Special Issue "Privacy in the Future Internet"

Guest Editor
Dr. Christoph Sorge
Department of Computer Science, University of Paderborn, Fürstenallee 11, 33102 Paderborn, Germany
E-Mail: christoph.sorge@uni-paderborn.de
Phone: +49 52 51 60 66 91
Fax: +49 52 51 60 66 18
Interests: network security; privacy enhancing technologies; data protection and information law; smart grid privacy

Guest Editor
Prof. Dr. Luigi Lo Iacono
European University of Applied Sciences (EUFH), Brühl, Germany
E-Mail: l.lo_iacono@eufh.de
Phone: +49 2232 5673 670

Guest Editor
Prof. Dr. Simone Fischer-Hübner
Department of Computer Science, Karlstad University, Universitetsgatan 1, S 651 88 Karlstad, Sweden
E-Mail: simone.fischer-huebner@kau.se
Phone: +46 54 700 1723
Fax: +46 54 700 1828

Dear Colleagues,

Whatever the Future Internet is going to look like, we can be certain it will impact our daily lives even more than current networks. The “Internet of Things” vision, for example, includes the ubiquitous presence of networked devices, including RFID tags, sensors and sensor networks, and possibly devices we haven’t even considered yet. These do not exist in isolation, as they are used by human beings on the one hand, and sense information about human beings on the other hand. If privacy is not sufficiently taken into account in the design of communication infrastructures, including authentication, access control, and accounting solutions, there is a risk that personal information gathered in the Internet of Things will be abused. The same is true for the “Internet of Services”, where service usage might enable the creation of comprehensive user profiles if privacy risks are not considered in the design stage.

However, new challenges for privacy enhancing technologies do not merely arise from a change of scale or from new applications. Numerous research projects deal with new architectural approaches, e.g. based on network virtualization. How can privacy be built into these architectures, for example by enabling anonymous communication or the handling of privacy policies? Is there a need for new privacy enhancing technologies, or can the existing ones (e.g., onion routing) be easily adapted?

This special issue of Future Internet welcomes all contributions dealing with privacy challenges related to the Future Internet and its applications. This includes, for example:

• ·         Anonymous communication
• ·         Privacy-aware AAA solutions
• ·         Descriptions and models of new threats to privacy
• ·         User-centric identity management
• ·         Location privacy
• ·         Impact of new Internet architectures on privacy-enhancing technologies and vice versa
• ·         Privacy in future critical infrastructures (e.g., smart energy grid)
• ·         Future of privacy legislation (defining appropriate legal frameworks for the Future Internet)

Dr. Christoph Sorge
Prof. Dr. Luigi Lo Iacono
Prof. Dr. Simone Fischer-Hübner
Guest Editors

Submission

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. Papers will be published continuously (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are refereed through a peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Future Internet is an international peer-reviewed Open Access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 300 CHF (Swiss Francs). English correction and/or formatting fees of 250 CHF (Swiss Francs) will be charged in certain cases for those articles accepted for publication that require extensive additional formatting and/or English corrections.

• privacy enhancing technologies
• identity management
• anonymous communication
• internet of things
• internet of services

Type of Paper: Article
Title: The Clean Privacy Ecosystem of Future Internet
Author: Lothar Fritsch
Affiliation: Norwegian Computing Center ( Norsk Regnesentral), Oslo, Norway; E-Mail: Lothar.Fritsch@nr.no
Abstract: Privacy and data processing have had a tense relationship since data storage and computing power became available. Privacy is an interdisciplinary domain connecting ethics, law, politics, technological development, and business practice. 
The journey to the future of Internet privacy begins in the deep middle ages of computing, where many of the classic access control mechanisms were developed, and will sketch a very brief overview of major achievements there. This will involve concepts such as roles, privilege delegation and the other difficult topics in the classic AC models.
The first disruptive event was the dissolution of the security perimeter, where "personal" computers move away from the centralized & protected infrastructures, and the larger systems got permanently connected to each other over communication lines, and ultimately, the Internet. Here, a clear division in strategies for data protection turned up: the efforts divided into the re-establishment of perimeter security and into the efforts of establishing new paradigms (such as encryption with public keys, digital signatures, distributed computing and its security challenges, etc.).
The next milestone was the wide uptake of computing with both the processing of large amounts of personal data, and the wide and deep usage of computers by many humans in many places. This was a relevant phase where both privacy and identity management challenges blossomed, and both research and practice thrived along with the e-Commerce book from the 1980ies into the 1990ies.  Here, anonymizing  MIXes were invented, and researcher's imagination turned public-key algorithms into protocols with many peculiar properties in Identity Management (IDM), privacy preservation and other areas (e.g. anonymous e-cash, anonymous e-mail, blind signing, secret sharing, revocable anonymity, e-cash with double spending control, ...).
The "final frontier" is the new millennium, where the "application perimeter" began to completely  fall apart, dissolving classic pillars of information security such as proper relationships between computer owners, application owners, service owners and users in the "cloud", quickly eroding any siloed efforts in IDM through federation infrastructures. In addition, political pressure advocated identification technologies imposed on people (biometry, IDs, records about movements and transactions), laying out the foundations of todays personalized, user-centered, and ubiquitous “Internet of Things”. Users sign into such infrastructures based on a new “App-culture”, where everything is personalized, enabling the construction of a technology-based personal identity in a connect world of billions of connected users.
A few alternative efforts to this global, total infrastructure of identification have been worked on by researchers (e.g. IDEMIX and UPROVE as protocols for anonymous or pseudonymous credentials), together with interdisciplinary efforts in building frameworks for regulation, design, auditing and managing IT with guaranteed privacy properties and IDM systems with known risks. Large research projects focused on user-centric privacy protection, on privacy-enhancing identity management, and on unobservable transactions on the Internet.  Some of the results have made it into practice, such as the TOR and ANON anonymization services, while a large part of the achievements is waiting for a debut with the user masses.
As the major upcoming challenge, I see the question on the power to control personal data use and ID use both in global and in "local" (to be interpreted in terms of cloud- or IoT families). Hildebrandts threat to be "read by others in wrong contexts based on data residing from another transaction" is an essential issue here. Future monopolies of electronic identification, profiling and federation potentially exercise vast power over wide parts of the e-society, transcending local regulation, politics, and societies. Answers to these challenges have, at least in many of the European research projects on privacy technology, been given only for the end users by supplying user-centric technologies, policy management tools, and user-controllable identity management systems.
However, as important as these results are, there is a drawback. Each of their users needs to spend extra efforts when “managing” his own privacy or e-ID. Users who don’t do so, gain more benefit from the applications they use. Service providers and system vendors don’t gain any benefits from making their own products more difficult to use by adding the latest privacy technologies while their competition is still selling cheaper and easier to use applications without them. Privacy economics might simply kill any good intentions. Privacy economics refers to economic considerations and constraints concerning one's information privacy. People often use a pragmatic approach to evaluate privacy risks against benefits when they use IT systems. In sharing e.g. media objects with friends, the immediate benefit is the feeling of community with friends or family. The management of access control, risk assessment concerning privacy, and firefighting of access errors however impose cost - either in time used, loss of pleasure and usefulness, or real monetary cost. All explicit privacy handling, policy building and reconfiguring of access rules are cost imposed on users. It must be assumed that users will not invest more resources into managing privacy issues than they experience their perceived benefit of using a social network. "Friends & family" privacy management is therefore more subject to interpersonal negotiation and re-negotiation than privacy regimes intended to control government or corporate data processing. Rather explicit legal frameworks from these environments can hardly be translated into interpersonal relationships. It must be assumed that those who own power in social relationships will be in a better position to dominate the privacy regimes practically used. Not to mention the Internet of Things, where the user will be confronted with a complete cloud, or fog, of chips, devices, sensors and services from a multitude of stakeholders and peers. Increased complexity, uncertain policy consequences, and crude user interfaces for security and privacy policy handling are the main sources for usability issues.
I like to imagine the future of Internet Privacy as part of an IT ecosystem. One might view it in analogy to environmental pollution. Let’s use the terms “personal information spill” for data breach, and for data transfer without consent of the person the data is about. There could be “Identity pollution”, where too many e-IDs, accounts, passwords, e-mail addresses and banking tokens are imposed upon people, filling up useless databases with incomplete profiles of one-time customers. The future of Internet Privacy will, in my opinion, depend on two factors: The quality (cleanness) of personal information and e-IDs in data bases, and the avoidance of personal information spill.  Quality is more or less asked for in data protection laws, as a combination of minimization, correctness, and transparency duties for data processors, but there are practically no checks and penalties for violation. But many of the services on the horizon are dependent on good quality of data, e.g. about their users, to provide valuable services. To avoid constant quality assurance in future community-based or crowd-sourced applications, the win-win-situation might well be in a “clean” ecosystem of personal information aligned with both the user interest and the application purpose. However, the measures to implement quality, and to avoid data spill poisoning the privacy ecosystem might be of a regulatory nature, and not based on pure technical solutions. Car catalyzers came after a law was introduced, and the same holds for many other measures in the area of pollution. The Future of Privacy might depend on bold regulatory frameworks that will increase quality and cleanness of the future internet privacy ecosystem. Measures imaginable are not higher penalties for violation (though that is imaginable), but there might be a “environmental” tax on the number of person-related records, the number of customer profiles, the amount of collected data, or the amount of transactions ran against other parties involved. There might me automated metering stations (as deployed in polluted rivers) that constantly  audit information systems on what happens with personal data on them with respect to the law and the policies and consent regulating personal data use. There certainly will be exclusions from government business to the worst violators.
The above future might not look overly brilliant for a smaller start-up business that seeks to get one million new users by the end of the year. However, a class action lawsuit under United States law, or an embargo against its service, carried out with the globally available IP filtering infrastructure installed for fighting child pornography, racist propaganda or for censoring unwanted parties might put such a polluting player off the marked in no time.  I expect that a clean “privacy ecosystem” will be in the best interest of all players, as it will offer long-term perspectives on user subscriptions, income, compliance, and ensures societal acceptance.

Title: Enabling Trust and Privacy in the Cloud with an Identity-Enabled Architecture
Authors: Amardeo Sarma and Joao Girao
Affiliation: Software & Services Research Division, NEC Laboratories Europe; E-Mail: sarma@neclab.eu
Abstract: The move to the Cloud driven by cost savings leads to a commoditization of services with an increasing number of active players and so-called "prosumers". A whole new community of web developers and providers seek to utilize tomorrow's Cloud infrastructure to provide new and even niche services. This leads to a wide range of trust levels with both established players and initially untrusted new entrants who may come and go quickly. In such a heterogeneous environment, new architectures to handle trust will be needed. Security, privacy, trust and identity are strongly interrelated in this context. The paper will present an enhanced security and privacy architecture supporting the flexible integration of independent third parties building upon work done in the EU project SWIFT, in particular its concepts of Virtual Identity and Identity Aggregator or Broker. The architecture introduces an Access and Usage Control Plane that includes layer-independent functions to support an identity-enabled Future Internet and encompasses both control and management functions. Besides the introduction of an Identity Plane, it also looks at how the OSI layer structure needs to be changed to address the specific naming and addressing problems raised by introducing identities into the architecture. For this, an Identity Layer situated above the transport layer is proposed. The target of the architecture is to make real people and objects in the M2M context as well as services the end-points of communications. Any utilization of the infrastructure would then be based on the intention of the players involved, whether human, machine or service.

Type of Paper: Article
Title: Mobility and Privacy
Authors: Valtteri Niemi and N. Asokan
Affiliation: Nokia Research Center, Helsinki, Finland; E-Mail: valtteri.niemi@nokia.com
Abstract: In the recent past, there has been a high level of awareness and debate about the privacy concerns relating to Internet use in general and mobile devices in particular. Both the Internet and mobile communications became accessible to the general public in the early 1990s. The designers of the large scale mobile communications systems, unlike the designers of the Internet, recognized the privacy and security risks stemming from mobility and attempted to address them in their designs. In this paper, we discuss the ways in which mobility impacts privacy risks and explain how the technical mechanisms that have been incorporated into mobile devices over the last two decades can make it easier to deploy privacy enhancing technlogies. We then illustrate how recent research exploits mobility, context-awareness and device portability to actually reduce privacy exposure.