D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication

Title: SUMMARY AND CONCLUSIONS

The analysis of the protocols in this deliverable shows that virtually any commonly used protocol reveals identifying and linkable information usable for profiling. Some of them even disclose personal data. Avoiding or circumventing these threats for privacy and data protection cannot be done easily – especially considering the fact that the established architecture and protocol infrastructure of today’s communication networks exists with all its shortcomings. Even the Next Generation Internet protocols will not be designed in a privacy-enhancing way; however, there is progress regarding ICT security features. 

Anonymisation services or other data minimisation techniques on the lower protocol layers can be used to blur some of the traces one leaves while using the Internet. However, they neither offer a convincing level of protection nor have they achieved a level of stability and quality of service necessary for every day use by the masses. Nevertheless they are suitable tools at least for some use cases. An easy to implement measure (from a technological point of view) would be to use link encryption of every single data link. This would greatly enhance privacy against outsiders – e.g., eavesdroppers on the lines – who would neither learn the communications’ content nor (most of) their circumstances. 

On other layers, identity management functions can be supported by appropriate protocols, especially handling of anonymous credentials which combine accountability and privacy requirements. In addition protocols and languages for expressing, matching, negotiating and enforcing privacy policies are demanded where personal data are exchanged. After one decade of research and development in this area there is a varied selection of proposed privacy policy languages. It is not likely that this variety will be narrowed down to one or very few languages in the next years, so that in the coming years work will be done to find solutions for interoperable use of these languages. 

This deliverable could not tackle cross-layer effects on privacy and data protection, e.g., basing on linkability of information from various protocol layers. Today this is an open research issue. The same is valid for cross-layer privacy-enhancing technologies which have to be further investigated. Most research and development projects and university work is limited to one or few protocol layers each, blinding out the impact of linking data from arbitrary layers. Also the composition of different privacy-enhancing technology tools is barely investigated now. 

A major challenge is not only the understanding of today’s protocol world, but also the design and specification of new protocols. In particular in those areas where right now standardisation work is being performed it would be advisable to integrate experts from the fields of identity and privacy in the processes. Naïve specifications and implementations of global standards will usually cement not so privacy-friendly information and communication technologies. Even if privacy-invasive requirements such as demanded data retention are an obstacle to pure privacy-enhancing design of protocols, data protection functionality could be massively improved. In addition, the impact of these protocols, their interdependencies and the whole specification process have to be made more transparent to decision makers and citizens because protocols are the backbone of our Information Society.