Track” mechanism to allow Internet users to opt out of online tracking.
Kathleen Hickey is a freelance writer for GCN.