HTTPA - A New Way To Track Your Personal Data Usage
With the news of massive private data leaks hitting the headlines each month, the Computer Science and Artificial Intelligence Laboratory (CSAIL) has come up with a protocol to help users examine the way their private data is being used. The HTTPA (HTTP with Accountability) is the name of this protocol and it will be demonstrated at the IEEE’s Conference on Privacy, Security and Trust in July.
Oshani Seneviratne, an MIT graduate student in EECS, and Lalana Kagal, a principal research scientist at CSAIL, will present a paper that gives an overview of HTTPA. They will also present a sample application, involving a health-care records system that Seneviratne implemented on the experimental network PlanetLab. The application utilised medical records of 25 volunteers and Seneviratne simulated a set of transactions — pharmacy visits, referrals to specialists, etc. exactly as the volunteers would have reported it over the course of a year.
(Left to right) Sir Tim Berners-Lee, Oshani Seneviratne, and Lalana Kagal
The technology used was distributed hash tables: the one used in peer-to-peer services like BitTorrent to distribute the transaction logs among the servers. This has multiple servers storing redundant data. This provides two advantages: first, data backup is assured and second, information tampering can be detected by comparing logs from one server with another.
The HTTPA would assign a Unique Resource Identifier (URI) to every form field. This will convert the sensitive information on the Web from searchable text files into a giant database. When the data is transmitted, it will be bundled with its usage restrictions and the activity will be logged on to the servers. Similar operation will be done when the data is further transmitted by the third party to some other third party. Thus, when the data owner will request an audit, the servers will work through the chain of derivations, identifying all the people who have accessed the data, and what they’ve done with it.
300 servers of PlanetLab were used to store the transaction logs and in application, these 'audit server network' could be maintained just like the file servers are maintained at p2p sites.
Source: #-Link-Snipped-#
Oshani Seneviratne, an MIT graduate student in EECS, and Lalana Kagal, a principal research scientist at CSAIL, will present a paper that gives an overview of HTTPA. They will also present a sample application, involving a health-care records system that Seneviratne implemented on the experimental network PlanetLab. The application utilised medical records of 25 volunteers and Seneviratne simulated a set of transactions — pharmacy visits, referrals to specialists, etc. exactly as the volunteers would have reported it over the course of a year.
(Left to right) Sir Tim Berners-Lee, Oshani Seneviratne, and Lalana Kagal
The HTTPA would assign a Unique Resource Identifier (URI) to every form field. This will convert the sensitive information on the Web from searchable text files into a giant database. When the data is transmitted, it will be bundled with its usage restrictions and the activity will be logged on to the servers. Similar operation will be done when the data is further transmitted by the third party to some other third party. Thus, when the data owner will request an audit, the servers will work through the chain of derivations, identifying all the people who have accessed the data, and what they’ve done with it.
300 servers of PlanetLab were used to store the transaction logs and in application, these 'audit server network' could be maintained just like the file servers are maintained at p2p sites.
Source: #-Link-Snipped-#
0