Summary
The current mainstream approach to privacy protection is to release as little personal data as possible (data minimisation). To this end, Privacy Enhancing Technologies (PETs) provide anonymity on the application and network layers, support pseudonyms and help users to control access to their personal data, e.g., through identity management systems. However, protecting privacy by merely minimising disclosed data is not sufficient as more and more electronic applications (such as in the eHealth or the eGovernment sectors) require personal data. For today's information systems, the processing of released data has to be controlled (usage control). This chapter presents technical and organisational solutions elaborated within FIDIS on how privacy can be preserved in spite of the disclosure of personal data.
Many researches in FIDIS have contributed to the FIDIS deliverables this chapter is based on. We gratefully acknowledge their contributions. Daniel Cvrcek and Jozef Vyskoc (MU) deserve special thanks for having reviewed this chapter so thoroughly.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Adam, N. R. and Worthmann, C. J. (1989), ‘Security-control methods for statistical databases: a coparative study’, ACM Computing Surveys, 21 (4), pp. 515–556.
Accorsi, R. (2008), ‘Automated Privacy Audits to Complement the Notion of Control for Identity Management’, Policies and Research in Identity Management, IFIP vol. 261, pp. 39–48.
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M. (2003), ‘Enterprise Privacy Authorization Language (EPAL)’, IBM Research, url: http://www.zurich.ibm.com/ security/enterprise-privacy/epal/specification.
Aura, T. (1999), ‘Distributed Access-Rights Managements with Delegations Certificates’, Secure internet Programming: Security Issues For Mobile and Distributed Objects, LNCS vol. 1603, pp. 211–235.
Baumgarten, M., Buechner, A. G., Anand, S. S., Mulvenna, M. D., Hughes, J. G. (1999), ‘User-driven navigation pattern discovery from internet data’, in: Masand, B.M. and Spiliopoulou, M. (eds.), Revised Papers From the international Workshop on Web Usage Analysis and User Profiling LNCS Vol. 1836. pp. 74–91, SpringerWeb Usage Analysis and User Profiling, Proceedings of International WEBKDD'99 Workshop San Diego, CA, USA, LNCS vol. 1836.
Beck, L. L. (1980), ‘A security mechanism for statistical database’, ACM Transactions on Database Systems (TODS) 5 (3), pp. 316–338.
Beimel, A. and Dolev, S. (2003), ‘Buses for anonymous message delivery’, Journal of Cryptology, 16 (1), pp. 25–39.
Bennett, K. and Grothoff, C. (2003), ‘GAP — Practical Anonymous Networking’, Proceedings of the Privacy Enhancing Technologies Workshop (PET ‘03), pp. 141–160.
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A. D. (1998), ‘The role of trust management in distributed systems security’, Secure Internet Programming, Issues in Distributed and Mobile Object Systems, LNCS State-of-the-Art series, Springer.
Borges, J. and Levene, M. (2000), ‘Data mining of user navigation patterns’, Revised Papers from the International Workshop on Web Usage Analysis and User Profiling, LNCS vol. 1836, pp. 92–111,.
Broder, A. J. (1999), ‘Data mining, the internet, and privacy’, Revised Papers from the International Workshop on Web Usage Analysis and User Profiling, LNCS vol. 1836, pp. 56–73.
Buitelaar, H. (ed.) (2007), FIDIS Deliverable D13.3: Study on ID number policies, Download: www.fidis.net/resources/deliverables/.
Bygrave, L. A. (2002), ‘Data Protection Law, Approaching its rationale, logic and limits’, Kluwer Law International, pp. 94–95.
Camenisch, J. and van Herreweghen, E. (2002), ‘Design and Implementation of the idemix Anonymous Credential System’, Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 21–30.
Camenisch, J. and Lysyanskaya, A. (2001), ‘An efficient system for non-transferable anonymous credentials with optional anonymity revocation’ Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT ‘01), LNCS vol. 2045, pp. 93–118.
Camenisch, J. and Lysyanskaya, A. (2002), ‘A signature scheme for efficient protocols’, Proceedings of Third Conference on Security in Communication Networks, LNCS vol. 2576, pp. 274–295.
Camenisch, J., Shelat, A., Sommer, D., Fischer-Hűbner, S., Hansen, M., Krasemann, H., Lacoste, G., Leenes, R., Tseng, J. (2005), ‘Privacy and identity management for everyone’ Proceedings of the 2005 workshop on Digital identity management (DIM ‘05), pp. 20–27.
Casassa Mont, M., Pearson, S., Bramhall, P. (2003), ‘Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services’, Proceedings of the 14th International Workshop on Database and Expert Systems Applications (DEXA'03), pp. 377–382.
Casassa Mont, M. and Pearson, S. (2005), ‘An Adaptive Privacy Management System for Data Repositories’, in: Kazikas, S., Lopez, J., Pernul, G. (eds.) Proceedings of TrustBus 2005, LNCS vol. 3592, Springer, pp. 236–245.
Chaum, D. (1981), ‘Untraceable electronic mail, return addresses, and digital pseudonyms’, Communications of the ACM 4 (2), pp. 84–88.
Chaum, D. (1986), ‘Showing credentials without identification. Signatures transferred between unconditionally unlinkable pseudonyms’, Proceedings of the workshop on Theory and Application of Cryptographic Techniques (EUROCRYPT ‘85), LNCS vol. 281, pp. 241–244.
Chaum, D. (1988), ‘The dining cryptographers problem: Unconditional sender and recipient untraceability’, Journal of Cryptology 1 (1), pp. 65–75.
Chawla, S., Dwork, C., McSherry, F., Smith, A., Wee, H. (2005), ‘Toward privacy in public databases’, in: Kilian, J. (ed.) Proceedings of the 2nd Theory of Cryptography Conference (TCC'05), LNCS vol. 3378, Springer, pp. 363–385.
Chin, F. Y. L. and Özsoyoglu, G. (1982), ‘Auditing and inference control in statistical databases’, IEEE Transactions on Software Engineering (TSE) 8 (6), pp. 574–582.
Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M. (1998), Private information retrieval', Journal of ACM 45 (6), pp. 965–981.
Clauß, S. and Köhntopp, M. (2001), ‘Identity management and its support of multilateral security’, Computer Networks, The International Journal of Computer and Telecommunications Networking 37 (2), pp. 205–219.
Clifton, C. and Marks, D. (1996), ‘Security and privacy implications of data mining’, Proceedings of the ACM SIGMOD Workshop on Research Issues on Data Mining and Knowledge Discovery, Montreal, Canada, pp. 15–19.
College bescherming persoonsgegevens (2002), ‘Electronische overheid en privacy, Bescherming van persoonsgegevens in de informatiestructuur van de overheid [Electronic Government and privacy, Data protection in the government information structure]’, Den Haag.
Common Criteria Editorial Board (2007), ‘Common Criteria for Information Technology Security Evaluation (Part 2: Security functional requirements)’, Version 3.1, rev. 2.
Cox, I. J., Miller, M. L., Bloom, J. A., Fridrich, J., Kalker, T. (2008), Digital Watermarking and Steganography, Morgan Kaufmann.
De Bot, D. (2005), ‘Privacybescherming bij e-government in Belgié. Een kritische analyse van het Rijksregister, de Kruispuntbank van Ondernemingen en de elektronische identiteitskaart, [Privacy protection in e-government in Belgium. A critical analysis of the Rijksregister, the Crossroads bank of enterprises and the electronic identity card]’, p. 56, Vandenbroeke, Brugge.
Denning, D. E. and Denning, P. J. (1979), ‘The tracker: a threat to statistical database security’, ACM Transactions on Database Systems (TODS) 4 (1), pp. 76–96.
Denning, D. E. (1980), ‘Secure statistical databases with random sample queries’, ACM Transactions on Database Systems (TODS) 5 (3), pp. 291–315.
Dobkin, D., Jones, A. K., Lipton, R. J. (1979), ‘Secure databases: protection against user influence’, ACM Transactions on Database Systems (TODS 4 (1), pp. 97–106.
Dua, S., Iyengar, S. S., Cho, E. (2000), ‘Discovery of web frequent patterns and user characteristics from web access logs: A framework for dynamic web personalization’, Proceedings of the 3rd IEEE Symposium on Application-Specific Systems and Software Engineering Technology (ASSET'00).
The European Parliament and the Council (1995), ‘Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data on the free movement of such data’, Official Journal of the European Communities, L 281, Brussels, pp. 31–50.
The European Parliament, the Council and the Commission (2000), ‘The Charter of Fundamental Rights of the European Union (2000/C 364)’, Official Journal of the European Communities. http://www.europarl.europa.eu/charter/pdf/text_en.pdf.
Ford, W. and Baum, M. S. (1997), ‘Secure Electronic Commerce’, Prentice-Hall, Inc., New Jersey.
Grothoff, C., Patrascu, I., Bennett, K., Stef, T., Horozov, T. (2002), ‘GNET’, Whitepaper, Version 0.5.2. http://www.gnunet.org/download/main.pdf.
Gutwirth, S., and de Hert, P. (2005), ‘Privacy and Data Protection in a Democratic Constitutional State’, Profiling: Implications for Democracy and Rule of Law, in: Hildebrandt, M., Gutwirth, S., De Hert, P. (eds.), FIDIS Deliverable D7.4: Implications of profiling practice on democracy, Download: www.fidis.net/resources/deliverables/, pp. 11–28.
Hansen, M. and Krasemann, H. (2005), ‘Prime White Paper’, White Paper, Privacy and Identity Management for Europe, PRIME.
Harrison, M.A., Ruzzo, W.L., Ullman, D.J. (1979), ‘Protection in Operating Systems’, Communications of ACM 19, (8), pp. 461–471.
Josang, A., Al Zomai, M., Suriadi, S. (2007), ‘Usability and privacy in identity management architectures’, in: Brankovic, L. and Steketee, C. (eds.), Proceedings of the Fifth Australasian Information Security Workshop (Privacy Enhancing Technologies) (AISW 2007), CRPIT Vol. 68, Ballarat, Australia, pp. 143–152.
Kang, S.-I. and Lee, I.-Y. (2005), ‘A study on the e-cash system with anonymity and divisibility’, in: Gervasi, O., Gavrilova, M. L., Kumar, V., Laganà, A., Lee, H. P., Mun, Y., Taniar, D., Tan, C. J. K. (eds.), ‘Computational Science and Its Applications — IC-CSA 2005’, Proceedings of the International Conference on Computational Science and its Applications (ICCSA ‘05), Part II, LNCS Vol. 3481, Springer, pp. 177–186.
Kargupta, H., Datta, S., Wang, Y., Sivakumar, K. (2003), ‘On the privacy preserving properties of random data perturbation techniques’, Proceedings of the third IEEE International Conference on Data Mining (ICDM'03), pp. 99–106.
Karjoth, G., Schunter, M., Waidner, M. (2003), ‘Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data’, Proceedings of the 2nd Workshop on Privacy Enhancing Technologies (PET 2002), LNCS vol. 2482, pp.69–84.
Kleinberg, J. M., Papadimitriou, C. H., Raghavan, P. (2000), ‘Auditing boolean attributes’, Proceedings of the nineteenth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of database systems, pp.86–91.
Koops, B.-J. (2001), ‘Een nieuwe GBA, digitale kluisjes en identificatiedrang [A new GBA, digital vaults and the identification urge]’, NJB 32 (32), pp. 1555–1561.
Koops, B.-J., Buitelaar, H., Lips, M. (eds.) (2007), FIDIS Deliverable D5.4: Anonymity in electronic government: a case-study analysis of governments’ identity knowledge, Download: www.fidis.net/resources/deliverables/.
Malin, B. (2002), ‘Compromising privacy with trail re-identification: The reidit algorithms’, Technical Report CMU-CALD-02-108, Carnegie Mellon University.
Matloff, N. S. (1986), ‘Another look at the use of noise addition for database security’, IEEE Symposium on Security and Privacy, pp. 173–181, IEEE Computer Society.
Matyáš, V. and Cvrček, D. (2004), ‘On the Role of Contextual Information for Privacy Attacks and Classification’, Proceedings of the Privacy and Security Aspects of Data Mining Workshop, pp. 31–39.
Müller, G. and Wohlgemuth, S. (eds.) (2007), FIDIS Deliverable D14.2 Study on Privacy in Business Processes by Identity Management, Download: www.fidis.net/resources/de-liverables/.
Neuman, B. C. (1993), ‘Proxy-Based Authorization and Accounting for Distributed Systems’, Proceedings of the 13th International Conference on Distributed Computing Systems, pp. 283–291.
Nissenbaum, H. (2004), ‘Privacy as Contextual Integrity’, Washington Law Review 79, pp. 101–140.
Park, J. and Sandhu, R. (2004), ‘The UCONABC usage control model’, ACM Transaction on Information System Security 7 (1), pp. 128–174.
Pfitzmann, A. and Hansen, M. (2009), ‘Anonymity, unobservability, and pseudonymity: A proposal for terminology’, in: Federrath, H. (ed.), Designing Privacy Enhancing Technologies (PET'00), LNCS vol. 2009, Springer, pp. 1–9.
Pretschner, A., Hilty, M., Basin (2006), ‘Distributed Usage Control’, Communications of the ACM 49 (9), pp 39–44.
Pretschner, A., Hilty, M., Basin, D., Schaefer, C., Walter, T. (2008), ‘Mechanisms for Usage Control’, Proceedings of the ACM Symposium on Information, Computer & Communication Security (ASIACCS ‘08), pp. 240–245.
Prins, C. and de Vries, M. (2003), ‘ID or not to be? Naar een doordacht stelsel voor digitale identificatie [ID or not to be? Towards a well thought out system for digital identification]’, Rathenau Instituut, Working document 91, p. 13.
Qiu, W., Chen, K., Gu, D. (2002), ‘A new offline privacy protecting e-cash system with revokable anonymity’, Proceedings of the 5th International Conference on Information Security, LNCS vol. 2433, pp. 177–190.
Reiter, M. and Rubin, A. (1998), ‘Crowds: Anonymity for web transactions’, ACM Transactions on Information and System Security (TISSEC) 1 (1), pp. 66–92.
Rivest, R., Adelman, L., Dertouzos, M. (1978), ‘On databanks and privacy homomorph-ism’, Foundations of secure computation, pp. 168–177.
Sackmann, S., Strüker, J., Accorsi, R. (2006), ‘Personalization in Privacy-Aware Highly Dynamic Systems’, Communications of the ACM 49 (9).
Samarati, P. and Sweeney, L. (1998), ‘Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression’, Technical Report SRI-CSL-98-04, SRI Computer Science Laboratory,.
Schlörer, J. (1983), ‘Information loss in partitioned statistical databases’, Computer Journal 26 (3), pp. 218–223.
Solove, D. (2006), ‘A taxonomy of privacy’, University of Pennsylvania Law Review 154 (3), pp. 477–560.
Sweeney, L. (2002), ‘k-anonymity: a model for protecting privacy’, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10 (5), pp. 557–570.
Tavani, H. T. (1999), ‘Information privacy, data mining, and the internet’, Ethics and Information Technology, Kluwer Academic Publishers, Hingham, MA, USA.
The Common Criteria Project Sponsoring Organisations (1999), Common Criteria for Information Technology Security Evaluation — part 2, Version 2.1.
Wilson, R. L. and Rosen, P. A. (2003), ‘Protecting data through perturbation techniques: The impact on knowledge discovery in databases’ Journal of Database Management 14 (2), pp. 14–26.
Wishart, R., Henricksen, K., Indulska, J. (2005), ‘Context Obfuscation for Privacy via Ontological Descriptions’, in: Strang, T. and Linnhoff-Popien, C. (eds.), Location- and Context-Awareness: First International Workshop (LoCA 2005), Oberpfaffenhofen, Germany, LNCS vol. 3479. Springer.
Wohlgemuth, S. and Müller, G. (2006), ‘Privacy with Delegation of Rights by Identity Management’, Proceedings of International Conference on Emerging Trends in Information and Communication Security (ETRICS 2006), Freiburg, Germany, 2006, LNCS vol. 2995, Springer, pp. 175–190.
Wohlgemuth, S. (2008), ‘Privatsphäre durch die Delegation von Rechten’, Ph.D. thesis at the University of Freiburg, Germany.
Wohlgemuth, S., Jendricke, U., Gerd tom Markotten, D., Dorner, F., Müller, G. (2004), Sicherheit und Benutzbarkeit durch Identitätsmanagement’, in: Spath, D., Haases, K. (eds.) Tagungsband zum doIT Software-Forschungstag 2003: Aktuelle Trends in der Softwareforschung, IRB Verlag Stuttgart, pp. 241–260.
Zugenmaier, A. (2003), ‘Anonymity for Users of Mobile Devices through Location Addressing’, RHOMBOS-Verlag, Berlin.
Zugenmaier, A., Kreutzer, M., Müller, G. (2003), ‘The Freiburg Privacy Diamond: An attacker model for a mobile computing environment’, Proceedings of Kommunikation in Verteilten Systemen (KiVS) ‘03.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Gilliot, M., Matyas, V., Wohlgemuth, S. (2009). Privacy and Identity. In: Rannenberg, K., Royer, D., Deuker, A. (eds) The Future of Identity in the Information Society. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01820-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-01820-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88480-4
Online ISBN: 978-3-642-01820-6
eBook Packages: Business and EconomicsBusiness and Management (R0)