EU pumps €10m into open source privacy management

By Bryan Betts, Techworld

The European Union is contributing 10 million euro (around £8 million) in sponsorship to a project called PrimeLife, which aims to develop open source tools for personal privacy management and protection, and get the community at large to adopt them.

PrimeLife's co-ordinator is IBM's Zurich research laboratory, and it follows on from an earlier EU-backed project into identity management systems, called Prime (Privacy and Identity Management in Europe).

Where Prime was mostly concerned with identity management (see its white paper here), PrimeLife will go beyond that to address privacy management and trust issues across a user's entire lifespan from childhood to old age, said IBM cryptography researcher Jan Camenisch, who is the project's technical leader.

"When we started, the privacy world was still thinking along the lines of Microsoft Passport," he added. "We brought together a group of people who wondered why identity management technologies weren't being used, and now PrimeLife is geared to bringing this technology into the world.

"Prime was concerned with how people did identification on the Internet, only releasing the minimum information and so on. But now with user-contributed content and social networks, people are broadcasting their data - how can we help those people keep that safe, for example from future harvesting?"

Camenisch said that PrimeLife will involve around 60 researchers from 15 organisations, and will open-source as much as possible of any software and mechanisms it generates. It also aims to co-operate with organisations that are defining identity management frameworks, such as Liberty Alliance.

"For example, Liberty Alliance focuses mainly on how to do identity," he said. "We go a step further and say you should think about how to authorise, not just identify, and how to protect the data used."

The project covers usability, as well as technical mechanisms such as encryption, he said, pointing out that if users don't understand how they can manage their privacy, it's all wasted.

"For example, your browser has a little padlock symbol, but if you click it and all you get is meaningless bit-strings, it's useless to you," he added.

"Another area we want to work on is policy languages. That is about explaining to the user what data is needed and why, and how it will be treated."

The PrimeLife project is not wholly European - one of the 15 organisations involved is Brown University in the US. The others include universities and research institutes in Austria, Belgium, France, Germany, Italy, the Netherlands and Sweden. On the commercial side, there is SAP, Microsoft's Germany-based European Innovations Centre, and of course IBM.