21-April 200621-April 2006 jan.huizenga@tno.nl; +31 6 204 315 47

Privacy Incorporated Software Privacy Incorporated Software AgentsAgents

Jan Huizenga - TNO - PISA co-ordinatorJan Huizenga - TNO - PISA co-ordinator

22

Main Topics PISAMain Topics PISA

Mobile Intelligent AgentsMobile Intelligent Agents

Agents and PrivacyAgents and Privacy

ContributionContribution

OverviewOverview

33Main topics PISAMain topics PISA

Agent System

Human-Computer Interface

Network Privacy

Security & PrivacySecurity & Privacy

44Mobile Intelligent AgentsMobile Intelligent Agents

1998 2000 2002 2004 2006 2008 2010product date

Local Area: LAN Wide Area: WAN Personal Area:PAN

802.11

HIPERLAN

0,01

0,1

1

10

100

1000

1996

Ma

x d

ata

ra

te (

Mb

ps

)

Application Space

Video data rate

GPRS

3G

Voice

Text Messaging

Still Imaging

Audio Streaming

Video Streaming

Infotainment

Virtual Homes

High Speed Internet

PAN/LAN/WAN Convergence

Bluetooth

HomeRF

GSM

Mobile Agents

AMBIENT Intelligence

Communication Space

55Around PISA: Around PISA: a complex world where ...a complex world where ...

wireless

Server

SGSN

PDN

GGSN

NodeB

RNC

Gateway

ME

intermediationASP

Cellular(e.g. UMTS)

RAN

CoreNetwork

Sec. M.

Appli

PKI

privacy must transcend heterogenity and mobility

Local

MIKE’sAgent

External sources

Agent-provider

Agent 2Agent 1

Agent N

NetworkAgents

databases: personal dataabout Mr. Jones

Mr. Jones

MIKE

THE AGENT AND PERSONAL DATA FLOW

A personal agent can perform tasks for its user.

=> a personal agent needs personal information

77Agents & PrivacyAgents & Privacy

1997: NDPA, DPA Canada, TNO: 1997: NDPA, DPA Canada, TNO: Report “Agents, Privacy & PET Report “Agents, Privacy & PET

1999: How do we demonstrate agents & privacy?1999: How do we demonstrate agents & privacy?

2000: Project/consortium proposal : PISA 2001-20032000: Project/consortium proposal : PISA 2001-2003

Identifying the privacy requirements and threatsIdentifying the privacy requirements and threats

Designing PET for agentsDesigning PET for agents

Building a sample applicationBuilding a sample application

Evaluating the sample applicationEvaluating the sample application

88PRIVACY THREAT ANALYSISPRIVACY THREAT ANALYSIS

SYSTEM PURPOSE

TECHNOLOGY

INTEGRATED LIST OF THREATS

VIOLATIONS OF PRIVACY REGULATIONS

SOLUTION USE

Mobile codeMobile code

99

THETHE IDENTITY PROTECTOR

PET = Privacy Enhancing PET = Privacy Enhancing Technologies Technologies

PID 1

PID 3

PID 2

USER KNOWN

IDENTTY DOMAINS PSEUDO IDENTITY DOMAINS

1010The Privacy Agent DesignThe Privacy Agent Design

To show that privacy of the user is protected in all kinds of processes by incorporated PET features

Personal data

Non-Personal

data

Identity Protector

1111Privacy Protection Privacy Protection

How to achieve privacy protection in Agents?How to achieve privacy protection in Agents?

Deployment of PETs Classic tools (anonymity, Deployment of PETs Classic tools (anonymity, pseudonymity, unobservability and pseudonymity, unobservability and unlinkability)unlinkability) is not enough to achieve optimal is not enough to achieve optimal privacy protection.privacy protection.

Therefore PISA needs a design for:Therefore PISA needs a design for: Personal Data : Personal Identifiable Information Personal Data : Personal Identifiable Information

(PII), and Non-PII.(PII), and Non-PII. Legal rules (privacy principles)Legal rules (privacy principles) Agent Practices Statement (APS)Agent Practices Statement (APS) Privacy PreferencesPrivacy Preferences

1212Three Levels of Personal DataThree Levels of Personal Data

Level 1: Contact Information. Level 1: Contact Information.

Level 2: All other items of personal data Level 2: All other items of personal data except level 3. except level 3.

Level 3: Special categories of personal Level 3: Special categories of personal datadata..

1313Privacy PrinciplesPrivacy Principles

• Purpose specificationPurpose specification

• FinalityFinality

• Legimate ProcessingLegimate Processing

• Data qualityData quality

• TransparencyTransparency

• Data subject’s rightsData subject’s rights

• Storage durationStorage duration

• Right to objectRight to object

• SecuritySecurity

1414Privacy OntologyPrivacy Ontology

PIILevel2

PIILevel1

PIILevel3

DataProtectionAutority

PET

APS

PrivacyPrinciplePrivacyPreference

1..n

0..n1..n

1

Transparency Finality LegalProcessing TransferDataSubjectRights

PrivacyPolicy

PIIGroup PII

1515Model PISA AgentsModel PISA Agents

Privacy Protection by: 1. Anonymity & Pseudo-identities (PET)

2. Trust/secure “mobile code” (Encryption)

3. Act according the Directive (APS)

Controller

OtherAgents orServices

PISA

User

Per

son

al

Dat

a

AP

S

Auditor

TrustedThirdParty

PE

T

Pre

fere

nce

s

1616General PISA ArchitectureGeneral PISA Architecture

DataSubject

Controller

Processor

Auditor

Inte

ract

ion

PISA Platform

RegistrationAuthority

Agent

MonitorAgent

ServiceAgent

PersonalAgent

Task Agent Log Agent

AdvisorAgent

Certification Authority (PKI)

Auditing

Ext

erna

l Web

Ser

vice

s

1 agent / platform

1 agent / user

multiple agents

1717HCI and PRIVACY PROTECTION

Just-In-Time Click-Through Agreements:

Informed, Unambiguous Consent

HCI Requirements for Legislative Compliance and Usable Design

Building Trust & Reducing Risk From Privacy Legislation to Interface Design

1818Usability ResultsUsability Results

+ The prototype worked fairly well + The prototype worked fairly well (72%) and was easy to navigate (72%) and was easy to navigate (76%), but it had poor visual appeal (76%), but it had poor visual appeal (42%)(42%)

+ Users understood the concept of a + Users understood the concept of a personal assistant who could provide personal assistant who could provide services (92%)services (92%)

+ Users understood (>90%) the major + Users understood (>90%) the major functions (create, modify, track, functions (create, modify, track, results)results)

0

5

10

15

20

25

30

35

1 2 3 4 5 6 7

Rating Scale (Difficult to Easy)

Per

cen

t o

f P

arti

cip

ants

1919Network & PrivacyNetwork & Privacy

• Agent Onion Routing Network • Digital Rights Management for Privacy• Reputation System• Scalability

2020Security & Privacy in PISA AgentsSecurity & Privacy in PISA Agents

Practical solutions to provide privacy in agent technologyPractical solutions to provide privacy in agent technology

Agent Digital SignatureAgent Digital Signature Pseudo anonymous Task AgentsPseudo anonymous Task Agents Confidential communication: E-E-D encryptionConfidential communication: E-E-D encryption Agent -PKIAgent -PKI

Insight in challenges for agent technology / mobile codeInsight in challenges for agent technology / mobile code

Theoretical results (IEEE Symposium on Information Theory):Theoretical results (IEEE Symposium on Information Theory):

Definition perfect secrecyDefinition perfect secrecy Theoretical boundariesTheoretical boundaries PhD Thesis TUD : PhD Thesis TUD :

“ Private Computing and Mobile Code“ Private Computing and Mobile Code Systems” Systems” K. Carthrysse 2005: ISBN 10:90 90199-53-5K. Carthrysse 2005: ISBN 10:90 90199-53-5

2121ResultsResults

• Security & Privacy research is recognized as important in Security & Privacy research is recognized as important in Dutch scientific community;Dutch scientific community;

• But also in politics: Ministry of Economical Affairs But also in politics: Ministry of Economical Affairs subsidizes technical projects in privacy; subsidizes technical projects in privacy;

• Industry / business becomes aware of importance to protect Industry / business becomes aware of importance to protect privacy;privacy;

STIMULUS AND RATIONALE FOR NEW PRIVACY STIMULUS AND RATIONALE FOR NEW PRIVACY RELATED RESEARCH AND EXPLOITATIONRELATED RESEARCH AND EXPLOITATION

2222ContinuationContinuation

Continuation of the PISA work:Continuation of the PISA work:

RAPID: RAPID: Roadmap Privacy & Identity Management FP6Roadmap Privacy & Identity Management FP6

PRIME: PRIME: Privacy and Identity Management; Ontology & HCIPrivacy and Identity Management; Ontology & HCI

LOBSTER: LOBSTER: Intrusion Detection Geant2; Anonymous dataIntrusion Detection Geant2; Anonymous data

PAW: PAW: (Privacy in an Ambient World): Catholic University of (Privacy in an Ambient World): Catholic University of Nijmegen, University of Twente, Delft University of Technology, TNONijmegen, University of Twente, Delft University of Technology, TNO

BASISBASIS:: (Biometrics and Privacy) : University of Twente, Technical (Biometrics and Privacy) : University of Twente, Technical University Eindhoven, CWI, PhilipsUniversity Eindhoven, CWI, Philips

Privacy and RF- ID tagsPrivacy and RF- ID tags: : - TNO Study for Dutch government, RFID-Certification - TNO Study for Dutch government, RFID-Certification - TUD Thesis Anonymus RFID e- ticketing system - TUD Thesis Anonymus RFID e- ticketing system