INTRODUCTION: WHAT IS LARPP?
Lifestyles of the Attribute Rich and Privacy Preserved (LARPP) is a project funded by the National Strategies for Trusted Identities in Cyberspace (NSTIC) contracted with Internet2. This projects sponsors pilot schools to implement privacy management software, named “ Privacy Lens.” The Privacy Lens provides users with information and choices that allow them to exercise active, informed consent about the release of personal information, or “attributes,” in course of authentication to web sites and on-line services.
As a part of the NSTIC grant, LARPP aims to contribute to a variety of efforts, both public and privately funded, to augment the “identity ecosystem,” or the vast array of user credentials and authentication systems for access to Internet services. More specifically, LARPP, through the Privacy Lens, tests one of the privacy principles active in the legal frameworks of most other developed countries: informed consent of the user to release personally identifiable attributes about themselves to a service provider.
How does it work? Very basically explained, when a user initiates an authentication process, for example when one logs in to Google or Facebook, the very act of initiating the process would automatically produce a dialogue box that breaks personally identifiable information into specific attributes. Such attributes are: a user name (e.g. jdoe); the real name of the user (e.g. John Doe); or the affiliation of the user to the entity that supplied the identifier (e.g. faculty). The dialogue box includes on-off swipe capability by which the user controls the release of each attribute. If the user has questions about the attribute, an “i” icon provides a link to information about it. This process constitutes “informed consent.”
What this explanation does not illuminate is the “attribute rich” nature of this project. Any number of defining attributes can be associated with the person. Of particular interest to LARPP are attributes for disability and veteran status. As accessibility becomes increasingly interwoven into web design, so, too, do privacy issues play a role in authentication for people with disabilities. Thus, when a user wants to deploy assistive technologies, he or she would have the option of releasing attributes indicating such use to the service provider. Likewise, for a veteran, who may want to have their military status recognized for benefits, he or she can choose to share those attributes selectively among providers. Trust marks that define these attributes will be developed an integrated into the work of this project.
To define and explain the potentialities of this project is not to suggest that it is without its challenges. First, pilot schools will work to implement the software technologically into its authentication infrastructure. Simultaneous with this effort is a vetting of its properties with campus stakeholders. With instruction about how it works goes discussion about why it is important for the campus community to embrace the software, and by extension, embrace privacy in any number of complementary sectors. For example, the Privacy Lens demonstrates the fair information practices of informed consent and represents an example of privacy by design. Finally, training of technology specialists and education throughout the community on LARPP, and the operation of Privacy Lens in particular, should generate policy discussions about technology and privacy, focus on attributes that enhance the user experience for interested groups such as the disabled or veterans, encourage Privacy Lens to be used among researchers as an instrumentality, and demonstrate a commitment among the pilot schools as leaders of privacy in the higher education community.
Overall, why does it matter? First, because privacy matters increasingly to individual users. Internet technological processes, unbeknownst to the user because of their opaque nature, have the potential to compromise or abuse privacy. Second, because the privacy laws of other developed nations of the world increasingly require informed consent. As higher education in the U.S. seeks to collaborate with international partners, it will have to adopt these practices. The Privacy Lens eliminates the impediment in the authentication processes. Finally, privacy principles and fair information practices overlap into important other areas of social concern, such as accessibility and veteran’s affairs. The Privacy Lens provides users with anonymity regarding their disability or veteran status (to name just a few classifications), preserving privacy and reducing the potential for bias.
LARPP is devoted to addressing technological, political and policy issues as they emerge for implementation on campuses, together with user experiences and research interests. LARPP, and the Privacy Lens software in particular, is an important contribution to the "identity ecosystem" under development and a springboard to a broader discussion of privacy on the Internet, in higher education and in U.S.
CURRENT PARTICIPATING INSTITUTIONS
Carnegie Mellon University
Penn State University
University of Washington
University of Maryland Baltimore County
Colby College
University of Albany, State University of New York
Lafayette College
Duke University
Harvard University
University of Chicago
Swarthmore
UC Berkeley
RESOURCES
Lujo Bauer, Associate Research Professor, CyLab and ECE, Carnegie Mellon University presentation webinar on functionality of the privacy manager software: http://lbauer.ece.cmu.edu/2014-04-04-privacy-manager-demo.mp4
Ken Klingenstein, Principle Investigator, NSTIC for I2, introduction to LARPP Webinar: [to be provided] Slide Deck for Reference: LARPP basic deck - 4.16.14.pptx