This article speculates on the future of privacy and electronic identities on the Internet. Based on a short review of security models and the development of privacy-enhancing technology, privacy and electronic identities will be discussed as parts of a larger context—an ecosystem of personal information and electronic identities. The article argues for an ecosystem view of personal information and electronic identities, as both personal information and identity information are basic required input for many applications. Therefore, for both application owners and users, a functioning ecosystem of personal information and electronic identification is important. For the future of the Internet, high-quality information and controlled circulation of such information is therefore argued as decisive for the value of future Internet applications.
References
[1]
Fritsch, L. Privacy-respecting location-based service infrastructures: A socio-technical approach to requirements engineering. J. Theor. Appl. E-Commer. Res. 2007, 2, 1–17.
[2]
Martin, J. Security, Accuracy, and Privacy in Computer Systems; Prentice-Hall: Englewood Cliffs, NJ, USA, 1973.
Biba, K.J. Integrity Considerations for Secure Computer Systems; MITRE Corporation: Bedford, MA, USA, 1977.
[5]
Fraser, T. LOMAC: Low water-mark integrity protection for COTS environments. In Proceedings of IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 14–17 May 2000; IEEE Computer Society: Berkeley, Washington, DC, USA, 2000; pp. 230–245.
[6]
Clark, D.; Wilson, D. A comparison of commercial and military computer security policies. In Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, USA, 27–29 April 1987.
Brewer, D.F.C.; Nash, M.J. The Chinese wall security policy. In Proceedings of Symposium on Security and Privacy, Oakland, CA, USA, 1–3 May 1989; IEEE Computer Society: Washington, DC, USA, 1989; pp. 206–214.
[9]
Anderson, R. A security policy model for clinical information systems. In Proceedings of 15th Symposium on Security and Privacy, Oakland, CA, USA, 6–8 May 1996; IEEE Computer Society: Washington, DC, USA, 1996; pp. 30–43.
[10]
PRIME Privacy and Identity Management for Europe. Available online: http://www.prime-project.eu (accessed on 6 January 2013).
[11]
PrimeLife—Privacy and Identity Management in Europe for Life. Available online: http://www.primelife.eu/ (accessed on 6 January 2013).
[12]
Casassa Mont, M.; Pearson, S.; Bramhall, P. Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In Proceedings of 14th International Workshop on Database and Expert Systems Applications, Prague, Czech Republic, 1–5 September 2003.
[13]
Chaum, D. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 1981, 4, 84–88, doi:10.1145/358549.358563.
[14]
Federrath, H.; Jerichow, A.; Kesdogan, D.; Pfitzmann, A. Security in public mobile communication networks. In Proceedings of IFIP TC 6 International Workshop on Personal Wireless Communications, Prague, Czech Republic, 24–25 April 1995; pp. 105–116.
[15]
Fischer-Hübner, S. T-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms; Springer: Berlin, Germany, 2001.
[16]
Boly, J.-P.; Bosselaers, A.; Cramer, R.; Michelsen, R.; Mj?lsnes, S.; Muller, F.; Pedersen, T.; Pfitzmann, B.; Rooij, P.D.; Schoenmakers, B.; Schunter, M.; Vallée, L.; Waidner, M. The ESPRIT project CAFE—High security digital payment systems. Comput. Secur. 1994, 875, 217–230.
[17]
Lacoste, G.; Pfitzmann, B.; Steiner, M.; Waidner, M. SEMPER—Secure Electronic Marketplace for Europe; Springer: Berlin, Germany, 2000.
[18]
Community Framework for Electronic Signatures;; Commission of the European Union: Brussels, Belgium, 1999.
[19]
Ferraiolo, D.F.; Kuhn, D.R. Role-Based access controls. In. In Proceedings of 15th National Computer Security Conference, Baltimore, MD, USA, 13–16 October 1992; pp. 554–563.
[20]
Ferraiolo, D.; Kuhn, D.R.; Chandramouli, R. Role-Based Access Control; Artech House: Boston, MA, USA, 2003.
[21]
Cutler, R. Liberty Identity Assurance Framework; Version 1.1; Liberty Alliance Project: Piscataway, NJ, USA, 2008.
[22]
Recordon, D.; Reed, D. OpenID 2.0: A platform for user-centric identity management. In Proceedings of the Second ACM Workshop on Digital Identity Management, Alexandria, VA, USA, 30 Ocotber–3 November 2006; ACM: New York, NY, USA, 2006; pp. 11–16.
[23]
Berg, B.V.; Leenes, R.E. Audience segregation in social network sites. In Proceedings for Second IEEE International Conference on Social Computing/Second IEEE International Conference on Privacy, Security, Risk and Trust (SocialCom2010/PASSAT2010), Minneapolis, MN, USA, 20–22 August; 2010; pp. 1111–1117.
[24]
Anzelmo, E.; Bassi, A.; Caprio, D.; Dodson, S.; Kranenburg, R.V.; Ratto, M. Discussion Paper on the Internet of Things; Commissioned by the Institute for Internet and Society: Berlin, Germany, 2011.
[25]
Bassi, A.; Horn, G. Internet of Things in 2020: A Roadmap for the Future; European Commission: Information Society and Media: Brussels, Belgium, 2008.
[26]
Fritsch, L. State of the Art of Privacy-Enhancing Technology (PET)—Deliverable D.2.1 of the PET Web Project; No. 1013; Norsk Regnesentral: Oslo, Norway, 2007.
[27]
Pfitzmann, A.; Hansen, M. Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management—A Consolidated Proposal for Terminology; Technische Universit?t Dresden: Dresden, Germany, 2010.
[28]
Panurach, P. Money in electronic commerce: Digital cash, electronic fund transfer, and Ecash. Commun. ACM 1996, 39, 45–50, doi:10.1145/228503.228512.
[29]
Brands, S.A. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy; MIT Press: Cambridge, MA, USA, 2000.
[30]
Camenisch, J.; Herreweghen, E.V. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, 18–22 November 2002; ACM: New York, NY, USA, 2002; pp. 21–30.
[31]
Paquin, C. U-Prove Technology Overview; Version 1.1; Microsoft Corporation: Redmond, WA, USA, 2011.
[32]
Chaum, D. Security without identification: Transaction systems to make big brother obsolete. Commun. ACM 1985, 28, 1030–1044, doi:10.1145/4372.4373.
[33]
FIDIS (Future of Identity in the Information Society). FIDIS Deliverable D3.1: Structured Overview on Prototypes and Concepts of Identity Management Systems; FIDIS: Messkirch, Germany, 2005.
[34]
Rossnagel, H. The market failure of anonymity services. In Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices; Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D., Eds.; Springer: Berlin, Germany, 2010; Volume 6033, pp. 340–354.
[35]
Rossnagel, H.; Zibuschka, J.; Pimenides, L.; Deselaers, T. Facilitating the adoption of Tor by focusing on a promising target group. In Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age, Oslo, Norway, 14—16 October 2009; pp. 15–27.
[36]
Gideon, J.; Egelman, S.; Cranor, L.; Acquisti, A. Power strips, prophylactics, and privacy, oh my. In Proceedings of the Second Symposium on Usable Privacy and Security, Pittsburgh, PA, USA, 12–14 July 2006.
[37]
Fritsch, L.; Fuglerud, K.S.; Solheim, I. Towards inclusive identity management. Identity Inf. Soc. 2010, 3, 515–538, doi:10.1007/s12394-010-0075-6.
[38]
Fuglerud, K.S. Universal design in ICT services. In Inclusive Buildings, Products & Services: Challenges in Universal Design; Vavik, T., Ed.; Akademika Forlag: Trondheim, Norway, 2009; pp. 244–267.
[39]
Fuglerud, K.S.; Reinertsen, A.; Fritsch, L.; Dale, ?. Universal Design of IT-Based Solutions for Registration and Authentication; Norwegian Computing Center: Oslo, Norway, 2009.
[40]
Fritsch, L.; Abie, H. A road map to the management of privacy risks in information systems. In Proceedings of Konferenzband Sicherheit, Bonn, Germany, 2 April 2008; pp. 1–15.
[41]
Fritsch, L.; Fuglerud, K.S. Time and Usability as Upper Boundary in Friend and Family Security and Privacy; DART/11/2010; Norsk Regnesentral: Oslo, Norway, 2010.
[42]
Fritsch, L. Security and privacy engineering for corporate use of social community platforms. In Informatik 2011: Informatik schafft Communities, Beitr?ge der 41. Jahrestagung der Gesellschaft für Informatik e.V. (GI; Hei?, H.-U., Pepper, P., Holger, S., Schneider, J., Eds.; Gesellschaft für Informatik (GI): Berlin, Germany, 2011.
[43]
Ashton, K. That “Internet of Things”. Available online: http://www.rfidjournal.com/article/view/4986 (accessed on 6 January 2012).
[44]
Zanero, S.; Savaresi, S. Unsupervised learning techniques for an intrusion detection system. In Proceedings of ACM Symposium on Applied Computing, Nicosia, Cyprus, 14–17 March 2004; pp. 412–419.
[45]
Hildebrandt, M. Trusted e-services for the citizen. In Presented at ICT Conference 2010, Lyon, France, 10–11 February 2010.