Privacy research roundup–A snapshot of global initiatives

Privacy-related research is thriving at colleges, universities and organizations worldwide. Here is a look at some of the initiatives currently underway.

Xuxian Jiang, an assistant professor of computer science at North Carolina State University, and a team of researchers have developed software to protect smartphone users from data hackings. Jiang and his team developed the Taming Information-Stealing Smartphone Applications (TISSA) software after finding a smartphone security deficiency while researching how cloud data would be collected via mobile phones. TISSA allows smartphone users to program a “privacy mode” on a device to control which applications can access which information. “In privacy control mode, you can dynamically configure which particular data you would like to give to a particular app,” says Jiang, adding that one can essentially say, “This set of information, I do not want any app to access. My information will stay in the device.” The researchers are now working on how to adapt the system to deal with malware.

Data Protection and the Open Society, an ongoing research project by Oxford University research fellow David Erdos, is looking at the tension between data protection laws and practices and free speech. Erdos says such tension is becoming more and more important to not only the future of data protection in general but also in academia. “The law on the books can be appallingly stifling,” Erdos says. “While there are many that have absolute or near absolute exemptions from data protection, for the media there are often none or very limited exceptions for scientific or historical or statistical research.” Countries’ requirements for consent before data processing; the right for a data subject to object to processing, and restrictions on publishing data that may distress data subjects, for example, all impede academic progress, Erdos says. “I think what data protection has encouraged is a massive expansion of what we mean by regulatable research.”

Beichuan Zhang, an assistant professor of computer science at the University of Arizona, received $8 million in funds last year from the National Science Foundation under its “Future Internet Architecture” program. Zhang and nine university teams have created the Named Data Networking (NDN) project, which would improve Internet content delivery and security by caching data on multiple, local servers rather than only at one central site. “When I get a YouTube video, it’s from a specific server. In NDN architecture, you can do this, but you also have additional choices,” Zhang explains. “Like, if a video is available in some nearby location, you can get it quicker. So the eventual goal is that now we have the possibility to retrieve data from different places, from the nearest source, to give you better quality.” The system would make data integrity a priority, since users would access specific data itself rather than the channel in which the data is stored, which would help protect sensitive information such as bank transmissions. “Right now, what is secure is the channel, not the data,” Zhang says, adding that “Privacy will also increase because there will be no source address, “just the name of the content and the actual content. All I know is that someone from the downstream sent a request for this data, and someone from my upstream sent the data back. But how far away the sender or receiver is from me, I don’t know.”

Vermont Law School has received a $450,000 grant from the U.S. Department of Energy to examine the smart grid’s potential regulatory and privacy issues. At present, utilities share some customer energy data with authorized third parties. But as the smart grid becomes reality and smart meters begin to digitize household energy information, the amount and granularity of data that utility companies will collect from consumers continues to increase. Vermont Law School researchers will study the risks, and propose a privacy policy that utility companies may use to thwart customer concerns and pushback.

Privacy Advisor.

Bastian Könings and Florian Schaub of Germany’s Ulm University are developing a framework for ambient intelligence environments—technological environments that are sensitive and responsive to the presence of people and situations. In European Project

, Könings and Schaub are working on a program that would identify contextual situations in which a change in privacy settings would be beneficial to the end user’s needs. The change would either be suggested by the system to the user or automatically enforced so that access to sensitive information is only available to those authorized. For example, if an individual is looking at a sensitive document online and another individual enters the room, the document would be hidden on screen. “In general, we take a very user-centric approach in our research, because we believe that future privacy mechanisms can only be effective if they adequately support the user in shaping her privacy boundary rather than protecting only very specific information items,” said Schaub. The next aspect of the research will involve finalizing the model and adapting it to real-world scenarios capable of detecting “all present observers and disturbers,” Könings says.

In studying various mechanisms used to track users as they browse the web, Franzi Roesner along with Professors Tadayoshi Kohno and David Wetherall of the University of Washington discovered that—despite pervasive concerns about third-party cookies—many sites on which users voluntarily entered relationships, particularly social media sites, track users’ web movements via widgets. As a result, the researchers have developed ShareMeNot, which prevents widgets from tracking users online, while still enabling “sharing” buttons when users opt to use them. “Many of the providers of social widgets argued that tracking via these widgets should not be covered by any anti-tracking policies,” Roesner says, because users have opted in to a relationship with the widget provider by creating an account and agreeing to its policies. “We disagree with this. Users should have the option to maintain control of their data, and the choice to have and use an account with one of these websites should not be coupled with the revealing of all browsing information on a site where the associated social widgets are displayed.”

In pursuit of a doctorate in business administration at Walden University in the U.S., Brandon Gust, CIPP, of Oregon Medical Group will research patient perceptions of digital identification methods in healthcare. Using a phenomenological research method, Gust will soon conduct in-depth and open-ended interviews with patients on their awareness of medical identity theft as well as their comfort level with the various methods healthcare facilities may be using to prevent identity theft, including biometric identifiers such as thumbprints, palm scanners and facial recognition software. “I think there’s a fair amount of research out there about the impact of medical identity theft and the costs and various quantitative measures of the issue. But what I think is missing in the literature is really patient perceptions and experiences with the various types of prevention issues out there,” Gust says.

The University of Texas at San Antonio (UTSA) was selected to receive a four-year, $1.25 million grant from the National Science Foundation’s Federal Cyber Service: Scholarship for Service program. The program offers students funding for school in exchange for work as employees in the federal cybersecurity sector. Grant recipients will pursue a degree in cyber or information security. Greg White, associate professor of computer science and director of the UTSA Center for Infrastructure Assurance and Security, says degrees in cybersecurity are becoming increasingly popular, as is interest in the field in general.

IBM researcher Jan Camenisch is leading research on privacy-enhancing authentication technologies, including identity-mixer technology that uses cryptography. For example, Camenisch and his team are developing protocols that would allow users to access a database without the database provider’s knowledge of which records the users accessed, while still allowing the provider to grant access rights to only those qualified. IBM researchers also partnered with research group Privacy and Identity Management for Europe (

)  on PrimeLife--a project that “aimed to solve all remaining online privacy problems” ranging from social networks, lifelong privacy management, policy languages, human computer interactions and education, among other topics.

Meanwhile, IBM is also working with PRIME on

, an EU-funded project that aims to enable European citizens to better protect their privacy and identities. When users access Internet services, they are required to create a personal profile for each, revealing information about themselves. The initiative’s coordinator, Prof. Kai Rennenberg of Goethe University Frankfurt, says Attribute-Based Credentials (ABC)–which require the user to prove only certain required information rather than giving away their full identity–can support secure authentication and privacy. A secondary school in Sweden will test a pilot application, which will allow pupils and parents to use ABC authentication to communicate about school information while maintaining privacy. The Research Academic Computer Technology Institute in Greece will test ABC4Trusts’s second pilot, which will ask students to evaluate professors and courses they took, while maintaining student respondents’ anonymity.

The Privacy Advisor.