Smartphones, digital social networks, commercial discount systems, and cloud applications lead to an increased disclosure of personal information. These data are collected, stored, evaluated, and exploited by multinational corporate groups, partly without the knowledge of the individuals. In this complex scenario, it is difficult for users to enforce the protection of their data and to keep their digital sovereignty. Under the direction of KIT, researchers are now developing the AVARE software application to prevent or control the disclosure of personal data in parallel on various end devices, such as smartphones, PCs, cars, and smart TVs.
AVARE is the German acronym of “application for the distribution and selection of data protection settings in accordance with law.” The project is aimed at supporting citizens in protecting their personal data by an innovative and user-friendly software application,” project coordinator Dr. Stefanie Betz of the KIT Institute of Applied Informatics and Formal Description Methods (AIFB) says. “The AVARE software is to help users define their data protection preferences centrally and apply them globally. These preferences are registered at a central point and then transferred to various end devices of the user, such as smartphones, tablets, PCs, cars, or smart TVs as well as to various own services, such as Facebook or XING, where they are implemented by the respective technical measures. A technical means to enhance data protection, for instance, is to block access to data inventories (e.g. the address book) or sensors.”
If the user preferences registered are in conflict with the desired services, the AVARE software informs the user accordingly. The user is also informed, if providers modify their offers technically or legally, e.g. by new data protection regulations. “In this way, the systems are made transparent and controllable as regards the use of personal data. Trust of the user in the systems increases,” Professor Dr. Andreas Oberweis, Executive Director of FZI (Research Center for Information Technology), says. “Digital sovereignty of citizens is the paramount objective of AVARE.”
One Project, Three Partners, Three Years
The AVARE project is carried out by the KIT Institute of Applied Informatics and Formal Description Methods (AIFB) in cooperation with the Center for Applied Legal Studies (ZAR) of KIT and the FZI Research Center for Information Technology, Karlsruhe. The project is executed on behalf of the Baden-Württemberg Foundation under the IT Security Program. It has a duration of three years, started on November 01, 2015, and has a budget of EUR 597,000.
“The project requires close coordination of the work and highly cooperative exchange of knowledge,” Dr. Oliver Raabe, ZAR, points out. “Both technical feasibility and legal permissibility have to be studied.” For this reason, computer scientists cooperate closely with lawyers under AVARE: ZAR is responsible for the relevant legal studies, e.g. on a potential synallagma between app use and approval of data collection. At FZI, the prototype smartphone application is being developed for the project and implemented for Android first. AIFB scientists focus on the conception and user evaluation of the application to improve transparency of the data collected, stored, and used by users.
AVARE-SW: Four Central Functionalities
“AVARE is characterized by central control based on a set of preferences given and administrated by the user. The software helps the user create his personal data protection profile by giving explanations that can be understood by technical and legal laymen,” Stefanie Betz explains. “In the second step, AVARE distributes the preferences to other end devices.”
Via a central service, the preferences are transferred to all registered end devices, such as smartphones, PCs, cars, tablets, etc. This exchange of data is protected by an end-to-end code. The key is transferred by the user himself. The user does not have to confide his preferences to a central service in the form of clear text. The key is not known to the central service.
“As a third function, AVARE-SW checks whether other applications of the user need data that are in conflict with his preferences. If necessary, the user is informed accordingly. Initially, this is done for all installed applications,” Stefanie Betz says. “Then, any new installation or update is checked. If data protection regulations are considered, also their modifications are controlled. The check is repeated, if preferences of the user are changed.”
A fourth function of AVARE-SW covers one of the following three reactions in case of violations of the preferences, if technically possible and legally permissible:
AVARE-SW can withdraw the right to access data from other applications. If desired, the user can exclude certain applications from this withdrawal of access rights
AVARE-SW can limit data access to certain data (e.g. excerpts of an address book, only certain fields of certain contacts) and defined times.
AVARE-SW allows for the generation of “replacement data” (e.g. a “random” place is displayed instead of a real place).
Anybody Can Use AVARE
Upon the completion of the project, AVARE-SW is to be available as a prototype application, published as an open source software, and licensed e.g. under GPL.
The FZI Research Center for Information Technology at the Karlsruhe Institute of Technology is a non-profit institution for applied research into information technology and technology transfer. Its task is to provide businesses and public institutions with the latest research findings in information technology. It also qualifies young scientists for their career in academics or business as well as self-employment. Led by professors from various departments, research teams at FZI interdisciplinarily develop and prototype concepts, software, hardware, and systems solutions for their clients.
Being “The Research University in the Helmholtz Association”, KIT creates and imparts knowledge for the society and the environment. It is the objective to make significant contributions to the global challenges in the fields of energy, mobility, and information. For this, about 9,300 employees cooperate in a broad range of disciplines in natural sciences, engineering sciences, economics, and the humanities and social sciences. KIT prepares its 24,400 students for responsible tasks in society, industry, and science by offering research-based study programs. Innovation efforts at KIT build a bridge between important scientific findings and their application for the benefit of society, economic prosperity, and the preservation of our natural basis of life. KIT is one of the German universities of excellence.