In an increasingly networked world, it will be of growing importance to control use of personal data. The “Certifiable Trustworthy Informatics Systems” research group headed by Professor Alexander Pretschner develops solutions for the control of data use in distributed systems. The scientists are working on software to control the downloading of personal data in social networks.
What happens with data after they have been published? Usually, the recipient can store them or pass them on at will. By giving instructions like “delete within 30 days”, “do not copy”, or “data owner must be informed in case of transmission”, the publisher tries to keep the data under control. But how can he ensure that the recipient observes the instructions or how can he check this at least? Control of data use in distributed systems is in the focus of the “Certifiable Trustworthy Informatics Systems” research group at the KIT Department of Informatics. “It is of relevance to both the management of intellectual property and the protection of personal and commercial data,” explains the head of the research group, Professor Alexander Pretschner.
Studies concern the administration of rights in digital contents like films or music (digital rights management – DRM), credit card payments on the internet, online shops, e-mail services, and social networks like Facebook, XING or studiVZ. In several projects funded by the EU, the German Research Foundation (DFG), and the Google Research Award, the scientists of the team of Alexander Pretschner are developing solutions for the control of data use. It is focused on defining and specifying requirements, checking and ensuring their observance, and on convincing the users of this necessity. The research group cooperates with the KIT Center for Applied Legal Studies (ZAR).
The KIT scientists have already developed the basis of a software to control data use in social networks. Whether and the extent to which a user can download personal data or make a screenshot depends on which status the user has in the respective network, i.e. whether he is a “friend” or “known”. At the moment, the research group is working on protecting the software installed on the computer of the user against undesired interventions.
“Solutions exist for every partial problem already,” explains Pretschner. “The challenge now is to integrate various solutions in an overall concept.” Approaches have been developed to pursuing data flow from a concrete representation to another, for instance, from a file to a browser window. In addition, the research group is developing an approach to pursuing data flow among systems and independently of concrete representations.