Now Internet data collection can be carried out through a novel cryptographic method without invading user privacy.
Collection of and statistical reporting on online personal data helps towards a better understanding of consumer trends, but respect for user privacy is a sensitive area that needs to be properly managed. Now Aniket Kate, Head of the Cryptographic Systems Research Group at the Cluster of Excellence at the Saarland University in Saarbrücken, Germany, has developed a new cryptographic method, a software system dubbed ‘Privada’, which enables data to be collected and aggregated in a way that does not encroach on personal privacy. The software was unveiled for the first time at the CeBIT computer expo in Hanover in the second week of March. Privada splits user information upstream and sends parts of it to different servers performing multiple statistical computations.
Data collection and user privacy – a win-win situation
The principle is simple. User information is split up and parts of it are sent to a number of previously defined servers performing multi-party computation. Each server evaluates its data without being aware of the data of the other ‘parties’, so that together they compute a ‘secret’, which each is not able to decode it on its own. “For example, with Privada, website owners are still able to work out that their websites are mainly visited by middle-aged women, but nothing more,” explains Aniket Kate. However, there are two factors that threaten privacy during the process of data aggregation: on the one hand, where and how the data is aggregated; and on the other, the danger that the aggregated data is not published in a way that will preserve privacy but allow clues to personal identity to emerge.
Taking back control of one’s own data
Despite the importance of preserving user anonymity, Kate emphasises the fact that currently “many website providers collect data, but only a few manage to do so without invading users’ privacy.” This information might well disturb those who value their privacy. Meanwhile, there is a growing trend for consumers to want to re-appropriate their own personal data and profit from sharing it with whom they choose. Accordingly, a number of young companies have emerged with plans to return ownership of data to users and enable them to dispose of it as they wish. According to a report from the Boston Consulting Group entitled ‘The Value of Our Digital Identity’, the total value of personal data for organisations (€330 billion) and individuals (€670 billion) will amount to a trillion euros by 2020.