Archives for posts with tag: privacy enhancing technologies

The second day of the Privacy Enhancing Technologies (PET) Symposium here in Amsterdam hosted a panel on PETs post Snowden: Implications of the revelations of the NSA and GCHQ Surveillance Programs for the PETs community. The panel consisted of Susan Landau,
Wendy Seltzer, Nadia Heninger, Marek Tuszynski, and George Danezis. Seda G├╝rses prepared and moderated the panel in an excellent way. The Privacy & Identity Lab and NWO provided financial support. Here is a brief summary of the discussion that ensued. (There is also a handout that Seda produced.)

Read the rest of this entry »

Summary of presentations and discussions of day two of the For Your Eyes Only conference held in Brussels on November 29 and November 30. My main findings can be found here.
Read the rest of this entry »

In this rather long post, I’d like to discuss the practical difficulty of securely collecting and combining attributes from different contexts when one starts using a system based on attribute based credentials. How do you determine that two separate contexts really belong to the same person? How do you ensure that a few people colluding cannot create a supercredential combining their individual attributes.

Read the rest of this entry »

Privacy is often seen as a barrier to innovation. It’s seen as something one has to comply to, instead of as an opportunity to create new business. It wasn’t that long ago that security was viewed the same way: security measures were just considered a nuisance that made it impossible to get your job done efficiently. Companies were reluctant to invest in proper security. Nowadays, security is seen more and more as an enabler. Without proper security, Internet banking and e-commerce are simply impossible, while both create a steady revenue, either by cutting operation cost or by increasing sales. Seen in this light, investing in security is a no-brainer.

The question is: can we see privacy protection as an enabler too? What kind of business will become possible if proper privacy protection is possible? Or, turning the question around: what kind of business opportunities fail to materialise because of privacy problems. I think there are several.

Read the rest of this entry »

Anonymous credentials are a privacy enhancing technology that allow you to prove certain properties about yourself, without revealing your full identity. Examples are showing your age, your gender, whether you are a member of a certain group, or your nationality, among others. Privacy advocates are advocating the widespread use of such technology. However, if a worldwide infrastructure for anonymous credentials would exist, this would actually create a funny privacy problem.
Read the rest of this entry »

Abstract

Security and privacy are often seen as opposite, irreconcilable, goals. Privacy advocates and security hawks cling to rigid viewpoints, fighting each other in an ageing war of trenches. As a result, measures to increase our security scorn our privacy. And privacy enhancing technologies do very little to address legitimate security concerns. Revocable privacy aims to bridge the two sides of the debate to break the status quo. Revocable privacy is a design principle (including the necessary toolbox) to build information systems that balance security and privacy needs. The underlying principle is to design a system that guarantees the privacy of its users, unless a user violates a predefined rule. In that case, (personal) information will be released. Laws and regulations by itself are insufficient: they can be changed or sidestepped later on. That is why the principle of “code as code” is taken as point of departure: the rules and regulations must be hard-wired into the architecture of the system itself.
Read the rest of this entry »