Boss over your own box

13 August 2012

How do you exchange information via a service provider with somebody else without that provider being able to read the information as well? That is what the Sentinels project Kindred Spirits was all about. Professor Inald Lagendijk talks about the challenges of protecting privacy in a digitising world. How far must you open the door and how do you keep the nosy neighbour outside?

'When you are on network sites like LinkedIn or Facebook, you often receive recommendations such as “Perhaps you know this person as well?”. Or if you order something from a site such as, you receive a message that other people who ordered that book were also interested in books X and Y and CD Z. A service provider, such as a webshop, must know a lot about you in order to make such recommendations: such as your purchase and search history. Yet you never gave explicit permission for this and so the use of this information is in effect a breach of your privacy. We focused on how we can enable a service provider to make such recommendations without being able to read your personal details.’
Prof. dr. ir. Inald Lagendijk, project leader Kindred Spirits  

In the project Kindred Spirits, Delft University of Technology, and the University of Twente worked together with the companies Irdeto and Philips and with TNO on solutions. End users Buurtlink, PAIQ, Waag Society and Bureau Promotie Podiumkunsten indicated where their questions lay at an early stage of the project.

Security guarantee

‘Initially we had foreseen a slightly different research direction,’ says Lagendijk, ‘but in consultation with the end users we very quickly reached this line. Instead of developing a protocol with which you could place various layers of privacy around a network, we focused more on encoding information that users of such a network exchange. The end users mainly wanted to be able to guarantee their clients that any personal information would be well protected and remain so.’

Within the project two concrete cases were studied that were contributed by the participating companies. One of the companies involved was Irdeto. ‘Amongst other things, they work on the security of set-top boxes for television, which you can use to watch pay-per-view films at home, for example. Based on the films and programmes you ordered in the past, a provider such as Ziggo or UPC wants to be able to recommend you other products you might find interesting. The viewing behaviour and interests of the client must therefore be known somewhere. However, the service provider does not need to know such details. The main question for us was: how can we make a system that genuinely makes anonymous recommendations, therefore without knowing exactly what the client concerned has seen.’

In the past, this anonymisation was not that well arranged, says the professor of Multimedia Signal Processing at Delft University of Technology. ‘It was often quite easy to trace the information to individual sources.’ Encryption proved to be the magic word. ‘We developed protocols in which, for example, your preference in films can be sent encoded to an entire depository of films. Similarities are then sought in this and a recommendation can be sent back to the consumer at home in an encoded form as well– for example by such a set top box on television. That information is only decoded again once it has reached the receiver. Therefore only you at home know which films you have seen and what the content of your recommendation is. During the entire process in between nobody can derive that information.’

Medical data

The other case came from the medical field. The promoter of this was Philips. ‘They are interested in offering platforms on which medical information can be exchanged and then health recommendations made on the basis of that information. This could be between patients, for example but also between a physician and a patient. The information is very personal: somebody's medical data. The intermediary – in this case the equipment from Philips – does not want to know any details about the content sent but must be able to do something with that content.’

On the same board

In order to realise a good cooperation with various partners, PhD students from the university worked for several months as interns at the partners from industry. That worked well, says Lagendijk. ‘I had already learned that many years ago. Ultimately you can only really work together if you regularly sit in the same office and you stand in front of the same whiteboard to discuss things. The thinking environment in a company is entirely different from that at a university and you only really experience that when you have been in the company for some time. On occasions that can lead to tensions. A PhD programme has completely different requirements from a product development process. But if you collaborate on the basis of equality then each party can achieve its own objectives within the programme.’

Although good results have already been achieved there is still plenty of work to do. ‘We have shown that the technology works in principle. At the moment, however, encryption still requires a lot of calculation time. That means, for example, that it takes a minute before you see a recommendation on your screen. That is still too long. Furthermore, the protocol also has a significant downside: we have now produced it such that the client is guaranteed a maximum amount of privacy but this means that the provider has absolutely no access. Consequently he cannot offer any extra services either and that weakens the business case. We need to search for a compromise: how does a provider obtain what he needs so that he can earn money without this damaging the privacy of the client? Some of these questions will be dealt with in a follow-up project within the COMMIT programme, which will mainly focus on medical applications.’

Photo: Sjoerd van der Hucht Fotografie
Text: Sonja Knols, IngenieuSe
Translation: NST