Ancile Privacy Project

Ancile is a framework designed to support the creation of microscale, privacy-concious, data-driven planning applications. Ancile lowers the bar for building advanced planning applications while giving individuals fine-grained visibility and control over how their personal data is used and shared.

system architecture

Ancile provides an interface for principals to authorize data import from a data provider and to specify policies to be associated with all data about a an individual received by an application from that data provider.

These policies are specified as regular expressions over an "alphabet" of commands that operate on data. Both data subjects and policy administrators (e.g., regulatory experts or faculty PIs) may specify policies. On data ingress into Ancile, each data value is associated with a policy formed by intersecting the policies provided by each stakeholder.

Ancile implements a reactive mechanism that updates the associated policy when a data value is used and that synthesizes policies for any derived data values. To support extensible development of location-based services by third parties, Ancile offers a Python library of commands that application developers can use to write programs for handling location data or any other type of sensitive data. It as well supports wrapping any third-party library to be enforced by policies. Ancile executes these programs on behalf of the applications and enforces that the data are only processed in compliance with their associated policies.

For more information check our paper and GitHub repo.

Project PI: Nate Foster. Supported by NSF Grant 1642120.