Ronald Leenes

Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project

We conduct more and more of our daily interactions over electronic media. The EC-funded project PRIME (Privacy and Identity Management for Europe) envisions that individuals will be able to interact in this information society in a secure and safe way while retaining control of their privacy. The project had set out to prove that existing privacy-enhancing technologies allow for the construction of a user-controlled identity management system that comes surprisingly close to this vision. This paper describes two key elements of the PRIME identity management systems: anonymous credentials and policy languages that fully exploit the advanced functionality offered by anonymous credentials. These two key elements enable the users to carry out transactions, e.g., over the Internet, revealing only the strictly necessary personal information. Apart from presenting for the first time these two key results, this paper also motivates the need for privacy enhancing identity management, gives concrete requirements for such a system and then describes the key principles of the PRIME identity management solution.

Accountability for cloud and other future Internet services

Cloud and IT service providers should act as responsible stewards for the data of their customers and users. However, the current absence of accountability frameworks for distributed IT services makes it difficult for users to understand, influence and determine how their service providers honour their obligations. The A4Cloud project will create solutions to support users in deciding and tracking how their data is used by cloud service providers. By combining methods of risk analysis, policy enforcement, monitoring and compliance auditing with tailored IT mechanisms for security, assurance and redress, A4Cloud aims to extend accountability across entire cloud service value chains, covering personal and business sensitive information in the cloud.

Audience Segregation in Social Network Sites

In recent years research has shown that most social network sites pose serious privacy and security risks for individual users. From the existing analyses of privacy and security risks in social network sites we deduce that one of the biggest categories of privacy risks revolves around the notion of ‘audience segregation’, i.e. the partitioning of different audiences and the compartmentalization of social spheres. Since audience segregation is an important mechanism in everyday interactions between people in the real world, we argue that social network sites ought to include this mechanism as well. Current social network sites lack this mechanism. We present Clique, a privacy-preserving social network site that provides ‘audience segregation’ to its users as an alternative.

Privacy regulation cannot be hardcoded. A critical comment on the ‘privacy by design’ provision in data-protection law

‘Privacy by design’ is an increasingly popular paradigm. It is the principle or concept that privacy should be promoted as a default setting of every new ICT system and should be built into systems from the design stage. The draft General Data Protection Regulation embraces ‘privacy by design’ without detailing how it can or should be applied. This paper discusses what the proposed legal obligation for ‘privacy by design’ implies in practice for online businesses. In particular, does it entail hard-coding privacy requirements in system design? First, the ‘privacy by design’ provision in the proposed Regulation is analysed and interpreted. Next, we discuss an extreme interpretation – embedding data protection requirements in system software – and identify five complicating issues. On the basis of these complications, we conclude that ‘privacy by design’ should not be interpreted as trying to achieve rule compliance by techno-regulation. Instead, fostering the right mindset of those responsible for developing and running data processing systems may prove to be more productive. Therefore, in terms of the regulatory tool-box, privacy by design should be approached less from a ‘code’ perspective, but rather from the perspective of ‘communication’ strategies.

European Data Protection: Coming of Age

On 25 January 2012, the European Commission presented its long awaited new Data protection package. With this proposal for a drastic revision of the data protection framework in Europe, it is fair to say that we are witnessing a rebirth of European data protection, and perhaps, its passage from an impulsive youth to a more mature state. Technology advances rapidly and mobile devices are significantly changing the landscape. Increasingly, we carry powerful, connected, devices, whose location and activities can be monitored by various stakeholders. Very powerful social network sites emerged in the first half of last decade, processing personal data of many millions of users. Updating the regulatory network was imminent and the presentation of the new package will initiate a period of intense debate in which the proposals will be thoroughly commented upon and criticized, and numerous amendments will undoubtedly be proposed. This volume brings together some 19 chapters offering conceptual analyses, highlighting issues, proposing solutions, and discussing practices regarding privacy and data protection. In the first part of the book, conceptual analyses of concepts such as privacy and anonymity are provided. The second section focuses on the contrasted positions of digital natives and ageing users in the information society. The third section provides four chapters on privacy by design, including discussions on roadmapping and concrete techniques. The fourth section is devoted to surveillance and profiling, with illustrations from the domain of smart metering, self-surveillance and the benefits and risks of profiling. The book concludes with case studies pertaining to communicating privacy in organisations, the fate of a data protection supervisor in one of the EU member states and data protection in social network sites and online media. This volume brings together some 19 chapters offering conceptual analyses, highlighting issues, proposing solutions, and discussing practices regarding privacy and data protection. In the first part of the book, conceptual analyses of concepts such as privacy and anonymity are provided. The second section focuses on the contrasted positions of digital natives and ageing users in the information society. The third section provides four chapters on privacy by design, including discussions on roadmapping and concrete techniques. The fourth section is devoted to surveillance and profiling, with illustrations from the domain of smart metering, self-surveillance and the benefits and risks of profiling. The book concludes with case studies pertaining to communicating privacy in organisations, the fate of a data protection supervisor in one of the EU member states and data protection in social network sites and online media.

Context is Everything - Sociality and Privacy in Online Social Network Sites

Social Network Sites (SNSs) pose many privacy issues. Apart from the fact that privacy in an online social network site may sound like an oxymoron, significant privacy issues are caused by the way social structures are currently handled in SNSs. Conceptually different social groups are generally conflated into the singular notion of ‘friend’. This chapter argues that attention should be paid to the social dynamics of SNSs and the way people handle social contexts. It shows that SNS technology can be designed to support audience segregation, which should mitigate at least some of the privacy issues in Social Network Sites.

A Typology of Identity-Related Crime: Conceptual, Technical, and Legal Issues

Identification is ever more important in the online world, and identity-related crime is a growing problem related to this. This new category of crime is not restricted to high-profile instances of identity ‘theft’ or identity fraud; it is wide-ranging and complex, ranging from identity deletion to unlawful identity creation and identity ‘theft’. Commonly accepted definitions are lacking, thus blurring available statistics, and policies to combat this new crime are piecemeal at best. To assess the real nature and magnitude of identity-related crime, and to be able to discuss how it can be combated, identity-related crime should be understood in all its aspects. As a first key step, this article introduces a typology of identity-related crime, consisting of conceptual, technical and legal categories, that can be used as a comprehensive framework for future research, countermeasures and policies related to identity-related crime.

Identity Theft, Identity Fraud and/or Identity-related Crime

Abstract‘Identity thieves make thousands of victims!’ is a typical headline of current e-zines. One pictures thousands of people panicking and pursuing thieves running away with their identities. Reality is different, of course. Identity criminals do no steal identities: they use identity as a tool to steal money. And the typical victim does not notice the crime until long after the criminal has booked a one-way ticket to the tropics. A good reason to have a look at the terminology of identity ‘theft’, identity fraud, and identity-related crime.

Laws on Robots, Laws by Robots, Laws in Robots: Regulating Robot Behaviour by Design

Speculation about robot morality is almost as old as the concept of a robot itself. Asimov’s three laws of robotics provide an early and well-discussed example of moral rules robots should observe. Despite the widespread influence of the three laws of robotics and their role in shaping visions of future robo-dense worlds, these laws have been neglected as futuristic by hands-on roboticists who have been busy with addressing less abstract questions about robots’ behaviour concerning space locomotion, obstacles avoidance, automatic learning, among others. Between morality and function lies a vast gap. When robots enter our everyday lives they will have to observe social and legal norms. For example, social robots in the hospitals are expected to observe social rules (they should not interrupt a mourning family) and robotic dust cleaners scouring the streets for waste as well as automated cars will have to observe traffic regulation. In this article we elaborate on the various ways in which robotic behaviour is regulated. We distinguish between imposing regulations on robots, imposing regulation by robots, and imposing regulation in robots. In doing this, we distinguish regulation that aims at influencing human behaviour and regulation whose scope is robots’ behaviour. We claim that the artificial agency of robots requires designers and regulators to look at the question of how to regulate robots’ behaviour in a way that renders it compliant with legal norms. Regulation by design offers a means for this. We further explore this idea through the example of automated cars.

Privacy Risk Perceptions and Privacy Protection Strategies

Several opinion polls have reported that many people claim to be concerned about their privacy, yet that most people in fact do very little to protect their privacy. Are privacy concerns indeed insufficient motivators to adopt privacy protection strategies? What then characterizes the users of these strategies? On the basis of a large scale survey amongst Dutch students, this paper explores the relation between privacy risk perception and privacy protection strategies in more detail. It elaborates on factors that constitute privacy risk perception, as well as three kinds of strategies adopted by individuals to protect their privacy: behavioral measures, common privacy enhancing technologies (PETs), and more complex PETs. Next, it explores the relation between the respondents’ perception and the strategies they employ in more detail to answer the question what characteristics the users of the various strategies have in terms of perception, gender and age. Gender appears not to influence privacy risk perception, yet men are more familiar with the various privacy protection strategies and use them more of-ten than women. In general, a higher privacy risk perception does not lead to the adoption of stronger or more protection strategies, except for the use of pseudonyms, cookie crunchers, anonymous email, safe email, and providing false personal data. Our analysis deepens the understanding of privacy risk perception and privacy protection strategies, yet leaves the privacy paradox unresolved.