A new (old) way to protect privacy: Disclose less

A new pilot project from Microsoft and IBM offers a high-tech twist on this bit of common sense: allowing you to divulge less information about yourself protects your privacy.

Their joint effort is built on the observation that, in many cases, there's no need for someone verifying your credentials to know everything about you. A bouncer at a nightclub needs to know that you're 21, not your name or home address. A county database may only require proof that you're a local resident, not your phone number or e-mail address.

Microsoft and IBM's solution is called Attribute-Based Credentials, or ABC, and their pilot project is scheduled to be announced tomorrow to coincide with what's being called Data Privacy Day. ABC is supposed to last four years and result in both a credential architecture and a reference implementation complete with source code that will be made publicly available.

"Our goal is to provide the technical tools but also the societal discussions about how we can achieve privacy in an electronic society," Jan Camenisch, a Zurich-based cryptographer with IBM Research told CNET.

The first application is scheduled to appear at Norrtullskolan, a secondary school in Sëderhamn, Sweden, and will allow students and parents to communicate with school officials and access a social network--while protecting their privacy at the same time. Another pilot will be implemented for grading the faculty at the Research Academic Computer Technology Institute in Patras, Greece.

Both pilot project rely on a system called ABC4Trust, which is designed to allow students or parents to "prove" certain aspects of their identity without revealing others. A student can cryptographically prove that she's a member of a sports team, or demonstrate that he has attended a certain class.

"The problem with today's solutions is that they don't make these kind of distinctions," Ronny Bjones, a Microsoft security technology architect, said. "We leave such a digital footprint around on all these different sites."

One likely application for the ABC system: electronic identity cards issued by national governments. Microsoft has already demonstrated a system that can verify that someone is at least 18 years old and resides in Berlin, without disclosing an actual birthdate.

The idea of using encryption technology to enable people to disclose less about themselves isn't exactly new. The legendary cryptographer David Chaum, the father of digital cash who's now building secure electronic voting systems, developed some of these ideas in the late 1980s.

A decade later, University of Pennsylvania computer scientist Matt Blaze and other researchers published a paper (PDF on what they called "decentralized trust management." But it was Dutch cryptographer Stefan Brands who fully developed the concept of limited disclosure digital certificates to its fullest.

Microsoft bought Brands' company, Credentica, in 2008, and released the U-Prove specification last year along with a promise not to file patent lawsuits over its use. (See a white paper and video from last October.)

ABC will use both U-Prove and IBM's related technology called Identity Mixer. "It's extremely important that we can help people that build solutions (that) build privacy by design," Bjones said.