The project’s pilots were brought to a successful conclusion. As a result the project made big steps towards future exploitation.
The data minimisation principle states that (only) the data necessary for a given and predefined purpose may be processed. Privacy-preserving Attribute-based Credentials (Privacy-ABCs) permit to remove data from a certificate that are not necessary to make use of a certain service while retaining the integrity of the issuer’s signature for the remaining information.
ABC4Trust achieved its goal to prove that privacy-preserving tools can be implemented reasonably in different applications. At the same time a wide range of experience was gained concerning the actual technical realisation as well as the consulting and supporting of the users. Thereby, another important step on the way to marketable Privacy-ABCs was taken. Prof. Dr. Kai Rannenberg from Goethe University Frankfurt states, ”The respective authorities are happy with the pilots and the feedback. Active negotiations are underway to integrate the pilots into larger systems and regular use. So in the not so far future we expect more European public services and other organisations to switch to Privacy-ABCs."
Using public social networks currently available in the web is common practice at many schools. However, these social networks lack proper protection of the pupils’ and their guardians’ privacy. If e.g. the same username is employed in different settings, it is possible to link cross-context and as a consequence reveal the user’s identity.ABC4Trust’s School Pilot provides a privacy-preserving school network for information exchange. Pupils and their parents are enabled to communicate securely with each other and/or teachers and other school staff within verified areas while retaining their anonymity to the extent possible or acting under pseudonyms which they can choose anew any time. “By utilizing the Privacy-ABC technologies, all users remain in full control of what level of personal information they disclosed to whomever, whenever,” explains Souheil Bcheri from Eurodocs AB, who set up and maintained the system.
After about one year of test operation at Norrtullskolan in Söderhamn/Sweden the results are promising. The technology as a whole as well as the Privacy-ABCs features work and the efficiency of the system is brought to a satisfying level. Overall a good feedback from the users concerning the feasibility was provided. “The results of the survey conducted following the conclusion of the pilot demonstrated that the pupils understood the system’s privacy protecting features when they performed various activities such as anonymous chatting with peers, parents and teachers. Perhaps the most significant survey results were the pupils’ acknowledgement that they trusted the Privacy-ABC technologies and would be willing to use the system if it were to continue operating,” says Souheil Bcheri. This indicates that there is a demand for services that employ Privacy-ABCs.
The University Pilot allows students to evaluate their courses anonymously. At the same time, the system guarantees that only students that are duly accredited and visited a minimum number of lectures can participate in the evaluation. Therefore, an NFC (contactless) reader has been placed in the lecture room. The students ‘check in’ as they pass, using their smart cards. Besides the evaluation function, the students could also choose to participate in a tombola. Therefore, an additional – inspectable – ‘tombola credential’ was issued with the purpose to reveal the winner’s identity. Thereby, the optional feature ‘inspection’ was tried in practice. Inspection enables the revelation of the user’s identity under strictly predefined conditions about which the user has to be informed in advance.
According to the results of an anonymous questionnaire, the students feel that Privacy-ABCs can help them to manage their e-identities and enable them to use internet services in a privacy preserving way. The systems’ responsiveness and overall speed was considered as good. “The students who participated in the Patras pilot confirmed our belief in the effectiveness and usability of Privacy-ABCs. The students are convinced that their privacy is preserved while interacting with the pilot system. They also feel that the Privacy-ABCs technology could greatly contribute to the protection of their personal data in many other online services such as social media, blogs and e-shopping,” concludes Prof. Dr. Yannis Stamatiou from the Computer Technology Institute and Press (CTI), the lead of the pilot project in Patras.
Since life without internet has become practically unimaginable to most people and especially to young people, it is necessary to also have a close eye on the threats that go along with the indisputable advantages of the technical progress. Especially children have to be enabled to use the internet, but at the same time need to be sufficiently protected and empowered to avoid online risks. This need was also stressed by Ms. Neelie Kroes, European Commission Vice-President for the Digital Agenda, at the ‘EU Cybersecurity Strategy – High Level Conference held in Brussels’ on 28th February 2014. As one of the invited projects ABC4Trust took the opportunity to demonstrate its pilot projects to a distinguished audience. To foster the publicity and implementation of Privacy-ABCs, ABC4Trust has constantly been presenting its results at expert conferences. Service providers need to rethink the way they give access and identify their customers, while the users need to be informed about which personal information they are disclosing.
Communication and evaluation systems using Privacy-ABC technologies have the potential to become standard, e.g. for school internal networks. The data referring to a pupil’s school life (from performance to personal matters) surely need protection. Furthermore, schools have to react to the ongoing digitalisation, e.g. by introducing ‘Internet competence’ into the curriculum. Implementing Privacy-ABCs into school networks could be part of this. A network that applies Privacy-ABCs could e.g. provide counselling sessions with predefined counsellors. Pupils seeking advice benefit from this low-threshold offer, since knowing that they are anonymous may make it easier to take the first step towards help. Also, school internal trouble may be revealed earlier, since the pupils are enabled to bring up a topic anonymously, i.e. without being ‘the troublemaker’. But of course also ‘basic functions’ like chat rooms and document sharing benefit from unlinkability.
ABC4Trust invites interested parties to join its Summit Event on 20th January 2015, at the Hessian State Representation at the European Union, 21 rue Montoyer, in Brussels (Belgium). Beyond detailed information about the pilots, we will present additional project results. While the trials were using smart cards, ABC4Trust meanwhile made Privacy-ABCs available on mobile devices, too. Furthermore, other thinkable use cases were examined, e.g. in combination with the employment of electronic identification cards (eID) or setting up a system that allows anonymous participation in online polls (such as petitions).
For more information about the Summit Event please visit https://abc4trust.eu/summit