Every time a user registers on a social media network, they must cede part of their privacy to the company that regents it. It is not always clear how much privacy is relinquished, since the privacy clauses are usually buried deep within a gigantic terms and conditions document, which can also be modified at any time, with no prior warning. To return control over the information which is shared and which permissions are granted back to the user, Maciej Machulak has had a crucial role in the development of a standard called User Managed Access (UMA).
“A series of applications were analyzed in terms of how they managed access control and a number of shortcomings were detected”, Machulak says. To resolve these shortcomings, “we designed a protocol that allows subscribed applications and web sites to completely disentangle themselves from the question of controlling access to users´ personal data”. The solution consists of the creation of an intermediary software, the access manager, who centralizes all of the user´s preferences in terms of privacy and the transfer of personal data access rights.
“In the same way that certain sites allow access to their services via a Facebook or Google user IDs, the idea is to allow the user to define their privacy preferences every time they share something, through the authorization manager of their choice”, the young, computer scientist explains. The benefit for users is immediate as they gain greater control over their data in equal measure no matter which service they choose. The value added for the applications which adopt this standard is the same as for authentication: they hand the problem of managing these preferences over to a third party.
As Machulak explains, “UMA´s protocol is very flexible: for example you can choose to share a photograph not only with one specific person but also with anyone who will comply with the conditions imposed by the user, such as personal use only, or deleting the photo after a week and the authorizations manager can, in the event of an infraction, provide legal help to pursue anyone who has accessed the content and violated the conditions”.
It will be some time before this service becomes available to users. The first complete version of the protocol was published in March of this year, and the next step is to recruit applications and websites to adopt the system. According to Kumardev Chatterjee, the founder and president of the Young European Innovators Forum and jury member for MIT Technology Review´s Innovators Under 35 Poland awards, “Maciej Machulak´s project is excellent in terms of the standards and the technologies he has developed, which have great potential to impact a crucial area”.
Machulak began working on this idea in 2008 as part of his doctorate studies at the University of Newcastle (United Kingdom), where he founded Cloud Identity to develop and commercialize authorization management software based on the protocol designed as part of his doctorate. In March, 2015, Cloud Identity was acquired by the Belgian company Synergetics where Machulak became the Chief Identity Architect.