Growing pressure to collect information on the Internet has created a need for more sophisticated ways to characterize privacy rights and balance them against legitimate commercial and law enforcement objectives. A wide range of businesses now rely on their ability to collect information about online customers as a foundation of their added value in the market place. The use or potential use of the Internet for purposes such as child pornography and planning of hate crimes and terrorism have heighted interest in (and loosened regulations on) network monitoring. Theft of intellectual property has led to the development of numerous protection mechanisms; these often involve registrations and involuntary monitoring of various kinds. In order to make security easier (and explore a lucrative business model), a number of companies seek to act as third-party caretakers of private information such as keys, authentication secrets, and credit card numbers. Arrayed against these trends are many citizens incensed by aggressive means used to collect information from them and a variety of groups that champion privacy rights.
There have been many advances in technologies both to aid information gathering and limit it. One important trend is toward more advanced systems for creating and managing digital credentials and authorization databases. In current practice credentials are sometimes `pushed' (like presenting a ticket to get into a movie theater) sometimes `pulled' (like getting access to an airplane seat with a `paperless' ticket) and sometimes both (like making a purchase at a store with a credit card whose validity is confirmed online). These approaches have Internet-based analogs, and technical advances have increased the range of options considerably in recent years. For example, work on public key systems has advanced techniques for delegation based on chains of `pushed' credentials and increased the automation of credential collection. Another important trend is toward more advanced systems for protecting privacy using anonymizing techniques. Tools such as onion routers and anonymous web publication servers provide some support but other techniques directly aid fine-grained mechanisms for obtaining privileges without exposing information unnecessarily.
This work aims to develop formal support for characterizing privacy in the context of these advances. Efforts to improve access control systems and credential distribution have paid little attention to privacy mechanisms so far, resulting in systems that are good at propagating credentials reliably, but not tuned to do so within well-understood privacy constraints. This collaboration will build on our work in credential distribution and anonymity to create an integrated architecture and protocols to provide advanced access control within the limitations of privacy constraints.