Whom to trust? Using technology to enforce privacy.

A wide variety of technologies and tools have been proposed to improve privacy protection. We first review these technologies according to two criteria: the functionality they provide and the actors involved in their use. The main classes of functionalities are information hiding (e.g., anonymisation, encryption, etc.), information management (subject privacy policies, user interfaces, etc.), transparency (dashboards, controller privacy policies) and accountability (traceability, log management, etc.). As far as the actors involved are concerned, we identify three main categories: the data subject, trusted third parties and pairs. The categories of actors required to deploy a tool can have a great impact on its usability and on the type of protection and trust provided by the tool. The role of the subject is also a critical aspect, which requires careful thinking. It is related to the notion of consent, its value for privacy protection but also its limitations and the risks of relying too much on it. In conclusion, we review some of the main challenges in this area including the issues raised by the large-scale exploitation of data (“big data”) and the effective implementation of privacy by design and accountability.

[1]  Valtteri Niemi,et al.  Transforming Privacy Policies to Auditing Specifications , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[2]  Carmela Troncoso,et al.  Engineering Privacy by Design , 2011 .

[3]  Christoph Sobotta,et al.  The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR , 2013 .

[4]  Fred B. Schneider Accountability for Perfection , 2009, IEEE Secur. Priv..

[5]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[6]  Daniel Le Métayer,et al.  Privacy by Design: From Technologies to Architectures - (Position Paper) , 2014, APF.

[7]  Limin Jia,et al.  Policy auditing over incomplete logs: theory, implementation and applications , 2011, CCS '11.

[8]  Yang Wang,et al.  "I regretted the minute I pressed share": a qualitative study of regrets on Facebook , 2011, SOUPS.

[9]  Daniel Le Métayer,et al.  The control over personal data: True remedy or fairy tale ? , 2015, ArXiv.

[10]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[11]  John Karat,et al.  Privacy in information technology: Designing to enable privacy policy management in organizations , 2005, Int. J. Hum. Comput. Stud..

[12]  Mireille Hildebrandt,et al.  The Challenges of Ambient Law and Legal Protection in the Profiling Era , 2010 .

[13]  Wenbo Mao,et al.  Modern Cryptography: Theory and Practice , 2003 .

[14]  Daniel J. Solove,et al.  Introduction: Privacy Self-Management and the Consent Dilemma , 2013 .

[15]  David A. Wagner,et al.  Privacy-enhancing technologies for the Internet , 1997, Proceedings IEEE COMPCON 97. Digest of Papers.

[16]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[17]  William J. Kirsch,et al.  The protection of privacy and transborder flows of personal data: the work of the Council of Europe, the Organization for Economic Co-operation and Development and the European Economic Community , 1982, Legal Issues of Economic Integration.

[18]  Jan Camenisch,et al.  Design and implementation of theidemixanonymous credential system , 2002, CCS 2002.

[19]  Daniel Le Métayer,et al.  Automated consent through privacy agents: Legal requirements and technical architecture , 2009, Comput. Law Secur. Rev..

[20]  Stefan Savage,et al.  A fistful of bitcoins: characterizing payments among men with no names , 2013, Internet Measurement Conference.

[21]  Helen Nissenbaum,et al.  Adnostic: Privacy Preserving Targeted Advertising , 2010, NDSS.

[22]  George Danezis,et al.  Privacy-preserving smart metering , 2011, ISSE.

[23]  Bettina Berendt,et al.  PETs in the Surveillance Society: A Critical Review of the Potentials and Limitations of the Privacy as Confidentiality Paradigm , 2010, Data Protection in a Profiled World.

[24]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[25]  Luc Bouganim,et al.  Restoring the Patient Control over Her Medical History , 2008, 2008 21st IEEE International Symposium on Computer-Based Medical Systems.

[26]  Carmela Troncoso,et al.  PriPAYD: Privacy-Friendly Pay-As-You-Drive Insurance , 2011, IEEE Transactions on Dependable and Secure Computing.

[27]  Gabriela Zanfir,et al.  Forgetting About Consent: Why the Focus Should Be on 'Suitable Safeguards' in Data Protection Law , 2013 .

[28]  Clare-Marie Karat,et al.  An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench , 2006, SOUPS '06.

[29]  S. Gritzalis,et al.  Privacy Enhancing Technologies: A Review , 2003, EGOV.

[30]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[31]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[32]  Luke Church,et al.  Privacy suites: shared privacy for social networks , 2009, SOUPS.

[33]  Laurent Bussard,et al.  S4P: A Generic Language for Specifying Privacy Preferences and Policies , 2010 .

[34]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[35]  John C. Mitchell,et al.  Privacy and Utility in Business Processes , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[36]  A. Michael Froomkin 'Pets Must Be on a Leash': How U.S. Law (and Industry Practice) Often Undermines and Even Forbids Valuable Privacy Enhancing Technology , 2013 .

[37]  Johannes Gehrke,et al.  Query Processing in Sensor Networks , 2003, CIDR.

[38]  Emiliano De Cristofaro,et al.  Practical Private Set Intersection Protocols with Linear Complexity , 2010, Financial Cryptography.

[39]  Elisa Bertino,et al.  State-of-the-art in privacy preserving data mining , 2004, SGMD.

[40]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.

[41]  G. Danezis,et al.  Privacy Technologies for Smart Grids - A Survey of Options , 2012 .

[42]  Bart Jacobs,et al.  Privacy-Friendly Electronic Traffic Pricing via Commits , 2008, Formal Aspects in Security and Trust.

[43]  Daniel Le Métayer,et al.  A Formal Privacy Management Framework , 2009, Formal Aspects in Security and Trust.

[44]  Ian Goldberg,et al.  Privacy-Enhancing Technologies for the Internet, II: Five Years Later , 2002, Privacy Enhancing Technologies.

[45]  Helen Nissenbaum,et al.  Trackmenot: Resisting Surveillance in Web Search , 2015 .

[46]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[47]  Sébastien Gambs,et al.  A Proposal for a Privacy-preserving National Identity Card , 2010, Trans. Data Priv..

[48]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[49]  Jan Zibuschka,et al.  Legal considerations on privacy-enhancing Location Based Services using PRIME technology , 2008, Comput. Law Secur. Rev..

[50]  Vincent Roca,et al.  Mobilitics: Analyzing Privacy Leaks in Smartphones , 2013, ERCIM News.

[51]  Joel R. Reidenberg,et al.  Can User Agents Accurately Represent Privacy Policies , 2002 .

[52]  Philip W. L. Fong,et al.  A Privacy Preservation Model for Facebook-Style Social Network Systems , 2009, ESORICS.

[53]  Emiliano De Cristofaro,et al.  EphPub: Toward robust Ephemeral Publishing , 2010, 2011 19th IEEE International Conference on Network Protocols.

[54]  Mark S. Ackerman,et al.  Privacy critics: UI components to safeguard users' privacy , 1999, CHI Extended Abstracts.

[55]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[56]  Luc Bouganim,et al.  Secure personal data servers , 2010, Proc. VLDB Endow..

[57]  Aniket Kate,et al.  ObliviAd: Provably Secure and Practical Online Behavioral Advertising , 2012, 2012 IEEE Symposium on Security and Privacy.

[58]  Daniel Le Métayer,et al.  Log Design for Accountability , 2013, 2013 IEEE Security and Privacy Workshops.

[59]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[60]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[61]  Michaël Quisquater,et al.  How to Explain Zero-Knowledge Protocols to Your Children , 1989, CRYPTO.

[62]  Claudio Soriente,et al.  Hummingbird: Privacy at the Time of Twitter , 2012, 2012 IEEE Symposium on Security and Privacy.

[63]  Daniel Le Métayer,et al.  Log Analysis for Data Protection Accountability , 2013, FM.

[64]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[65]  Claudia Diaz,et al.  Hero or Villain: The Data Controller in Privacy Law and Technologies , 2013 .

[66]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[67]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[68]  Andreas Haeberlen,et al.  Accountable Virtual Machines , 2010, OSDI.

[69]  Sébastien Gambs,et al.  GEPETO: A GEoPrivacy-Enhancing TOolkit , 2010, 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops.

[70]  Cristina Nita-Rotaru,et al.  A survey of attack and defense techniques for reputation systems , 2009, CSUR.

[71]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[72]  Claude Castelluccia,et al.  I Have a DREAM! (DiffeRentially privatE smArt Metering) , 2011, Information Hiding.

[73]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[74]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[75]  Günter Karjoth,et al.  Translating privacy practices into privacy promises - how to promise what you can keep , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[76]  Andrew Charlesworth,et al.  Accountability as a Way Forward for Privacy Protection in the Cloud , 2009, CloudCom.

[77]  Bart Jacobs,et al.  Privacy-Friendly Energy-Metering via Homomorphic Encryption , 2010, STM.

[78]  Wouter Joosen,et al.  A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements , 2011, Requirements Engineering.

[79]  Thorsten Strufe,et al.  Improving the Usability of Privacy Settings in Facebook , 2011, ArXiv.

[80]  Michael D Birnhack A Quest for a Theory of Privacy: Context and Control , 2011 .

[81]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[82]  Daniel Le Métayer Privacy by design: a formal framework for the analysis of architectural choices , 2013, CODASPY '13.

[83]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[84]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[85]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[86]  Elisa Bertino,et al.  The PROBE Framework for the Personalized Cloaking of Private Locations , 2010, Trans. Data Priv..

[87]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[88]  Idit Keidar,et al.  GPUfs: integrating a file system with GPUs , 2014, ASPLOS '13.

[89]  John J. Borking Why Adopting Privacy Enhancing Technologies (PETs) Takes so Much Time , 2011, Computers, Privacy and Data Protection.