Future of Identity in the Information Society

Summary The present report reviews the fundamental right to privacy and data protection which shall be assured to individuals and the Directive 95/46/EC which provides more detailed rules on how to establish protection in the case of biometric data processing. The present framework does not seem apt to cope with all issues and problems raised by biometric applications. The limited recent case law of the European Court of Human Rights and the Court of Justice sheds some light on some relevant issues, but does not answer all questions. The report provides an analysis of the use of biometric data and the applicable current legal framework in six countries. The research demonstrates that in various countries, position is taken against the central storage of biometric data because of the various additional risks such storage entails. Furthermore, some countries stress the risks of the use of biometric characteristics which leave traces (such as e.g., fingerprint, face, voice…). In general, controllers of biometric applications receive limited clear guidance as to how implement biometric applications. Because of conflicting approaches, general recommendations are made in this report with regard to the regulation of central storage of biometric data and various other aspects, including the need for transparency of biometric systems.

[1]  J.H.A.M. Grijpink Privacy Law: Biometrics and privacy , 2001, Comput. Law Secur. Rev..

[2]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[3]  P. Sztompka Trust: A Sociological Theory , 2000 .

[4]  Sandra Steinbrecher,et al.  Jason: A Scalable Reputation System for the Semantic Web , 2009, SEC.

[5]  Yolanda Gil,et al.  A survey of trust in computer science and the Semantic Web , 2007, J. Web Semant..

[6]  L. Toledo-Pereyra Trust , 2006, Mediation Behaviour.

[7]  Michael C. Bromby,et al.  Face Value: The Entwined Histories of Money and Race in America , 2012 .

[8]  A. F. Whiting Identification , 1960 .

[9]  Boon Thau Loo,et al.  Trust Management , 2006, Lecture Notes in Computer Science.

[10]  Paul Resnick,et al.  The value of reputation on eBay: A controlled experiment , 2002 .

[11]  Lea Kutvonen,et al.  Trust Management Survey , 2005, iTrust.

[12]  Audun Jøsang,et al.  Simplification and analysis of transitive trust networks , 2006, Web Intell. Agent Syst..

[13]  Rolf Haenni,et al.  Credential Networks: a General Model for Distributed Trust and Authenticity Management , 2005, PST.

[14]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[15]  Joyce E. Berg,et al.  Trust, Reciprocity, and Social History , 1995 .

[16]  Amalya L. Oliver,et al.  A System Cybernetic Approach to the Dynamics of Individual- and Organizational-Level Trust , 2001 .

[17]  N. Luhmann Vertrauen : ein Mechanismus der Reduktion sozialer Komplexität , 1973 .

[18]  Rolf Haenni,et al.  A New Approach to PGP's Web of Trust , 2007 .

[19]  Audun Jøsang,et al.  An Algebra for Assessing Trust in Certification Chains , 1999, NDSS.

[20]  E. Buchborn [Trust and distrust]. , 1983, MMW, Munchener medizinische Wochenschrift.

[21]  John Han Numan Knowledge-based systems as companions : Trust, human computer interaction and complex systems , 1998 .

[22]  LausenGeorg,et al.  Propagation Models for Trust and Distrust in Social Networks , 2005 .

[23]  Georgios Efthymios Theodorakopoulos,et al.  Distributed Trust Evaluation in Ad-Hoc Networks , 2004 .

[24]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[25]  Harald Zwingelberg,et al.  Virtual Persons and Identities , 2009, The Future of Identity in the Information Society.

[26]  Rolf Haenni,et al.  Two-Layer Models for Managing Authenticity and Trust , 2007 .

[27]  Mukesh Singhal,et al.  Trust Management in Distributed Systems , 2007, Computer.

[28]  Rolf Haenni Using probabilistic argumentation for key validation in public-key cryptography , 2005, Int. J. Approx. Reason..

[29]  Paul A. Pavlou,et al.  Institution-Based Trust in Interorganizational Exchange Relationships: The Role of Online B2B Marketplaces on Trust Formation , 2002, J. Strateg. Inf. Syst..

[30]  Corien Prins Making our body identify for us: Legal implications of biometric technologies , 1998, Comput. Law Secur. Rev..

[31]  N Moray,et al.  Trust, control strategies and allocation of function in human-machine systems. , 1992, Ergonomics.

[32]  O. Williamson Calculativeness, Trust, and Economic Organization , 1993, The Journal of Law and Economics.

[33]  K. O’Hara Trust: From Socrates to Spin , 2004 .

[34]  Annemarie Sprokkereef,et al.  Data Protection and the Use of Biometric Data in the EU , 2007, FIDIS.

[35]  Peter Schlechtriem Restitution und Bereicherungsausgleich in Europa : eine rechtsvergleichende Darstellung , 2000 .

[36]  Audun Jøsang,et al.  A Logic for Uncertain Probabilities , 2001, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[37]  David Chaum,et al.  Showing Credentials without Identification Transfeering Signatures between Unconditionally Unlinkable Pseudonyms , 1990, AUSCRYPT.

[38]  Kai Rannenberg,et al.  The Future of Identity in the Information Society , 2009, The Future of Identity in the Information Society.

[39]  Ramanathan V. Guha,et al.  Propagation of trust and distrust , 2004, WWW '04.

[40]  David Gefen,et al.  Reflections on the dimensions of trust and trustworthiness among online consumers , 2002, Data Base.

[41]  Stephen Flowerday,et al.  Trust: An Element of Information Security , 2006, SEC.

[42]  P. Cofta,et al.  Confidence, trust and identity , 2007 .

[43]  J. Cho The mechanism of trust and distrust formation and their relational outcomes , 2006 .

[44]  Yao Wang,et al.  Toward Trust and Reputation Based Web Service Selection : A Survey , 2007 .

[45]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.

[46]  Bharat K. Bhargava,et al.  E-notebook Middleware for Accountability and Reputation Based Trust in Distributed Data Sharing Communities , 2004, iTrust.

[47]  Georg Lausen,et al.  Propagation Models for Trust and Distrust in Social Networks , 2005, Inf. Syst. Frontiers.

[48]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[49]  Joyce E. Berg,et al.  Trust, reciprocity and social history’, Games and Economic Behaviour, . , 1995 .

[50]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[51]  N. L. Chervany,et al.  THE MEANINGS OF TRUST , 2000 .

[52]  I. Bohnet,et al.  Decomposing trust and trustworthiness , 2006 .

[53]  Kurt Rothermel,et al.  Architecture and Algorithms for a Distributed Reputation System , 2003, iTrust.

[54]  Bonnie M. Muir,et al.  Trust Between Humans and Machines, and the Design of Decision Aids , 1987, Int. J. Man Mach. Stud..

[55]  Rolf Haenni,et al.  Non-Additive Degrees of Belief , 2009 .

[56]  Alexander Aiken,et al.  Attack-Resistant Trust Metrics for Public Key Certification , 1998, USENIX Security Symposium.

[57]  L. C. Nickolls,et al.  The scientific investigation of crime , 1956 .

[58]  Stephen Marsh,et al.  Trust, Untrust, Distrust and Mistrust - An Exploration of the Dark(er) Side , 2005, iTrust.

[59]  Wendy J. Myrvold,et al.  Generic Reliability Trust Model , 2005, PST.

[60]  P. Hájek,et al.  A generalized algebraic approach to uncertainty processing in rule-based expert systems (dempsteroids) , 1991 .

[61]  Nathan Griffiths,et al.  A Fuzzy Approach to Reasoning with Trust, Distrust and Insufficient Trust , 2006, CIA.

[62]  C. Castelfranchi,et al.  Social Trust : A Cognitive Approach , 2000 .

[63]  Bruce Christianson,et al.  Why Isn't Trust Transitive? , 1996, Security Protocols Workshop.

[64]  Fredrik Degerlund Trust Mass, Volume and Density - a Novel Approach to Reasoning about Trust , 2007, Electron. Notes Theor. Comput. Sci..

[65]  Munindar P. Singh,et al.  Distributed Reputation Management for Electronic Commerce , 2002, Comput. Intell..

[66]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[67]  J. Rotter Interpersonal trust, trustworthiness, and gullibility. , 1980 .

[68]  J.H.A.M. Grijpink Biometrics and privacy , 2001 .

[69]  J. Lewis,et al.  Trust as a Social Reality , 1985 .

[70]  Andreas Gutscher,et al.  A Trust Model for an Open, Decentralized Reputation System , 2007, IFIPTM.

[71]  Ananish Chaudhuri,et al.  An Experimental Analysis of Trust and Trustworthiness , 2007 .