Accountable HTTP seeks to increase data privacy through transparency

MIT researchers have a developed a protocol to let us see who’s using our information

transparent-600x450_0.jpgImage credit: flickr/patstip (license)
M.I.T. researchers believe increased transparency can help to protect our online data

Data security breaches seem to happening more and more often these days. Of course, even if your private data is securely stored with an organization you trust, that doesn’t mean your privacy can’t still be compromised. People with legitimate access to it can make improper use of your information, even unintentionally, by sharing it or using in a way you don’t know about without your permission.

If this sort of thing keeps you up at night, then you may soon sleep better thanks to work being done by some of the smart folks at MIT Oshani Seneviratne and Lalana Kagal, both researchers in the Digital Information Group (DIG) at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL), have developed a protocol to help ensure your privacy through requiring increased transparency by those who would access your data. 

Seneviratne and Kagal, under the guidance of DIG director Tim Berners-Lee, have developed what they call Privacy Enabling Transparency Systems (PETS). PETS is built on open standards and uses a specification for a new web protocol called Accountable HTTP (HTTPA), developed by Seneviratne as part of her PhD dissertation. Under HTTPA, each piece of personal information that gets transmitted has its own unique identifier. Those identifiers can then be used to associate rules and restrictions for the use and transmission of the information specified by those providing the data (e.g., you and me), and requests for the data can be tracked.

When a client requests private data using HTTPA, the server will send instructions on restrictions related to using the data, based on the client’s credentials. At the same time, the data request will get logged across a distributed collection of secure third party servers, called a Provenance Tracking Network (PTN). Data owners will be able to request an audit of the usage of their information based on these logs, which would include reports of valid uses of private data as well as actual or attempted privacy violations.

For more more of the nitty-gritty details, you can read Seneviratne’s original proposal for HTTPA, “Augmenting the Web with Accountability.” You can also read a paper by Seneviratne and Kagal outlining PETS, including a test of the system they ran to demonstrate its effectiveness, titled “Enabling Privacy Through Transparency.” Finally, Seneviratne has shared the HTTPA code on GitHub.

Of course, it will ultimately be up to individual organizations to implement and comply with HTTPA. Hopefully, those who collect our private data for legitimate use will find it in their interest to do so. If HTTPA becomes widely adopted, we should sleep a little better at night.

[h/t MIT News]

Read more of Phil Johnson's #Tech blog and follow the latest IT news at ITworld. Follow Phil on Twitter at @itwphiljohnson. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies