Privacy by design:
PISA studied the case of how to incorporate privacy-protecting features into an ISA. This resulted in the handbook Privacy and PET, which includes references to all the PISA-reports and publications. The purpose of this handbook is to identify whether and if so, which privacy law rules apply to ISAs and what measures need to be implemented to create a Privacy Incorporated Software Agent (PISA).
New legal privacy issues:
Legal research shows that although an ISA cannot be held liable for violations itself as it lacks a legal personhood it must have its built-in privacy protection features. This means not only in the expression of the privacy preferences of the user of the ISA, but also in the receiving of the Personal Identifiable Information (PII) of others and the handling of privacy sensitive data.
Security:
Many threats have been identified and based on the system model and assumptions several of these threats have been chosen to provide a solution for. Especially the use of a PKI in an agent environment has been studied and implemented. The system model and assumptions made in the security research were different from the model used in the demonstration, because we approached the problem of providing privacy and security at the long term. In the long term it is not feasible to assume that each agent platform can be trusted completely. Especially in the area of computing with encrypted data in an agent-environment and making decisions on encrypted data much research is necessary, because the solutions shown here depend on possibility that these solutions will become available.
Privacy audits:
The Privacy Audit Framework is a work plan a privacy auditor can use in order to evaluate compliance of a processing system for personal data within the applicable privacy legislation. For systems based on intelligent software agents this means a need for designing and implementing new features to support the audit process.
Evaluation:
Currently, the Common Criteria contain FPR Class: Privacy. This is the only class relating to the evaluation of privacy compliance. This class specifies and gives evaluation criteria on a small, although not unimportant, subset in privacy regulation. The issues are: anonymity, pseudonymity, unlinkability and unobservability. Compliance to this class does not, in any way, guarantee that the information system is compliant with the Data Protection. Compliance auditing must mean, according to the Data Protection Authorities, carrying out a process audit whereby the flow of personal data within the organisation is checked, including the possible processor, from the moment the data are to be collected up until their destruction.
The conclusion is that the Common Criteria, although their methodologies are correct, cannot at this moment in time be used as the framework for a Privacy Audit. Privacy obligations require that the system design process and security standards incorporate privacy requirements.
Networks:
The question asked in this research was: what is needed in order to make network communication confidential for agents systems?
Results were:
- An onion routing protocol approach for network privacy for agents, protocol design for privacy under IPSEC,
- Approach to make pay TV services more privacy preserving,
- Secure routing for ad-hoc networking,
- A privacy preserving electronic currency protocol
- Network privacy for reputation management systems.
We implemented and tested a prototype of the agent-based onion routing protocol for operation in the JADE agent platform.
Scalability:
The question asked in this research was: What techniques can we use to assess the performance of security and privacy technologies for agent systems with any thousands of software agents in advance of their implementation?
We built JADE applications that use the crypto primitives and protocols that could be used within the PISA demonstrator, tested the performance of the overall system in agent environments ranging from one to several thousand agents and documented all results in terms of timing and processor load. We analysed the expected performance of different possible PISA system configurations to determine the most effective system arrangement.
Human Computer Interfaces
Research on Privacy and Human Computer Interfaces is a new topic. This research consist of:
- Examination of what it means to build a trustable interface to agents, and what would be involved in trusting agents with personal information.
- A set of design guidelines for building trustable agent systems.
- Examination of privacy legislation and principles to determine HCI requirements for "usable compliance".
- A set of requirements and design solutions to satisfy the spirit of the privacy directives.
- How to effectively facilitate understanding of privacy concepts and terms.
- How to maximise the trustable nature of the interface.