The Limits of Control - (Governmental) Identity Management from a Privacy Perspective

The emergence of identity management indicates that the process of identification has reached a stage where analog and digital environments converge. This is also reflected in the increased efforts of governments to introduce electronic ID systems, aiming at security improvements of public services and unifying identification procedures to contribute to administrative efficiency. Though privacy is an obvious core issue, its role is rather implicit compared to security. Based on this premise, this paper discusses a control dilemma: the general aim of identity management to compensate for a loss of control over personal data to fight increasing security and privacy threats could ironically induce a further loss of control. Potential countermeasures demand user-controlled anonymity and pseudonymity as integral system components and imply further concepts which are in their early beginnings, e.g., limiting durability of personal data and transparency enhancements with regard to freedom of information to foster user control.

[1]  Nick Anstead,et al.  Tools of government in the digital age , 2009 .

[2]  Jozef Vyskoc,et al.  Future of Identity in the Information Society , 2009 .

[3]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[4]  William G. Staples Playing the Identity Card: Surveillance, Security and Identification in Global Perspective , 2009 .

[5]  Herbert Kubicek,et al.  The path dependency of national electronic identities , 2010 .

[6]  James Backhouse,et al.  A roadmap for research on identity in the information society , 2008 .

[7]  John Torpey Identifying Citizens: ID Cards as Surveillance , 2010 .

[8]  Mikko Tapani Karaiste Delete: The virtue of forgetting in the digital age , 2010 .

[9]  Giles Hogben,et al.  Privacy Features: Privacy features of European eID card specifications , 2008 .

[10]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[11]  Andreas Pfitzmann,et al.  Lifelong Privacy: Privacy and Identity Management for Life , 2009, PrimeLife.

[12]  Mireille Hildebrandt,et al.  Profiling and the rule of law , 2008 .

[13]  Marit Hansen,et al.  Privacy-enhancing identity management , 2004, Inf. Secur. Tech. Rep..

[14]  C. N. M. Pounder Nine principles for assessing whether privacy is protected in a surveillance society , 2008 .

[15]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[16]  C. Hood,et al.  The tools of government in the digital age , 2007 .

[17]  D. Lyon Surveillance as social sorting : privacy, risk, and digital discrimination , 2003 .

[18]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[19]  Miriam Lips,et al.  Identity Management in Information Age Government: Exploring Concepts, Definitions, Approaches and Solutions , 2008 .

[20]  Brent Waters,et al.  Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs , 2010, NDSS.

[21]  Herbert Kubicek,et al.  Introduction: conceptual framework and research design for a comparative analysis of national eID Management Systems in selected European countries , 2010 .

[22]  K. Youm Freedom of Information: A Comparative Legal Survey , 2004 .

[23]  Georg Aichholzer,et al.  Electronic identity management in e-Government 2.0: Exploring a system innovation exemplified by Austria , 2010, Inf. Polity.

[24]  A. Pfitzmann,et al.  Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology , 2002 .

[25]  Christopher Krügel,et al.  A Practical Attack to De-anonymize Social Network Users , 2010, 2010 IEEE Symposium on Security and Privacy.

[26]  Paul De Hert,et al.  Identity management of e-ID, privacy and security in Europe. A human rights view , 2008, Inf. Secur. Tech. Rep..