Table Of ContentTothememoryofourcolleagueandfriendAndreasPfitzmann
Theprotectionofpeople’sprivacywasdeartoAndreas’heart.Hewasan
inspirationtoallofus,andmanyoftheresultspresentedinthisbookowetohim.
Preface
Publicationisaself-invasionofprivacy.
MarshallMcLuhan
IndividualsintheInformationSocietywanttosafeguardtheirautonomyandretain
controlovertheirpersonalinformation,irrespectiveoftheiractivities.Information
technologiesgenerallydonotconsiderthoseuserrequirements,therebyputtingthe
privacyofthecitizenatrisk.Atthesametime,theInternetischangingfromaclient-
servertoacollaborativeparadigm.Individualsarecontributingthroughouttheirlife
leavingalife-longtraceofpersonaldata.Thisraisessubstantialnewprivacychal-
lenges.
Savingdigitalprivacy.By2008,theEuropeanprojectPRIME(PrivacyandIdentity
Management for Europe) had demonstrated that existing privacy technologies can
enable citizens to execute their legal rights to control their personal information
inon-linetransactions.Ithadraisedconsiderableawarenessamongststakeholders
andhassignificantlyadvancedthestateoftheartintheareasofprivacyandidentity
management.PrimeLifehasbeenbuildingonthemomentumcreatedandtheresults
achieved by PRIME to address emerging challenges in the areas of privacy and
identitymanagementandreallybringprivacyandidentitymanagementtolive:
A first, short-term goal of PrimeLife was to provide scalable and configurable
•
privacyandidentitymanagementinnewandemerginginternetservicesandap-
plicationssuchasvirtualcommunitiesandWeb2.0collaborativeapplications.
Asecond,longer-termgoalofPrimeLifewastoprotecttheprivacyofindividuals
•
overtheirwholespanoflife.Eachindividualleavesamultitudeoftracesduring
alifetimeofdigitalinteractions.Technologicaladvancementsfacilitateextensive
datacollection,unlimitedstorage,aswellasreuseandlife-longlinkageofthese
digitaltraces.
A third goal of PrimeLife was to support privacy and identity management by
•
progressingthestateofthearton
– toolsguaranteeingprivacyandtrust,
vii
viii Preface
– theusabilityexperienceofprivacyandidentitymanagementsolutions,
– securityandprivacypolicysystems,and
– privacy-enablinginfrastructures.
ThelastbutcertainlyimportantgoalofPrimeLifewastodisseminateourresults
•
andenabletheiruseinreallife.WeorganizedinterdisciplinarySummerSchools
of Privacy, organized and participated in standardization groups and meetings,
and made the source code and documentation of most of our prototypes and
implementationsavailableforfreeuse.
ThisBook.AftermorethanthreeyearsofworkinPrimeLife,thisbookaimsatgiv-
inganoverviewoftheresultsachieved.Itisthereforestructuredintoanintroduction
andsixpartscoveringthemostimportantareasofprivacyandidentitymanagement
consideringthelifeoftoday:Severalaspectsof“PrivacyinLife”arediscussedin
Part I, followed by Part II “Mechanisms for Privacy.” Part III is dedicated to “Hu-
manComputerInteraction(HCI),”andPartIVto“PolicyLanguage.”PartVfocuses
on“InfrastructuresforPrivacyandIdentityManagement,”beforePartVI“Privacy
Live” comes full circle describing how PrimeLife is reaching out to the life of to-
day’sandthefuture’snetizens.
Acknowledgements. Editing and writing a multidisciplinary book like this is not
possible without many contributors that dedicated their knowledge, expertise, and
time to make the work a success. Among the many people that worked on this
PrimeLifebook,wewouldliketogiveaspecialthanksto:
The partner organisations and individual researchers in PrimeLife that con-
•
tributedtothisbookandtheunderlyingPrimeLifedeliverables.Theycomefrom
7MemberStatesoftheEuropeanUnion,Switzerland,andtheUSA.
ElsvanHerreweghenwhowasinstrumentalinwritingandsubmittingtheproject
•
proposalandDieterSommerwhodidawonderfuljobascoordinator.
TheinternationalteamofreviewersthatasfriendsofPrimeLifededicatedtheir
•
time to improve and streamline the parts of this book. We are particularly
grateful to Bart De Decker, Ian Glazer, David-Olivier Jaquet-Chiffelle, Vaclav
Matyas, Vincent Naessens, Lasse Øverlier, Jakob Pagter, Michael Pedersen,
ClaireVishik,andJozefVyskocfortheirmostvaluablecommentsandsugges-
tions.
Thepeoplewhohelpedtocreatethisbook:
•
– MichelleCryerfortransformingmuchofthenerds’Englishinthedraftver-
sionsofthisbookintoEnglish.
– The PrimeLife “Activity Leaders” Katrin Borcea-Pfitzmann, Sandra Stein-
brecher,PierangelaSamarati,GregoryNeven,Go¨khanBal,andMaritHansen
for their support and coordination of the respective parts. Gregory also pro-
videdthelatextemplatesandwisdomonhowtoputthedifferentchaptersand
partstogetherintothisbook.
Preface ix
– Our colleagues at IBM Research – Zurich, Karlstad University, and Goethe
University Frankfurt for keeping our backs covered when we were working
onthisbook.
– SaskiaWerdmu¨llerforthefinalcheckingofthemanuscript.
– ChristianRauscheratSpringerforhelpinguswithpublicationofthebook.
The European Commission for funding PrimeLife and our Project Officers
•
Manuel Carvalhosa and Maria-Concepcion Anton-Garcia, their management,
Jacques Bus, Jesus Villasante, Thomas Skordas, Gustav Kalbe, and Dirk van
Rooy, and the project reviewers Jean-Marc Dinant, Alberto Escudero-Pascual,
andMassimoFeliciformostvaluablefeedbackandencouragement.
Last,butcertainlynotleast,allthemembersofthePrimeLifeReferenceGroup
•
formanyinspiringdiscussionsandlotsofvaluableandhelpfulfeedback.
Wehopethatthisbookwillcontributetotheunderstandingthatdigitalprivacycan
beareality:Manytoolsexistandarewaitingtobedeployedinpractise.
Zurich,Karlstad,Frankfurt, JanCamenisch
March2011 SimoneFischer-Hu¨bner
KaiRannenberg
x Preface
ListofContributorstothisBook
StefanoParaboschi,GerardoPelosi,MarioVerdicchio
Universita` degliStudidiBergamo,DIIMM
VialeMarconi25,Dalmine,I-24044
CorneliaGraf,ChristinaHochleitner,ManfredTscheligi,PeterWolkerstorfer
CURE–CenterforUsabilityResearchandEngineering
Modecenterstrasse17,Vienna,A-1110
Katrin Borcea-Pfitzmann, Jaromir Dobias, Benjamin Kellermann, Stefan
Ko¨psell,AndreasPfitzmann,StefaniePo¨tzsch,SandraSteinbrecher
DresdenUniversityofTechnology,DepartmentofComputerScience
No¨thnitzerStrasse46,Dresden,D-01187
Marc-MichaelBergfeld,StephanSpitz
Giesecke&Devrient
Prinzregentenstrasse159,Mu¨nchen,D-81677
Go¨khanBal,SaschaKoschinat,KaiRannenberg,ChristianWeber
GoetheUniversityFrankfurt,ChairofMobileBusiness&MultilateralSecurity
Gru¨neburgplatz1,Frankfurt/Main,D-60629
JanCamenisch,MariaDubovitskaya,GregoryNeven,Franz-StefanPreiss
IBMResearch–Zurich
Sa¨umerstrasse4,Ru¨schlikon,CH-8803
JulioAngulo
KarlstadUniversity,DepartmentofInformationSystems
Universitetsgatan2,Karlstad,S-65188
SimoneFischer-Hu¨bner,HansHedbom,TobiasPulls
KarlstadUniversity,DepartmentofComputerScience
Universitetsgatan2,Karlstad,S-65188
ErikWa¨stlund
KarlstadUniversity,DepartmentofPsychology
Universitetsgatan2,Karlstad,S-65188
FilipeBeato,MarkulfKohlweiss,JornLapon,StefanSchiffner,KarelWouters
KatholiekeUniversiteitLeuven,ESAT-COSIC
KasteelparkArenberg10,Leuven,B-3001
LaurentBussard,UlrichPinsdorf
MicrosoftEMIC
Preface xi
Ritterstrasse23,Aachen,D-52072
ClaudioA.Ardagna,SabrinaDeCapitanidiVimercati,SaraForesti,Giovanni
Livraga,ErosPedrini,PierangelaSamarati
Universita` degliStudidiMilano,Dip.diTecnologiedell’Informazione
ViaBramante65,Crema,I-26013
MicheleBezzi,AkramNjeh,StuartShort,SlimTrabelsi
SAPLabsFrance
805,AvenueduDocteurMauriceDonat,BP1216,MouginsCedex,F-06254
BibivandenBerg,LauraKlaming,RonaldLeenes,ArnoldRoosendaal
UniversiteitvanTilburg,TILT
Postbus90153,Tilburg,NL-5000LE
Marit Hansen, Leif-Erik Holtz, Ulrich Ko¨nig, Sebastian Meissner, Jan
Schallabo¨ck,KatalinStorf,HaraldZwingelberg
Unabha¨ngigesLandeszentrumfu¨rDatenschutzSchleswig-Holstein
Holstenstrasse98,Kiel,D-24103
CarineBournez,DaveRaggett,RigoWenning
WorldWideWebConsortium(W3C)
RoutedesLucioles,BP93,Sophia-Antipolis,F-06902
Contents
Introduction
1 PrimeLife.................................................. 5
AndreasPfitzmann,KatrinBorcea-Pfitzmann,andJanCamenisch
1.1 Motivation ............................................... 5
1.2 VisionandObjectivesofthePrimeLifeProject................. 7
1.3 DefiningPrivacy .......................................... 8
1.4 FromIdentityviaIdentityManagementtoPrivacybyIdentity
Management ............................................. 9
1.4.1 Identity–WhatItIs ............................... 10
1.4.2 PresentationofIdentities–Pseudonyms............... 13
1.4.3 TimeAspectsofIdentityManagementandPrivacy ..... 17
1.5 FurtherFacetsofPrivacy ................................... 19
1.6 HowtoProtectPrivacyandPrimeLife’sContributions .......... 20
1.6.1 PartI-PrivacyinLife.............................. 22
1.6.2 PartII-MechanismstoEnablePrivacy ............... 22
1.6.3 PartIII-UserInterfacesforPrivacyManagement ...... 23
1.6.4 PartIV-PoliciestoControlPrivacy.................. 24
1.6.5 PartVI-InfrastructuresforPrivacy .................. 25
1.6.6 PartVII-PrivacyLive!............................. 25
ReferencesIntroduction............................................. 27
PartI PrivacyinLife
2 PrivacyinSocialSoftware .................................... 33
Bibi van den Berg, Stefanie Po¨tzsch, Ronald Leenes, Katrin
Borcea-Pfitzmann,andFilipeBeato
2.1 ScenariosandRequirements ................................ 33
2.1.1 Scenario1:ASocialNetworkSite ................... 35
2.1.2 Scenario2:AForum............................... 36
xiii
xiv Contents
2.1.3 GeneralRequirements.............................. 36
2.2 TwoPrototypesforPrivacy-EnhancedSocialNetworking........ 37
2.2.1 Introduction ...................................... 37
2.2.2 PrivacyIssuesinSocialNetworkSites................ 38
2.2.3 Clique:AnOverview .............................. 42
2.2.4 Scramble!:AnOverview ........................... 46
2.3 Privacy-EnhancingSelectiveAccessControlforForums ........ 50
2.3.1 Objectives........................................ 50
2.3.2 Introducing phpBB Forum Software and PRIME
Framework....................................... 51
2.3.3 ExtendingphpBBwithSelectiveAccessControl ....... 52
2.3.4 ScenarioRevisited................................. 54
2.3.5 Privacy-AwarenessInformation...................... 55
2.3.6 UserSurvey ...................................... 55
2.4 ConcludingRemarks ...................................... 59
2.5 Acknowledgements ....................................... 60
3 TrustworthinessofOnlineContent............................. 61
JanCamenisch,SandraSteinbrecher,RonaldLeenes,StefaniePo¨tzsch,
BenjaminKellermann,andLauraKlaming
3.1 Introduction.............................................. 61
3.2 Scenariosandrequirements................................. 63
3.2.1 Scenarios ........................................ 63
3.2.2 High-levelmechanisms............................. 65
3.2.3 Requirementsofmechanisms ....................... 66
3.3 Experiments.............................................. 70
3.3.1 Bindingmetadatatodata ........................... 71
3.3.2 UserReputationandCertification .................... 74
3.4 Demonstrators............................................ 76
3.4.1 TrustworthyBlogging.............................. 76
3.4.2 EncouragingCommentswithIncentives............... 78
3.4.3 Author reputation system and trust evaluation of
contentinMediaWiki .............................. 80
3.5 ConclusiveRemarks....................................... 84
3.6 Acknowledgements ....................................... 85
4 IdentityandPrivacyIssuesThroughoutLife..................... 87
JaromirDobias,MaritHansen,StefanKo¨psell,MarenRaguse,Arnold
Roosendaal,AndreasPfitzmann,SandraSteinbrecher,KatalinStorf,
andHaraldZwingelberg
4.1 ChallengesandRequirements ............................... 87
4.1.1 DealingwithDynamics ............................ 87
4.1.2 DigitalFootprint .................................. 91
4.1.3 ConceptsforDelegation............................ 94
4.2 Demonstrator............................................. 99
4.2.1 OverviewoftheBackupDemonstratorArchitecture.....102
Description:This Book. After more than three years of work in PrimeLife, this book aims at giv- ing an overview of the results achieved. It is therefore structured into an introduction and six parts covering the most important areas of privacy and identity management considering the life of today: Several aspe
