An MIT team under Tim Berners-Lee, inventor of the world wide web, is developing a new protocol call HTTP with Accountability (HTTPA) to promote transparency and privacy on the internet.
The protocol works by assigning each bit of data a unique identifier, allowing the server to send details of the restrictions on the data’s use during transmission, as well as maintaining a log which will allow audits to be run, informing users of what has happened to their data.
Oshani Seneviratne, an MIT graduate student working in the Decentralized Information Group (DIG), said: "It’s not that difficult to transform an existing website into an HTTPA-aware website."
"On every HTTP request, the server should say, ‘OK, here are the usage restrictions for this resource,’ and log the transaction in the network of special-purpose servers."
The technology will be available for software developers to use on a voluntary basis, but is hoped to become a mark of quality, advertising a company’s commitment to securing data.
Outlining their ideas in a paper, DIG said: "Access control and encryption mechanisms alone have been proven to be ineffective at addressing modern, web-scale privacy problems such as information leakages from large scale analytics, resulting in a wide variety of re-identification attacks and data-misuses.
"Privacy without proper security is impossible. Therefore, there is a need for safeguards that supplements traditional access control mechanisms, especially in situations where access control will be overly prohibitive in providing access to data in crucial decision making processes."
Seneviratne and Lalana Kagal, another MIT researcher, will present a sample application demonstrating the technology’s handling of health care records to an Institute of Electrical and Electronics Engineers (IEEE) conference later this year.
