ODIO

Researchers

• Tapiador, Juan (PI)
• Peris-López, Pedro (PI)
• de Fuentes, José María
• Pastrana, Sergio
• González-Manzano, Lorena

Abstract

One of the main challenges in todays Internet is the individual and societal privacy and security threats of the data-driven digital industry. Most existing online platforms heavily rely on the indiscriminate collection and processing of personal data from end-users, often without sufficient awareness, to deliver advertisements and customize services that match their preferences and interests. This situation is rapidly escaping control by users and regulators alike, and personal data and identity in the Internet has led to many privacy abuses and security issues. Digital data brokers buy and sell datasets containing thousands of personal attributes and behavioral profiles belonging to hundreds of millions of citizens worldwide. Unfortunately, the collection and trading of personal profiles has already led to severe abuses beyond their original purpose. Risks include not only privacy loss but also identity theft, discrimination, fraud, extortion, and manipulation, as demonstrated by the Cambridge Analytica scandal.

In this coordinated project, we propose a timely and ambitious research program to address what is arguably one of todays most pressing challenges: to acquire a better understanding of what is our digital footprint and identity, how it is abused, and what can be done to mitigate its societal impact and enhance transparency. Specifically, we propose a 36-month research agenda that revolves around 6 main challenges:

• Developing interdisciplinary analysis methodologies to audit and contextualize software behavior in the context of privacy regulations and best-practices for software development.
• Developing cross-platform and scalable privacy auditing tools to attribute observations and behaviors to organizations, including natural language processing methods to extract relevant information from their privacy policies.
• To gain a better understanding of the role of digital identities in the ecosystem of existing and emerging services, including the main industry agents and their relationships.
• Developing transparency assessment tools to empower users, developers and regulators.
• Exploring privacy-friendly business models that rely on data-minimization principles.
• Designing privacy-enhancing solutions for key applications and scenarios, such as zero-knowledge analytics methods, blockchain-based solutions and smart contracts to enable traceability of personal data across services, and privacy-preserving authentication and authorization mechanisms.

The two research groups that lead this proposal have a consolidated record of internationally recognized research in various security and privacy topics closely related to this problem. The COSEC Lab at UC3M brings to the project research expertise in a number of key technologies related to the security of IoT and mobile systems, and the cybercriminal underground. The group has also a unique know- how of methodologies and tools for the static and dynamic analysis of software for mobile platforms. The group at the IMDEA Networks Institute possess an ample background in the area of network measurements and transparency, with emphasis on security and privacy implications, and economics of networks and information.

This project has received funding from Agencia Estatal de Investigación under the project PID2019-111429RB-C21.