Privacy by design

Online services that store our personal information have proliferated, yet the technology to underpin how our privacy is safeguarded has lagged behind. This was the conclusion of a 2008 report by the UK’s Information Commissioner’s Office, a body set up to uphold privacy for individuals, which pressed for “the evolution of a new approach to the management of personal information that ingrains privacy principles into every part of every system in every organisation.”

This ethos underpins research led by Professor Jon Crowcroft, the Marconi Professor of Communications Systems in the Computer Laboratory. Two projects he leads aim to minimise privacy risks, and at the heart of both is the concept of ‘privacy by design’.

“Privacy by design means that it’s in-built as part of the technology, rather than bolted on in order to comply with data protection laws,” he explained. “With privacy by design, it would simply not be possible for incidents such as the leaking of LinkedIn passwords to happen.”

One project is tackling the challenge of how to maintain privacy when all your data are stored by a central service – the so-called cloud. Anyone who stores images on flickr, or accesses emails from a central server, is cloud computing, and today many businesses are turning to centralised data centres as an economic means of storing their information. However, concerns have also been raised about the scale of control that cloud service providers wield over the data they store and can potentially monitor.

Crowcroft and colleague Dr Anil Madhavapeddy are building technologies to support the control of networked personal data as part of a five-year £12 million research hub (‘Horizon’), which is led by the University of Nottingham and funded by the Engineering and Physical Sciences Research Council (EPSRC). The research is driven by the overarching concept of a lifelong contextual footprint – the idea that each of us throughout our lifetime will lay down a digital trail that captures our patterns of interaction with digital services – and how best to protect this.

A second project, FRESNEL (for ‘Federated Secure Sensor Network Laboratory’), is focusing on privacy in networks that people use to modify their heating, lighting and home entertainment when they are not at home, as well as networks that monitor traffic flow and air quality, and enable a doctor in hospital to check a patient’s health at home.

“Current technologies have usually been devised for single-owner sensor networks that are deployed and managed by a central controlling entity, usually a company that has set themselves up to offer this capability,” he said. “They don’t have the right scalability and security required to deal with a secure multi-purpose federated sensor network, running different applications in parallel. Our aim is to build a network framework with multiple applications sharing the same resources.”

With funding from EPSRC, Crowcroft and Dr Cecilia Mascolo and colleagues, working with Dr Ian Brown at the University of Oxford and industrial project partners, now have a demonstrator program in operation that is currently being evaluated through a large-scale federation of sensor networks across the University of Cambridge.

The aim of these projects, explained Crowcroft, is not to lock up personal data, removing the ability to socialise it, but rather to support systems that process data without sacrificing privacy: “We are building technologies to support lifelong control of networked personal data. For instance, a significant driver behind social networking has been the ecosystem of data processors that aggregate and provide services such as recommendations, location searches or messaging. But the big drawback is that users have to divulge more of their personal data to a third party than is necessary, because of the difficulty of distinguishing what is needed. Our research starts from a single premise – that individuals require control over access to, and use of, their personal data for ever.”

Crowcroft and colleagues have launched a not-for-profit foundation, Digital Life Foundation, which will build an open-source community around these technologies.

For more information, please contact Louise Walsh (louise.walsh@admin.cam.ac.uk) at the University of Cambridge Office of External Affairs and Communications.