السبت، 29 ديسمبر 2012

INTELLIGENT SOFTWARE AGENTS AND PRIVACY


INTELLIGENT SOFTWARE AGENTS AND PRIVACY

 

Introduction

Nowadays, computers are commonly used for an increasing range of everyday activities. Most of

these activities are based on the acquisition of information. At present, users still interactively and

directly initiate all actions needed for a computer to execute tasks.

Due to the enormous and fast-growing amount of data that is available, sometimes referred to as

‘information overload’, it is impossible to sustain the current way users interact with their

computers. Instead of direct user-initiated interaction, users and computers should be engaged in a

co-operative process, a process in which both users and computers can initiate actions to accomplish

tasks. In this way, a computer could continue its activities without waiting for the user to activate it.

With the use of software agents1, computer systems are capable of executing actions with minimal

interference by their users. This gives the user more time to spend on other activities. The idea of

software agents is not new. Over the years numerous researchers have been working on this issue.

For purposes of this study, a software agent is defined as a piece of software that acts on behalf of its

user and tries to meet certain objectives or complete tasks without any direct input or direct supervision

from its user. The lack of supervision however, could lead to undesirable actions, such as the

violation of the privacy of individuals concerned. Besides acting independently on behalf of their

users, agents may have a number of other properties, e.g. mobility, reasoning, learning, co-operation

(negotiation) with other agents, and cloning.

It is still unclear what commercial direction this technology will take because the technology is still

in the early stages of development. There are, however, two identifiable trends. The first trend

concerns software agents that have been or are being developed to help people perform routine

tasks; tasks that people could probably do themselves if they had the time. These software agents

are far from ‘intelligent’. The first wave of products is hitting the market now. The other trend is

driven by researchers in the field of Artificial Intelligence (AI), who are trying to combine Artificial

Intelligence with the agent philosophy to create an ‘intelligent’ agent. A great deal of research and

development effort has and will continue to be devoted to the field of intelligent agents, but no

products are commercially available yet. A good example of such research and development is the

agent named Phil produced by Apple Computer. Phil appears in the promotional video called ‘The

knowledge navigator’ made by John Sculley.

It is sometimes desirable to control the introduction of new technologies. There are several ways of

doing so. One is by means of government regulation, where the application of new technologies has to

meet current government rules. Due to the pace of present-day developments, the formulation of new

government regulations governing new technologies practically always lags behind. Most government

regulations are therefore adopted or amended after these new technologies have been accepted by

industry. Consequently, the responsible government organisations are responding reactively. This

leads to a steadily widening gap between new technologies and adequate government regulation.

One of the independent organisations that executes and interprets government regulations designed

to protect the privacy of all Dutch inhabitants is the Dutch Data Protection Authority (in Dutch: the‘Registratiekamer’). The Registratiekamer is a privacy protection agency that oversees compliance

with the jurisdiction’s privacy laws. It is the responsibility of the Registratiekamer to warn all Dutch

consumers of, and protect them against, the possible consequences of technologies, especially new

technologies, for their privacy. Its policy is to propose privacy regulations governing new technologies

before these technologies hit the market. The Registratiekamer also looks for (new) technical

measures, such as cryptographic tools like (blind) digital signatures, that could enforce these

privacy regulations. Such technical measures to preserve the privacy of individuals are called

Privacy-Enhancing Technologies (PETs). The Registratiekamer therefore needs to study new

technologies, and the impact these technologies might have on the privacy of individuals. Hence,

one of the roles of the Registratiekamer is to act as an adviser and partner in the development of

these technologies.

The Information and Privacy Commissioner/Ontario has a mandate under the Ontario Freedom of

Information and Protection of Privacy Acts to research and comment upon matters relating to the

protection of privacy with respect to personal information held by government organizations in

Ontario. In the fulfilment of that mandate, the IPC is concerned that all information technologies, if

not properly managed, could represent a threat to the privacy of the residents of Ontario.

TNO Physics and Electronics Laboratory (TNO-FEL) is one of the three institutes that form TNO

Defence Research, part of TNO, the Netherlands Organisation for Applied Scientific Research. With

a long history in research and development, application and integration of new defence technologies,

TNO-FEL has traditionally devoted the majority of its resources to meeting the demands of

the Netherlands Ministry of Defence and Armed Forces. Today however, TNO-FEL participates in

international as well as national defence programmes and operates in close co-operation with

technological institutes, industry and universities both inside and outside the Netherlands.

The Registratiekamer and the Information and Privacy Commission (IPC), in association with TNO

Physics and Electronics Laboratory (TNO-FEL), conducted an earlier study of technologies that

could improve the privacy of individuals in 1995. The results of that study are published in (Hes, R.

and Borking, J. editors, 1998, revised edition). A summary of the results of this study is included in

appendix A. Two of the technologies studied were blind digital signatures and Trusted Third Parties

(TTP’s).

The Registratiekamer believes that (intelligent) agent technologies could jeopardise the privacy of

individuals. However, these technologies may also be used to protect the privacy of individuals. A

special privacy software agent could be developed to exercise the rights of its user, and to enable

this individual to protect him or herself against privacy intrusions with the aid of a PET. Therefore,

the Registratiekamer decided to study the privacy aspects of these agent technologies pro-actively.

Once again, this study was conducted in close co-operation with TNO-FEL.

 

Agent technology

Software agents have their roots in work conducted in the fields of software engineering, human

interface research and Artificial Intelligence (AI). Conceptually, they can be traced back to the late

seventies when their predecessors, the so-called ‘actors’, were introduced. These actors were selfcontained

objects, with their own encapsulated internal state and some interactive and concurrent

communication capabilities. Software agents developed up to now can be classified under Multiple

Agent Systems (MAS), one of the three branches of distributed AI research, the others being

Distributed Problem Solving (DPS) and Parallel Artificial Intelligence (PAI) (Nwana, H.S. and

Azarmi, N., 1997). Technically, they exhibit many of the properties and benefits common to

distributed AI systems. These properties include:

Modularity. A modular programming approach reduces the complexity of developing software

systems.

Speed. Parallelism, the concurrent execution of co-operating programs, increases the execution

speed of the overall system.

Reliability. Built-in redundancy increases the fault tolerance of an application, thus enhancing its

reliability.

Operation at the knowledge level. Utilisation of AI techniques allows high-level messaging.

Others. These include maintainability, reusability and platform independence.

 Reasons for software agents to exist

Research and development efforts in the area of agent technologies have increased significantly in

recent times. This is the result of a combination of ‘market pull’ and ‘technology push’ factors.

The key factor triggering the ‘market pull’ is information overload. In 1982, the volume of publicly

available scientific, corporate and technical information was doubling every five years. By 1988 it

was doubling every 2.2 years; by 1992 every 1.6 years. With the rapid expansion of the Internet (the

Net), one can expect this rate of increase to continue, which means that by 1998 the amount of

information will probably double in less than a year. This dramatic information explosion poses a

major problem: how can information be managed so that it becomes available to the people who

need it, when they need it? How should one organise network flows in such a way as to prevent

massive retrieval of information from remote sources from causing severe degradation of network

performance, i.e., how can one ensure that network capacity is used economically? Software agents

hold the promise of contributing to providing a solution to this problem. Agent technologies can be

used to assist users in gathering information. Agents can gather and select this information locally,

thereby avoiding unnecessary network loads. What distinguishes (multi-)agent architectures from

other architectures is that they provide acceptable solutions to certain problems at an affordable

price.

The key factor triggering the ‘technology push’ is the rapid development of communication and

information technology. At present, communication technology offers communication facilities and

solutions with increasing capabilities – both in terms of bandwidth and speed – at decreasing cost.

Definition of agents

There is no general agreement on a definition of the word ‘agent’, just as there is no consensus

within the artificial intelligence community on a definition of the term ‘artificial intelligence’. In

general, one can define an agent as a piece of software and/or hardware capable of acting in order

to accomplish a task on behalf of its user. A definition close to present-day reality is that of

Ted Selker from the IBM Almaden Research Center:

‘An agent is a software thing that knows how to do things that you could

probably do yourself if you had the time’.

For the rest of this study, the first trend mentioned in chapter one, the development of agents to help

people perform routine tasks, will be ignored.

Agents come in many different flavours. Depending on their intended use, agents are referred to by

an enormous variety of names, e.g., knowbot, softbot, taskbot, userbot, robot, personal (digital)

assistant, transport agent, mobile agent, cyber agent, search agent, report agent, presentation agent,

navigation agent, role agent, management agent, search and retrieval agent, domain-specific agent,

packaging agent. The word ‘agent’ is an umbrella term that covers a wide range of specific agent

types. Most popular names used for different agents are highly non-descriptive. It is therefore

preferable to describe and classify agents according to the specific properties they exhibit.

An example of an agent is a Personal Digital Assistant (PDA), which is described in the following

metaphor (Abdu, D. and Bar-Ner, O.), which describes the co-operative, mobile, and learning

processes that are present in a PDA.

Metaphor:

‘Bruce awoke instantaneously at 06:00 AM sharp, expecting a long day of helping his boss, Hava.

He took a look at Hava’s daily schedule and then went to the mailbox to see what other meetings and

appointments he would have to squeeze in today. There was a request for an urgent meeting from Doris,

Seppo’s assistant. He contacted Doris, informing her that Hava had half an hour free at 10:00 AM or

at 5:00 PM and that Hava personally preferred morning meetings. Doris confirmed 10:00 AM and Bruce

posted a note for Hava. Next on his agenda, Bruce went about sorting through the rest of Hava’s mail and

news bulletins, picking out a select few that he believed would satisfy her reading habits and preferences.

At about 9:30 AM he caught a message from Hava’s best friend that tonight she was free. Knowing that

Hava likes going with her friend to movies and that she had not yet seen ‘Brave Heart’ with Mel Gibson,

her favourite actor, Bruce decided to buy them a pair of tickets to the early show and make reservations at

Hava’s favourite restaurant. He stepped out and zipped over to the mall, to the ticket agency, and discreetly

bought the tickets with Hava’s VISA number. He returned with a big smile on his face and notified Hava of

her evening plans. At about 01:00 PM he received an urgent message from Hava telling him that she was

happy about tonight’s arrangements, but did not want to see ‘Brave Heart’ because it was too violent

for her. Bruce noted Hava’s aversion to violent films for future reference and hurried back to the mall totry and sell the tickets to someone else and then buy tickets to ‘Sense and Sensibility’ (Hava just loves

Emma Thompson). At 7:00 PM, before leaving for the movie, Hava notified Bruce that he had done well

today and then she turned off the computer (and Bruce of course) for the night.’

Agent ownership

Agents could be owned by individuals or organisations. These agent-owners can use their agents to

carry out tasks to fulfil their owner’s purposes; and to offer agent services to individuals or

organisations that are not in a position to own an agent. In the metaphor provided above, the agent

Bruce could be owned by its boss Hava, but Hava could also have hired Bruce from a company or

organisation that provides agents. There are a number of reasons why Hava would not be in a

position to own her own agent. One of the reasons relates to the cost of purchasing an agent or the

hardware needed for the proper operation of the agent. Another reason could be the number of

tasks that Hava wants to delegate to the agent. If the number of tasks is very small, let’s say fewer

than 3 tasks a year, it is better to hire an agent than to use her own agent.

Service-providers, such as Internet service-providers, could provide a network infrastructure with

strong network-servers, and local workstations with only the necessary hardware and software to

connect to the network-servers. This structure could also be provided by cable-tv companies, which

already have the cable infrastructure and want to provide more services to their subscribers. Such a

network infrastructure will reduce the costs of the workstations and, therefore, increase the

possibil-ities for financially less well-endowed individuals to use the Net. These workstations leave

practically no room for the installation of additional (local) software, including user-owned agents.

People who use these services will end up using agent-services that are provided by the networkprovider.

When using an agent provided by an agent-provider, the personal data that is provided to the agent

in order to create a user-profile can be passed on to, and recorded by, this agent-provider. This

could be an undesirable situation for an individual, especially for individuals who are concerned

about their privacy. This might be an argument for only using an agent that is owned by the

individual. It could also be a good reason to draw up an agreement between the individual and the

agent-provider which contains, for example, a privacy-intrusion liability clause.

Interaction between users and agents

In activating an agent, a user not only delegates tasks to it but also delegates responsibility and

competence. The interaction between a user and the agent might be compared to the interaction

between a boss and a secretary or a master and a servant. By delegating tasks, responsibilities and

competence the user loses control over a considerable amount of the agent’s activities. It is therefore

imperative that the user can trust the agent that is used, just as the boss trusts his or her secretary,

and the master trusts his or her servant.

A lack of trust could be the result of a difference between the working methods of the user and the

agent (Norman, D.A., 1994). If the user doesn’t know what his or her agent is doing, or isn’t content

with the way the agent works, he might consider never using this agent again. There should be some

kind of agreement between the agent and the user, as there is between secretary and boss where the

agreement is often based on mutual engagements. The agreement will be tried out for a probationary

period. During this period both parties can decide whether they accept the agreement. A user should

have a description of the working method of the agent in order to learn more about it before using the

agent. In this way, the user knows what to expect from the agent, and can decide the extent to which

he can trust the agent.

A lack of trust could also be avoided by increasing the discretion of the agent. The longer an agent

works for its user the more it will know about him or her. As in the relation between master and

servant, where the servant knows practically everything about his or her master, it becomes very

important that he handle this information with the utmost discretion. The servant will be engaged

on account of this quality. It is essential that agents have the means to protect the privacy of their

users. These means take the form of Privacy-Enhancing Technologies (PETs)

Classification of Agents

Agents can be classified according to the specific properties, or attributes, they exhibit (Nwana, H.S.

e.a., 1997 and Abdu, D. e.a.). These include the following:

Mobility. This refers to the extent to which an agent can move around a network. This leads to a

distinction between static and mobile agents. Sometimes this includes cloning to distribute

sub-tasks in a remote environment.

Deliberative behaviour. Deliberative agents possess an internal reasoning model and exhibit

planning and negotiation skills when engaged with other agents in order to achieve their goals.

In contrast with deliberative agents, reactive agents lack an internal reasoning model, but rather

act upon the environment using a stimulus-response type of behaviour.

Primary attributes. The most important attributes of an agent are referred to as primary attributes;

less important, or secondary attributes, are listed below. The primary attributes include the

following three:

Autonomy: reflects the ability of agents to operate on their own, without immediate human

guidance, although the latter is sometimes invaluable.

Co-operation: refers to the ability to exchange high-level information with other agents: an

attribute which is inherent in multiple agent systems (MAS).

Learning: refers to the ability of agents to increase performance over time when interacting

with the environment in which they are embedded. In (Nwana, H.S. and Azarmi, N. 1997),

agents combining several of the primary attributes are referred to by different names again:

autonomous agents that co-operate are called collaborative agents, those that learn are

referred to as interface agents, and those that do both are termed smart agents.

Secondary attributes. Agents can be classified according to a number of other attributes, which

could be regarded as being secondary to the ones described above. Rather than a comprehensive

list, some examples of secondary attributes that agents may exhibit will be given. Agents may be

classified, for example, by their pro-active versatility – the degree to which they pursue a single

goal or engage in a variety of tasks. Furthermore, one might attribute social abilities to agents,

such as truthfulness, benevolence and emotions (anger, fear), although the last is certainly

controversial. One may also consider mental attitudes of agents, such as beliefs, desires, and

intentions (in short: BDI’s).

By combining these properties and attributes, (Caglayan, A.K. and Harrison, C.G., 1997) hybrid

agents and heterogeneous agents can be constructed. With hybrid agents two or more properties

and/or attributes are combined in the design of a single agent. This results in the combination of the

strengths of different agent-design philosophies in a single agent, while at the same time avoiding

their individual weaknesses. It is not possible to separate such an agent into two other agents.

Heterogeneous agents combine two or more different categories of agents in such way that they

interact via a particular communication language.

Intelligence and Agency

By varying the extent of the learning attribute an agent’s intelligence can range from more to less

intelligent. By varying the extent of the attributes autonomy and co-operation an agent’s agency can

vary from no inter-activity with the environment to total inter-activity with the environment.

In this case, intelligence relates to the way an agent interprets the information or knowledge to

which it has access or which is presented to it (Caglayan, A.K. and Harrison, C.G. 1997). The most

limited form of intelligence is restricted to the specification of preferences. Preferences are

statements of desired behaviour that describe a style or policy the agent needs to follow. The next

higher form of intelligence is described as reasoning capability. With reasoning, preferences are

combined with external events and external data in a decision-making process. The highest form of

intelligence is called learning. Learning can be described as the modification of behaviour as a result

of experience. Appendix B gives a more detailed description of reasoning and learning.

Agency relates to the way an agent can perceive its environment and act on it (Caglayan, A.K. and

Harrison, C. G., 1997). Agency begins with asynchrony, where the agent can be given a task which it

performs asynchronously with respect to the user’s requests. The next phase of agency is user

representation, where an agent has a model of the user’s goals or agenda. In subsequent phases, the

agent is able to perceive, access, act on, communicate and interact with data, applications, services

and other agents. These phases are called: data inter-activity, application inter-activity, service

inter-activity, and agent inter-activity.

By combining intelligence and agency, it becomes possible to indicate where ‘intelligent’ agents are

positioned. Figure 2.1 illustrates this. Agents that are positioned in the shaded area are more or less

‘intelligent’ agents.

The future of software agents

Some say ‘intelligent’ agents are the stuff of Science Fiction, but is this really so? No, we don’t think

so – the future is close at hand. Many current developments in R&D laboratories deal with the

problems of intelligence, adaptive reasoning and mobility. Nevertheless, people have exaggerated

expectations about agents due to the natural enthusiasm of researchers. Researchers see far into the

future and imagine a world of perfect and complete agents. In practice, most agents available todayare used to gather information from public networks, like the Net. Many user-initiated actions are

still needed for these agents to accomplish their tasks. This means that most agents are still reactive,

and have not yet developed as far as most researchers would like. So, today’s agents are simple in

comparison to those that are being planned’ (Norman, D.A., 1994 and Minsky, M. e.a., 1994).

However already in 1990 philosophers (De Garis, H., 1990) warned that in the near future (50 years),

it is likely that computer and communication technology will be capable of building brain-like

computers containing billions of artificial neurons. This development will allow neuroengineers and

neurophysiologists to combine forces to discover the principles of the functioning of the human

brain. These principles will then be translated into more sophisticated computer architectures and

intelligent software agents. This development might well become in the 21st century a global

political issue. A new branch of applied computer ethics is needed to study the profound

implications of the prospect of life in a world in which it is generally recognised to be only a

question of time before our intelligent software agents and computers become smarter then we are.

Privacy-Enhancing Technologies

As stated in chapter 3, privacy regulations and privacy guidelines have been drawn up by various

governments and international governmental organisations. Tough measures are needed to enforce

these regulations. Up to now, these have taken the form of inspections or audits to verify whether all

organisations that collect personal data are complying with the privacy regulations. These inspections

are time-consuming and therefore expensive. The Registratiekamer searches for technologies capable

of replacing inspections for enforcing the privacy regulations. The IPC is also on the lookout for such

privacy-enhancing technologies (PETs).

This chapter will describe the potential and implications of using technologies to manage the threats

described in the previous chapter and improve the privacy of individuals in an agent-based

environment. These threats can be managed by using the Identity Protector (IP) described in (Hes, R.

and Borking, J. editors, 1998, revised edition). (Hes, R. and Borking, J. editors, 1998, revised edition)

also describes the technologies to implement the IP. These technologies are defined as PETs. The IP

controls the exchange of the user’s identity within an information system (for a more detailed

description of the IP, see appendix A).
In an agent-based environment the IP can be used in two ways:

– between the user and the agent

– between the agent and the external environment


When the IP is placed between the user and the agent, there will be no exchange of personal data

from the user to the agent without the approval of the IP and the user. In this way, the user cancontrol the amount of personal data that is recorded by the agent. This option could be used to

protect the user against threats to privacy caused by agent-providers.

Placing the IP between the agent and the external environment gives the agent comprehensive

powers to obtain and record personal data from its user. The IP will help the agent to protect the

personal data of its user against unwanted dispersion.

The PETs described in appendix A and (Hes, R. and Borking, J. editors, 1998, revised edition) to

implement an IP are only capable of managing some of the threats. To manage the remaining

threats, existing security technologies that are not yet defined as PETs need to be applied in such a

way that they can improve the privacy of individuals. Eventually, these technologies will also be

called PETs.

 

Irrespective of the fact that privacy is not a commodity but a fundamental human right, it has to be

said that the protection of an individual’s privacy is still the individual’s own responsibility and

choice. It is therefore up to each individual whether to protect it or not. This leaves the individual

with the consideration of whether or not to use PETs to secure his or her agent. If the individual

chooses to protect his or her privacy, he or she still needs to make a choice about the extent of the

protection offered by the PETs. The extent of protection could be defined by the relationship the

individual has with his or her environment. This relationship can consist of political, social, public,

or other kinds of interactions. If the individual decides to take an agent with PETs with a high

degree of privacy protection, this will have consequences for the performance of the agent.