Trusted Intermediaries as Privacy Agents
Last week, an Internet Privacy Workshop was held at MIT, sponsored by IAB, W3C, MIT, and ISOC. About 60 people attended, including three of us from Cisco. In order to be invited to the workshop participants needed to write a short position paper on a topic relating to Internet Privacy. The position papers and the workshop covered a wide range of topics, and the papers are expected to be published in the near future. In the meanwhile, here is my submission, which ties closely to work being done in the identity field.
Trusted intermediaries could provide a way for users to manage their personal information, including data managed by third parties (such as their credit score), in a manner they control. The intermediary would provide a way for the user to store their preferences regarding the disclosure of specific information, including the terms under which the information can be reused and repurposed. For example, a user might allow a particular merchant to record their address for purposes of purchasing a new automobile, but might not allow them to share that address with companies offering related accessories such as seat covers.
Another function that can be provided by a trusted intermediary is the disassociation of attributes about a user from other identifying information about that same user. An intermediary trusted by the user, and also trusted as a “fair broker” of attributes by the relying party, can make assertions about the user (e.g., that he or she is an adult) without actually disclosing who the user is. This is important for use cases such as those that involve whistle-blowing and anonymous crime reporting.
More broadly, internet protocols are sometimes described as “privacy enhancing.” Privacy is really a social condition, well out of the scope of those of us that are involved with protocol development. The best we can do is to consider privacy needs and provide the capabilities to support privacy in protocols we develop. However, it is a societal decision whether, when, and how to use these capabilities.