Starting in September 2012, one of the ABC4Trust project’s pilots was running at the Patras University in Greece. The goal of this pilot was to allow university students to anonymously participate in an online course evaluation at the end of the semester using Privacy-enhancing Attribute-based Credentials (Privacy ABCs).


Course evaluation has become standard practice in most universities around the world. However, it is typically conducted on paper to protect the students’ privacy. In cases where they are conducted through computers, the computers are normally operated by a neutral trusted organisation independent from the university being evaluated; otherwise the students would be required to put a lot of trust in the fairness and privacy practices of their university.

 

ABC4Trust work package representatives visiting Patras University

 

The ABC4Trust pilot addressed this particular challenge: Only if the privacy of the people expressing their opinion is preserved one can expect correct and credible results of electronic course evaluations. Therefore, ABC technologies were employed to guarantee that no information was sent to the evaluation system which could have been used later on to identify the student who submitted the evaluation. At the same time, the system had to guarantee that only eligible students had access to the evaluation of a course. Consequently, the system had to verify that a student (1) is enrolled in the university, (2) has registered to the course and (3) has attended the majority of the lectures of that course.


At the beginning of the pilot, each student received a smart card, which was used to obtain Privacy-ABCs, issued by the university. These credentials were used by students at the end of the semester to prove the desirable properties, e.g. verify their enrolment in the university and the course they had registered for, without revealing their identity. The students utilised the same smart card to anonymously collect proof for their class attendance. During the semester each attending student had to wave her/his card in front of a NFC device, set up in the lecture room, to collect the relevant proof. At the end of the semester, the students anonymously authenticated from their PCs to the online evaluation page of the corresponding course, by combining the credentials they had collected.
The deployed technology did not allow the card owners to exchange their obtained credentials or submit more than one evaluation for the same course.

 

According to the results of a final questionnaire, the students feel that Privacy-ABCs can help them to manage their e-identities and enable them to use internet services in a privacy preserving way.


As a result of this technology, universities will be able to run their own computerized course evaluation systems. Due to the fact that the ABC technologies on the identity cards will sever all possible links between incoming electronic feedback and the identity of the students who submit it, the students do not have to put any trust into the privacy practices of the evaluating university. Furthermore, the technologies also guarantee that feedback comes only from duly accredited students.