Conference Paper

Delegation for Privacy Management from Womb to Tomb – A European Perspective

Authors:
  • Unabhängiges Landeszentrum für Datenschutz
  • Unabhängiges Landeszentrum für Datenschutz
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In our information society with processing of personal data in almost all areas of life, the legally granted right to privacy is quite hard to preserve. User-controlled identity management systems have been proposed as a means to manage one’s own private sphere. Still there is no functioning concept how privacy protection can be effectively safeguarded over a long time period and how self-determination in the field of privacy can be maintained in all stages of life from the womb to the tomb. When user control and the capability to exercise rights can not yet or no longer be carried out by the data subject herself, the decisions concerning the processing of personal data may have to be delegated to a delegate. In this text, we elaborate on delegation of privacy-relevant actions under a lifelong perspective and point out possible legal, technological, and organizational measures to appropriately take up the arising challenges. For crucial gaps in current concepts we sketch solutions and explain implications on user-controlled identity management systems. Finally we give recommendations to stakeholders such as data controllers, application designers and policy makers. Keywordslifelong privacy-user-controlled identity management-delegation of privacy-incapability to exercise rights-privacy by delegate

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Article
Full-text available
This study aims to identify and explore the challenges in the implementation of Resolution No. 4/2016 of the ICPO-INTERPOL concerning sharing and exchanging biometric data among the members of ICPO-INTERPOL in order to counter terrorist foreign fighters (FTFs). This research also aims to elaborate and describe the mechanism of collecting, recording, storing, and exchanging biometric data conducted by the Indonesian government. The mechanism of collecting, recording, and storing biometric data works through 3 main doors, namely: 1) in the process of making electronic Resident’s ID Cards (e-ID Cards); 2) in the process of making SKCK (Certificates of Police Record); 3) in the process of making e-Passports. In the implementation of Resolution No. 4/2016 of ICPO-INTERPOL, the most obvious obstacles and challenges are the absence of regulations concerning the protection of personal data, and also the fact that the biometric data system itself is still relatively new and the database is not fully developed. Until today, the INTERPOL National Central Bureau (NCB) for Indonesia does not have its own biometric database system; instead they are using the database that is centralized at Pusinafis Polri (the Indonesian National Police’s Center of Automatic Fingerprint Identification System). The results of the study reveal that the biometric data recorded, collected, and stored are big data, but so far in supporting law enforcement and crime prevention processes the data have only been used as comparative data. In addition, there have also been found indications of violations of personal data and privacy, for example in relation to the absence of mechanism for data retention, consent, processing, notification, and disclosure.
Article
Full-text available
This study aims to identify and explore the challenges in the implementation of Resolution No. 4/2016 of the ICPO-INTERPOL concerning sharing and exchanging biometric data among the members of ICPO-INTERPOL in order to counter terrorist foreign fighters (FTFs). This research also aims to elaborate and describe the mechanism of collecting, recording, storing, and exchanging biometric data conducted by the Indonesian government. The mechanism of collecting, recording, and storing biometric data works through 3 main doors, namely: 1) in the process of making electronic Resident's ID Cards (e-ID Cards); 2) in the process of making SKCK (Certificates of Police Record); 3) in the process of making e-Passports. In the implementation of Resolution No. 4/2016 of ICPO-INTERPOL, the most obvious obstacles and challenges are the absence of regulations concerning the protection of personal data, and also the fact that the biometric data system itself is still relatively new and the database is not fully developed. Until today, the INTERPOL National Central Bureau (NCB) for Indonesia does not have its own biometric database system; instead they are using the database that is centralized at Pusinafis Polri (the Indonesian National Police's Center of Automatic Fingerprint Identification System). The results of the study reveal that the biometric data recorded, collected, and stored are big data, but so far in supporting law enforcement and crime prevention processes the data have only been used as comparative data. In addition, there have also been found indications of violations of personal data and privacy, for example in relation to the absence of mechanism for data retention, consent, processing, notification, and disclosure.
Article
Privacy-respecting identity management systems take into account the user's choices and may help her in her decisions. They have the potential of being the user's gateway and guardian to the digital world. However, if these systems should play an important role throughout the user s life, concepts for long-term privacy protection combined with identity management are sought. The text identifies five major challenges of lifelong privacy-respecting identity management systems and sketches how developers of identity management systems could tackle them. Still, it is not an easy task that may be solved by each identity management system on its own, but policy makers will have to provide support, e.g., in building common infrastructures or integrating national eID solutions. © Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH 2011.
Article
Die Dynamik der Technikentwicklung in den vergangenen Jahren konfrontiert Datenschützer immer wieder aufs Neue mit Risiken für die Privatsphäre der Betroffenen — und es sieht so aus, als ob sich dies in den nächsten Jahren und Jahrzehnten nicht ändern wird. Konzepte für einen lebenslangen Datenschutz erfordern ein Umdenken vom kurzatmigen Systementwurf zu langfristigen und zukunftsfähigen Planungen.
Conference Paper
Integration in health care is a normative goal, but the legal regulation of government operations across sectors is complex. Many values must be safeguarded and they are therefore legally protected. Interoperability can, however, create value conflicts and there is little empirical research into the constructive attempts to resolve such deep-rooted conflicts. This paper addresses this gap by an in-depth study of how values are institutionalized in laws and government organizations. Data was collected by means of participant observation and narrative interviews. The study showed that value conflicts constitute barriers to integration that were difficult to resolve. One major problem was that the necessary discussion about how the conflicts should be handled could not be held because there was no such arena. Different authorities were governed by different values that were deeply institutionalized; while services were to be integrated, the legal regulating bodies were not.
Article
Full-text available
Building support for delegation services into an identity federation system enhances its flexibility and scalability. Users may need to delegate all (or a subset) of their access rights or privileges to other parties in the system. However, the Liberty Alliance, an industry consortium that aims to build open standard-based specifications for identity federation systems, does not include delegation functionality in its specifications. In this paper we propose a delegation framework for Liberty that can be readily integrated into the currently deployed specifications. The framework takes advantage of the trust relationships that exist by definition within the Liberty circles of trust, and is based on extending the use of attribute statements in SAML assertions. The framework is built on SAML 2.0 and the Liberty ID-FF 1.2 single sign-on profiles, and supports both direct and indirect delegation.
Article
Full-text available
Transparency is an important precondition for the users' control over their privacy. It can increase the users' trust in accurate and secure processing of their personal data. This paper presents concepts and implementations of different transparency tools, which are employed in a user-controlled identity management system of the project PRIME – Privacy and Identity Management for Europe. A focus is laid on showing the concepts and their visualization via user interfaces. Considerations on human-computer interaction are highlighted for different alternatives, and the motivation for design choices is explained. Moreover, results from user tests are reported and analyzed. In the following section related work is described. This paper concludes that currently transparency tools rarely belong to standard functionality of information and communication technologies although much improvement would already be achievable today.
Conference Paper
Full-text available
Privacy in business processes with proxies is not possible. Users need to share attributes with their proxies which leads to “Big Brothers”. This is the reason why identity management systems such as Liberty Alliance and Microsoft .NET Passport are not successful. We propose a generic privacy-preserving protocol for sharing identifying attributes as credentials with others. This delegation protocol extends current identity management systems.
Conference Paper
Full-text available
We present in this paper a basic scheme for delegation in a federated setting and two more advanced schemes, transferable and corporate delegation. By transfer- able delegation delegatees are able to delegate the received privileged actions further to someone else. Corporate delegation is delegation within a business context. Our schemes are generic and user-centric. We elaborate on the different procedures to is- sue, accept and revoke mandates in these schemes. Different variations are discussed and their impact on the corresponding procedures is evaluated. For the basic scheme of delegation mandates are used, for more advanced schemes, as the complexity in- creases, use of delegation assertions is proposed.
Book
Full-text available
Personalisierte Dienstleistungen, wie sie u.a. von Bonusprogrammen des Customer Relationship Management (CRM) angeboten werden, setzen die Weitergabe persönlicher Daten zwischen den Dienstleistern voraus. Die gegenwärtige Praxis zur Einhaltung der Datenschutzvereinbarungen realisiert ein Vertrauensmodell, in dem Nutzer den Dienstleistern eine Vollmacht über die Weitergabe ihrer persönlichen Daten ausstellen und ihnen vertrauen müssen, dass sie die Datenschutzvereinbarungen einhalten. Sven Wohlgemuth schlägt mit der Delegation von Rechten eine Verbesserung des Vertrauensmodells zu Gunsten der Nutzer vor. Er stellt ein Identitätsmanagementsystem vor, mit dem Nutzer die vereinbarten Regeln zur Datenerhebung und Weitergabe durchsetzen und kontrollieren können. So wird eine kontrollierte Datenweitergabe realisiert und der Nutzer muss ausschließlich dem Anbieter seiner Daten nicht aber den Datenkonsumenten vertrauen. Das vorgestellte System wird nach den rechtlichen und funktionalen Anforderungen des CRM untersucht und die Funktionsweise und Schutzwirkung der Protokolle gezeigt.
Article
Full-text available
For decades, the password has been the standard means for user authentication on computers. However, as users are required to remember more, longer, and changing passwords, it is evident that a more convenient and secure solution to user authentication is necessary. This paper examines passwords, security tokens, and biometrics-which we collectively call authenticators-and compares these authenticators and their combinations. We examine their effectiveness against several attacks and suitability for particular security specifications such as compromise detection and nonrepudiation. Examples of authenticator combinations and protocols are described to show tradeoffs and solutions that meet chosen, practical requirements. The paper endeavors to offer a comprehensive picture of user authentication solutions for the purposes of evaluating options for use and identifying deficiencies requiring further research.
Conference Paper
Full-text available
ivered to the person accountable for it. We cannot technically establish who is going to be legally, morally or socially liable for an action. Our goal is, more modestly but still quite difficult, to determine who, technically, performed a specific action. Delegation of responsibility takes place everytime a principal has to rely upon some other party to complete a transaction. He relies upon an other principal but he does not trust him. Following we describe a couple of examples where this new form of delegation is needed. Let suppose to have a service provider that offers a set of services to his customers. The customers demand for a new service. The service provider finds more convenient to delegate this service to an other party rather than to provide it by himself. Customers do not want to see this delegation, i.e. the new service has to have the usual interface of all the other services. The responsible for all the services for the customers it is always the service provider (
Article
Identity management has to comprise all areas of life throughout one's whole lifetime to gain full advantages, e.g., ease-of-use for all kinds of digital services, authenticity and authorisation, reputation and user-controlled privacy.To help laying the foundations for identity management applicable to people's whole life, we describe the formation of digital identities happening numerous times within one's physical life, i.e., their establishment, evolvement and termination, and derive building blocks for managing these digital identities from the needs of individuals and of society.The identity attributes occurring and developing can be categorised according to their sensitiveness and the security requirements individuals have regarding them. We give an analysis of the sensitivity of identities and their attributes w.r.t. privacy and security both from a legal and individual's perspective. This leads to how systems for identity management throughout one's whole life should be designed using the building blocks derived.
Article
Delegation, from a technical point of view, is widely considered as a potential approach in addressing the problem of providing dynamic access control decisions in activities with a high level of collaboration, either within a single security domain or across multiple security domains. Although delegation continues to attract significant attention from the research community, presently, there is no published work that presents a taxonomy of delegation concepts and models. This article intends to address this gap by presenting a set of taxonomic criteria relevant to the concept of delegation. This article also applies the taxonomy to a selection of significant delegation models published in the literature.
Conference Paper
Identity federation is a powerful scheme that links accounts of users maintained distinctly by different business partners. The concept of network identity is a driver for accelerat- ing automation of Web Services on the Internet for users on their behalf while protecting privacy of their personally identifiable information. Although users of Web Services es- sentially delegate some or all privileges to an entity to per- form actions, current identity based systems do not take into sufficient consideration delegation between entities hosting Web Services from a viewpoint of identity and privacy. This paper introduces a delegation model for federated identity management systems and proposes a delegation framework to provide solutions for access control in the context of dele- gation. The framework has a function of transferring user's privileges across the entities encoded in delegation assertion extending SAML (Security Assertion Markup Language). The framework enables users to manage their own privileges, and service providers to control access of entities based on delegated privileges by the users with assistance of a dele- gation authority that authorizes delegation of a delegating entity and an authentication authority that authenticates a user and manages user's name identifiers.
Privacy with Delegation of Rights by Identity Management Emerging Trends in Information and Communication Security (ETRICS)
  • S Wohlgemuth
  • G Müller
Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management. In: Müller, G. (ed.) Emerging Trends in Information and Communication Security (ETRICS) 2006. LNCS, vol. 3995, pp. 175--190. Springer, Berlin, Heidelberg, Germany (2006) 17. Wohlgemuth, S.: Privatsphäre durch die Delegation von Rechten. Vieweg+Teubner, Wiesbaden, Germany (2008)
Tackling the Challenge of Lifelong Privacy
  • S Clauß
  • M Hansen
  • A Pfitzmann
  • M Raguse
  • S Steinbrecher
Clauß, S., Hansen, M., Pfitzmann, A., Raguse, M., Steinbrecher, S.: Tackling the Challenge of Lifelong Privacy. In: Cunningham, P., Cunningham, M. (eds.): Proceedings of eChallenges 2009 (2009)
PRIME White Paper V3 - Privacy and Identity Management for
  • R Leenes
  • J Schallaböck
  • M Hansen
Expanding the Knowledge Economy: Issues, Applications, Case Studies - Proceedings of eChallenges
  • M Hansen
  • S Fischer-Hübner
  • J S Pettersson
  • M Bergmann
  • M. Hansen
Hansen, M. Fischer-Hübner, S. Pettersson, J.S., Bergmann, M.: Transparency Tools for User-Controlled Identity Management. In: Cunningham, P., Cunningham, M. (eds.) Expanding the Knowledge Economy: Issues, Applications, Case Studies -Proceedings of eChallenges 2007, pp. 1360--1367, IOS Press, Amsterdam, The Netherlands (2007)
PRIME White Paper V3 -Privacy and Identity Management for Europe
  • R Leenes
  • J Schallaböck
  • M Hansen
Leenes, R. Schallaböck, J., Hansen, M.: PRIME White Paper V3 -Privacy and Identity Management for Europe. https://www.prime-project.eu/prime_products/whitepaper/ (2008)
A Delegation Framework for Liberty
  • W Alrodhan
  • C J Mitchell
Alrodhan, W., Mitchell, C.J.: A Delegation Framework for Liberty. In: Haggerty, J., Merabti, M. (eds.) Proceedings of the 3rd Conference on Advances in Computer Security and Forensics (ACSF 2008), pp. 67--73. Liverpool, UK (2008)