July 11, 2014
MIT Develops New System That Lets Users Decide What Data Is Shared
Brett Smith for redOrbit.com - Your Universe Online
While issues of personal data security have mostly revolved around actions of the US federal government, vast amounts of personal data are also being collected by corporate entities such as Amazon and Netflix.
In pursuit of protecting individual privacy, researchers at MIT have developed a system called OpenPDS that allows individual users to decide what data they want to share and what data is unavailable.
According to a report published in the journal PLOS ONE, openPDS would store personal data from a person’s devices in a single specific location, such as an encrypted server or a personally-owned computer. Any company or study team that wants to access this data would have to query the person's database, which gives as little data as is necessary.
“The example I like to use is personalized music,” said study author Yves-Alexandre de Montjoye, a graduate student in media arts at MIT. “Pandora, for example, comes down to this thing that they call the music genome, which contains a summary of your musical tastes. To recommend a song, all you need is the last 10 songs you listened to — just to make sure you don’t keep recommending the same one again — and this music genome. You don’t need the list of all the songs you’ve been listening to.”
The MIT researchers said one of the biggest benefits of the system is that it would require applications to specify what information they need, instead of the current arrangement that simply informs a user that their data is being accessed and used.
“When you install an application, it tells you ‘this application has access to your fine-grained GPS location,’ or it ‘has access to your SD card’,” de Montjoye said in a statement. “You as a user have absolutely no way of knowing what that means. The permissions don’t tell you anything.”
Because they can, most applications collect much more information than they actually need. The thinking is: what may have seemed like superfluous information in the past could be highly valuable in the future.
The openPDS system stores all potentially useful data, but with the user, not the application maker or service provider, like Netflix. A developer who finds out that a prior unwanted bit of data is beneficial must ask for access to it from the user. If the inquiry seems needlessly intrusive, the user can simply reject it.
The openPDS developers conceded that an entity could game the system in its current state by requesting seemingly innocuous bits of data and piecing together a person’s identity. In order to safeguard against this type of privacy invasion, users would have to enact measures on a case-by-case basis. However, the novel openPDS system is a work in progress and a step up from the current situation, the MIT developers said.
“If we manage to get people to have access to most of their data, and if we can get the overall state of the art to move from anonymization to interactive systems, that would be such a huge win,” de Montjoye said.
PROTECT YOURSELF TODAY - Norton Antivirus