Saturday, July 26, 2008

Wanted: Chief PET Officer

PRIME identitiesBlogzilla has been quiet while spending quality time with his favourite gang of cryptogeeks, techno-anarchists and radical privacy lawyers. In a feast for the mind, the PRIME, ADAPID and FIDIS European projects last week all held meetings alongside the annual Workshop on Trustworthy Elections and Privacy Enhancing Technologies Symposium. While the setting was the genteel 15th-century Katholieke Universiteit Leuven, the assembled throng were focused on building fundamental legal and technical checks on 21st century state and corporate power.

PRIME has been a very successful four-year project to demonstrate that electronic credentials and partial identities can make privacy a key part of the information society. I have been fortunate to be part of the project's Reference Group, and was most impressed by the quality of research undertaken into cryptography, middleware, user interfaces and data protection law. T-Mobile have deployed some of the results in privacy-friendly location-based services that already have over 3 million users in Germany. €15m well spent, I think. ADAPID and FIDIS are rather smaller projects but are coming up with some interesting results on privacy-friendly e-ID cards and citizen profiling.

WOTE is concerned with technologies that allow individuals to verify that an election has been properly run — that all votes cast are valid and included in the final tally. Would you like a commitment-consistent proof of a shuffle with your ballot paper? This kind of verifiability is critical for those jurisdictions that have already moved to the horribly unreliable electronic voting systems commonplace in the US. Fortunately the UK has so far resisted government attempts to junk our well-understood and largely trusted paper ballot in favour of such systems.

PETS is a mind-bending combination of maths, mixes and cryptographic onions (!) Participants discuss the technologies that make possible an information society with the privacy properties that we take for granted in the physical world. If you want to understand how to defeat Internet surveillance, prove you are entitled to services without revealing your identity, or understand the full damage done to privacy by social networking sites, you should definitely get a copy of the proceedings. You might though first need to brush up on your Shannon entropy, public-key cryptosystems and information-theoretic proofs.

All of this may sound rather abstract. But waiting for me upon my return was the UK government's response to the recent Home Affairs Committee report on surveillance — in which the government accepts the following recommendation:

We recommend that the Government track and make full use of new developments in encryption and other privacy-enhancing technologies and in particular those which limit the disclosure and of collection of information which could identify individuals. We further recommend that the resources of the Information Commissioner’s Office be expanded to accommodate sufficient technical expertise to be able to work with the Chief Information Officer to provide advice on the deployment of privacy-enhancing technologies in Government. (Paragraph 159)

The recruitment and impact of an anarchist mathematician in such a key role will be fascinating to watch…

No comments: