Abstract
User-controlled identity management systems assist individuals in managing their private sphere. An individual’s privacy can be supported by transparency on processing of personal data. After giving an overview on transparency properties as well as its relation to privacy and data protection regulation, this text introduces different transparency tools: Prior to an interaction, information on the interacting party should be made transparent. During the interaction, privacy policies have to be communicated. Afterwards, users should be helped in exercising their privacy rights such as, among others, the right to access own personal data. In addition information on security and privacy incidents provides complementary data for the user’s perception of the level of privacy. Although transparency tools alone are no panacea for maintaining the private sphere, the combination of transparency tools and user-controlled identity management systems yields viable functionality to empower users to protect their privacy.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Andersson C, Camenisch J, Crane S, Fischer-Hübner S, Leenes R, Pearson S, Pettersson, JS, Sommer, D (2005) Trust in PRIME. In: Proceedings of the 5th IEEE Int. Symposium on Signal Processing and Information Technology. Athens, Greece, 552-559
Article 29 Working Party (2004) Opinion on More Harmonised Information Provisions. WP 100, 11987/04/EN. http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2004/ wp100_en.pdf. Accessed 2 Dec 2007
Awad, NF, Krishnan, MS (2006) The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to Be Profiled Online for Personalization. MIS Quarterly 30(1): 13–28
Bauer M, Meints M, Hansen M (eds) (2005) Structured Overview on Prototypes and Concepts of Identity Management Systems. FIDIS Deliverable D3.1. Frankfurt am Main, Germany. http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp3-del3.1.overview_on_IMS.final.pdf. Accessed 2 Dec 2007
Borking JJ, Raab CD (2001) Law, PETs and Other Technologies for Privacy Protection. In: Journal of Information, Law and Technology, Vol. 1. http://www2.warwick.ac.uk/ fac/soc/law/elj/jilt/20011/borking. Accessed 2 Dec 2007
Brin D (1998) The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom? Addison-Wesley, Reading, Mass.
Brückner L, Voss M (2005) MozPETs — a Privacy Enhanced Web Browser. In: Proceedings of the Third Annual Conference on Privacy, Security and Trust (PST05), Canada. http://www.ito.tu-darmstadt.de/publs/pdf/BruecknerVoss_Mozpets.pdf. Accessed 2 Dec 2007
Camenisch J, Lysyanskaya A (2000) Efficient Non-Transferable Anonymous Multi-Show Credential System With Optional Anonymity Revocation. IBM Research Report RZ 3295 (# 93341), extended abstract in: Advances in Cryptology — Eurocrypt 2001, revised full version available at http://eprint.iacr.org/2001/019. Accessed 2 Dec 2007
Casassa Mont M, Pearson S, Bramhall P (2003) Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. Trusted Systems Laboratory, HP Laboratories Bristol, HPL-2003-49. http://www.hpl.hp.com/techreports/ 2003/HPL-2003-49.pdf. Accessed 2 Dec 2007
Chaum D (1985) Security without Identification: Transaction Systems to Make Big Brother Obsolete. CACM 28(10): 1030–1044
Clauß S, Köhntopp M (2001) Identity Management and Its Support of Multilateral Security. Computer Networks, 37(2): 205–219
Clauß S, Kriegelstein K (2003) Datenschutzfreundliches Identitätsmanagement. Datenschutz und Datensicherheit 27(5): 297
Clauß S, Pfitzmann A, Hansen M, Van Herreweghen E (2002) Privacy-Enhancing Identity Management. The IPTS Report 67: 8-16. http://www.jrc.es/home/report/english/articles/vol67/IPT2E676.htm. Accessed 2 Dec 2007
Eurobarometer (2003) Data Protection. http://ec.europa.eu/publicopinion/archives/ebs/ebs_196_data_protection.pdf. Accessed 2 Dec 2007
Fischer-Hübner S, Pettersson JS, Bergmann M, Hansen M, Pearson S, Casassa Mont M (2007) HCI Designs for Privacy-Enhancing Identity Management. In: Acquisti A, Gritzalis S, Lambrinoudakis C, Di Vimercati S (eds) Digital Privacy: Theory, Technologies, and Practices, Auerbach, in press
Hansen M, Meissner S (eds) (2007) Verkettung digitaler Identitäten. Report commissioned by the German Federal Ministry of Education and Research. https://www.datenschutzzentrum.de/projekte/verkettung/. Accessed 2 Dec 2007
Hildebrandt M, Koops B-J (eds) (2007) A Vision of Ambient Law. FIDIS Deliverable D7.9. Frankfurt am Main, Germany. http://www.fIdis.net/fileadmin/fidis/deliverables/fidis-wp7-d7.9_A_Vision_of_Ambient_Law.pdf. Accessed 2 Dec 2007
Hildebrandt M, Meints M (eds) (2006) RFID, Profiling, and AmI. FIDIS Deliverable D7.7. Frankfurt am Main, Germany. http://www.fidis.net/fileadmin/fldis/deliverables/ fidis-wp7-del7.7.RFID_Profiling_AMI.pdf. Accessed 2 Dec 2007
Hogan & Hartson, Analysys (2006) Preparing the Next Steps in Regulation of Electronic Communications — A Contribution to the Review of the Electronic Communications Regulatory Framework. http://ec.europa.eu/information_society/policy/ecomm/doc/library/ext_studies/next_steps/regul_of_ecomm_july2006_final.pdf. Accessed 2 Dec 2007
Jendricke U, Gerd torn Markotten D (2000) Usability meets Security — The Identity-Manager as your Personal Security Assistant for the Internet. In: Proceedings of the 16th Annual Computer Security Applications Conference, 344-353
Jøsang A, Pope S (2005) User Centric Identity Management. In: Proceedings of AusCERT, Australia. http://sky.fit.qut.edu.au/~josang/papers/JP2005-AusCERT.pdf. Accessed 2 Dec 2007
Karjoth G, Schunter M, Waidner M (2002) Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data. In: Proceedings of 2nd Workshop on Privacy Enhancing Technologies (PET 2002), LNCS 2482, Springer, 69-84
Leenes R, Schallaböck J, Hansen M (eds) (2007) Privacy and Identity Management for Europe — PRIME White Paper V2. https://www.prime-project.eu/prime_products/whitepaper/. Accessed 2 Dec 2007
Mehldau M (2007) Iconset for Data-Privacy Declarations v0.1. http://netzpolitik.org/wp-upload/data-privacy-icons-v01.pdf. Accessed 2 Dec 2007
Meints M (2006) Protokollierung bei Identitätsmanagementsystemen — Anforderungen und Lösungsansätze. Datenschutz und Datensicherheit 30(5): 304–307
Nageler A (2006) Integration von sicherheitsrelevanten Informationen in ein Identitätsmanagementsystem. Diploma Thesis, Christian-Albrechts-Universität zu Kiel
Pettersson JS, Fischer-Hübner S, Bergmann M (2006) Outlining “Data Track”: Privacy-Friendly Data Maintenance for End-Users. In: Advances in Information Systems Development — New Methods and Practice for the Networked Society, Proceedings of the 15th International Conference on Information Systems Development (ISD 2006), Springer US, 215-226
Pfitzmann A, Hansen M (2007) Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management — A Consolidated Proposal for Terminology v0.30. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml. Accessed 2 Dec 2007
PRIME Tutorials (2007). https://www.prime-project.eu/tutorials/. Accessed 2 Dec 2007
Rundle M (2006) International Data Protection and Digital Identity Management Tools. Presentation at Internet Governance Forum 2006, October 2006, Athens. http://identityproject.lse.ac.uk/mary.pdf. Accessed 2 Dec 2007
Westin AF (1967) Privacy and Freedom. Atheneum, New York
Wörndl W (2003) Privatheit bei dezentraler Verwaltung von Benutzerprofilen (Privacy in Decentrai Management of User Profiles). PhD Thesis at Technische Universität München. http://tumbl.biblio.tu-muenchen.de/publ/diss/in/2003/woerndl.pdf. Accessed 2 Dec 2007
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hansen, M. (2008). Marrying Transparency Tools with User-Controlled Identity Management. In: Fischer-Hübner, S., Duquenoy, P., Zuccato, A., Martucci, L. (eds) The Future of Identity in the Information Society. Privacy and Identity 2007. IFIP — The International Federation for Information Processing, vol 262. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-79026-8_14
Download citation
DOI: https://doi.org/10.1007/978-0-387-79026-8_14
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-4629-4
Online ISBN: 978-0-387-79026-8
eBook Packages: Computer ScienceComputer Science (R0)