Accountable Privacy

  • Mike Burmester
  • Yvo Desmedt
  • Rebecca N. Wright
  • Alec Yasinsac
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3957)


As the Internet has gained widespread use, and advanced technologies such as high-speed multi-media technologies and automated digital monitoring have become a reality, privacy is at the greatest risk of all time. At the same time, sophisticated threats from hackers, terrorists, thieves, and others that would abuse privacy highlight the need to find technologies that provide some accountability. However, the goals of accountability and of privacy appear to be in contradiction: accountability tends to be about determining which entities committed which actions, while privacy seeks to hide this information.

In this paper, we discuss the apparent conflict that exists between privacy and accountability. We survey some of the issues in privacy and in accountability and highlight research directions for balancing the needs of both.


Block Cipher Blind Signature Secret Sharing Scheme Electronic Vote Broadcast Encryption 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proceedings of the 19th International Conference on Management of Data, pp. 439–450. ACM Press, New York (2000)Google Scholar
  2. 2.
    Bellare, M., Goldwasser, S.: Verifiable partial key escrow. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 78–91 (1997)Google Scholar
  3. 3.
    Beth, T.: Zur Sicherheit der Informationstechnik. In: Informatik-Spektrum, vol. 13, pp. 204–215. Springer, Heidelberg (1990) (in German)Google Scholar
  4. 4.
    Blakley, G.R., Meadows, C.: Security of Ramp Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 242–268. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.K.: An efficient public key traitor scheme (Extended abstract). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 338–353. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Brassard, G., Crépeau, C., Robert, J.M.: All-or-Nothing Disclosure of Secrets. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 234–238. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  7. 7.
    Burmester, M., Desmedt, Y.G., Seberry, J.: Equitable Key Escrow with Limited Time Span. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 380–391. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Chaum, D.: Blind Signatures for untraceable payments. In: Crypto 1982, pp. 199–203. Plenum Press, New York (1983)Google Scholar
  9. 9.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  10. 10.
    Chaum, D.: Showing Credentials without Identification: Transferring Signatures between Unconditionally Unthinkable Pseudonyms. In: Seberry, J., Pieprzyk, J.P. (eds.) AUSCRYPT 1990. LNCS, vol. 453, pp. 246–264. Springer, Heidelberg (1990)Google Scholar
  11. 11.
    Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  12. 12.
    Chin, F., Ozsoyoglu, G.: Auditing and inference control in statistical databases. IEEE Transactions on Software Eng. 8(6), 113–139 (1982)MathSciNetMATHGoogle Scholar
  13. 13.
    Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
  14. 14.
    Davenport, D.: Anonymity on the Internet: why the price may be too high. Communications of the ACM 45(4), 33–35 (2002)CrossRefGoogle Scholar
  15. 15.
    Denning, D.E., Branstad, D.K.: A Taxonomy of key escrow encryption systems. Communications of the ACM 39(3), 34–40 (1996)CrossRefGoogle Scholar
  16. 16.
    Desmedt, Y.G.: Securing Traceability of Ciphertexts - Towards a Secure Software Key Escrow System. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 147–157. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  17. 17.
    Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad hoc groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Ellison, C., Schneier, B.: Ten Risks of PKI, What You Are Not Being Told About PKI. Computer Security Journal XVI(1), 1–7 (2000)Google Scholar
  19. 19.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  20. 20.
    Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. Journal of Cryptology 1(2), 77–94 (1988)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Feigenbaum, J., Ishai, Y., Malkin, T.G., Nissim, K., Strauss, M.J., Wright, R.N.: Secure multiparty computation of approximations. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 927–938. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient Private Matching and Set Intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Fujioka, A., Okamoto, T., Ohta, K.: A Practical Secret Voting Scheme for Large Scale Election. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 248–259. Springer, Heidelberg (1993)Google Scholar
  24. 24.
    Furukawa, J., Miyauchi, H., Mori, K., Obana, S., Sako, K.: An Implementation of a Universally Verifiable Electronic Voting Scheme based on Shuffling. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 16–30. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Goldreich, O., Micali, S., Wigderson, A.: How to Play Any Mental Game. In: Proc. of 19th STOC, pp. 218–229 (1987)Google Scholar
  26. 26.
    Gollmann, D.: What do we mean by Entity Authentication? In: Proceedings of the 15th IEEE Symposium on Security and Privacy, pp. 46–54. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  27. 27.
    Hirt, M., Sako, K.: Efficient Receipt-Free Voting Based on Homomorphic Encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  28. 28.
    Jarecki, S., Shmatikov, V.: Handcuffing Big Brother: an Abuse-Resilient Transaction Escrow Scheme. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 590–608. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. 29.
    Knudsen, L.R., Pedersen, T.P.: On the difficulty of software key escrow. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 237–244. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  30. 30.
    Kurosawa, K., Desmedt, Y.G.: Optimum traitor tracing and asymmetric schemes. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 145–157. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  31. 31.
    Kurosawa, K., Yoshida, T.: Linear code implies public-key traitor tracing. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 172–187. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  32. 32.
    Lindell, Y., Pinkas, B.: Privacy preserving data mining. J. Cryptology 15(3), 177–206 (2002); (An earlier version appeared in Crypto 2000)MathSciNetCrossRefMATHGoogle Scholar
  33. 33.
    Micali, S.: Fair public-key cryptosystems. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 113–138. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  34. 34.
    Micali, S., Sidney, R.: A simple method for generating and sharing pseudo-random functions, with applications to clipper-like key escrow systems. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 185–196. Springer, Heidelberg (1995)Google Scholar
  35. 35.
    Millen, J.K., Wright, R.N.: Reasoning about Trust and Insurance in a Public Key Infrastructure. In: Proceedings of 13th IEEE Computer Security Foundations Workshop, pp. 16–22. IEEE Computer Society, Los Alamitos (2000)CrossRefGoogle Scholar
  36. 36.
    Rumsfeld, D.: US Secretary of State, Comments to the press (September 12, 2001),
  37. 37.
    Sako, K., Kilian, J.: Receipt-free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  38. 38.
    Samfat, D., Molva, R., Asokan, N.: Untraceability in mobile networks. In: Proceedings of the 1st annual international conference on Mobile computing and networking, Berkeley, California, pp. 26–36 (1995)Google Scholar
  39. 39.
    Schneider, F.B.: Trust in Cyberspace. National Academy Press, Washington (1999)Google Scholar
  40. 40.
    von Solms, B., Naccache, D.: On blind signatures and perfect crimes. Computers and Security 11(6), 581–583 (1992)CrossRefGoogle Scholar
  41. 41.
    Spafford, G.: Protecting Personal Information in Academia. In: Computing Research News, pp. 3, 4, 12 (May 2001),
  42. 42.
    Spreitzer, M., Theimer, M.: Providing location information in a ubiquitous computing environment (panel session). In: ACM SIGOPS Operating Systems Review, Proceedings of the fourteenth ACM symposium on Operating systems principles, vol. 27(5), pp. 270–283 (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Mike Burmester
    • 1
  • Yvo Desmedt
    • 1
  • Rebecca N. Wright
    • 2
  • Alec Yasinsac
    • 1
  1. 1.Department of Computer ScienceFlorida State UniversityTallahasseeUSA
  2. 2.Department of Computer ScienceStevens Institute of TechnologyHobokenUSA

Personalised recommendations