by Jamie Beckett
• June 16, 2005: More than 40 million
credit card accounts are exposed to potential fraud after
data from an Arizona credit-card processing company.
• June 23, 2005: British tabloid ‘The Sun’ reports
that an undercover reporter was able to buy the names,
addresses, account and credit-card numbers of 1,000 UK
bank customers from a New Delhi call center for a few
• June 23, 2005: The U.S. Defense
Department says it will hire a private marketing firm
to create a database of social security numbers, ethnicity and other personal
information of high school and college students to
help identify potential military recruits.
With security breaches and online fraud on the rise, consumers,
businesses and government organizations are growing more
concerned about protecting individuals' privacy. A team
at HP Labs is working on tools to make it easier for businesses
to do just that.
"What we mean by privacy is the ability of individuals
to retain control over their personal information," says
Pete Bramhall, who manages HP Labs' privacy and identity
Many privacy advocates’ long-term vision is to allow
consumers to conduct even complex transactions anonymously.
But, he says, "the reality now is that enterprises
have a lot of personal data, and we want to make it easier
for them to manage it according to best privacy principles
and practices -- and the wishes of the individuals it relates
Such protections are more than just doing the right thing.
Increasingly, governments are requiring stronger controls
on individuals' personal information. Plus, it's just good
business sense; dealing correctly and honestly with privacy
matters can pay off in terms of branding, trust, customer
satisfaction and business opportunities.
"Making privacy a strategic priority creates a reputation
in the marketplace that cascades to our customers and their
preference to buy HP products," says Barb Lawler,
HP's chief privacy officer.
Conversely, worries about poor protections of personal
data can hurt business. In June, Gartner Inc. reported
results of a study of U.S. consumers showing that security
concerns are eroding Internet users' confidence to such
a degree that they are curtailing their online purchases
and their use of online banking.
Consumers had plenty of worries, Gartner said. But what
really unnerved them was the prospect of unauthorized access
to their personal and financial information that could
result in identity theft and possibly serious damage to
their finances and credit.
The HP Labs team's goal is to build into systems stronger
protections for private data – how it's accessed,
processed, managed, transferred and eventually deleted.
Currently, this is handled on an application-by-application
basis. The researchers want to put these policies and controls
into middleware that works with many applications and different
"That way, you do it only once and then have only
one set of policies to manage," says Bramhall. "If
you can express these policies in a format that a machine
can execute, you can potentially provide more rigorous
and more reliable management of private data and so reduce
dependencies on unreliable, unpredictable, sometimes malicious
humans for the execution of personal data-management processes."
It's an incredibly complex task. Enterprises store vast
amounts of confidential data about their customers, their
employees and their partners. People have different needs
and expectations about how that data will be handled. Most
large companies operate in many nations and may need to
comply with many different sets of privacy laws, deployed
across different applications and computing systems, and
many different databases.
The researchers, based in HP's Bristol, UK lab, are developing
solutions that perform three key tasks involved in handling
• Access control – a common approach to enforcing
an enterprise’s privacy policies, as well as the
preferences that customers and/or employees have regarding
access to personal data
• Obligation management -- automating a consistent approach
to handling private information according to government
regulations, corporate policies and individuals' preferences
• IT system policy compliance check -- evaluating the trustworthiness
of a corporation's data-processing applications, services,
hardware and software platforms, and networks to assess
if these are strong enough to be relied upon for automatic
execution of privacy policies and preferences
For some aspects of these, they are working within the
PRIME (Privacy and Identity Management for Europe) consortium.
PRIME is a four-year effort, partly funded by the European
Union, that researches and develops solutions for people
to better manage their cyberspace privacy.
Most businesses already have some way of controlling access
to private data, but they lack technology that takes into
account the wishes of the person who provided the data.
Existing access control software typically operates in
a coarse-grained fashion to perform functions like preventing
employees from accessing co-workers' personal data. But
it doesn't take account any further preferences individuals
Researchers have created a prototype system that integrates
the management and enforcement of security and privacy
policies into the same framework. Building on HP Select
Access software, which manages access rights across large
networks, the researchers' privacy-aware access control
tool adds plug-ins that represent privacy constraints,
executing ‘allow access’ or ‘deny access’ decisions
based on them.
The HP Labs prototype supports the creation and execution
of fine-grained personal preferences. An online store customer
could, for instance, specify controls in this way: "My
full address may be accessed only for shipment purposes,
only my zip code may be accessed for marketing statistical
research purposes and my credit card number may be disclosed
only to a supervisor-level person in the accounts receivable
department and then only for resolving disputes."
When an organization accepts personally identifiable information,
it accepts obligations to manage that data in accordance
with its own policies, government regulations and customer
preferences. Currently, this can be done within individual
applications but not easily across an entire system.
The researchers' prototype is designed to schedule privacy-management
actions on personal data – deleting or refreshing
personal data at certain intervals, for example. The system
triggers these actions and checks to be sure they're performed
correctly. In this way, an online store customer could
request that credit card details are deleted two days after
payment has been received, or that every six months the
store asks permission to retain other personal details
in its database and checks the accuracy of that information.
Other types of privacy-respecting data management could
occur when a transaction is fulfilled; e.g., asking a customer
for permission to pass personal data to a business partner
in a different country.
The flow of personal data across international borders
has already attracted legal scrutiny, says Bramhall, and
it's likely to be a more pressing issue in the future as
more businesses work with data-processing and customer-support
partners across the globe.
"In this environment," he says, "it is
imperative for corporations to manage data privacy in a
simple, systemic and verifiable manner."
The system is also intended to make it easier to avoid
inconsistencies and other problems that occur when personal
data is duplicated across a number of applications; e.g.,
problems like achieving a lasting opt-out from marketing
No business can deliver on its privacy promises if its
computing systems aren't up to the job. Although it is
important to check system integrity, it is also quite difficult
because back-end processes that handle personal data are
increasingly distributed across dynamically assigned multiple
systems within a corporation and among its external partners.
Researchers' prototype solution aims to allow businesses
to check the trustworthiness of their system components,
as well as those of their business partners to which they
may transfer personal data. An application or service may
be considered trustworthy if it has been accredited by
an independent privacy inspector, such as BBBOnLine or
Other tests for trustworthy systems could include the
presence and use of a TPM chip, a type of microcontroller
(used to store cryptographic keys securely) that is compliant
with specifications set by the Trusted Computing Group – the
not-for-profit standards body for computing security across
The HP Labs system evaluates computing components by examining
distributed system configurations, feeding the findings
into a reasoning engine and reporting the resulting measure.Potential
uses for the tool include allowing enterprises to determine
whether system configurations or processes actually do
conform to their assertions about privacy-respecting safeguards,
and giving consumers the ability to determine whether unknown
merchants on the Web are using IT systems and processes
that can be trusted to execute their stated privacy policies.
In January 2005, HP was named the "most trusted company
for privacy" by TRUSTe, the leading online privacy
non-profit organization, and the Poneman Institute, a think
tank focused on responsible information-management processes.
Bramhall says he and his team intend to help HP stay that
way. As they continue developing prototypes, they'll be
collaborating with others inside HP to design products
and services that respect individual privacy.
"When it comes to privacy, we believe you want to
build it in, not bolt it on," says Lawler, HP's chief
privacy officer. In addition to its internal ‘Design
for Privacy’ initiative, HP has built privacy into
its business conduct standards. (Read
Researchers also plan to work with industry and university
partners to standardize the languages used to express policies
for privacy-enhanced access control and obligation management.
"Fears about inadequate data privacy are widespread
and need to be addressed," says Bramhall, noting the
European Union’s concern that losing control of personal
information keeps many individuals from participating in
the digital world. This could result in the loss of efficiency
benefits that universal participation brings.
"Our goal is nothing less than universal participation
by citizens and consumers in the digital society and economy," says
Bramhall. "We think that can someday be achieved if
people are confident that their personal data will be protected
and controlled according to their wishes."
Jamie Beckett is managing editor of the HP Labs Web site. Before joining HP in 1999, she was a reporter and editor for the San Francisco Chronicle and a reporter at a number of other newspapers, including USA Today. Jamie is also a published fiction writer.