Advertisement

Towards Future-Proof Privacy-Respecting Identity Management Systems

  • Marit Hansen

Abstract

Privacy-respecting identity management systems take into account the user’s choices and may help her in her decisions. They have the potential of being the user’s gateway and guardian to the digital world. However, if these systems should play an important role throughout the user’s life, concepts for long-term privacy protection combined with identity management are sought. The text identifies five major challenges of lifelong privacy-respecting identity management systems and sketches how developers of identity management systems could tackle them. Still, it is not an easy task that may be solved by each identity management system on its own, but policy makers will have to provide support, e.g., in building common infrastructures or integrating national eID solutions.

Keywords

Personal Data Identity Management Partial Identity Digital World Data Protection Regulation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Art. 29 Data Protection Working Party: Opinion 2/2009 on the protection of children’s personal data (General Guidelines and the special case of schools). WP 160, 398/09/EN, adopted on 11 February, 2009, http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp160_en.pdf.
  2. Baran, Paul: Communications, computers and people. Proc. of the AFIPS Joint Computer Conferences, Part II: Computers: Their Impact on Society, ACM, 1965, pp. 45–49.Google Scholar
  3. Buchmann, Johannes/May, Alexander/Vollmer, Ulrich: Perspectives for cryptographic longterm security. Communications of the ACM, Vol. 49, No. 9, 2006, pp. 50–55.CrossRefGoogle Scholar
  4. Canetti, Ran/Gennaro, Rosario/Herzberg, Amir/Naor, Dalit: Proactive Security: Long-term Protection against Break-ins. RSA Laboratories’ CryptoBytes, Vol. 3, No. 1, 1997, pp. 1–8.Google Scholar
  5. Clauß, Sebastian/Hansen, Marit/Pfitzmann, Andreas/Raguse, Maren/Steinbrecher, Sandra: Tackling the challenge of lifelong privacy. In: Cunningham, Paul/Cunningham, Miriam (Eds.): Proceedings of eChallenges 2009, 2009.Google Scholar
  6. Dommering, Egbert J.: Regulating technology: code is not law. In: Dommering, Egbert J./Asscher, Lodewijk F. (Eds.), Coding Regulation: Essays on the Normative Role of Information Technology, The Hague, 2006, pp. 1–17, http://www.ivir.nl/publications/dommering/Regulating_technology.pdf.
  7. Hansen, Marit/Berlich, Peter: Identity Management Systems: Gateway and Guardian for Virtual Residences. Accepted paper for the EMTEL Conference April 23–26, 2003, London, http://www.lse.ac.uk/collections/EMTEL/Conference/papers/hansen_berlich.pdf.
  8. Hansen, Marit/Cooper, Alissa/Schwartz, Ari: Privacy and Identity Management. In: IEEE Security & Privacy; Vol. 6, No. 2, 2008, pp. 38–45.CrossRefGoogle Scholar
  9. Hansen, Marit/Pfitzmann, Andreas/Steinbrecher, Sandra: Identity Management throughout one’s whole life. In: Information Security Technical Report (ISTR) Vol. 13, No. 2, Elsevier Advanced Technology, Oxford (UK), 2008, pp. 83–94, doi:10.1016/j.istr.2008.06.003.Google Scholar
  10. Hansen, Marit/Thomsen, Sven: Lebenslanger Datenschutz – Anforderungen an vertrauenswürdige Infrastrukturen. In: Datenschutz und Datensicherheit (DuD) Vol. 34, No. 5, 2010, pp. 283–288.CrossRefGoogle Scholar
  11. Hansen, Marit/Raguse, Maren/Storf, Katalin/Zwingelberg, Harald: Delegation for Privacy Management from Womb to Tomb – A European Perspective. In: Bezzi, M. et al. (Eds.), Privacy and Identity Management for Life, IFIP AICT 320, Springer, Berlin, Heidelberg, New York, 2010, pp. 18–33CrossRefGoogle Scholar
  12. Mayer-Schönberger, Viktor: Delete: The Virtue of Forgetting in the Digital Age. Princeton University Press, 2009.Google Scholar
  13. Pfitzmann, Andreas/Hansen, Marit: A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management. Working document, v0.34, 2010, http://dud.inf.tu-dresden.de/Anon_Terminology.shtml.
  14. Rost, Martin/Pfitzmann, Andreas: Datenschutz-Schutzziele – revisited. In: Datenschutz und Datensicherheit (DuD), Vol. 33, No. 6, 2009, pp. 353–358.CrossRefGoogle Scholar
  15. Schneier, Bruce: Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, 2000.Google Scholar
  16. Seltzer, William/Anderson, Margo: Using population data systems to target vulnerable population subgroups and individuals: issues and incidents. In: Asher, Jana/Banks David/Scheuren, Fritz J. (Eds.): Statistical methods for human rights, Springer, 2008, pp. 273–328.Google Scholar
  17. Storf, Katalin/Hansen, Marit/Raguse, Maren (Eds.): Requirements and concepts for identity management throughout life. PrimeLife Deliverable H1.3.5, Kiel/Zürich, November 2009, http://www.primelife.eu/images/stories/deliverables/h1.3.5-requirements_and_concepts_for_idm_throughout_life-public.pdf.

Copyright information

© Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH 2011

Authors and Affiliations

  • Marit Hansen
    • 1
  1. 1.Unabhängiges Landeszentrum für Datenschutz Schleswig-HolsteinKielGermany

Personalised recommendations