Building a Privacy Gardian for the Electronic Age

WP5 involves an investigation of issues associated with network, scalability and user interfaces for privacy enhancing technologies. The goal of this work is to produce an analysis of the design of PISA privacy enhancing technologies with a view to improving network security, scalability and usability of implementations. For deliverable 5.2 we outline approaches for scalability for privacy provisions within PISA Systems, define test cases for PISA system scalability, test PISA system scalability for these cases and analyze PISA scalability. Keyword list Agent, Mobile Agents, modeling, usability, communication, privacy, user interfaces, security, network, scalability D 22: PISA system scalability Page 2 / 66 Executive summary In this document we examine two areas: modeling aspects of PISA system design, and testing PISA system scalability. Since at this stage the PISA prototype is under development, the objective of this work is to provide an overview of approaches that may be applied to modeling and testing. More specifically, we develop early models of the PISA prototype system design, define test cases for PISA system scalability, test the design for PISA system scalability and indicate the direction we will take in WP5. D 22: PISA system scalability Page 3 / 66 PISA, project information Contribution PISA contributes to key action lines of the IST-program of the EC: II4.1: “ To develop and validate novel, scalable and interoperable technologies, mechanisms and architectures for trust and security in distributed organizations, services and underlying infrastructures”. II4.2: To scale-up, integrate, validate and demonstrate trust and confidence technologies and architectures in the context of advanced large-scale scenarios for business and everyday life. This work will largely be carried out through trials, integrated test-beds and combined RTD and demonstrations. Goal The objectives of the PISA-project are: Demonstration of PET as a secure technical solution to protect the privacy of the citizen when he/she is using Intelligent Agents (called shopbots, buybots, pricebots or just "bots", a short for robot1) in E-commerce or M-commerce applications, according to EC-Directives on Privacy. Interaction with industry and government to launch new privacy protected services. The PISAproject will produce a handbook on Privacy and PET for ISAT and a PISA-agent as shareware. Also a plan for the dissemination of the results of PISA will be produced. Propose a standard for Privacy Protected Agent Transactions to Standardization Bodies. Results PISA contributes at building a model of a software agent within a network environment, to demonstrate that it is possible to perform complicated actions on behalf of a person, without the personal data of that person being compromised. In the design of the agent an effective selection of the presented Privacy Enhancing Technologies (PET) will be implemented. We label this product as a Privacy Incorporated Software Agent (PISA). The PISA demonstration model is planned to be a novel piece of software that incorporates several advanced technologies in one product: • Agent technology, for intelligent search and matching; • Data mining or comparable techniques to construct profiles and make predictions; • Cryptography for the protection of personal data, as well as the confidentiality of transactions. In particular, with regard to WP5, the project involves: • Research into the better known network approaches for privacy; • Assessment of PET developed in PISA regarding their network scalability; • Research and development of approaches for trustworthy user interfaces for privacy preference specification and privacy reported for agent-based systems. Additionally the project involves: • Legal expertise to implement the European privacy legislation and the needed development of new rules and norms; • System design knowledge to turn legal boundary condition into technical specifications; • Advanced software-programming skills to implement the privacy boundary conditions. In order to prove the capability of the PISA-model, we propose to test it in a model environment in two cases in e-commerce that closely resembles a real-life situation 1 In E-commerce, “Bots” will slug It Out for Us; International Herald Tribune, 21 August 2000 D 22: PISA system scalability Page 4 / 66 PISA Project consortium • TNO-FEL Physics and Electronics Laboratory Oude Waalsdorperweg 63 P.O. Box 96864, 2509 JG The Hague, The Netherlands Project co-ordination, Privacy Enhanced Technologies TNO-TPD Institute of Applied Physics Stieltjesweg 1 P.O.Box 155, 2600 AD Delft, The Netherlands Intelligent Software Agents Platform and PISA-demonstrator • Netherlands Data Protection Authority Prins Clauslaan 20 Postbus 93374, 2509 AJ The Hague, The Netherlands Privacy Protection and Legal Issues • Delft University of Technology, Faculty of Information Technology and Systems, Information Theory Group Mekelweg 4 P.O. Box 5031, 2600 GA Delft, The Netherlands Cryptography • Sentient Machine Research Singel 16