Preface TheFirstAnnualPrivacyForum(APF2012)washeldinLimassol,Cyprus,dur- ingOctober10–11,2012.Theforumwasco-organizedbytheEuropeanNetwork and Information Security Agency (ENISA) and the European Commission Di- rectorate General for Communications Networks, Content and Technology (DG CONNECT), with the support of the Department of Computer Science of the University of Cyprus. APF 2012wasendorsedas an official eventof the Cyprus Presidency of the Council of the European Union. As ICT technologies develop, they put a rapidly growing number of services andtoolsinthehandsofusers,companies,andgovernments.Thistrendstarted acceleratingwiththewidespreaduseoftheInternet,developedwiththeWeb2.0 concept, and is currently evolving towardthe Internet of Things (also knownas ambient intelligence, pervasive computing, or ubiquitous computing). The hot topictodayinbusinesseventsis“bigdata”;thisreferstothemassiveavailability of data on all aspects of society. There is no doubt that these developments will transform society, with many beneficial effects on the quality of our lives. However, one of the main concerns is that these developments have a tendency to systematically erode our privacy. Addressing this challenge requires a deep understanding of the political, legal, sociological, psychological, and technical aspects of these problems. Whiletherearemanyscientificeventsdedicatedtoprivacyandprivacytech- nologies, there is a need for an event at a European level that brings together keydecision-makersandscientiststodiscussthelatestdevelopments.Inorderto achievethis mix, the programofAPF2012hadanunusual combination:it con- sistedofinvitedspeakersandpanelsinterleavedwithasetofcontributedpapers that had undergonea scientific review process. But in contrastwith mostscien- tific events, researcherswere encouragedto submit positions papers or overview papers that offered a broader perspective on their research. As a result of the Call for Papers, 26 papers were submitted; after a thor- ough review by the members of the scientific Program Committee, 20 papers were accepted for presentation at APF 2012. Following the completion of the Forum,13paperswererevisedby the authorsandselectedforinclusioninthese proceedings. Among the recommendations of the Forum are the need for more privacy- respecting tools, that research should seek innovative tools to empower users by enhancing transparency, that empirical understanding of data flows should be the starting point for actors’agendas, andalso that data protectionagencies shouldanalyzemarketfailuresinprivacytechnologyandintervenewithscientific and economic precision. VI Preface Several people have contributed to the success of APF 2012. First we would liketothankallthepresenters,aswellastheauthorswhosubmittedtheirwork. We sincerely thank all the Program Committee members, who volunteered to review the papers and discuss the comments. APF 2012 would not have been suchasuccesswithoutthe tirelesscontributionofthe staffofENISA.We would also like to thank the colleagues at the European Commission DG CONNECT aswell asthe Computer Science Departmentof the University ofCyprusand in particular Prof. Marios Dikaiakos and Mrs. Maria Poveda for their continuous support and collaborationthroughout the organizationof this event. Our grati- tude is alsoextended to the Cyprus Presidencyof the EUCouncil for endorsing APF 2012 as one of the official events of the Presidency. Finally we want to ex- press our gratitude to the Business Software Alliance (BSA), Austrian Airlines, and the Cyprus Telecommunication Authority (CYTA) for their support. We would also like to thank our partners NESSOS, CEPIS, the Cyprus Computer Society and EGI. We hope that this forum can play a stimulating role in the European and international privacy community — offering a forum for the exchange of views and ideas between policymakers, researchcommunities, and industry. October 2012 Demosthenes Ikonomou Bart Preneel Organization Annual Privacy Forum Limassol, Cyprus, October 10–11, 2012 Organized by European Network and Information Security Agency (ENISA) European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT) Department of Computer Science of the University of Cyprus General Co-chairs Giuseppe Abbamonte European Commission (DG CONNECT Unit H4 Trust and Security) Demosthenes Ikonomou ENISA Marios Dikaiakos University of Cyprus Organizing Committee Santiago Alvarez ENISA Daria Catalui ENISA Slawomir Gorniak ENISA Martin Mu¨hleck DG CONNECT Maria Poveda University of Cyprus Rodica Tirtea ENISA Program Chair Bart Preneel KU Leuven and iMinds VIII Organization Program Committee Alessandro Acquisti Carnegie Mellon University, USA Andreas Albers University of Frankfurt, Germany Elisa Bertino University of Purdue, USA Rainer Bo¨hme University of Mu¨nster, Germany Caspar Bowden Independent expert Jacques Bus University of Luxembourg, Luxembourg Jan Camenisch IBM Zurich Research Laboratory, Switzerland Claude Castelluccia Inria, France George Danezis Microsoft Research Cambridge, UK Claudia Diaz COSIC KU Leuven, Belgium Paul de Hert University of Tilburg, The Netherlands and Vrije Universiteit Brussels, Belgium Ioanna Dionysiou University of Nicosia, Cyprus Tassos Dimitriou Athens Information Technology – AIT, Greece Elena Ferrari University of Insubria, Italy Simone Fischer-Hu¨bner University of Karlstad, Sweden Paul Francis Max Planck Institute for Software Systems, Germany Sotiris Ioannidis FORTH, Greece Nicola Jentzsch DIW Berlin, Germany Sokratis Katsikas University of Piraeus, Greece Florian Kerschbaum TU Dresden, Germany Eleni Kosta ICRI KU Leuven, Belgium Daniel Le-Metayer Inria, France Giannis Marias Athens University of Economics and Business, Greece Evangelos Markatos FORTH, Greece Periklis Papakonstantinou Tsinghua University, China Nick Papanikolaou HP Labs Bristol, UK Aljosa Pasic Atos Research, Spain Kai Rannenberg University of Frankfurt, Germany Stefan Schiffner TU Darmstadt – CASED, Germany Rodica Tirtea ENISA, Greece Carmela Troncoso Gradiant, Spain Claire Vishik Intel, UK Nick Wainwright HP Labs Bristol, UK Alma Whitten Google, USA External Reviewers Danny De Cock Stephan Heim Harald Gjermundrød Aleksandra Korolova Seda Gu¨rses Anja Lehmann Organization IX Andreas Pashalidis Jessica Staddon Suksant Sae Lor Markus Tschersich Rula Sayaf Fatbardh Veseli Table of Contents Modelling A Problem-Based Approach for Computer-Aided Privacy Threat Identification .................................................... 1 Kristian Beckers, Stephan Faßbender, Maritta Heisel, and Rene Meis Conceptual Framework and Architecture for Privacy Audit............ 17 Ksenya Kveler, Kirsten Bock, Pietro Colombo, Tamar Domany, Elena Ferrari, and Alan Hartman Privacy by Design Privacy-PreservingComputation (Position Paper).................... 41 Florian Kerschbaum Designing Privacy-by-Design ...................................... 55 Jeroen van Rest, Daniel Boonstra, Maarten Everts, Martin van Rijn, and Ron van Paassen Enhancing Privacy by Design from a Developer’s Perspective .......... 73 Christoph Bier, Pascal Birnstill, Erik Krempel, Hauke Vagts, and Ju¨rgen Beyerer A Solution, But Not a Panacea for Defending Privacy: The Challenges, Criticism and Limitations of Privacy by Design ...................... 86 Demetrius Klitou Identity Management Integrating Anonymous Credentials with eIDs for Privacy-Respecting Online Authentication ............................................ 111 Ronny Bjones, Ioannis Krontiris, Pascal Paillier, and Kai Rannenberg Federated Identity as Capabilities.................................. 125 Harry Halpin and Blaine Cook Privacy Preserving Course Evaluations in Greek Higher Education Institutes: An e-Participation Case Study with the Empowerment of Attribute Based Credentials....................................... 140 Vasiliki Liagkou, George Metakides, Apostolis Pyrgelis, Christoforos Raptopoulos, Paul Spirakis, and Yannis C. Stamatiou