ERMES and PIMCity: Securing next-gen data platforms - Ermes Intelligent Anti-Phishing

In today’s data-driven economy, the amount of data a company holds has a direct contribution to its overall market valuation. Indeed, data is catalyzing not only business, but also governance, and everyday life, across sectors, regions, time scales, economic and political systems around the world. For instance, online advertising and marketing have been driving developments in the area by changing a decades-old industry and creating some of the biggest companies and controversies of our times. The online advertising industry is breaking records year after year in terms of both growth and total value, but this is just the tip of the iceberg, as the data revolution has just started with hundreds of industry sectors involved at global level.

By some aspects, the data economy is primitive: the source of value of the raw material are the users of online systems, and they have no choice but to give away their goods (data) to very few all-powerful entities, against which they have no negotiation power. In exchange for their goods, users get a set of services, some of which nowadays essential for everybody’s digital life: search, socialization, shopping. In each field, there is one clear monopoly (Google, Facebook, Amazon, to name a few), and so users can’t really opt out of the deal and have to keep giving away their data.

The above scenario has fueled an arms race with users who have started to massively use systems to protect their online privacy, e.g., tracking and advertising blockers. In response, data-driven services have attempted to bypass blocking using a variety of elaborate tracking techniques, and publishers have developed blocker detection technologies. This continuing arms race is detrimental to the potential of data-driven decision making, and sooner or later, this battle will sanction its winner (likely not the end user).

How to stop the data war?

Regulation and policy-makers have made the initial steps to stop this tension (e.g., EU GDPR), but they require technology to come along and afford citizens and businesses with meaningful ways to exert control over they data, just like they can control other resources they own (e.g., money).

Indeed, several technological solutions and business models have appeared lately for reconciling tensions among users and data companies. Among them, Personal Information Management Systems (PIMS) appear to be a promising alternative to the uncontrolled collection, processing, and exploitation of people’s data, including personal and sensitive ones. At a high level a PIMS can be thought of as a software layer between end users and services, responsible for releasing data from the former towards the latter in a controlled way.

PIMCity stakeholders and components

PIMCity stakeholders and components

PIMCity

PIMCity is a EU-funded Innovation Action project which aims to increase transparency, privacy and security and provide users with control over their data. The goal of PIMCity is to design, build, demonstrate, and exploit a set of components to build new PIMS easier, faster, and cheaper thanks to open design. By doing so PIMCity will accelerate the developments of ecosystems for unblocking a fair and safe data economy. Its components will provide fundamental functions for most PIMS such as: consent management, data privacy and security, data representation and management, access control and revocation, privacy protection and privacy-preserving analytics among others. PIMCity components will be built on existing widely deployed technologies and will have simple and clear interfaces that will facilitate building PIMS from scratch, or seamlessly integrating with existing ones.

PIMCity consortium

PIMCity consortium

The Consortium

PIMCity’s consortium consists of 12 international partners with a long expertise in research and design of privacy-preserving solutions. It includes three tier-1 European universities (Politecnico di Torino, Universitad Carlos III de Madrid, Katholieke Universiteit Leuven), two main telcos (Telefonica and Fastweb), two prominent European research center (NEC and IMDEA Networks), two associations (Asociación de Usuarios de Internet and Interactive Advertising Bureau Spain) and four IT companies (Ermes Intelligent Anti-Phishing, Grandata, Wibson and LSTech).

Transparency Tags

Transparency Tags will be developed by ERMES within PIMCity

ERMES @ PIMCity

ERMES contributes to PIMCity with the objective of building next-generation tools to allow consumers and enterprises measure their security and privacy posture, and, thus, control the information flow they generate towards the Internet. In other words, we aim to provide our clients the best-in-class solutions to stay informed on the risks of the web and take informed choices to manage their online data.

Specifically, ERMES’ contribution to PIMCity is two-fold: It will firstly define standards, guidelines and best practices to enable security- and privacy-by-design approach in the building of PIMCity components. Second, ERMES will lead the design of Transparency Tags. A Transparency Tag is analogue to a Nutrition Label for food which provides the information about the ingredients, their provenience, intolerance risks, etc. of food.  The Transparency Tag communicates in an easy-to-understand way the nature of the web services the user is accessing to. For each service (e.g., a website, a web service, a mobile app) the Transparency Tag summarizes precious information needed to understand its security, reliability and reputation, such as, for instance, the aim of possible data collection, which personal data it collects, etc. This information is presented in scores, plots and tables describing the potential security and privacy risks associated to that service.

At last, information contained in Transparency Tags will strengthen the accuracy of ERMES’ AIs and ultimately improve the protection spectrum offered by its products.