CSIRO boosts web services privacy standards

A privacy model in development by CSIRO scientists, that could bolster Web services take up, has received early interest from venture capitalists.

CSIRO's privacy model, which could be applied to many commercial Web services applications, puts the control of privacy information into the hands of users, rather than service providers.

CSIRO mathematician and associate professor, Dr Christine O'Keefe, said the privacy model is designed to allow the customer using Web services set the privacy conditions that apply to their personal information, rather than leave this up to the service provider. This means personal information such as credit card details can be protected according to the wishes of the customer.

Businesses or government departments that use Web services could benefit from this model as it would encourage users to exchange information or perform transactions, O'Keefe said.

"Australians are sensitive about privacy of information. You only have to think back to the Australia Card saga, where the push to introduce a national identifier was beaten on privacy grounds. Australians are wary of using web services because of privacy concerns," O'Keefe said.

"Web services will play an increasing role in the provision of business and government services," said O'Keefe. "But concern for the privacy of personal and other sensitive information is a significant barrier to people using these services. This is particularly true in the areas of healthcare and financial services."

Using Web services can involve personal information being shared among a complicated network of different service suppliers. For example, buying building supplies over the web could involve a user's information being sent to several different material suppliers, a bank, a credit card processor and a shipping company, O'Keefe explained.

The usual way of dealing with privacy involves the user being required to accept the privacy policy of the Web service. CSIRO's privacy model means that a user accessing a Web Service can decide who can access which bits of their personal information. The model uses secure transfer protocols to ensure the user's privacy conditions are automatically applied at all applications involved in providing the service.

O'Keefe said CSIRO have scheduled a demonstrator to take place in the next six months and a pilot is also in the wings.

Despite it being early days, CSIRO have already received interest from a venture capitalist. O'Keefe said that she has received enquiries from other parties about possible products could be built around the model, after she presented a talk on the project on Monday night at Macquarie University in North Ryde.