Starting in September 2012, one of the ABC4Trust project’s pilots was running at the Patras University in Greece. The goal of this pilot was to allow university students to anonymously participate in an online course evaluation at the end of the semester using Privacy-enhancing Attribute-based Credentials (Privacy ABCs).
Course evaluation has become standard practice in most universities around the world. However, it is typically conducted on paper to protect the students’ privacy. In cases where they are conducted through computers, the computers are normally operated by a neutral trusted organisation independent from the university being evaluated; otherwise the students would be required to put a lot of trust in the fairness and privacy practices of their university.
The ABC4Trust pilot addressed this particular challenge: Only if the privacy of the people expressing their opinion is preserved one can expect correct and credible results of electronic course evaluations. Therefore, ABC technologies were employed to guarantee that no information was sent to the evaluation system which could have been used later on to identify the student who submitted the evaluation. At the same time, the system had to guarantee that only eligible students had access to the evaluation of a course. Consequently, the system had to verify that a student (1) is enrolled in the university, (2) has registered to the course and (3) has attended the majority of the lectures of that course.
At the beginning of the pilot, each student received a smart card, which was used to obtain Privacy-ABCs, issued by the university. These credentials were used by students at the end of the semester to prove the desirable properties, e.g. verify their enrolment in the university and the course they had registered for, without revealing their identity. The students utilised the same smart card to anonymously collect proof for their class attendance. During the semester each attending student had to wave her/his card in front of a NFC device, set up in the lecture room, to collect the relevant proof. At the end of the semester, the students anonymously authenticated from their PCs to the online evaluation page of the corresponding course, by combining the credentials they had collected.
The deployed technology did not allow the card owners to exchange their obtained credentials or submit more than one evaluation for the same course.
According to the results of a final questionnaire, the students feel that Privacy-ABCs can help them to manage their e-identities and enable them to use internet services in a privacy preserving way.
As a result of this technology, universities will be able to run their own computerized course evaluation systems. Due to the fact that the ABC technologies on the identity cards will sever all possible links between incoming electronic feedback and the identity of the students who submit it, the students do not have to put any trust into the privacy practices of the evaluating university. Furthermore, the technologies also guarantee that feedback comes only from duly accredited students.
Social networks have become widely used nowadays and are increasingly finding acceptance in different scenarios of our daily lives. Depending on the target group, different social networks have been set up to enhance the online experience of users or to provide them with an easy way to interact and share information with the other members of the network.
While some of the social networks make their resources available to a large target group (such as Facebook or Twitter), there are some specific communities, where it is desirable to limit the access to particular individuals or certain groups of users. This was the case in the ABC4Trust pilot. The target group were pupils of a school in the Municipality of Söderhamn in Sweden. The intention of the pilot was to provide online services for the members of our use case community. The pupils of this school were able to use different “community services” while their privacy was protected, at the same time, by enabling pseudonymous and anonymous access.
This use-case scenario primarily concerned privacy-enhancing online communication and the exchange of personal information between users (pupils and their guardians, school personnel, etc.). However, the pilot system offered a variety of different services such as online chats, discussion rooms, counselling sessions, document sharing, and polling. Furthermore, since some of the exchanged data were very sensitive in nature it required increased protection from unauthorised access by third parties.
Depending on the users’ roles in the pilot, the school was responsible for issuing corresponding credentials, e.g. a pupil’s credentials contained the respective attributes regarding their class, age, caretakers, teachers, etc. In order to access a chat or any other service provided by the communication network, a user only needed to prove that she/he possesses credentials with attributes that satisfy specific properties, without necessarily revealing the corresponding attribute values. So it was sufficient and possible to prove that a credential contained a date of birth that lies more than 14 years in the past without giving away the exact date.
One of the main functionalities were counselling sessions. Whenever a pupil had a problem, be it physical, psychological, mental, financial or any other, she/he was able to discuss it with a counsellor or the school nurse online. While pupils could feel assured that their identity was well protected, the counsellor was certain that the user was indeed a pupil of the school and entitled to access the service. Due to legal obligations of the school, which was the responsible authority for the communication system, it was not possible to conduct the counselling sessions completely anonymously, but only pseudonymously. Therefore, the optional feature of ‘inspection’ was deployed and tried in practice. The inspection feature enables the revelation of the user’s identity under strictly predefined conditions about which the user has to be informed in advance. Consequently, only the real identity of those users is revealed who fulfil the predefined conditions, such as committing an offence, or threatening the safety of the school or other pupils.
By staying unidentified pupils seemed more willing to talk about their problems, while they might have otherwise felt reluctant, shy or scared to talk about these issues. Privacy-enhancing Attribute-Based Credentials (Privacy-ABCs) are an enabler for such services. The technology allows users to log in by proving that only certain parts out of a larger certificate are valid (e.g. having a certain age or belonging to a specific school class) instead of presenting the whole certificate and disclosing all information contained therein.
The pilot showed that, while there may already exist a number of other solutions which provide functionalities and services similar to the ones provided by this pilot application, the value of trust and privacy can be added by deploying privacy-friendly technologies built upon Privacy-ABCs. Designed with privacy in mind, these technologies provide a trustworthy environment for the users, since the information the users share can not be linked to them in any way, as long as they choose to remain private.