back to the Eurescom home page

 

mess@ge home

Table of contents
of the current issue
 

Selected Highlights
Introduction to
current issues of privacy and trust
in ICT

 
Security and
privacy in a
pervasive world -
The Daidalos approach

 
Voice over IP -
The end of the
world as we
knew it

 
Biometric technologies for secure access
 
Reduce traffic
data - Interview
with Andreas
Krisch from EDRI

 

Privacy and trust in pervasive communications

Introduction to current issues of privacy and trust in ICT

Anastasius_Gavras

Anastasius Gavras
Eurescom

Gavras@eurescom.de

Recent advances in information and communication technologies (ICT) have raised issues of privacy and trust in virtually all areas that are affected by ICT. And you do not have to be an ICT expert to recognise that almost all areas of our lives have, in one way or another, become dependent on ICT.  

Due to this importance and the growing pervasiveness of ICT, privacy and trust  have become a crucial issue in this domain, being subject to public concerns and controversial discussions.

Informational self-determinism

Generally speaking, privacy is the ability of individuals or groups to self-determine the disclosure and use of information about themselves. The right against unsanctioned intrusion of privacy by the government, corporations or individuals is part of many countriesí laws, and in some cases, constitutions. In many cases, individuals voluntarily give up privacy for perceived benefits. An example is the collection of bonus miles for airline passengers. Another example is when an individual is entering an online competition by giving away personal details that are often used for advertising purposes, in order to get a chance to win a prize.

In the telecommunications context the call data records (call destination, call duration) that are used for detailed billing as well as information about connecting to the Internet (online time, IP address) have become subject to public discussion. For several years, law enforcement agencies in various countries have pushed the adoption of data-retention requirements, which would compel communications service providers routinely to capture and archive information detailing the telephone calls, e-mail messages and other communications of their users. In July 2002, the European Union enacted the Directive on Privacy and Electronic Communications (Directive 2002/58/EC) that leaves it to each EU member state to adopt laws authorizing data retention.

The interview on page 11 with Andreas Krisch, board member of European Digital Rights, about the effects of advanced telecommunications services on the usersí privacy and trust, provides in-depth insight to the issues at stake.

On the technology side, many developments fuel the worries of citizens about their privacy, notably more in Europe than in the US. Biometric technologies are already commercially used for access control and also at airports for passenger identification and immigration control. More recently, efforts are underway to include biometric data in national ID cards and passports, such as in Germany and the UK. Basic biometric technologies are introduced in the article on page 10.

RFID (Radio Frequency Identification) and, more recently, NFC (Near Field Communication) open up more application fields that certainly can offer benefits for the user as well as business opportunities. Nevertheless, these technologies can be misused: RFID/NFC, for example, can be used to develop behavioural profiles of individuals. 

Forced trust

Trust in ICT is an important concept in the sense that a trusted resource is one that you are forced by necessity to trust. The failure of this resource would compromise the function, integrity or security of a system. In security, trust relates much to the degree of confidence one has in the correctness of a function. For example, a company policy trusts the access control at the entrance, so that only eligible persons in possession of a smart card or in knowledge of a PIN code will be granted access to a corporate building.

In telecommunications, the user trusts the operator that he will be presented with a correct bill. At the same time the operator trusts the accounting and billing system to produce correct billing data. The user in this case has no other choice but to trust the operator. Changing the operator does not solve the trust problem for the user. On the other hand, the operator trusts on the ability of technology to function correctly, i.e. provide the wanted service to the user, and also to produce accurate billing data. A wide range of technologies is in place for protecting the telephone and information networks, and also their users, as well as ensuring network availability.

The advent of Internet telephony (VoIP) poses new challenges for the service providers and the users of VoIP.

The article by Joachim Posegga on page 9 explores the risks involved in moving the well-established PSTN voice service to a completely new technology paradigm.

Looking into the future of pervasive systems, in which a significant amount of personalised data will flow through the network, the article on page 8 elaborates on the work of the European project Daidalos towards developing the concepts for building trust and confidence is pervasive systems.

The articles in this cover theme raise a number of controversial issues that are worth to be discussed further. Your feedback on any of these articles would be welcome.

Please send us your comments on this article.