New Technology May Allow People To Track How Their Data Is Used
June 13, 2014

New Technology May Allow People To Track How Their Data Is Used

Peter Suciu for - Your Universe Online

Move over "Big Data" and "Internet of Things" there is a potential new buzzword or concept for 2014: "HTTP with Accountability." This is a new protocol that is being developed by researchers in the Decentralized Information Group (DIG) at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL), which could provide transparency rather than obscurity when data moves online.

The HTTP with Accountability (HTTPA) protocol would automatically monitor the transmission of private data while also allowing the data owner to examine how it's being used. This could be in contrast to the cryptographic schemes that currently protect online banking and credit card purchases that have so far proven reasonably reliable over the past two decades.

However, as more data moves online the researchers contend the more pressing concern is the inadvertent misuse of data by those people actually authorized to access it, while tighter restrictions on access could only serve to undermine the whole point of sharing data.

The DIG Researchers believe HTTPA would address these issues and could solve the problems – even before they become serious problems – as each item of private data could be assigned its own "uniform resource identifier" (URI), which is a key component of the Semantic Web. That is, in itself, a new set of technologies that have the support of the World Wide Web Consortium (W3C), and this could be used to convert the web from a collection of search text files into what could become a giant database.

Oshani Seneviratne, an MIT graduate student in electrical engineering and computer science, and Lalana Kagal, a principal research scientist at CSAIL, will present their research and provide an overview of HTTPA at the IEEE’s Conference on Privacy, Security and Trust in July in Toronto. Kagal and Seneviratne will present their findings in a paper and further provide a sample application involving a health-care records system that Seneviratne implemented on the experimental network PlanetLab, an open platform for the developing, deploying and accessing of planetary-scale systems.

HTTPA could further get a boost as MIT's DIG is directed by Tim Berners-Lee, the inventor of the Web and the 3Com Founders Professor of Engineering at MIT, and it shares office space with the W3C. That group, which is also led by Berners-Lee, oversees the development of web-based protocols including HTTP, XML and CSS, and has the role to develop new technologies that utilize those protocols.

"It's not that difficult to transform an existing website into an HTTPA-aware website," Seneviratne told the MIT News Office. "On every HTTP request, the server should say, ‘OK, here are the usage restrictions for this resource,’ and log the transaction in the network of special-purpose servers."

As with other protocols, HTTPA would be voluntary and it would be up to the software developers to adhere to its specifications when designing their systems; compliance could become a key selling point for companies offering services that do handle private data. Network servers could do the so-called "heavy lifting" while HTTPA-compliant programs also incur certain responsibilities if they reuse data supplied by another HTTPA-compliant source.

"It carries provenance information, which is very important in all big data movement transactions," Kirk D. Borne, professor of astrophysics and computational science at George Mason University, told redOrbit. "Provenance tells the end-user – or application – about the data: who owns it, how and when was it created, where did it come from, what rules & policies govern its use, etc."

"So, in that sense, it is a great protocol for sharing sensitive data and data that is intended for reuse by 3rd parties, to ensure proper and accurate reuse," Borne added. "The HTTPA protocol seems able to prevent data from being transmitted if any of the policies are violated. Since that action is taken at the HTTP handshake level, that should protect private, confidential and secure data more robustly and at the wire level – versus through fragile database lookups."