Privacy and identity management for everyone
Abstract
The shift from a paper-based to an electronic-based society has dramatically reduced the cost of collecting, storing and processing individuals' personal information. As a result, it is becoming more common for businesses to "profile" individuals in order to present more personalized offers as part of their business strategy. While such profiles can be helpful and improve efficiency, they can also govern opaque decisions about an individual's access to services such as credit or an employment position. In many cases, profiling of personal data is done without the consent of the target individual. In the past decade, the European Union and its member states have implemented a legal framework to provide guidance on processing of personal data with the specific aim to restore the citizens' control over their data. To complement the legal framework, the PRIME (Privacy and Identity Management for Europe) project [14] has implemented a technical framework for processing personal data. PRIME's vision is to give individuals sovereignty over their personal data so that: ▷ Individuals can limit the information collected about them by using pseudo-identities, certifications and cryptography when performing online transactions, ▷ Individuals can negotiate legally-binding "privacy policies" with their service providers that govern how disclosed personal data can be used and which precautions must be taken to safeguard it, and ▷ Individuals and service providers can use automated mechanisms to manage their personal data and their obligations towards data which they have collected from other parties. To accomplish this, the PRIME project has designed and implemented a practical system-level solution which incorporates novel cryptographic protocols, sophisticated security protocols, and artificial intelligence algorithms. This paper describes the architecture of this system. Most key features of this architecture have been implemented in a proof-of-concept prototype. Copyright 2005 ACM.