You are here: Resources > FIDIS Deliverables > Identity of Identity > D2.2: Set of use cases and scenarios > 

D2.2: Set of use cases and scenarios

No Privacy Scenario  Title:


Privacy-Enhanced Scenario


In order to highlight the impact of privacy enhancing technologies in the Information Society, we present here a slightly modified scenario, to which privacy-enhancing infrastructures have been added. The assumptions made for this case are: 

  1. An anonymous communication infrastructure is in place, making all electronic communication untraceable. This untraceability exists not only to the content (encrypted) but also to source and destination of the communication (e.g. mixes [3,4,5,6,9]) 

  2. Revocable anonymous credentials [7,8] are used for different services: these credentials allow for pseudonymous identity management, in such a way that different user transactions are unlinkable. For applications that require so (e.g., e-commerce), clients may be required to present encrypted identity information that can be revealed by a judge in case of fraud or crime.  

  3. Other kinds of privacy enhancing technologies, such as pseudonymous signatures [11], anonymous email [2,10], etc. are implemented and widely used. 


Companies know their customers by pseudonyms. Different pseudonyms of a user are not linkable to each other. The pseudonyms are generated from a master secret of the user, which may be kept in a smart card or other secure storage device. Users have the tools to manage their identities when electronically interacting with different organisations (the supermarket, the library, the doctor, etc.) is such a way that they can prove the required attributes (e.g., proof of subscription), but they do not leak any other identity information.  

In this scenario, the degree of profiling that organisations can do on customers is very much limited in comparison with the previous case. Users may choose to disclose some preferences in their interactions, in order to get personalized services, but this decision is now on the user’s side,  and not with the company. With these technologies, users can decide which are the identity aspects that they want to make available to a certain organisation. Companies are not able to collect all kinds of data about customers in huge databases, and instead, they are provided with specific data (e.g., preferences for a certain services).

The collusion of two or more different organisations does not threaten customers’ privacy, as these organisations are not able to merge their databases, because there are no unique identifiers for the individuals whose personal data appear in two or more databases. Effectively, organisations may collect the data they need on pseudonymous individuals (with some limitations though), but different organisations cannot find out whether they have in their databases information on the same individuals or not.  

Regarding accountability, it is clear that anonymity systems cannot succeed on a large scale if individuals cannot be held accountable of their acts. For example, the applications that involve economic transactions (e.g., electronic payments) are particularly sensitive to abuse.  

Anonymous credentials may optionally include encrypted identity information that can be revealed by a trusted party (e.g. a judge). Users may be required to prove the correctness of this information in order to carry on a transaction. The other party of the transaction may keep these data in order to be able to go to a trusted party who can identify the communication partner in case of dispute. 



No Privacy Scenario  fidis-wp2-del2.2.Cases_stories_and_Scenario_04.sxw  Tradeoffs
40 / 69