Bart Preneel Demosthenes Ikonomou (Eds.) 0 5 Privacy Technologies 4 8 S C and Policy N L Second Annual Privacy Forum, APF 2014 Athens, Greece, May 20-21, 2014 Proceedings 123 Lecture Notes in Computer Science 8450 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany Bart Preneel Demosthenes Ikonomou (Eds.) Privacy Technologies and Policy Second Annual Privacy Forum, APF 2014 Athens, Greece, May 20-21, 2014 Proceedings 1 3 VolumeEditors BartPreneel KULeuvenandiMinds DepartmentofElectricalEngineering(ESAT) KasteelparkArenberg10,Bus2452,3001Leuven,Belgium E-mail:[email protected] DemosthenesIkonomou ENISA,InformationSecurityandDataProtectionUnit 1VasilissisSofias,Marousi,15124Athens,Greece E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-319-06748-3 e-ISBN978-3-319-06749-0 DOI10.1007/978-3-319-06749-0 SpringerChamHeidelbergNewYorkDordrechtLondon LibraryofCongressControlNumber:Appliedfor LNCSSublibrary:SL4–SecurityandCryptology ©SpringerInternationalPublishingSwitzerland2014 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection withreviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredand executedonacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation, inistcurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforuse maybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecution undertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication, neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor omissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespecttothe materialcontainedherein. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface The Second Annual Privacy Forum (APF 2014) was held in Athens, Greece, during May 20-21, 2014. The forum was co-organized by the European Union AgencyforNetworkandInformationSecurity(ENISA)andtheEuropeanCom- mission Directorate General for Communications Networks, Content and Tech- nology (DG CONNECT), with the support of the Systems Security Laboratory (SSL) of the University of Piraeus. APF 2014 took place during the the Greek Presidency of the Council of the European Union. Wearewitnessingthefastdevelopmentoftechnologiesthatplayanevermore centralroleinourlives;themostnotabledevelopmentsarethewidedeployment of cloud computing, the explosion of social networks, the development of “big data”solutions,andtheemergingInternetofThings.Whilethese developments improvethe qualityofourlives,they alsotransformsocietyandraiseincreasing concerns related to privacy. Privacy is an abstract and subjective concept, which depends on context and cultural issues, and that evolves over time. Moreover, several stakeholders interacttoresolveevermorecomplexprivacyissues.TherevelationsbySnowden, which started in the middle of 2013, have brought the privacy risks related to masssurveillancetotheforefrontoftheinternationalcommunity.Inthecontext of big data, companies are collecting an increasing amount of information in order to offer improvedand customized services and to reduce fraud and abuse. The developments in social networks show that users have a joint responsbility forprotectingeachother’sprivacyonline.Asitisclearthatthiscomplexsocietal issue can only be addressed by a combination of technical and legal means, the European institutions are developing a new Privacy Regulation, whose goal is to update and improve the important 1995 EU Data Protection Directive. TheaimofAPF2014wastoclosetheloopfromresearchtopolicybybringing together scientists and key decision-makers, thereby complementing scientific eventsdedicatedtoprivacyandprivacytechnologies.TheprogramofAPF2014 mixed contributed papers that had undergone a scientific review process with invitedspeakersandpanels.Butincontrasttomostscientificevents,researchers were encouraged to submit position papers or overview papers that offered a broader perspective on their research. AsaresultoftheCallforPapers,21papersweresubmitted;afterathorough reviewbythemembersofthescientificProgramCommittee,inwhicheachpaper received at least four reviews, 12 papers were accepted for presentation at APF 2014 and for inclusion in these proceedings. One of these accepted papers is a merged version of two related submissions. Four of the accepted papers have undergone an additional step of reviewing with the help of a shepherd from the ProgramCommittee. VI Preface The themes explored by the forum include: the concept and implementation of “privacy by design,” with applications to encrypted databases; the study of video surveillance architectures and new networking concepts; and innovative solutions for identity management. The presentations addressed the technical, legal, and economic aspects of these problems. Severalpeople have contributedto the success of APF 2014.First, we would liketothankallthepresenters,aswellastheauthorswhosubmittedtheirwork. We sincerely thank all the Program Committee members, who volunteered to review the papers and contributed to an intensive discussion phase. APF 2014 would not have been such a success without the continuous contribution of the staffofENISA.WewouldalsoliketothankDr.PaulTimmersandhiscolleagues atthe EuropeanCommissionDG CONNECT as well as Prof.SokratisKatsikas and his team at the Systems Security Laboratory (SSL) of the University of Piraeus. Our gratitude is also extended to the Greek Presidency of the EU Council. Finally we want to express our gratitude to ISACA and INTRALOT, and in particular to Mr. Dimitriadis Christos for his support. We hope that this forum can continue to stimulate the European and inter- national privacy community — offering a forum for the exchange of views and ideas between policymakers, research communities, and industry. March 2014 Demosthenes Ikonomou Bart Preneel APF 2014 Annual Privacy Forum Athens, Greece, May 20-21, 2014 Organized by European Union Agency for Network and Information Security (ENISA) European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT) Systems Security Laboratory (SSL), University of Piraeus General Co-chairs Paul Timmers European Commission, EC DG CONNECT Sokratis Katsikas University of Piraeus Demosthenes Ikonomou ENISA Organizing Committee Aimilia Bantouna University of Piraeus Rosa Barcelo EC DG CONNECT Daria Catalui ENISA Stefan Schiffner ENISA Program Chair Bart Preneel KU Leuven and iMinds, Belgium VIII APF 2014 Program Committee Luis Antunes University of Porto, Portugal Caspar Bowden Independent Expert Ian Brown Oxford Internet Institute, UK Rainer Bo¨hme University of Mu¨nster, Germany Jan Camenisch IBM Research – Zurich, Switzerland Claude Castelluccia Inria Rhˆone-Alpes, France George Danezis University College London, UK Claudia Diaz KU Leuven and iMinds, Belgium Jos Dumortier timelex, Belgium Simone Fischer-Hu¨bner University of Karlstad, Sweden Thomas Gross University of Newcastle upon Tyne, UK Seda Gu¨rses New York University, USA Marit Hansen Unabh¨angiges Landeszentrum fu¨r Datenschutz Schleswig-Holstein, Germany Jaap-Henk Hoepman Radboud University Nijmegen, The Netherlands Kristina Irion Central European University, Hungary and University of Amsterdam, The Netherlands Nicola Jentzsch DIW Berlin, Germany Stefan Katzenbeisser TU Darmstadt, Germany Florian Kerschbaum SAP, Germany Aggelos Kiayias University of Connecticut, USA Ioannis Krontiris Goethe University Frankfurt, Germany Mirosl(cid:3)aw Kutyl(cid:3)owski Wroclaw University of Technology, Poland Gwendal Le Grand CNIL, France Daniel Le M´etayer Inria, University of Lyon, France Fabio Martinelli IIT-CNR, Italy Chris Mitchell Royal Holloway, University of London, UK Steven Murdoch University of Cambridge, UK Aljosa Pasic Atos, Spain Siani Pearson HP Labs, UK Olivier Pereira Universit´e Catholique de Louvain, Belgium Kai Rannenberg CEPIS and Goethe University Frankfurt, Germany Heiko Roßnagel Fraunhofer IAO, Germany Stefan Schiffner ENISA, Greece Einar Snekkenes Gjøvik University College, Norway Yannis Stamatiou RACTI, Greece Carmela Troncoso Gradiant, Spain APF 2014 IX External Reviewers Gergely Acs Aliaksandr Lazouski Andreas Albers Lukasz Olejnik Kovila Coopamootoo Table of Contents Privacy by Design Privacy by Design: From Technologies to Architectures (Position Paper) ................................................. 1 Thibaud Antignac and Daniel Le M´etayer PEARs: Privacy Enhancing ARchitectures .......................... 18 Antonio Kung Privacy-PreservingStatistical Data Analysis on Federated Databases ... 30 Dan Bogdanov, Liina Kamm, Sven Laur, Pille Pruulmann-Vengerfeldt, Riivo Talviste, and Jan Willemson Privacy by Encrypted Databases................................... 56 Patrick Grofig, Isabelle Hang, Martin H¨arterich, Florian Kerschbaum, Mathias Kohler, Andreas Schaad, Axel Schr¨opfer, and Walter Tighzert Analysis of Architectures Accountable Surveillance Practices: Is the EU Moving in the Right Direction? ...................................................... 70 Fanny Coudert TAM-VS: A Technology Acceptance Model for Video Surveillance...... 86 Erik Krempel and Ju¨rgen Beyerer Towards a Multidisciplinary Framework to Include Privacy in the Design of Video Surveillance Systems............................... 101 Zhendong Ma, Denis Butin, Francisco Jaime, Fanny Coudert, Antonio Kung, Claire Gayrel, Antonio Man˜a, Christophe Jouvray, Nathalie Trussart, Nathalie Grandjean, V´ıctor Manuel Hidalgo, Mathias Bossuet, Fernando Casado, and M. Carmen Hidalgo A Framework for Privacy Analysis of ICN Architectures .............. 117 Nikos Fotiou, Somaya Arianfar, Mikko S¨arel¨a, and George C. Polyzos Identity Management and Economics Auctioning Privacy-Sensitive Goods: A Note on Incentive-Compatibility ........................................ 133 Nicola Jentzsch