Title: EXECUTIVE SUMMARY

Executive Summary

In computing, protocols are standards that control or facilitate the connection, communication, and data transfer between two endpoints. As communication is the basic foundation of our Information Society, protocols are highly relevant for all activities in information and communication technologies.  

This deliverable investigates identity-related properties of commonly used protocols and interesting proposed approaches for new protocols. Firstly, general facts on network protocols are introduced: After an introduction in layered models to categorise and show dependencies between network protocols, possible privacy properties are outlined, based on personal data disclosed, linkability and identifiability as well as obvious or hidden identifiers. Further, it is critically discussed whether privacy experts are – and should be – involved in the process of designing protocols. 

After these general remarks, protocols for communication in networks are analysed according to the privacy-relevant criteria given before. These protocols cover basic Internet, LAN and WLAN communications which are regularly used by each person participating in a network. This analysis shows basically that every protocol contains disclosure of identifiers which can be linked to other actions or directly to persons involved. Usually it is difficult, if not impossible to avoid the disclosure of privacy-relevant data in this context. 

Techniques for privacy-aware communication and their associated protocols are explained in the next chapter. Three main areas are investigated: anonymisation services, user-centric identity management and privacy policy languages. In these areas the protocols and tools are not widely distributed and used, yet. However, the market is evolving fast in these areas, in particular driven by the demand for user-centric identity management which entails privacy policy protocols as well as – currently on a lower level – data minimising mechanisms.  

Finally in this document, new developments for Next Generation Internet protocols are described. Although many of the proposed approaches are not yet implemented, it is evident that they aim to improve security features of protocols, having learnt from the shortcomings of today’s Internet protocols. That said, on the specification level there is hardly any work done in the area of privacy properties of protocols. 

Summarising, today’s protocols pose a lot of privacy threats which normal users as well as many protocol designers are not aware of. Privacy experts should be more involved in the specification process of protocols to prevent further erosion of privacy by steady leakage of linkable data. Research and development as well as policy makers should direct their attention to cross-layer effects resulting from the interplay of the variety of protocols which today’s citizens of the Information Society use day by day.  

This deliverable assumes some prior knowledge, but references and further reading is there to help the reader.