Advertisement

Marrying Transparency Tools with User-Controlled Identity Management

  • Marit Hansen
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 262)

Abstract

User-controlled identity management systems assist individuals in managing their private sphere. An individual’s privacy can be supported by transparency on processing of personal data. After giving an overview on transparency properties as well as its relation to privacy and data protection regulation, this text introduces different transparency tools: Prior to an interaction, information on the interacting party should be made transparent. During the interaction, privacy policies have to be communicated. Afterwards, users should be helped in exercising their privacy rights such as, among others, the right to access own personal data. In addition information on security and privacy incidents provides complementary data for the user’s perception of the level of privacy. Although transparency tools alone are no panacea for maintaining the private sphere, the combination of transparency tools and user-controlled identity management systems yields viable functionality to empower users to protect their privacy.

Keywords

Privacy Policy Personal Data Data Track Identity Management Reputation System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Andersson C, Camenisch J, Crane S, Fischer-Hübner S, Leenes R, Pearson S, Pettersson, JS, Sommer, D (2005) Trust in PRIME. In: Proceedings of the 5th IEEE Int. Symposium on Signal Processing and Information Technology. Athens, Greece, 552-559Google Scholar
  2. 2.
    Article 29 Working Party (2004) Opinion on More Harmonised Information Provisions. WP 100, 11987/04/EN. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2004/ wp100_en.pdf. Accessed 2 Dec 2007Google Scholar
  3. 3.
    Awad, NF, Krishnan, MS (2006) The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to Be Profiled Online for Personalization. MIS Quarterly 30(1): 13–28Google Scholar
  4. 4.
    Bauer M, Meints M, Hansen M (eds) (2005) Structured Overview on Prototypes and Concepts of Identity Management Systems. FIDIS Deliverable D3.1. Frankfurt am Main, Germany. http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp3-del3.1.overview_on_IMS.final.pdf. Accessed 2 Dec 2007Google Scholar
  5. 5.
    Borking JJ, Raab CD (2001) Law, PETs and Other Technologies for Privacy Protection. In: Journal of Information, Law and Technology, Vol. 1. http://www2.warwick.ac.uk/ fac/soc/law/elj/jilt/20011/borking. Accessed 2 Dec 2007Google Scholar
  6. 6.
    Brin D (1998) The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom? Addison-Wesley, Reading, Mass.Google Scholar
  7. 7.
    Brückner L, Voss M (2005) MozPETs — a Privacy Enhanced Web Browser. In: Proceedings of the Third Annual Conference on Privacy, Security and Trust (PST05), Canada. http://www.ito.tu-darmstadt.de/publs/pdf/BruecknerVoss_Mozpets.pdf. Accessed 2 Dec 2007Google Scholar
  8. 8.
    Camenisch J, Lysyanskaya A (2000) Efficient Non-Transferable Anonymous Multi-Show Credential System With Optional Anonymity Revocation. IBM Research Report RZ 3295 (# 93341), extended abstract in: Advances in Cryptology — Eurocrypt 2001, revised full version available at http://eprint.iacr.org/2001/019. Accessed 2 Dec 2007Google Scholar
  9. 9.
    Casassa Mont M, Pearson S, Bramhall P (2003) Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. Trusted Systems Laboratory, HP Laboratories Bristol, HPL-2003-49. http://www.hpl.hp.com/techreports/ 2003/HPL-2003-49.pdf. Accessed 2 Dec 2007Google Scholar
  10. 10.
    Chaum D (1985) Security without Identification: Transaction Systems to Make Big Brother Obsolete. CACM 28(10): 1030–1044CrossRefGoogle Scholar
  11. 11.
    Clauß S, Köhntopp M (2001) Identity Management and Its Support of Multilateral Security. Computer Networks, 37(2): 205–219CrossRefGoogle Scholar
  12. 12.
    Clauß S, Kriegelstein K (2003) Datenschutzfreundliches Identitätsmanagement. Datenschutz und Datensicherheit 27(5): 297Google Scholar
  13. 13.
    Clauß S, Pfitzmann A, Hansen M, Van Herreweghen E (2002) Privacy-Enhancing Identity Management. The IPTS Report 67: 8-16. http://www.jrc.es/home/report/english/articles/vol67/IPT2E676.htm. Accessed 2 Dec 2007Google Scholar
  14. 14.
    Eurobarometer (2003) Data Protection. http://ec.europa.eu/publicopinion/archives/ebs/ebs_196_data_protection.pdf. Accessed 2 Dec 2007Google Scholar
  15. 15.
    Fischer-Hübner S, Pettersson JS, Bergmann M, Hansen M, Pearson S, Casassa Mont M (2007) HCI Designs for Privacy-Enhancing Identity Management. In: Acquisti A, Gritzalis S, Lambrinoudakis C, Di Vimercati S (eds) Digital Privacy: Theory, Technologies, and Practices, Auerbach, in pressGoogle Scholar
  16. 16.
    Hansen M, Meissner S (eds) (2007) Verkettung digitaler Identitäten. Report commissioned by the German Federal Ministry of Education and Research. https://www.datenschutzzentrum.de/projekte/verkettung/. Accessed 2 Dec 2007Google Scholar
  17. 17.
    Hildebrandt M, Koops B-J (eds) (2007) A Vision of Ambient Law. FIDIS Deliverable D7.9. Frankfurt am Main, Germany. http://www.fIdis.net/fileadmin/fidis/deliverables/fidis-wp7-d7.9_A_Vision_of_Ambient_Law.pdf. Accessed 2 Dec 2007Google Scholar
  18. 18.
    Hildebrandt M, Meints M (eds) (2006) RFID, Profiling, and AmI. FIDIS Deliverable D7.7. Frankfurt am Main, Germany. http://www.fidis.net/fileadmin/fldis/deliverables/ fidis-wp7-del7.7.RFID_Profiling_AMI.pdf. Accessed 2 Dec 2007Google Scholar
  19. 19.
    Hogan & Hartson, Analysys (2006) Preparing the Next Steps in Regulation of Electronic Communications — A Contribution to the Review of the Electronic Communications Regulatory Framework. http://ec.europa.eu/information_society/policy/ecomm/doc/library/ext_studies/next_steps/regul_of_ecomm_july2006_final.pdf. Accessed 2 Dec 2007Google Scholar
  20. 20.
    Jendricke U, Gerd torn Markotten D (2000) Usability meets Security — The Identity-Manager as your Personal Security Assistant for the Internet. In: Proceedings of the 16th Annual Computer Security Applications Conference, 344-353Google Scholar
  21. 21.
    Jøsang A, Pope S (2005) User Centric Identity Management. In: Proceedings of AusCERT, Australia. http://sky.fit.qut.edu.au/~josang/papers/JP2005-AusCERT.pdf. Accessed 2 Dec 2007Google Scholar
  22. 22.
    Karjoth G, Schunter M, Waidner M (2002) Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data. In: Proceedings of 2nd Workshop on Privacy Enhancing Technologies (PET 2002), LNCS 2482, Springer, 69-84Google Scholar
  23. 23.
    Leenes R, Schallaböck J, Hansen M (eds) (2007) Privacy and Identity Management for Europe — PRIME White Paper V2. https://www.prime-project.eu/prime_products/whitepaper/. Accessed 2 Dec 2007Google Scholar
  24. 24.
    Mehldau M (2007) Iconset for Data-Privacy Declarations v0.1. http://netzpolitik.org/wp-upload/data-privacy-icons-v01.pdf. Accessed 2 Dec 2007Google Scholar
  25. 25.
    Meints M (2006) Protokollierung bei Identitätsmanagementsystemen — Anforderungen und Lösungsansätze. Datenschutz und Datensicherheit 30(5): 304–307CrossRefGoogle Scholar
  26. 26.
    Nageler A (2006) Integration von sicherheitsrelevanten Informationen in ein Identitätsmanagementsystem. Diploma Thesis, Christian-Albrechts-Universität zu KielGoogle Scholar
  27. 27.
    Pettersson JS, Fischer-Hübner S, Bergmann M (2006) Outlining “Data Track”: Privacy-Friendly Data Maintenance for End-Users. In: Advances in Information Systems Development — New Methods and Practice for the Networked Society, Proceedings of the 15th International Conference on Information Systems Development (ISD 2006), Springer US, 215-226Google Scholar
  28. 28.
    Pfitzmann A, Hansen M (2007) Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management — A Consolidated Proposal for Terminology v0.30. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml. Accessed 2 Dec 2007Google Scholar
  29. 29.
    PRIME Tutorials (2007). https://www.prime-project.eu/tutorials/. Accessed 2 Dec 2007Google Scholar
  30. 30.
    Rundle M (2006) International Data Protection and Digital Identity Management Tools. Presentation at Internet Governance Forum 2006, October 2006, Athens. http://identityproject.lse.ac.uk/mary.pdf. Accessed 2 Dec 2007Google Scholar
  31. 31.
    Westin AF (1967) Privacy and Freedom. Atheneum, New YorkGoogle Scholar
  32. 32.
    Wörndl W (2003) Privatheit bei dezentraler Verwaltung von Benutzerprofilen (Privacy in Decentrai Management of User Profiles). PhD Thesis at Technische Universität München. http://tumbl.biblio.tu-muenchen.de/publ/diss/in/2003/woerndl.pdf. Accessed 2 Dec 2007Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Marit Hansen
    • 1
  1. 1.Unabhängiges Landeszentrum für DatenschutzSchleswig-HolsteinGermany

Personalised recommendations