INTRODUCTION: WHAT IS LARPP?
Lifestyles of the Attribute Rich and Privacy Preserved (LARPP) is an activity funded by the National Strategies for Trusted Identities in Cyberspace (NSTIC) as part of the Scalable Privacy grant awarded to Internet2. This activity supports pilot schools to investigate privacy management software, named PrivacyLens, to provide users with information and choices that allow them to exercise active, informed consent about the release of personal information, or “attributes,” in course of authentication to web sites and on-line services.
As a part of the NSTIC grant, LARPP aims to contribute to a variety of efforts, both public and privately funded, to augment the “identity ecosystem,” or the vast array of user credentials and authentication systems to access Internet services. More specifically, LARPP, through PrivacyLens, implements one of the privacy principles active in the legal frameworks of many other developed countries: informed consent of the user to release personally identifiable attributes about themselves to a service provider.
How does it work? Very basically explained, when a user initiates access to a resource, for example when one logs in through a federated account – from their home institution, Google or other identity providers -- initiating the process automatically produces a dialogue box that shows the attributes to be released to the resource. Such attributes are: a user name (e.g. jdoe); the real name of the user (e.g. John Doe); or the affiliation of the user to the entity that supplied the identifier (e.g. faculty). The dialogue box includes on-off swipe capability by which the user controls the release of each attribute. If the user has questions about the attribute, an “i” icon provides a link to information about it. This process constitutes “informed consent.” Where that information comes from is one of the more interesting explorations in LARPP; a variety of options, from audited applications to informal reputation systems are available.
Beyond the privacy protection of PrivacyLens, LARPP is trying on an attribute rich lifestyle. Any number of characteristic attributes can be associated with the person. Use of these attributes to customize services, while preserving privacy, is a goal for LARPP. Two such immediate possibilities are attributes for people who use assistive technologies and veteran status. As accessibility becomes increasingly interwoven into web design, so, too, do privacy issues play a role in authentication. Thus, a vision-impaired user would have the option of releasing enough attributes to a service provider to be able to view job listings, while not revealing that the user may also have mobility issues. Likewise, for a veteran, who may want to have their military status recognized for benefits or other reasons, this project can develop attributes specific to that status for veterans to choose to share. Trust marks that define these attributes will be developed and integrated into the work of this project.
Challenges balance the potential of this initiative. First, pilot schools must work to implement the software technologically into its authentication and attribute infrastructure. Simultaneous with this effort is a vetting of its properties with campus stakeholders. Are there constituencies that question the rights of users – perhaps for students, perhaps for staff – to manage their privacy? Finally, training of technology specialists and education throughout the community on LARPP, and the operation of PrivacyLens in particular, should generate policy discussions about technology and privacy, focus on attributes that enhance the user experience for interested groups such as people with disabilities or veterans (to name only two), encourage research on PrivacyLens as a tool, and demonstrate a commitment by the pilot schools as leaders of privacy in the higher education community.
Why does it matter? First, because privacy matters increasingly to individual users, and there are myriad ways in which Internet technological process, unbeknownst to the user because of their opaque nature, have the potential to compromise or abuse privacy. Second, because the privacy laws of other developed nations of the world increasingly require informed consent, including in authentication processes. Third, as higher education in the U.S. seeks to collaborate with international partners, it will have to adopt these practices. Finally, privacy principles and fair information practices need to be integrated into important other areas of social concern, such as accessibility and veteran’s affairs, among other identities.
LARPP is devoted to addressing technological, political and policy issues as they emerge for implementation on campuses, together with user experiences and research interests associated with the PrivacyLens software. It is also a springboard to a broader discussion of attributes and user consent in higher education, in the U.S. and Internet global communities.
CURRENT PARTICIPATING INSTITUTIONS
Carnegie Mellon University
Penn State University
University of Washington
University of Maryland Baltimore County
Colby College
University of Albany, State University of New York
Lafayette College
Duke University
Harvard University
University of Chicago
Swarthmore
UC Berkeley
RESOURCES
Lujo Bauer, Associate Research Professor, CyLab and ECE, Carnegie Mellon University presentation webinar on functionality of the privacy manager software. http://lbauer.ece.cmu.edu/2014-05-05-PrivacyLens-demo.mp4
Ken Klingenstein, Principle Investigator, NSTIC for I2, introduction to LARPP Webinar: [to be provided] Slide Deck for Reference: [^larpp.7-1-14.pptx]