Abstract
Whoever conducts a survey usually wants a large number of participants in order to attain meaningful results. A method to increase the motivation of potential participants is offering a prize that is awarded to one of them. For that purpose the pollster usually collects the E-mail addresses or other personal data of the participants, enabling him to notify the winner. Collecting the participant’s personal data may, however, conflict with the potential participant’s privacy interests as well as the pollster’s concern about dishonest answers participants may give to gain favor. Therefore, this paper presents solutions that enable the pollster to carry out a survey in an anonymous way while only collecting the winner’s personal data. If the prize is a virtual good, then even the winner’s identity is concealed.
Keywords
- Data protection
- Data reduction
- Online survey
- Privacy
- Blind signatures
- Scope-exclusive pseudonyms
- Zero-knowledge proofs
This is a preview of subscription content, access via your institution.
Buying options
Notes
- 1.
Whether the anonymity is withdrawn or can be withdrawn depends on the form of data collection.
- 2.
These Directives address the member states of the European Union and must be transposed into internal law. The following examples are based on the provisions of the Federal Data Protection Act, which transposes the regulations of the Directive 95/46/EC to German law. Since the transposition into internal law is fairly similar within Europe, one example of transposition is considered sufficiant for this paper. Please note, that it is planned to replace the mentioned Directive with a European General Data Protection Regulation. In contrast to European Directives, European Regulations do not need to be transposed into internal law. The draft can be found at http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf.
- 3.
Compare Sect. 3 I, VI, VIa of the Federal Data Protection Act.
- 4.
Compare Sect. 4 of the Federal Data Protection Act.
- 5.
Compare Sect. 3a of the Federal Data Protection Act.
- 6.
Compare Sect. 9 of the Federal Data Protection Act.
- 7.
Compare Sects. 19–21 and 33–35 of the Federal Data Protection Act.
- 8.
Cf. Common Criteria Protection Profile BSI-PP-0037, “Basic set of security requirements for Online Voting Products”, https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/ReportePP/pp0037b_engl_pdf.
- 9.
Tor is an example of a network software that anonymizes communication data based on onion routing, see: www.torproject.org.
- 10.
A generalization of this solution for an open user group is given in the next section.
- 11.
Of course this would also include a possibility to check the integrity of the downloaded software by using digital fingerprints etc.
- 12.
In other cases there might be better options like browser-based solutions (e.g. browser applets or java-script based functionality), since users could not be willing to install a software for participating in a single survey.
- 13.
See Sect. 4.2 for a more technical description.
- 14.
This risk can be avoided by the terms and conditions of the survey, e.g. “Only the first submitter of the winning raffle ticket wins the prize.” Generally, setting terms and conditions for a raffle is highly recommended in order to inform possible participants about their eligibility, the time frame of the raffle, and a description of the prize.
- 15.
- 16.
As stated in Sect. 1 we do not introduce new cryptographic primitives in this paper, we simply use the ones defined.
- 17.
This risk usually decreases with more participants.
- 18.
In this case, it must be ensured that only the winner will be able to download the file and the digital prize will be passed on in accordance with the Terms of Use of the seller.
- 19.
Due to attendee registration, we were able to contact each potential participant by mail.
- 20.
The images are selected from a database of the pollster.
- 21.
References
Adida, B.: Helios: web-based open-audit voting. In: Proceedings of the 17th Conference on Security Symposium, pp. 335–348 (2008)
Bär, M., Henrich, C., Müller-Quade, J., Röhrich, S., Stüber, C.: Real world experiences with bingo voting and a comparison of usability. In: WOTE 2008 (2008)
Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: Domain-specific pseudonymous signatures for the german identity card. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 104–119. Springer, Heidelberg (2012)
Bichsel, P., Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Krenn, S., Krontiris, I., Lehmann, A., Neven, G., Nielsen, J.D., Paquin, C., Preiss, F.S., Rannenberg, K., Sabouri, A., Stausholm, M.: Architecture for attribute-based credential technologies - final version (2014)
Bohli, J.-M., Müller-Quade, J., Röhrich, S.: Bingo voting: secure and coercion-free voting using a trusted random number generator. In: Alkassar, A., Volkamer, M. (eds.) VOTE-ID 2007. LNCS, vol. 4896, pp. 111–124. Springer, Heidelberg (2007)
Bräunlich, K., Grimm, R.: Sozialwahlen via Internet mit Polyas. DuD 38(2), 82–85 (2014)
Bräunlich, K., Grimm, R., Kahlert, A., Richter, P., Roßnagel, A.: Bewertung von Internetwahlsystemen für Sozialwahlen. DuD 38(2), 75–81 (2014)
Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 345–356 (2008)
Camenisch, J., Hohenberger, S., Kohlweiss, M.: How to win the clone wars: efficient periodic n-times anonymous authentication. In: Proceeding of the 13-th ACM Conference on Computer and Communications Security, CCS 2006, pp. 201–210 (2006)
Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Chaum, D.: Blind signatures for untraceable payments. In: Advandes in Cryptology - CRYPTO 1982, pp. 199–203 (1983)
Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28, 1030–1044 (1985)
Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)
Chen, L.: Access with pseudonyms. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms 1995. LNCS, vol. 1029, pp. 232–243. Springer, Heidelberg (1996)
Peointcheval, D., Stern, J.: Provable secure blind signature schemes. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 252–265. Springer, Heidelberg (1996)
Gjøsteen, K.: The norwegian internet voting protocol. In: Kiayias, A., Lipmaa, H. (eds.) VoteID 2011. LNCS, vol. 7187, pp. 1–18. Springer, Heidelberg (2012)
Müller-Quade, J., Henrich, C.: Bingo voting. DuD 33(2), 102–106 (2009)
Papagiannopoulos, K., Alpar, G., Lueks, W.: Designated attribute proofs with the Camenisch-Lysyanskaya signature (2013)
Pashalidis, A.: Interdomain user authentication and privacy. Royal Holloway University of London, Technical report (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Herfert, M., Lange, B., Selzer, A., Waldmann, U. (2015). A Privacy-Friendly Method to Reward Participants of Online-Surveys. In: Katsikas, S., Sideridis, A. (eds) E-Democracy – Citizen Rights in the World of the New Computing Paradigms. e-Democracy 2015. Communications in Computer and Information Science, vol 570. Springer, Cham. https://doi.org/10.1007/978-3-319-27164-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-27164-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27163-7
Online ISBN: 978-3-319-27164-4
eBook Packages: Computer ScienceComputer Science (R0)