Emerald Group Publishing Limited
Copyright © 2006, Emerald Group Publishing Limited
Privacy as social and legal issue has been a concern of social scientists, philosophers, and lawyers, for a long time. Privacy has been recognized as a fundamental human right in the United Nations Declaration of Human Rights, the International Convenant on Civil and Political Rights and in many other national and international treaties. In democratic societies, privacy must be protected. With the arrival of modern Information and Communication Technologies systems, privacy is increasingly endangered. According to most recent surveys, privacy and especially anonymity are the fundamental issues of concern for most Internet users, ranked higher than issues like ease-of-use, spam-mail, security and cost. According to the same surveys, percentage of about 80 per cent of online users would use Internet more and 60 per cent of non-users would start using the Internet, if privacy policies and practices were disclosed. It is true that nowadays this fact is being exploited for attracting more Internet users, especially if someone considers that according to a Federated Trade Commission study, only 16 per cent of corresponded sites found to have any privacy statement or policy in 1998, while in 2001 this percentage was grown up to 65,7 per cent (PricewaterhouseCoopers, 2001).
In 1890, the two American lawyers, S. Warren and L. Brandeis, defined privacy as “the right to be alone”. In general, the concept of privacy can be given three aspects:
territorial privacy, by protecting the close physical area surrounding a person;
privacy of the person, by protecting a person against undue interference; and
informational privacy, by controlling whether and how personal data can be gathered, stored, processed or selectively disseminated.
In this special issue, we discuss about informational privacy and we assume that privacy is the indefeasible right of an individual to control the ways in which personal information is obtained, processed, distributed, shared, and used by any other entity.
The review of current research work in the area of user privacy has indicated that the path for user privacy protection is through the four basic privacy requirements namely anonymity, pseudonymity, unlinkability and unobservability (Pfitzmann and Hansen, 2000). By addressing these four basic requirements one aims to minimize the collection of user identifiable data.
The OECD (Organisation for Economic Co-operation and Development) framework for governments’ actions
In view of the above presented privacy issues, the OECD Declaration on the Protection of Privacy on Global Networks for developing a culture of privacy in the Global Village is continually well timed. According to OECD (1998), all governments should take the necessary steps to:
encourage the adoption of privacy policies whether implemented by legal, self-regulatory, administrative or technological means;
encourage the online notification of privacy policies to users;
ensure that effective enforcement mechanisms are available both to address non-compliance with privacy principles and policies and to ensure access to redress;
promote user education and awareness about online privacy issues and the means at their disposal for protecting privacy on global networks;
encourage the use of privacy-enhancing technologies; and
encourage the use of contractual solutions and the development of model contractual solutions for online transborder data flows.
In this special issue of Internet Research, all papers address aspects of privacy and anonymity in the digital era.
V. Benjumea, J. Lopez, and J.M. Troya in their paper entitled “Anonymous attribute certificates based on traceable signatures” propose a new type of anonymous attribute certificates that is based on traceable signature scheme. The authors provide an anonymous authorization solution with interesting features. It allows users to make use of their attribute certificates in an anonymous way; however, under certain circumstances it allows to disclose the users’ identities, trace the transactions carried out by any specific user, or revoke any anonymous attribute certificate. Moreover, it pays special attention to the preservation of the unlinkability property between transactions, making impossible the creation of anonymous user profiles.
The paper by E. Kavakli, C. Kalloniatis, P. Loucopoulos, and S. Gritzalis entitled “Incorporating privacy requirements into the system design process: the PriS conceptual framework” introduces a new methodology, called PriS Privacy Safeguard, for incorporating privacy requirements into the system design process. PriS provides a set of concepts for modelling privacy requirements in the organisation domain and a systematic way-of-working for translating these requirements into system models. The authors describe the applicability of PriS in the e-VOTE system for presenting methodology’s way-of-working.
The paper by K. Piotrowski, P. Langendörfer, O. Maye, and Z. Dyka entitled “Protecting privacy in e-cash schemes by securing hidden identity approaches against statistical attacks” deals with enhancing privacy of e-cash systems. The feasibility of a statistical attack that reveals the ID of user of e-cash schemes with revocable anonymity is identified. To avoid such attacks the authors propose the application of modulo operations while constructing e-cash coins.
The paper by L. Kazantzopoulos, C. Delakouridis, G.F. Marias, and P. Georgiadis entitled “An Incentive-based architecture to enable privacy in dynamic environments” proposes the use of priority-based incentives for collaborative hiding of confidential information in modern distributed dynamic environments, such as peer-to-peer systems, pervasive computing applications, grid computing environments, and self-organized networks. The authors propose an architecture, called ISSON (Incentives for Secret-sharing in Self-Organized Networks), which capitalizes pseudonyms to distribute shares of the confidential information, and thus, it contributes on privacy, and especially unlinkability, and anonymity of communications.
A. Singh, B. Gedik, and L. Liu in their paper entitled “Agyaat: mutual anonymity over structured P2P networks” deal with mutual anonymity over structured peer-to-peer (P2P) networks. They propose Agyaat, a decentralized P2P system, which promotes a generic non-cryptographic solution for mutual anonymity. Agyaat uses a novel hybrid-overlay design, a fully decentralized topology without trusted proxies. It anonymizes both the querying and responding peers through the use of unstructured topologies, which are added onto the structured overlays. Furthermore, Agyaat’s users have the ability to trade-off between desired anonymity and performance.
The Guest Editor would like to express his sincere gratitude to Dr David G. Schwartz, Internet Research Editor, for giving him the opportunity to prepare this special issue. In addition, the Guest Editor thanks numerous reviewers for their professional effort to select the articles to reflect the essence of this special issue and all authors for their contributions and for undertaking two-cycle revision of their manuscripts.
Stefanos GritzalisGuest Editor
OECD, (2000), Ministerial Declaration on the Protection of Privacy on Global Networks, Working Party on Information Security and Privacy, DSTI/REG(98)10, 1998, OECD, Paris
Pfitzmann, A. and Hansen, M. (2000), “Anonymity, unlikability, unobservability, pseudonymity, and identity management: a consolidated proposal for terminology”, available at: http://dud.inf.tu-dresden.de/Anon_Terminology.shtml
PricewaterhouseCoopers (2001), Privacy: A Weak Link in the Cyber-chain, eBusiness Leaders Series, PricewaterhouseCoopers, New York, NY