Riseptis report 1

Trust in the
Information Society
A Report of the Advisory Board
RISEPTIS
Research and Innovation on Security, Privacy and
Trustworthiness in the Information Society

TRUST IN THE INFORMATION SOCIETY

Foreword
In the first fifteen years of its existence, the World Wide Web has had a profound and
transformative impact on all facets of our society. While the Internet has been with us for
40 years, the Web has caused an exponential growth of its use; with up to 1.5 billion users
worldwide now accessing more than 22 billion web pages. ‘Social Networks’ are attracting
more and diverse users. With 4 billion subscribers to mobile telephony across the globe
(there are almost 7 billion people on earth) and mobile phones being increasingly used to
connect to the Internet, mobile web applications and services are developing fast.

And there is much more to come, which will go well beyond information processing and
data exchange. The ‘Internet of Things’, the Semantic Web and Cloud Computing are all
evolving fast, reflecting the dynamism of the technology developments that are related to
the digitisation of the world around us and our relationship with it. They in turn raise issues of
e-Identity and Trust in the digital interactions they enable.

However, while we are staring at this amazing new world and getting excited by the use of
previously unimagined devices, we are also perplexed and concerned by the ease with which
our data can be stolen, our profiles used for commercial purposes without our consent, or our
identity purloined. We get more and more alarmed by the loss of our privacy; often justified
by unseen security requirements, or by the risks of failures in and deliberate attacks on our
critical infrastructures. The trustworthiness of our increasingly digitised world is at stake.

I read in this report about Jorge and Theresa living happily together, due to the many new
convenient services made possible by technological advances in our digital society. Medical
services based on trustworthy health records, jobs that are not strictly bound to a geographic
location thus enabling the couple to live together, ambient assisted living that ensures proper
care for older family members, as well as travel and hotel facilities adapted to their personal
wishes.

At the same time they encounter unforeseen problems with the police, they worry about
control over their personal data, which is now in the hands of hotels or doctors, and seem to
get locked into the services of large insurance and care organisations.

We may be scared with the idea that we will have to live with a “digital shadow” that does not
forget possible past little misdemeanours or indiscretions, and which can then be accessed
by future employers or partners. The idea of being robbed or cheated by somebody at the
other end of the world whom you have never met, without understanding how it happened
and with little chance for legal redress, seems intolerable for European citizens.

I am very grateful that the RISEPTIS Board has addressed these issues in this report, founded
on the key principle that a European Information Society should comply with the long-
standing social principles that have served Europe so well to date. Democratic values and
institutions, freedom and the respect of privacy are essential for trust in our society. So too
is law enforcement, accountability and transparency. The social trust thus created is essential

l

T R U S T II N T H E II N F O R M A T II O N S O C II E T Y
TRUST N THE NFORMAT ON SOC ETY

for effective human communication and business transactions, and hence, for growth and
competitiveness.

I am fully in favour of the recommended approach to technology development, comprising
strong interaction between social innovation and the development of policy and regulation.
Indeed, we need to develop the instruments to support this. Uncontrolled technology
development and innovation can lead the Internet and the Web to become a jungle; where
trust is lost, crime and malfeasance rise and each individual is forced to defend themselves
with limited tools. At the same time, policy development without awareness of technology
development and trends will choke innovation and economic growth. Most importantly, if
citizens feel threatened, mistrustful and increasingly hesitant towards innovative applications
and services, our whole society may end up being the loser.

I would like to thank the RISEPTIS Board for this insightful report and their constructive
recommendations. I am convinced that the discussion started in this Report is a worthwhile
and timely one and can help Europe to find the right way towards an Information Society that
is wanted and deserved by its citizens.

Viviane Reding,
Member of the European Commission
Responsible for Information Society and Media

II II


RISEPTIS: Advisory Board FOR RESEARCH AND INNOVATION IN SECURITY, PRIVACY AND
TRUSTWORTHINESS IN THE INFORMATION SOCIETY

In April, 2008, RISEPTIS was established with the objective to provide visionary guidance on
policy and research challenges in the field of security and trust in the Information Society.
RISEPTIS has been supported by the EC-financed ‘Coordination Action’ project, THINK-
TRUST, whose objective it is to develop a research agenda for Trustworthy ICT.

RISEPTIS was supported by more than 30 experts in two Working Groups: (1) Security,
Dependability and Trust in the Future Internet; (2) Privacy and Trust in the Information
Society.

RISEPTIS Membership
Chair: George Metakides (U.Patras, CTI)
Members: Dario Avallone (Engineering)
Giovanni Barontini (Finmeccanica)
Kim Cameron (Microsoft)
William Dutton (Oxford Internet Institute)
Anja Feldmann (Deutsche Telekom)
Laila Gide (Thales)
Carlos Jimenez (Secuware, eSEC)
Willem Jonker (Philips)
Mika Lauhde (Nokia)
Sachar Paulus (U. Brandenburg, ISSECO)
Reinhard Posch (CIO Gov. Austria, TU Graz, A-SIT)
Bart Preneel (KU Leuven)
Kai Rannenberg (U. Frankfurt, CEPIS)
Jacques Seneca (Gemalto)
Observer: Peter Hustinx (EDPS)
From Think-Trust: Willie Donnelly (WIT)
Keith Howker (WIT)
Sathya Rao (Telscom)
Michel Riguidel (ENST)
Neeraj Suri (U. Darmstadt)

With support of: Jim Clarke, Zeta Dooly, Brian Foley, Kieran Sullivan (WIT)

Jacques Bus, Thomas Skordas, Dirk van Rooy (EC, DG Information Society and Media)

III


CONTENTS
Executive Summary and Main Recommendations v
1. INTRODUCTION 1

2 . T R U S T W O R T H I N E S S AT S TA K E 5

2.1. Concepts 5
2.2. Trustworthiness in context 7
2.3. The EU legal framework for personal data protection and privacy 8
2.4. Privacy, anonymity and accountability 11
2.5. Stakeholder perspectives 13
2.5.1. Governments and Jurisdiction 13
2.5.2. Business 14
2.5.3. Citizens and Society 14
2.6. Research and Technology development 15
2.7. Infrastructure and Governance 17
2.8. Conclusions 18

3 . T E C H N O L O G Y I N S O C I E TA L C O N T E X T 19

3.1. The dangers of our digital shadow 19
3.2. The weakest links in the data storage chain 20
3.3. Living in the future Information Society 20
3.3.1. Prologue: Setting the scene 20
3.3.2. Jorge’s smart dentist visit 20
3.3.3. Theresa’s Memorable Shopping Trip 21
3.3.4. A Very Modern Holiday 22
3.3.5. Looking After You 23
3.3.6. The Invisible Office 23
3.3.7. Jorge’s Free Ads 24
3.3.8. Epilogue: The Digital Shadow Is Cast 25
3.3.9. Super Sleuth Deductions 25

4 . T O W A R D S A T R U S T W O R T H Y I N F O R M AT I O N S O C I E T Y 27

4.1. Research and Technology development 27
4.2. The interplay of technology, policy, law and socio-economics 29
4.3. A common European framework for Identity management 30
4.4. Further development of EU legal Framework for data protection and privacy 31
4.5. Large scale innovation projects 31
4.6. International cooperation 32

IV


Executive Summary and Main Recommendations
Trust is at the core of social order and economic prosperity. It is the basis for economic
transactions and inter-human communication. The Internet and the World Wide Web are
transforming society in a fundamental way. Understanding how the mechanisms of trust can
be maintained through this transformation, is of crucial importance.

Although the Web has only existed for about 15 years, it has quickly permeated our lives
and society, through such concepts as: communication anytime and anywhere; Social Net-
works connecting people globally; ubiquitous information provision; and, numerous public
and private digital services. However, with the Web moving towards the centre of our society,
its many weaknesses are also exposed. We see cyber criminals exploiting networks’ vulner-
abilities, terrorists using the Web for information exchange and communication, data loss
and data breaches, Identity theft and commercial data profiling and linking. Worse still, all of
these undesirable interactions are increasing in frequency.

The Internet is the network infrastructure that allows computers to
communicate with each other. Sitting on top of this is the Web, which
is a means of accessing information via the Internet. In this report, as in
everyday language, the term “Internet” is often used to include the two
together.

The Web also brings with it uncertainty at the level of the State; concerning applicable law,
jurisdiction and law enforcement in global networks and the protection of its citizens and
critical infrastructures. It renders business investments hazardous due to uncertainty when it
comes to responsibility and liability, as well as affecting the development of infrastructures
and regulatory environment. Citizens feel uncertain about the lack of transparency, account-
ability and control of data processing. The current rapid development of the digital space,
including the Internet and the Web may well lead to a loss of trust in society and, hence,
adversely affect economic growth.

This Report is divided into 4 chapters:

Chapter 1 introduces the Report and gives a contextual overview of the main themes and
issues addressed therein.

Chapter 2 describes the use of concepts such as trust, trustworthiness, identity and
accountability and explains how these relate to the EU legal framework of personal data
protection and privacy. The case is made for their importance in society, as is the need to
develop technology for trustworthy platforms and tools which properly transpose these
concepts into digital space.

Chapter 3 discusses two concrete problems regarding our move towards becoming a more
digital world, before presenting a picture of a possible near-future through a storyline that
illustrates the issues at stake.

V


Chapter 4 lists out a number of recommendations based on the preceding chapters. Priorities
for future research agenda and ICT work programmes are included in this recommendations
chapter.

It is clear that some issues are not simply technological, nor are they purely social. Their
complex interactions mean that the promotion of trust in the Information Society requires
a coordinated interdisciplinary approach, which is very much in line with the emerging Web
Science.

It is the strong conviction of RISEPTIS that technological developments in trustworthy systems
will be most effective if they are implemented through a strong interplay with social and
business perspectives, as well as robust policy and regulation. Likewise, the latter will also
strongly benefit from technological insight and support. Governments are best placed to take
responsibility for leading this process of interplay.

Europe is well placed to lead the global trust and security drive in the Information Society. It
has industrial strength in, for example, mobile communication, services, consumer industry,
as well as academic strength in fields such as cryptography, formal verification and validation,
identity and privacy management. Its political history, comprising extensive expertise in
international diplomacy and cooperation, and most importantly it’s broadly-established,
strong social model, respecting freedom and the private sphere, gives Europe the authority
to lead in building the necessary global frameworks and governance structures.

It would be too enormous a task to analyse, in the context of this report, all of the problems
and to provide solutions for trust, security and privacy in the future Information Society. The
Web has not yet matured and we will continue to encounter many surprises. Much research,
societal discussion and experimentation remains to be done. This report makes some
preliminary recommendations that may open perspectives and start activities in the right
direction.

The recommendations not only address research, innovation and infrastructural development,
but also the legal framework, societal acceptance and the need for international cooperation,
to demonstrate the interdependencies in the quest for a free, democratic, safe and citizen-
friendly Information Society.

VI


Recommendation 1: The EC should stimulate interdisciplinary research, technology devel-
opment and deployment that addresses the trust and security needs in the Information
Society. The priority areas are:

• Security in (heterogeneous) networked, service and computing environments, including a
trustworthy Future Internet

• Trust, Privacy and Identity management frameworks, including issues of meta-level standards
and of security assurances compatible with IT interoperability

• Engineering principles and architectures for trust, privacy, transparency and accountability,
including metrics and enabling technologies (e.g. cryptography)

• Data and policy governance and related socio-economic aspects, including liability,
compensation and multi-polarity in governance and its management

Recommendation 2: The EC should support concrete initiatives that bring together
technology, policy, legal and social-economic actors for the development of a trustworthy
Information Society. (The Partnership for Trust in Digital Life1 could be a first step.)

Recommendation 3: The EC, together with the Member States and industrial stakeholders,
must give high priority to the development of a common EU framework for identity and
authentication management that ensures compliance with the legal framework on personal
data protection and privacy and allows for the full spectrum of activities from public
administration or banking with strong authentication when required, through to simple web
activities carried out in anonymity.

Recommendation 4: The EC should work towards the further development of the EU data
protection and privacy legal frameworks as part of an overall consistent ecosystem of law
and technology that includes all other relevant frameworks, instruments and policies. It
should do so in conjunction with research and technology developments.

Recommendation 5: The EC together with industrial and public stakeholders should develop
large-scale actions towards building a trustworthy Information Society which make use of
Europe’s strengths in communication, research, legal structures and societal values - for
example, a Cloud which complies with European law.

Recommendation 6: The EC should recognise that, in order to be effective, it should address
the global dimension and foster engagement in international discussions, as a matter of
urgency, to promote the development of open standards and federated frameworks for
cooperation in developing the global Information Society.
Further details on these recommendations are given in Chapter 4.

1
http://trustindigitallife.eu/Home%20Page.html

VII


01
02I NT R ODUCT I ON
01 Introduction

AT S TAK E
TRUSTWORTHINESS
The integration of Information and Com- and increased our exposure to new threats
munication Technologies (ICT) into our lives and mal-practices at an alarming scale.
is transformational.
The trust of our society in the new
It acts as a catalyst for new forms of crea- generation of ICT products and services is at
tivity, collaboration and innovation. It also stake. And with it our competitiveness and
deeply affects human communication and economic growth, since these are strongly
transactions, and the way in which we deal dependent on trust levels in a society. It
with information and knowledge globally. may be counterintuitive to think that digital
Furthermore, it raises fundamental questions technologies, infrastructures, products and
regarding ownership, trust, privacy, identity services are still at a relatively early stage of
and the economy. development.

03
Simultaneously, our increasing dependence But the Web, one of the most transforma-

SOCIETAL CONTE XT
TECHNOLOGY IN
on digital infrastructures and services has tional technologies, has really been with us
obscured the handling of our personal data for only about 15 years. It is indeed still going
through a sort of adolescence period.

“ “Do you want the internet to turn into a jungle? This could happen, you know,
if we can’t control the use of our personal information online. Now, privacy is a
particular value for us Europeans; a value reflected in European laws for many
years. However, in spite of the many advantages of technological development,
there is an undeniable risk that privacy is being lost to the brave new world of
intrusive technologies. On the global information highways, personal information is
increasingly becoming “the new currency”. And I believe that Europeans in many
ways take fuller advantage of new technologies than other continents – just look
04

at Europe’s strong broadband and mobile phone take-up. I believe that Europeans
must have the right to control how their personal information is used.
I NF O RM AT I ON S OCI E T Y
T OWA RDS A TR UST W ORT HY

…
The European Commission takes the protection of your personal information
very seriously. We all have a fundamental right to privacy, also when using new
technologies.
…
I finally believe that it is imperative for the next Commission, which will come into
office by the end of this year, to review Europe’s general rules on protecting personal
information, which date back to 1995. Such a reform is long overdue, in view of the
rapid technological development.” “
From: Commissioner Reding’s weekly video-message, 14 April 2009

1


Some figures: But:
• 1.5 Billion Internet users worldwide, up from • In 2008, Symantec detected 1,656,227
360 Million in 2000 malicious code threats, this is more than 60
percent of the approximately 2.6 million that
• Users spend about 32.7h/week on the
Symantec has detected in total over time
Internet, compared with 70.6h for all media,
and 16.4h watching television • In 2008, the average cost per incident of a
data breach in the US was $6.7 million, which
• The Internet represents 32.5% of the typical
is an increase of 5 percent from 2007. Lost
“media day” for all U.S. adults.
business amounted to an average of $4.6
• 4 billion mobile users world wide million per incident

• The web is estimated to contain 22 Billion • Roughly 8.4 million U.S. residents were
pages (in 2009) victims of identity theft

• Facebook and MySpace have each attracted • An academic study reports that a quarter of
more than 200 million users worldwide the public-sector databases reviewed in the
UK [of a total of 46] are almost certainly illegal
• Social video sites add 13 hours of user videos under human rights or data protection law
to the Internet every minute.

• User-generated content such as YouTube
produced more than 73 billion streams in
2008

In the last four years alone we have seen Networks and systems become increasingly
the rise of Social Networks which, in turn, vulnerable to attacks from various sides.
are fast evolving into complex professional A stunning percentage of computers
platforms, significantly transcending their worldwide are infected with malware; turning
original concept. And there is much more to them, potentially, into unwilling malfeasant
come. zombies, with their owners unaware of
the illegal content stored in and activities
As with most adolescent experiences, there
performed on their machines - all under their
is new ground to be broken, with occasional
legal responsibility.
traumatic experiences along the way. Loss or
extreme curtailment of privacy could easily Through new forms of social interaction,
fall into this category. As the role of the Web social platforms and networking as well as
moves from the periphery to the centre of through access to Web services and other
social and economic activity, its vulnerabilities online activities, we leave behind us life-long
are exposed. trails of personal data in the form of a digital
shadow that becomes increasingly difficult, if
Hackers, criminals, terrorists and other
not impossible, to shake off.
malevolent entities have shown how easily
the Web’s weaknesses can be exploited. This Data can be stored, aggregated, processed,
exposure has been facilitated by a lack of mined and used anywhere in unforeseen
user awareness and sensitivity, technologies ways by numerous different entities with little
and infrastructures that were not developed protection, giving rise to new problems of
with such threats in mind, and the fact that transparency and accountability.
governance and jurisprudence have not kept
The new digital world, of which the Web is
up with developments.
the most important part, is a fragile one. And

2


01I NT R ODUCT I ON
as with every adolescent, the Web needs that of the whole EU, have a heavy respon-
some sort of guidance, which should strike sibility to protect and further develop this
the right balance between preventing it from model for our digital future.
becoming a jungle or wasteland and overly
Trustworthy systems and practices have
restricting and thus suffocating its immense
always been part of the essence of European
creative potential and development.
societies. Whether written as legal code,

02
This report endeavours to make a contribu- simply practiced as a code of honour, by
tion towards striking such a balance in the habit induced through education or based

AT S TAK E
TRUSTWORTHINESS
full realisation that this will indeed be a long on secure and reliable technology and
process in a rapidly changing context. management, trustworthy systems provide
the glue that holds together elements across
Europe is uniquely placed to play a leading
the entire societal spectrum - needless to
role in the development of trust and security
say that with the Web coming of age, our
in the future Information Society, as the latter
systems and practices should keep pace.
evolves in terms of new technologies (prod-
ucts or services) and new policies (directives This report attempts to recognise, among the
or regulations). ranks of emerging problems related to trust,
security and privacy, those that pre-existed
Europe has clear industrial strengths and
and are simply inherited in a digital guise;
assets in areas such as mobile communica-
which can be addressed satisfactorily with
tions and services, as well as consumer
existing knowledge and established meas-

03
industry and system security. It also has a
ures, thus ensuring continuity and stability.
number of world-leading research communi-
Where, for such inherited problems, their

SOCIETAL CONTE XT
TECHNOLOGY IN
ties, working in areas such as architecture,
new digital reincarnation entails differences
cryptography, formal verification and valida-
in scale or applicability – rendering them
tion, and identity and privacy management.
qualitatively different - the report attempts
Moreover, Europe has a leading role in the
to recommend research or additional actions
Web Science Research Initiative2, which has
deemed necessary.
pioneered the approach of Web science.
There is also a category of new problems
The first steps towards cooperation have
which arise with unprecedented speed and
already been launched by the Commission
impact and which, after a first analysis, do
to ensure an interoperable and trustworthy
not seem amenable to handling through
ID management platform in Europe3, fol-
established approaches. For such problems,
lowing joint efforts of Member States in the
further research or action might be pointed
04
project STORK4.
at when it is felt that there is enough evi-
Europe has experience and strength in seeking dence and understanding for doing so. But

consensus at both European and transconti- for other new problems, this Report simply
nental levels and between stakeholders of raises the issues involved and points to the
different cultural backgrounds; something need for further research, with concrete rec-
that is essential in the quest for interoperabil- ommendations to come at a later stage.
ity and trust in a global digital economy. Most
This approach has led to the recommen-
importantly, Europe has a broadly established
dation of the main topics identified for
social model, respecting freedom and liberty
research, which are needed to develop new
with particularly strong attention given to pri-
infrastructures, technology and tools. It is
vacy5. The EU, and in particular the Member
recommended to consider these for future
States acting in their own interest as well as

2
http://webscience.org
3
COM (2009)116: A Strategy for ICT R&D and Innovation in Europe: Raising the Game
4
http://www.eid-stork.eu/
5
ISS Report 05, Feb 2009: The European Security Strategy 2003-2008 – Building on Common Interests

3


ICT work programmes related to Trustworthy guidance from different vantage points and
ICT. these are referenced in this document. Also,
substantial agreement has been reached
As an illustration of other recommendations
through these various other reports, on many
this approach has led to, we can mention one
key issues and how to address them.
providing a possible path for the development
of a common European platform for privacy- This report describes concepts, stakeholder
protecting identity management based on views, and problems in Chapter 2. It then
state-of-the-art research achievements; or illustrates these in Chapter 3 through a
another concerning the development of number of related, near-future scenarios.
tools and instruments for businesses and Conclusions and recommendations are
citizens to make informed decisions on data given in Chapter 4, which could lead to a
management and digital security. balanced approach to some of the problems
discussed.
In no way does this report profess to know
how the future Information Society will In this report, we provide links to the valuable
further develop or what it will look like in the work that has already been carried out in this
years ahead. In completing this report we domain and we try to build on this. Adopting
have searched, as thoroughly as we could, the approach presented above we hope to
for existing analysis and recommendations make a substantial contribution to this fast
in the field. In fact, numerous good reports moving, complex and fascinating process.
have already been presented with insight and

4


01
02I NT R ODUCT I ON
02 Trustworthiness at Stake

AT S TAK E
TRUSTWORTHINESS
In this chapter, we will discuss the concepts time); history and memory; place and situa-
of trust, trustworthiness, identity and privacy. tion; culture; role (private or professional);
These are developed against the background emotions; and, a number of other variables
of the EU legal framework on data protection (For example, sociological considerations
and privacy, and the foreseen evolution in like reputation, recurrence and recommen-
technology. Based on this we highlight some dation). Trust is easier to establish when the
perspectives of stakeholder groups. Finally, identity and/or other authentication informa-
we discuss ongoing research technology tion (claims) about the third party are known.
developments and the requirements of Where human interaction involves the
infrastructure and governance. exchange of personal information, citizens
will trust the handling of data within their

03
2.1. Concepts society if: privacy and personal data protec-
tion regulation is respected; organisations
Trust, trustworthiness, identity and identifica-

SOCIETAL CONTE XT
TECHNOLOGY IN
comply with citizens’ perceptions of a culture
tion are concepts which are at the basis of
of accountability, auditing and transparency;
human existence. We use them intuitively
and responsibility and liability in the chain
and their interpretation is often context
of actors in a transaction is well established,
dependent. Related to this, societies have
allocated proportionally through regulation
developed concerns for privacy as a human
and contracts, and enforceable in an efficient
right. When we transpose these issues to a
manner. Moreover, citizens and organisations
digital environment, we can easily run into
must have fair tools to enable confirmation of
trouble. For the purpose of this report, in
claims made by another party and to access
order to avoid confusion, we adopt interpre-
information about reputation, creditworthi-
tations of the concepts as given below.
ness, identity, etc.
We see trust as a three-part relation (A
04
Trustworthiness relates to the level of trust
trusts B to do X). Parties A and B can, in
that can be assigned to one party (B) by
this respect, be humans, organisations,
another party (A) to do something (X) in a

machines, systems, services or virtual enti-
given relational context. It is an attribute or
ties. The evaluation of the trust A has in B
property assigned by A to B which influences
to do X plays an important role in the deci-
the trust relationship, as perceived by A. In
sion of A to partake in any transaction,
this sense, it is not an absolute value and is
exchange or communication between them.
context dependent. Digital systems should
By reducing risk, trust effectively facilitates
give minimum and, as much as possible,
economic activity, creativity and innovation.
measurable guarantees and information on
Trust is highly context dependent. It is con-
related risks concerning quality of service,
tingent on time (one could easily lose trust in
security and resilience, transparency of
someone, but also the concept changes over
actions and the protection of users’ data and

5


users’ privacy, in accordance with predefined, established for this the notion of “Partial
acknowledged policies. We call systems Identities”.
satisfying such characteristics: Trustworthy
In this report we will take a process or
Systems. Moreover, Trustworthy Systems
functional approach and refrain from the
should provide tools and mechanisms (or
more philosophical thinking about identity
allow third-party service providers to do so)
in terms of the set of essential attributes or
that enable the user to assess the risks and
characteristics of a person or personhood10.
audit the qualities it is claimed to possess.
Physical or virtual persons seek access to data
These tools and mechanisms should also
or services, or take responsibility for certain
support the user, where relevant, in his
actions in digital space. Service providers
security and trust management.
may need to authenticate themselves to the
For further discussion on these two related customer. To do this, the parties involved
concepts, see Russell Hardin6, Kieran O’Hara7 often need to prove certain claims about
and Trustguide8. themselves to convince the “relying party”
(service or data provider, auditor, employer,
Identity and Identification are concepts
customer) to trust them sufficiently to allow
which are difficult to grasp in a formal way.
the transaction, exchange or communication
Digital identity, in a general sense, will
to proceed. Such claims include, for example:
include all kinds of attributes: those needed
name, birthday, age, being older than 18, a
for our identification, our personal data
credit card number, a company registration, a
provided through Web community systems,
password, personnel number, biometrics, etc.
the information on all sorts of web pages that
A relying party will act as requested if it has
register our professional lives; in general, our
sufficient trust in the claims provision. In this
full digital shadow.
discussion we will be led by basic principles
In FIDIS9 (an FP6 ‘Network of Excellence’ laid down in the EU legal framework.
project), an effort is made to conceptu-
The OECD formulated guidelines for privacy
alise these notions. Two perspectives are
protection in 198011. In an effort to develop
described:
a set of general implementation principles
(1) A structural perspective, in which identity for the Internet, Kim Cameron presented, in
is seen as a set of attributes characterising 2005, his Laws of Identity [see Fig. 1]. Within
the person (or other entity) in a certain con- these Laws, the process of authentication,
text; where a subject would use a trusted claim
provider to prove its claims to the relying
(2) A process perspective with identity
party, is described formally at a meta-level12.
attributes used for identification; here identity
Clearly, the claims provided for a certain
is considered according to a set of processes
transaction depend on the transaction, the
relating to disclosure of information about
parties and the context. To obtain a passport
the person and usage of this information.
from a public administration office, to make
Within some cultures, the State has devel- a payment through e-banking, to gain access
oped a way of distinctively registering each of to a web community, or simply to provide
their citizens to ensure uniqueness of identity. comments on a blog, all entail different
However, in reality a person manages many considerations when identifying oneself.
identities (as a citizen, an employee, a con-
Anonymity refers to the absence of identi-
sumer, a client, a patient, a parent, a victim,
fying information associated with a natural
etc.). Sometimes the same identity is shared
person. In such cases no claims allowing
by many people (e.g. a guest account). FIDIS

6
Hardin, R. Trust & Trustworthiness, Russell Sage Foundation, New York 2002
7
O’Hara, K. Trust: From Socrates to Spin, Icon Books, Cambridge 2004
8
Lacohee, H. Crane, S. and Phippen, A. Trustguide: Final report – www.trustguide.org.uk
9
Rannenberg, K. Royer, D. and Deuker, A The Future of Identity in the Information Society, Springer 2009
10
OECD “At a Crossroads: Personhood and Digital Identity in the Information Society”, http://www.oecd.org/dataoecd/31/6/40204773.
6
doc


01I NT R ODUCT I ON
identification are provided, although other 2.2. Trustworthiness in context
claims might be needed (e.g. non-repudi- Trustworthy systems and practices have
ation). Pseudonymity is the situation where always been part of the essence of almost
certain claims are provided (For example, a any society. Whether written as legal code,
number or login name and password), but simply practised as a code of honour, or
these cannot be connected to directly obtain based on secure and reliable technology
identification; however, the natural person is and management, trustworthy systems are

02
still identifiable, if necessary. Similarly, one the adhesive elements across the social
can argue about the identity of organisa- spectrum. ICT solutions create enormous

AT STAK E
TRUSTWORTHINESS
tions, or artefacts, although the claims might economic and social benefits for citizens,
be of a different character. businesses and governments and these
THE LAWS OF IDENTITY must be embraced. However, prerequisites
for the optimal and rapid acceptance of ICT
1. User Control and Consent: Technical
identity systems must only reveal information solutions by citizens and society include: (a)
identifying a user with the user’s consent. ensuring trust in their use; and, (b) providing
2. Minimal Disclosure for a Constrained Use: assurance that personal integrity is protected
The solution which discloses the least amount and opportunities for criminal abuse are
of identifying information and best limits its minimalised.
use is the most stable long term solution.
3. Justifiable Parties: Digital identity systems The current technology evolutions, including
Web 2.0, Cloud computing, the Internet of

03
must be designed so the disclosure of
identifying information is limited to parties Things and others still to come, will bring
having a necessary and justifiable place in a more data collection, a higher persistency of

SOCIETAL CONTE XT
TECHNOLOGY IN
given identity relationship. data in digital space, higher scales and more
4. Directed Identity: A universal identity heterogeneity, pervasiveness and increased
system must support both “omni-directional” complexity. This will affect various elements
identifiers for use by public entities and of trust and render its management more
“unidirectional” identifiers for use by private
difficult.
entities, thus facilitating discovery while
preventing unnecessary release of correlation Our Information Society is partly being
handles. built on a virtual environment comprising
5. Pluralism of Operators and Technologies: increasingly uncontrollable, opaque, mobile
A universal identity system must channel computer programmes, and a scattered
and enable the inter-working of multiple
cloud of volatile yet persistent information.
identity technologies run by multiple identity
The computer landscape and information
04
providers.
highways are becoming congested and
6. Human Integration: The universal identity
fragile, caused by insufficient knowledge and
metasystem must define the human user to
I N F OR MATI O N SO CI E TY

be a component of the distributed system control of underlying infrastructures by its
integrated through unambiguous human- designers, manufacturers and vendors, and
machine communication mechanisms offering by the lack of transparency for users. This
protection against identity attacks. leads to high vulnerabilities for our society
7. Consistent Experience Across Contexts: and our economy. The reasons are manifold:
The unifying identity metasystem must guar- technological, practical, economic, and
antee its users a simple, consistent experience sociological. Moreover, main concerns are
while enabling separation of contexts through directed towards technical interoperability
multiple operators and technologies.
and inter-compatibility rather than security
Figure 1 The Laws of Identity13 and operational reliability.

11
http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_37441,00.html
12
Cameron, K. Posch, R. and Rannenberg, K. Proposal for a Common Identity Framework: A user-centric Identity Metasystem www.
identityblog.com
13
See: http://www.identityblog.com

7


We should not however, give the impression The high dependency on ICT undoubtedly
that ongoing efforts towards trustworthy creates many vulnerabilities in the systems
systems have been uniformly inadequate. that process data, whilst at the same time
The score is uneven. In some domains, such citizens fear the potential “surveillance
as banking, problems arising are dealt with society“ that may arise through arguments
more adequately than in others – health, for for civil security and safety, as well as
example. technology use. Indeed, many activities, that
were not traceable in the past, are traceable
Moreover, some of the issues that are devel-
now, due to the use of media and recording;
oping could be viewed as straightforward
and virtually unlimited storage capacity.
transpositions of older, well-understood
problems, which are now appearing in a new In 1948 the UN adopted its Universal
digitally enhanced context. These can be Declaration of Human Rights (UDHR), which
tackled with existing legislation; albeit adjust- states in Art.12: “No one shall be subjected to
ed to the new context. An illustration of this arbitrary interference with his privacy, family,
is blackmail or libel in the blogosphere. home or correspondence, not to attacks
upon his honour and reputation. Everyone
Other problems appear to be genuinely novel
has the right to the protection of the law
and less amenable to a simple transposition
against such interference or attacks.”
of existing provisions. These will need
sufficient attention. Some of these relate to The 28th International Conference of Data
the increasing complexity of networks and Protection and Privacy Commissioners
systems and the need to ensure sufficient (London, 2006) stated: “The protection of
security and resilience of the infrastructure. citizens’ privacy and personal data is vital for
The absence of a tangible “salesperson” any democratic society, on the same level
that can be seen and identified in a web as freedom of the press or the freedom of
transaction is another new challenge. movement. Privacy and data protection may,
in fact, be as precious as the air we breathe:
Nevertheless, trust remains essentially the
both are invisible, but when they are no
“classical” concept we know, and which
longer available, the effects may be equally
needs transposition to the new, digital
disastrous.” In this context, great attention is
space.
given in democratic societies to the means
of assuring privacy and the protection of
2.3. The EU legal framework for
individual rights and personal life without
personal data protection and
negative impact on neither the general pub-
privacy
lic interest, the vital interests of involved
The Internet and Web emerge together as parties or legal and contractual obligations.
an essential system for daily communication, It is argued that all legitimate interests and
an increasing variety of services, and objectives may be accommodated without
massive data exchange. In the future, mobile unnecessary trade-offs being made.15
networks, the Internet of Things, as well as
In Europe, technology or economic consid-
Linked Data14 will form seamless parts of it.
erations have in the past often been looked
As a consequence, we will see an explosion
at in relation to our basic values and funda-
of content, and the architecture of data and
mental principles. The French Act of 1978 on
programmes associated with an individual
Data Processing, Data Files and Individual
or an organisation will become highly
Liberties16 provided an early and clear state-
complex.
ment that “… information technology should

14
Using the web to connect related data that was not previously linked; see http://linkeddata.org
15
See: Cavoukian, A. and Hamilton, T. Privacy Payoff, McGraw-Hill 2002 and Cavoukian, A. Privacy by Design, IPC Ontario 2009
www.ipc.on.ca
16
www.cnil.fr/fileadmin/documents/en/Act78-17VA.pdf
8


01I NT R ODUCT I ON
be at the service of every citizen …“ and communications sector18 (known as the
“… shall not violate human identity, human “e-privacy Directive”).
rights, privacy, or individual or public liberties
This framework defines:
…”. The German Constitutional Court ruled
in 1983, that: “Informational Self Determina- personal data shall mean any information
tion is a fundamental constitutional right, as relating to an identified or identifiable
citizens who do not know who knows what natural person (‘data subject’); an identifi-

02
about them will be less active in public and able person is one who can be identified,
democratic activities, which could lead to a directly or indirectly, in particular by ref-

AT S TAK E
TRUSTWORTHINESS
chilling effect on democratic life and culture erence to an identification number or to
as a whole.” These approaches have led one or more factors specific to his physical,
to the inclusion of a specific right to “pro- physiological, mental, economic, cultural
tection of personal data” in the Charter of or social identity.
fundamental rights of the European Union
Its structure is based on three concepts
adopted in 2000.
defining the space for actions:
Europe currently has a relatively strong legal
1. material scope: which information and
framework for data protection. Directive
information processes, storage procedures
95/46/EC on the protection of individuals
etc. do we address with the legal frame-
with regard to the processing of personal
work
data and on the free movement of such

03
data17 is transposed into law at member 2. personal scope: which roles are the rel-
state level. The Directive establishes a set evant ones in this context (data controller,

SOCIETAL CONTE X T
TECHNOLOGY IN
of rights for the data subject (including the processor, subject), and how is account-
right of access; the right of rectification; the ability and transparency related to these
right to object; the right not to be subject to roles
automated individual decisions; etc.). It also
3. territorial scope: applicable law, cross
sets obligations to be respected by the data
border data transfers, EU regulation and
controller (including the obligation to pro-
international rules and agreements.
vide certain information - determined by the
legislation - to the data subject; to notify the How, in this framework, can citizens’ worries
data protection authority; to adopt techni- be better addressed? What are the meas-
cal and organisational security measures; to ures that can be taken within this framework
avoid, in principle, the transfer of personal to reduce security breaches, and further
data to third-party countries that do not pro- improve accountability and transparency?
04
vide for an adequate level of protection; etc.). Can better alignment be obtained with other
Finally, it provides for elements of account- legal instruments concerning consumer pro-
I NFO R MAT I ON SO CI E TY
TO WARDS A T RUS TW O RT HY

ability, transparency and law enforcement tection, product and service liability?
(through prior checks by the supervisory
And, more importantly, can technology
authority, publicising of processing opera-
development provide the architectures, sys-
tions, the right to judicial remedies, liability
tems and tools for effective implementation
for unlawful processing and sanctions in case
and enforcement of applicable law.
of infringement).
It is obvious that constructive answers to
Specifically for the ICT sector the EU has
these questions can only be found if we take
established the Directive 2002/58/EC con-
a simultaneous and coherent approach along
cerning the processing of personal data and
all three lines of action:
the protection of privacy in the electronic

17
OJ L 281, 23.11.1995, p. 31
18
OJ L 201, 31.07.2002, p. 37

9


• Development of practical and effective regarding data contained in RFID tags that
technology implementations. New sys- are attached to things which may change
tem architectures that support privacy by hands – can this be labelled “personal
design, new security instruments and infra- data”? Data captured and stored by sensor
structures aiming at prevention, protection technologies about a person’s whereabouts
and recovery, legal reporting templates and their interactions with the environment
and languages, and assurance methods. may constitute “personal data“, but it
depends on an understanding as to what
• Policies, procedures, contracts, legal tem-
it means to be identifiable. For example,
plates and standards. A coherent legal
should the use of biometrics to re-recognise
infrastructure is needed, with support
a person, without linking this data to a name,
for compliance and law enforcement. It
address, etc. be considered use of “personal
should include accountability, transpar-
data“?
ency, reporting and audit practices in data
and software management and use, and it These questions are being discussed in
should enable redress and compensation, the previously mentioned FIDIS project.
as required. In general, we may ask whether the focus
of the legal framework on the concept of
• People and organisations. We must
“personal data” can solve the problems that
strengthen the responsibility of manage-
will occur in an ever more dynamic and smart
ment for personal data processing and for
world, in which data is constantly in flux and
ICT usage, through training and aware-
correlated with other data. It is clear that
ness programmes and the development of
constant vigilance is required concerning
‘best practice’, as well as mandatory trans-
interpretation, completeness and consistency
parency.
of the legal framework in relation to new
None of these three lines of action can be technology, which may rapidly change digital
addressed in isolation, and it is this principle reality.
that forms the basis of the philosophy behind
Protection of personal data is one of the
this report.
most important aspects of privacy. The
It can be argued that data used for profiling person concerned (data subject) would like
(including location-based data or Web to be in control of his own personal data or
profiling), may “relate” to an “identifiable” to trust the organisation who handles it. The
natural person, and hence may fall under role, trustworthiness and accountability of
the definition of “personal data”19. However, the relevant data controllers are therefore
this is a non-straightforward issue and might of crucial importance, since much personal
need to be addressed in more detail. For data will be under their control. Technology
example, when making his decision whether support in this process is essential, so as to
data processing is legitimate, can a data provide the knowledge and tools needed
controller always reasonably know whether to the data subject, to exercise his/her
that data can be used for profiling at some options; and to ensure transparency and
stage later? One may argue that at some accountability of the data controller towards
point in the future any data can become a the data subject to enable assessment of
personal data through “linked data”. trustworthiness.

Other questions arise about meta-data
and even encrypted data that can reveal IP
addresses visited. There are also questions

19
Opinion 4/2007 on the concept of personal data of Art 29 DP Working Party. Information “relates” to a person also where it
may have a direct impact on that person. To determine whether a person is “identifiable”, account should be taken of all the
means likely reasonably to be used either by the controller or by any other person to identify that person (Recital 26 of Directive
95/46/EC). Both elements therefore, also depend on the relevant context. This is fully illustrated with many examples in Opinion
4/2007.
10


01I NT R ODUCT I ON
2.4. Privacy, anonymity and are provided, and formal transactions made.
accountability Such services can be performed in the Cloud,
creating massive amounts of data about
Privacy has aspects which go beyond
individuals, introducing serious problems of
legislation, that are more difficult to model,
informational self-determination, and thus
and are dependent on culture, time and
violating the essence of what was previously
other contextual elements. While the legal
described as the privatised space.

02
framework is applicable in all cases, it is useful
to look at these other aspects to understand In fact, the Web and the whole of digital

AT S TAK E
TRUSTWORTHINESS
what are the necessary architectures and space, is also used as private space, in
tools that fit best in certain contexts. which people assume, often incorrectly, that
data is not accessible to anyone, other than
The concept of privacy and its evolution has
those friends or family to whom it has been
been studied by various authors20, 21, 22. O’Hara
addressed. Similar situations were appearing
and Shadbolt 23 give a vivid description of its
previously within the telephone network,
evolution under the influence of the Web. It
where conversations could, and still can, be
may help to structure thinking if we consider
eavesdropped without knowledge of the
its tri-partite distinction: the private realm of
callers.
intimacy and individualism; the public realm
or realm of the polis of citizenship and active Privacy can be looked at in terms of
participation for the societal good (this informational self-determination (including
includes professional activity); and in between the right to act anonymously), but also

03
these two a third realm – the privatised space in terms of spatial privacy - the space to
- of public life, sociability and public opinion, retreat. Both aspects of the privatised space

SOCIETAL CONTE X T
TECHNOLOGY IN
with public interactions and visibility, but are profoundly changed with the Web.
private reasoning and motivation. O’Hara Information control in digital space (including
and Shadbolt argue that the Web, as a public control of personal data) is substantially more
information space, currently functions, for difficult, and visibility of acting in this space is,
a large part, as a privatised space, midway at least at this moment, practically absolute
between the completely public and the (although it could well be that nobody will
completely private realms. Such spaces are ever see such “long tail” visibility). Clearly,
important for the formation of public opinion the privatised space is, in practice, the most
and the development of a constructive difficult to manage and control for a citizen
discourse about society. It is here where acting in digital space. Visibility is sometimes
personal opinions can be expressed without deliberately sought, while in other cases
04
constraint, except for being within certain it is avoided. (Often, tools to support
legal rules limiting freedom of expression. this invisibility are unavailable.) Personal
At the same time, one can publish his own information can be generated by oneself

very personal and intimate information if one and by a third party (through profiling and
so chooses, assuming one can do so in an data linking, for example). It can be made
appropriately informed fashion. Naturally, accessible on one‘s own website or via a
legislation comes into play where publishing social network run by a private company in the
the information of others. Cloud. It can also be used only proprietarily,
for commercial purposes. All these choices
But digital space, of which the Internet and
have business and legal consequences which
Web are the most important platforms, is
need to be understood and may require new
becoming more and more a public space,
or revised legislation and technology tools.
where services from business and government

20
Rigaux, F. La protection de la vie privée et des autres biens de la personnalité, Emile Bruylant Brussels, 1990
21
“The theory and politics of the public/private distinction”, in Weintraub, J. and Kumar, K. (eds), Public and private in thought and
practice: Perspectives on a grand dichotomy, Chicago, Univ Press, 1997, 1-42
22
Habermas, J. The structural transformations of the public sphere, Cambridge, 1962 (trans 1989)
23
O’Hara, K and Shadbolt, N. The spy in the coffee machine – The end of privacy as we know it, Oneworld Oxford, 2008.
11


In the early days of the Internet, principles is the health record where the accountability
of the private and privatised space were of the doctor for the quality and integrity of
enabled through the option of using any the data as well as the privacy of the patient
one of a vast array of untraceable access both play a role in the data management.
points to the Internet. This facilitated users
Within a technological infrastructure, the
to act anonymously, in practice. These are
challenge is to reinforce the legal framework,
now gradually being removed for the sake
by understanding these concepts and their
of accountability on the Internet, in favour
inter-relations in digital space24, leading to
of the public space. To preserve the societal
“technologically embodied law of a digitised
values of the privatised and private spaces, a
constitutional democracy”25; for example,
number of initiatives have been undertaken
including technical support for privacy-
to enable untraceable, anonymous activities
friendly accountability.
on the Internet.
Technology development should aim at
Whilst in the private realm, one should
alleviating the need for our societies to
have privacy and untraceability by default,
limit privacy if it would conflict with general
in the privatised realm one should have
public interests; for example, in the case of
informational self-determination and the
national security or legitimate suspicion of
ability to claim privacy and untraceability, if
criminal behaviour. Currently within the EU,
desired within certain legal limits. Such claims
this maxim is partly subject to interpretation
can be total or partial: “anonymity in front
by the data controller or its transposition into
of a particular person or a certain group”,
Member State law. One would assume that
making it impossible for a defined set of
personal data is only uncovered by admin-
stakeholders to uncover the user’s identity.
istrative authorities when there is legitimate
Accountability, as it is normally seen, relates cause. However, as noted already, at some
to acceptance of responsibility for activities point in the future any data can become
that: are under contractual obligation; personal data. Transparency of the data con-
require compliance with legal obligations; troller actions is essential for the data subject
or, are carried out in the public interest or in such situations and Art 12 of D95/46EC
when exercising official authority. The legal provides the right to be informed about
framework gives the criteria for making the logic of processing that is the basis of
personal data processing legitimate. automatic decisions. Such transparency
Technology to support transparency of the should not only include processes used for
processes and allocation of responsibility for data processing, but also types of profiling
the various process steps are both necessary actions to understand the nature of profiling
to make accountability more effective. actions and profiles, and support appropri-
ate governance.
It seems a logical conclusion that
accountability is the essence of the public The decisions on the rules, technologies,
realm, in compliance with data protection and processes and limitations are in the political
privacy law, but this must not be confused realm and they differ between cultures. They
with enabling traceability of the user. Whereas also change over time. The discussions on
unobservability and traceability do exclude the fear for a surveillance state or “big broth-
each other, privacy and accountability do er” scenario illustrate this. Development of
not, and there are many use cases where a trustworthy ICT can help to avoid conflicts
combination of both would enable taking full between privacy and security and make it a
advantage of the digital space. A typical case positive-sum game.

24
Weitzner, D. Abelson, H. Berners Lee, T. Feigenbaum, J. Hendler and Sussman, J. Information Accountability, 2008
25
Hildebrandt, M and Koops, B-J (eds) A vision of Ambient Law, (2007) available at www.fidis.net

12


01I NT R ODUCT I ON
often cross-border incompatibility of legal
2.5. Stakeholder perspectives
frameworks on privacy and data protection.
For a broad view on the problems we need Although the EU framework is “data-control-
to look at various stakeholder perspectives. ler centric”, the emergence of the Cloud will
Important parties in this discussion are: limit further the ability for user-centric, cross-
government, business and citizens. Below border data protection, since it is not always
we look at some important aspects of these clear under which jurisdiction the Cloud pro-

02
perspectives. vider is established.
2.5.1. Governments and Jurisdiction Methodologies for solutions need to be

AT S TAK E
TRUSTWORTHINESS
By their global nature, ICT infrastructures found through age-old diplomacy and inter-
come under different laws in different juris- national negotiation practices. However, the
dictions. These various laws are driven by complexity and technicality of digital space
different national interests and political and may make political control and international
judicial systems. The liability of perpetra- agreements on technology developments
tors of security attacks is often difficult to increasingly difficult.
invoke and mostly non-existent across dif- Law enforcement in digital space is also dif-
ferent nations. At the same time, network ficult. Obligations for the reporting of data
governance, dynamically established chains breaches and an annual review of data
of services, software patching, software in processing in organisations, as exists for
the Cloud, provenance of basic IT data (from finances, are inadequate. The lack of proper

03
where it is created, to where it is transmitted, authentication and privacy-respecting audit-
stored and actually accessed) and notably ing technology, and the obscurity of business
cyber criminal networks often span multiple processes, seem to create an environment

SOCIETAL CONTE X T
TECHNOLOGY IN
countries and jurisdictions. This raises issues with ever decreasing accountability, respon-
with regard to the role and responsibilities sibility and liability for business and public
of network-, service- and software-providers services.
concerning the security of their products and Administrations are discovering the gains
services, and of the data controllers and proc- in efficiency and effectiveness that can be
essors as defined in the pertinent EU legal obtained by better citizen registration, cre-
framework. It will not always be obvious or ating personal health-care records, using
even well-defined where, by whom and how biometrics for travel documents, immigra-
control is exerted and how consumer rights, tion control and anti-terrorist actions, and
data protection rights or product liability providing more and more electronic services
law26 can be enforced. A typical problem in to the citizens. The change-over however,
04
this context is the responsibility of the data raises many concerns for data security and
controller, who utilises various systems and unauthorised secondary uses. Several cases

tools of which liability is not clear. More have emerged in the last few years, where
importantly, national security may be at millions of personal data records were stolen
stake if control is lost and law enforcement or lost.
becomes more and more difficult.
Finally, critical infrastructures become fully
The vast amount of personal information dependent on networked control systems
being processed currently makes it prac- and connections over borders. Protection of
tically impossible for consumers as well the critical infrastructures, including telecom-
as suppliers to always explicitly adhere to munication, energy and transport is essential
legal obligations on active consent (opt-in). for the national security of States.
This is aggravated by fragmentation and

26
Including Directive 1999/5/EC, which requires safeguards in telecom terminal equipment to ensure personal data and privacy
protection of the subscriber

13


2.5.2. Business A recent study29 estimated that the digital
service market will grow to €436 billion in
Eurobarometer 2008
market volume by 2012. The study states also:
Organisations’ perspective on data protection:
“The difference between “getting Digital
— 91 % “necessary requirements”
Confidence right” in a best-case scenario
— 63 % “but improvements needed”
and “getting it wrong” in a worst-case
scenario adds up to €124 billion, or almost
Today, there is a lack of any incentive for
30 percent of the total market at stake—
businesses to invest in trustworthy solutions.
approximately 1 percent of total EU-27+2
In many cases, those who decide on and
GDP in 2012! The combined downside of
create risks are not those who pay the costs
failing to establish Digital Confidence is, at
if things go wrong. Also, governments
€78 billion, far greater than the upside at
require retention of data processed by
€46 billion—primarily driven by the effects
businesses, making it more difficult for
of Privacy and Data Protection as well as
them to reach agreement with customers
Network Integrity and Quality of Service.”
about the protection of such data. Technical
infrastructures and legal frameworks A well-developed and globally respected
are needed to assign costs and liability European legal framework for data protection
appropriately. This would remove barriers and privacy, commercial transactions and
to innovation and uncertainty on regulation consumer law, all fit for the Internet of the
and would connect mutually incompatible Future. These can give European industry
international legal frameworks. Only if a head start for global competition in
benefits, legal obligations and international innovative products and services that will be
frameworks are clear, will businesses trusted by consumers.
sufficiently invest in usable solutions for
e-services. 2.5.3. Citizens and Society
Europe does not have an interoperable,
Eurobarometer 2008
secure and widely usable electronic identity
Citizens’ perspective on data protection on
management infrastructure that enables
Web:
businesses and citizens to use efficient
64 % “concerned or very concerned”
authentication mechanisms for interactions.
48 % “data adequately protected”
As a consequence, whereas large companies
77 % “only limited awareness”
can rely on identification solutions that
they already have available within their
Citizens and society are eager to avail of
organisation, small companies and start-
the exciting possibilities presented by
ups need to build them from scratch when
technology development for communication
bringing innovative services to the market.
and information handling. At the same time
This can lead to enormous overheads and
people are becoming more aware of the
macro-economic waste.
potential risks that this creates for security
As argued earlier in this chapter, trust is a and privacy. From the citizen point-of–view,
vital element for economic sustainability. key issues for trusting ICT solutions are: the
It is confirmed in literature that there is a allocation of liability and risks in the product-
strong correlation between the level of social and service-chains; the ease of use and trust
trust in society and economic growth and in delivery; the ability to make informed trust
prosperity27, 28. and security decisions; and, the power of
control over their digital assets and personal
information.

27
Fukuyama, F. Trust: The social virtues and the creation of Prosperity, Free Press, New York, 1995
28
Akcomak, I.S. The Impact of social capital on economic and social outcomes, Un Press Maastricht, 2009
29
Digital Confidence – Searching the next wave of digital growth, Booz & Co, Liberty Global Policy Series, 2008

14


01I NT R ODUCT I ON
Citizens feel lost by the lack of transparency developing software components and
and accountability of data handling by deploying systems on one side and criminals
government and business. They are abusing them on the other. Success in
perplexed by the ease with which they can hardening basic layers of the infrastructures
be profiled, traced and tracked and by the against attack (operating systems, for
apparent simplicity with which data flows example) has led to new attacks on other
from domain to domain and between “links in the chain” (browsers, for example).

02
businesses and government, without their Further, hasty repairs and insufficiently tested
knowledge or consent. They feel uncertain new applications have caused many more

AT S TAK E
TRUSTWORTHINESS
and unprotected against cyber criminals vulnerabilities. The emergence of the Internet
going after their identity, money, children of Things will also add a new dimension to
and dignity. reconciliation between the virtual and the
physical - between information technology
Citizens want to be safe and secure, with
and reality.
their private space protected; while at the
same time they want to profit from the many We may be able to use and scale-up existing
digital opportunities offered. Essentially, security knowledge in our systems or, in
they want a positive-sum game, giving them some cases, in certain industrial sectors to
a clear sense of progress through technol- re-build the information and service systems
ogy. The goal is to minimize the collection of the future, in order to have security and
and use of personal data, if citizens don’t feel privacy designed in from the start. But the

03
comfortable or feel an affront to their dig- real challenge seems to be to develop new
nity, while at the same time, strengthening usage models and to produce new paradigms

SOCIETAL CONTE X T
TECHNOLOGY IN
data security, and empowering individuals to handle more efficiently and securely the
to feel confident in their communication on new virtual constructions that come with the
the Internet and to exercise choice over their Future Internet.
own information.
A major weakness of the Internet comes
from the lack of reliable verification of claims,
2.6. Research and Technology
including identity. It leads to uncertainty
development30
when explicit authentication or non-repudi-
The fundamental building blocks of secu- ation is required. In the absence of a reliable
rity have been with us for many years: scheme, inferior methods are employed that
information encryption with cryptography lead to an increased risk of identity theft,
to protect information in storage or transit; phishing, pharming and spoofing. Conse-
04
cryptographic protocols to authenticate IT quently, mechanisms ensuring accountability,
exchanges; secure principles in engineering auditing, non-repudiation and law enforce-
for the construction of computers and devic- ment are increasingly difficult to implement.

es whose functionality can be assured; and, A trustworthy and privacy-respecting identity
methodologies for the provision of software claim management regime can ensure that
that can be assured – to some degree – to the right people get to the right resources in
function in expected ways. a practicable way.

However, huge computing capacity in the Nevertheless, one can never fully exclude
hands of everybody, as well as hackers theft and/or the abuse of credentials. A
discovering and continuing to develop attacks major mechanism to reduce risk in such
not previously predicted or understood, has cases is to avoid over-identification – the use
resulted in an “arms race”, between those of identification in contexts where it provides

30
For further information on Security research in a wider sense, not restricted to ICT, see the report of the European Security Research
& Innovation Forum (ESRIF), http://www.esrif.eu/documents.html

15


insufficient benefit. Minimal data disclosure with emphasis on user-centricity and respect of
technology has been developed to address privacy for personal users.
this. In addition we need accountability prop-
Technology and Tools for Trustworthy ICT
erties and mechanisms.
addressing networked process control sys-
Over-identification could lead in the worst tems; pro-active protection; user-centric and
case to illicit network computing, with search privacy preserving identity management; risk
engines digging into the private sphere management and policy compliance verification;
and identifying user profiles and activities assurance of security; integrity and availability of
(targeted profiling). This is aggravated by data; complexity and dynamicity; cryptography,
the risk that in highly integrated dynamic biometrics, trustworthy communication and vir-
applications we lose transparency concerning tualisation.
the relationship between the collection of
In addition the programme gives oppor-
data and the purpose of its use.
tunities for networking, coordination and
The European Commission gives significant support activities.
attention in its ICT Programme to research
Significant progress has been made in areas,
and technology development in the field of
but the rapidly developing digital world
Trust and Security, with projects and schemes
requires reconsideration. The effectiveness of
being funded for more than a decade now.
trust and security technology is questionable
The Work-programme 2009-2010 research
if it is developed as an add-on to existing
targets are:
systems, as has been the case up until now.
Trustworthy Network Infrastructures particu-
More importantly, trust and security
larly emphasising the development towards
technology becomes uncontrollable
the Future Internet. It includes the develop-
and largely ineffective if it does not take
ment of novel architectures with built-in security,
into account the individual and societal
dependability and privacy; secure interfaces
dimensions. For the individual we need to
and scalable dynamic security policies across
understand how the incentives for behaviour
multiple networks and domains; autonomously
have been altered in the digital world and
monitoring and managing threats; and trust-
how new types of collaboration will emerge.
worthy management of billions of networked
For society, we need to understand how
devices, ‘things‘ and virtual entities connected
technology alters the allocation of competing
in the Future Internet.
resources; has trust become scarcer as
Trustworthy Service Infrastructures as part of the information has become more abundant? The
development towards the Future Internet, sup- Web, as engineered technology, generates
porting adaptability, technical interoperability, a network of overlapping social networks
scalability and dynamic composition of services and a linked repository of content created
for citizens and businesses. Work includes flex- by humans and relevant to their lives. For all
ible and dynamic mechanisms and risk-based these reasons, an interdisciplinary approach
methodologies to respond to threats and vul- taking into account all these dimensions is
nerabilities, as well as to changes and conflicting essential to make progress. The area of trust
demands in operating conditions, business in the Information Society is clearly one
processes or use practices through the full life where insights from Web Science31, 32, would
cycle. Strong attention is also given to interop- be applicable.
erable frameworks for identity management for
The recommendations on research and
persons, tangible objects and virtual entities,
technology development in this report aim

31
Shadbolt, N and Berners-Lee, T. Web Science emerges, Scientific American, Oct 2008, 32-37
32
Berners-Lee, T. Hall, W. Hendler, J. O’Hara, K. Shadbolt, N. and Weitzner, D. A Framework for Web Science, Foundations and
Trends in Web Science, 1(1), 2006, 1-130

16


01I NT R ODUCT I ON
to provide input to the planning for ICT Trust of the growing size, complexity, capacity,
and Security research for the programme speed, and heterogeneity of the networked
period 2011-2013 and beyond. They are digital environment. Accountability, that
based on the work of two Working Groups, must be respectful of privacy, is seen as vital
which were established by the FP7 project, in ensuring transparency, deterring malicious
Think-Trust33. Their main findings may be action, and providing diagnosis of failure.
divided into two sections: the first mainly Possibly also typical of other platform/

02
from the user standpoint, with the second service-related areas, a specific need for
looking at means (mainly technological) of automated security policy governance was

AT S TAK E
TRUSTWORTHINESS
supporting the users’ needs. identified, extending from the formulation
and agreement of what is to be provided
The headline concerns of the first working
with respect to aspects of trust, privacy
group are about privacy, identity manage-
and security, through the monitoring and
ment and accountability in the Information
reporting conformance of operations, and
Society. Wider privacy needs concern the
on to remedial actions for non-compliance.
protection of all aspects of identity-related
information; not only the prevention of Further details on the results of the Working
unauthorised or unintended disclosure of Groups will be given in a report expected in
the primary parameters of identity, but also the autumn of 2009.
limitations on building unique identifying
or identifiable personal profiles by amass- 2.7. Infrastructure and Governance

03
ing and aggregating snippets of information
While multiple technical aspects are impor-
trails that users currently leave behind. Simi-
tant for providing trust and security, one

SOCIETAL CONTE X T
TECHNOLOGY IN
larly, data protection is not only about the
must recognise that just the technical nuanc-
technical prevention of disclosure of personal
es of security do not automatically imply a
information, but also about the responsibili-
“trustworthy system”. A bona fide trust-
ties of those handling, processing or storing
worthy system must also entail quantifiable
it.
and auditable technical and organisational
The second working group centres on what aspects of delivery (policies, architectures,
is needed to: (a) support the nomadic, Service Level Agreements, etc), as well as
mobile user; and (b) to enable the trusted the user’s perceptions on its operation. When
use of Cloud-based services. A number developing infrastructures that address
of key characteristics and requirements the needs of the stakeholder groups in the
were identified, together with an indication digital world we must consider metrics,
04
of possible regulatory support. These certification, standardisation, governance
highlight the need for architectural and management, and international agree-
frameworks for trust and security that enable ments on interoperability (including process

interoperability and the establishment of interaction, definitions and meta-level stand-
mutual trust; and the use of virtualisation ardisation and technical interoperability), or
to maintain separation between entities in federation of often incompatible systems
an environment where physical boundaries and platforms.
no longer exist. Within the architecture, a
Trust requires an infrastructure to build trust
measurement infrastructure is needed that
relations, using tools to confirm, meas-
facilitates: the monitoring of security status
ure or rate various aspects such as identity,
and indicators, the identification and analysis
reputation, relationships, risks, or security of
of attacks and intrusions; and the building of
the environment. It requires instruments to
insight into merging threats. The continued
ensure a certain level of transparency and
development of underlying technologies
accountability, dependent on the situation.
is needed to keep pace with the demands

33
http://www.think-trust.eu/general/general/wgs.html

17


At the basis of trust lies the assessment of munication and innovation in web services.
claims on the party to be trusted. A basic It will also support accountability in the pub-
framework for managing claim verification, lic space and strengthen control on cyber
including identity, non-repudiation, cred- crime.
itworthiness, reputation etc. is needed to
develop federated, open and trustworthy 2.8. Conclusions
platforms in various application sectors, e.g.
In this chapter we discussed concepts and
health care, government services, public
contexts, perspectives of major stakehold-
procurement, smart and energy efficient liv-
ers, and the possibilities as well as the risks
ing. Electronic Identity Management (eIdM)
for our societies as future digital infrastruc-
systems are available, integrated in services
ture systems are developed.
provided by industry or by public administra-
tions. However, interoperability is practically Europe must protect and exploit its indus-
non-existent, nor is sufficient attention given trial strengths, academic quality of research,
to privacy and minimisation of data exchange. and strong societal values and democratic
The development of a common framework systems in order to lead the development
for federation and interoperability between of trustworthy ICT solutions for the Informa-
governmental eIdM systems of different EU tion Society. Public and private stakeholders
Member States is still a matter of study and must come together and develop a coher-
trial 34. Banks mostly have their own systems, ent strategy; taking account of the interplay
with no connection to citizen registrations between technology development, societal
other than via an ID card or passport. needs and acceptance by citizens, the law,
regulation and other public policies.
The development of a common European
framework for federation and interoperabil- Policy makers and regulators will be most
ity of governmental eIdM systems that can effective if they base their work on sufficient
form the basis of a wide digital claim man- technological insight and the expectations
agement framework, compliant with the of business, consumers and public organisa-
legal framework for data protection and tions.
privacy, can make Europe a global leader. It is this interwoven network (Fig. 2), of
However, it requires urgent joint EU action technology development for trustworthy ICT
and the political will of all Member States, as with the societal context in which it will be
well as cooperation with industry. Europe has applied, that needs strong attention. Without
the knowledge and expertise to achieve this. attention to all elements, one cannot expect
Success will boost trustworthy Internet com- sustainable progress.
Figure 2 Technology and Society • Complexity, ease of use
• Role of end-users
• Society-protecting business
models

Technology & End-Users &
Innovation the Society

Trustworthy
• Global ICT - national “frontiers” Information • Security, privacy, identity
• “Economics of Security” • Protection of human values
• Policies for privacy-respecing Truth and Society? • Transparency, accountability
Identity? • Auditing and law enforcement

Policy & Regulation
34
http://www.eid-stork.eu

18


01
02I NT R ODUCT I ON
03 Technology in Societal Context

AT S TAK E
TRUSTWORTHINESS
To place the general discussion and concepts Data mining, however, and the collation of
of the former chapters in the context of information on individuals and groups from
everyday life we discuss in this chapter various sources across the Web is a serious
the attractiveness of certain future service danger to our private life today.
scenarios and the dangers of data collection
Consider the ease with which the French
when it is either not controlled at all or, at
magazine Le Tigre constructed and published
best, is insufficiently controlled by the data
a portrait of Marc L.35, a pseudonym for a
subject. We first discuss two of the problems
randomly selected young man. Using nothing
facing us today as we move increasingly
more than information publicly available on
towards a Digital Society. After that we
the Web and some deductive reasoning, a
present some story lines on how the future
surprisingly accurate and intimate profile of

03
might look.
Marc L. was developed. Upon hearing of Le
Tigre’s experiment, the young man contacted

SOCIETAL CONTE XT
TECHNOLOGY IN
3.1. The dangers of our digital
the magazine and requested that the article
shadow
be removed. However, legal advisors told him
Simply for the chance to win a cuddly toy, or that he could not compel Le Tigre to delete
some other equally insignificant prize, many the piece and that he would not achieve
people will freely enter their name, home much recompense through the Courts, since
address, date-of-birth and various other all the information used by the magazine was
personal details onto an Internet website. obtained from public sources.
Similarly, users will publicly declare all manner
Besides the embarrassment to the person
of sensitive and revealing information on
concerned, there are other more grave
dedicated social-networking sites.
incentives for following the data trail left
Neither the person who inadvertently reveals by users on the Web. The availability of
04
their identity and lifestyle choices in an effort social and personal details on one website
to win a teddy bear, nor the facebook™ and professional details on another implies

friend, who apparently does not care that that our work colleagues (and prospective
he is disclosing identifiable data to more new employers) can find out more about us
people than he thinks, seems to be worried than we might prefer, given the relatively
about the life-long digital shadow they are easy means of connecting these two
creating. Knowledge about data ownership, categories. Market researchers and cold-
data access rights and the ability to withdraw calling salespeople would benefit too from
and/or delete “their” data is apparently not observing the preferences and lifestyle
something that a great many users of the choices revealed on-line by users.
Internet are concerned about.

35
http://www.le-tigre.net/Marc-L.html

19


There are also more sinister dangers Human perception is one of the factors to
inherent, when data remains lying around, be considered too, when the issue arises of
unlegislated for in hyperspace: so much compelling companies and governments to
private and public information means that report data breaches. It is argued that public
the replication of a user’s virtual identity is trust in the breached organisation will drop
potentially easy to achieve. This gives rise to as reports of their security violations increase.
numerous fraudulent possibilities for would- Whether such decreases of confidence are
be ‘identity thieves’. justified or not remains to be seen. Either
way, public perception and users’ trust is a
3.2. The weakest links in the data significant issue in the digital world.
storage chain
These two concrete problems – namely our
There have been a number of high profile casting of digital shadows and the apparent
news stories, reporting the loss and theft of lack of security when transferring our data
data storage devices such as CDs, USB sticks – are becoming all the more prevalent as
and laptop computers; all of which contained we move towards an on-line, Information
confidential information regarding members Society. These and other similar trust and
of the public. security issues are plain to see in the following
scenarios, which animate the requirement for
By its very nature, the process of transferring
strong guidance in our Digital Information
and processing data is a problem. This
Age.
procedure presents the attacker with the
data in its most vulnerable form. Therefore,
3.3. Living in the future
despite the sophisticated means and
Information Society
considerable resources deployed to protect
sensitive information when it is digitally 3.3.1. Prologue: Setting the scene
stored, the fact remains that transferring
Jorge is a 23-year-old student. He is living
this data, on a portable device, means that
in London with Theresa, his 21-year-old
the chain of data trust is not being evenly
girlfriend. Theresa has a degree in financial
serviced.
studies and is currently working part-time,
By physically moving data via a portable doing various “odd jobs”, while she looks for
device, as opposed to electronically over a full-time position. Theresa’s grandmother,
a network infrastructure, the exposure Helena, lives in London also; in a quiet,
to eavesdropping attackers is lessened. residential area.
However, the integrity of the data can still
Like most of their friends, Jorge and Theresa
be potentially compromised – the attacker
are committed to a clean planet: “going
must now just change his line of attack and
paperless”, for example, sounds like a cool
physically take charge of the data-carrying
idea to them. Both also appreciate the
device. Even if the data on the lost or stolen
smaller carbon footprint generated by using
device is never used for malicious means, the
on-line services as much as possible.
very fact that it was misplaced at all, makes
people feel exposed. The encryption of data
3.3.2. Jorge’s smart dentist visit
during transfer may lessen the potential for
the malicious use of same. This also offers It’s Friday morning and after reminding Jorge
some reassurance to those whose data has that he is supposed to sort out his soon-to-
been lost/stolen. However, this is hardly be-expired ID card today, Theresa leaves their
sufficient. apartment on the way to a nearby lawyer’s

20


01I NT R ODUCT I ON
office, where she does some financial book- the Internet. He also wonders whether a
keeping for the small firm of lawyers every copy of his dental records will now be per-
week. manently stored on the dentist’s web portal.
He intends to ask Dr. Bond about this, but
When he’s finished reviewing some course
is not optimistic about a dentist’s knowledge
work, Jorge goes on-line and logs onto the
of data transfer or data storage! “An expla-
Government’s ID-Card website. Though it
nation from the dentist, the Card people or

02
isn’t something he had previously considered
the Internet booking site would be useful,”
(or even thought possible), he selects an
thinks Jorge, “but this system is just so con-

AT S TAK E
TRUSTWORTHINESS
e-ID Card that has the capability to store
venient and I guess my information will be
his health insurance profile and a token to
OK,” he concludes.
access his health record if he so chooses;
which he does, when he realises that having
3.3.3. Theresa’s Memorable Shopping Trip
his medical details readily on-hand may
be useful and time-saving in the long run. After finishing her work on the lawyer’s
After confirming his e-ID choice – a range accounts, Theresa decides to treat herself
of options was available to him – Jorge sets to some retail-therapy in the local Shopping
up an appointment with the National Health Centre. Her grandmother, Helena, will
Care Administration and later goes to their be visiting them for Sunday lunch the
nearest office in his area. At the Services following weekend and Theresa would like
Counter he provides his old ID card and the to buy herself a new outfit to impress her

03
reference number of his on-line reservation. grandmother.
In a matter of minutes, he gets his new e-ID
The RFID tag on her jacket is picked up by

SOCIETAL CONTE XT
TECHNOLOGY IN
Card issued. No weeks and weeks of waiting,
a Reader outside a large department store.
no long queues, and no paperwork to fill
The Reader sends the tag’s serial number to
out.
a Localisation Service, which forwards this
Since he now has his new smart e-ID Card, data to a centralised system that handles
Jorge thinks it may be time for a long overdue consumer-related data for that particular
visit to the dentist. Thanks to one of the useful area.
applications loaded onto the microprocessor
Theresa is oblivious to all this work going
of his Card, Jorge simply inserts the device
on behind the scenes, which involves her
into the card reader on his PC and, via a web
clothing, her location and her mobile phone
browser, selects Dr. Malcolm Bond, a nearby
number. So, when the system recognises
dentist, for his second appointment of the
Theresa and looks up her pre-submitted
04
day.
preferences, the first she knows of this
When the appointment is confirmed, Jorge extensive wireless infrastructure is when

clicks Dental Records Only from a list of she receives a text message on her mobile
options which allows him to decide how phone, offering her a 20% SALE reduction
much of his medical information is shared inside the store.
with the dentist’s web-service provider. This
After making her selection, Theresa hands
will save Dr. Bond the inconvenience of
over her and Jorge’s joint credit card to pay
redoing a complete new set of x-rays; mean-
for her chosen item. The cashier asks her for
ing less time in the dentist’s chair (and less
either her passport or Government-issued
x-ray exposure) for Jorge. Maybe a smaller
ID Card in order to verify her identification.
bill too! Jorge is slightly concerned though,
However, Theresa doesn’t have her ID
about transferring his dental records across
Card with her and she prefers to keep her

21


passport locked in the safe of her apartment. This was the only downside to the couple’s
Her old student ID card is, not surprisingly, trip to Italy, as everything else had gone
unacceptable for this transaction and perfectly during their holiday. Jorge had
therefore, the cashier logs a ‘Potential Fraud’ decided on the spur of the moment to whisk
event on the shop’s payment system. With Theresa away for a quick break and booked
no means to identify herself and, therefore, their flights at the last minute, through an
no way to authenticate her ownership of the on-line holiday web-site. However, he didn’t
credit card she has just presented to the have time to book any accommodation in
cashier, Theresa finds that she is starting to advance – they just packed their bags and
feel very embarrassed in front of the other went to the airport to catch their flight. While
shoppers in the store. She doesn’t realise that waiting in the airport departure lounge,
this little identification/authentication mishap Jorge filled out a ‘hotel preferences’ survey,
is about to get much more upsetting… which was sent to his Internet-enabled
mobile phone from the International Hotel
For security purposes, an alert is sent (via
Group billboard nearby. Jorge did wonder
a web-service) to a credit card clearance
for a second how this message arrived on his
agency, who check the credit card number
mobile phone but didn’t really consider it an
against other potentially fraudulent activities.
invasion of his privacy. “They have some sort
Unfortunately for Theresa, the over-zealous
of laws in place so that big companies can’t
system asserts that there has been another
take advantage of you like that,” someone
possible fraudulent action using this credit
in the university café once told him. “Still
card recently, and the agency informs
though, it would be nice to be able to check,”
the police (again via a web-service). The
he thinks. After checking with Theresa, he
Police Management System accesses the
nonetheless proceeds to also fill in ‘food
Localisation Service to get the location of
preferences’ in the survey.
the consumer and sends two policemen from
the closest office to speak to the hapless Upon landing at the main airport terminal
Theresa. Being a co-signee of the credit card, in Rome, Jorge’s mobile phone beeps with
Jorge is also on his way to the store, having an incoming SMS message and he’s happy
received an SMS message informing him to see he’s been sent a list of hotels and
of the possible criminal activity; generated restaurants that match his preference lists.
by the seemingly comprehensive, but
Through the same Internet interface on the
ultimately disjointed, credit card transaction
mobile phone, the young couple choose
infrastructure.
what seems like a romantic hotel and are
subsequently sent another SMS message
3.3.4. A Very Modern Holiday
informing them that a courtesy car is on its
Luckily, but unknown to Theresa, her and way to pick them up from the airport. After
Jorge’s credit card was not used in any arriving at ‘Casa Della Rosa’, Jorge and
criminal manner recently. Rather, when the Theresa receive a tailored menu, which only
card was used while she and Jorge were on includes dishes that fit with the preferences
a short break in Italy a few weeks previously, filled out by them while they waited to board
the clearance agency automatically added its their flight back in London.
details to a “potentially fraudulent” list. This
As he would again contemplate a few weeks
was because the restaurant where Jorge and
later when allowing his dental records to be
Theresa dined while on holiday had since
sent to the dentist, Jorge wonders about
reported several acts of credit card fraud.
his preferences details (i.e. personal and

22


01I NT R ODUCT I ON
potentially identifying data) being insecurely be constantly comparing the results of her
stored and possibly stolen, but he naively check-ups with other women of her age from
assumes that his data – now apparently various health authorities across the country.
stored someplace in Italy – will not get into
The health service provider says that this
the hands of any market researchers back in
profiling work will help them decide on
London.
risk factors, so that, for example, heart

02
attacks can be predicted more accurately.
3.3.5. Looking After You
And that tailored dietary advice will now

AT S TAK E
TRUSTWORTHINESS
Theresa’s grandmother, Helena, is feeling be offered to Helena too. The gathering of
a little lonely. Since she has had all the such personal information, together with
‘health/well-being’ monitors installed in her the seemingly constant news in the papers
apartment, her family know that they will be and on television of CDs containing personal
alerted if anything happens to her – hence, data being lost and stolen make Helena ill
they don’t call to check on her as much as at ease. Her granddaughter, Theresa, has
they used to. Helena misses them, but the also told her that her health service provider
exchange of videos and photos and multi- is fighting off big cash offers from insurance
media calls help to fill the gaps between companies to access their collected data files.
visits. In the current financial environment, Helena
thinks that these offers must be increasingly
In addition to the emergency motion
tempting and she is now anxious to know the
detectors installed in every room of her

03
real long-term effects of her state-of-the-art
apartment and the inbuilt heart-rate
home-health system.
monitor in her bath, she also has a number

SOCIETAL CONTE XT
TECHNOLOGY IN
of sensors in her kitchen, which can detect Helena thinks about changing her health
gas leaks, smoke and excess water on the service provider. This would mean
floor. Helena has a panic button too that is transferring/sharing all her data – including
linked to the local health care office. She her financial details – with a new provider.
finds the RFID scanners on her fridge and What she doesn’t know, however, is that
cupboards are very useful for managing this will only be possible if the old and new
her grocery shopping. Her subscription to providers have compatible data storage and
a local supermarket’s home delivery service sharing systems. Neither does she know
means that she gets a weekly supply of all who actually controls “her” data now or
the provisions she needs, without having to how exactly it will be used. She phoned her
brave the sometimes inclement weather. current health service provider and was put
04
through to the ironically named ‘Helpline’,
Helena also enjoys her regular ‘Well-Woman’
but automated voices and opportunities to
check-ups, the times of which she manages
upgrade her service were all she heard on

via her on-line health service portal. As well as
the other end of the phone line.
observing what food items she is consuming,
these check-ups also take data from the 3.3.6. The Invisible Office
heart-rate monitors and other sensors that
A few days after the drama with the credit
are installed in her home. However, in spite of
card and the police in the Shopping Centre,
this state-of-the-art care she receives, Helena
Theresa receives an e-mail asking her to
feels slightly uncomfortable with the fact that
submit her CV for a temporary position
her health service provider is gathering up
with a recently-formed company, called
so much information about her. They have
CEANNAIM. Before deciding whether or not
also recently informed her that they will now

23


she will apply for the job, Theresa does some via the company’s HR service portal, she
Internet research on this organisation. doesn’t realise that her new employers have
already built up a profile on her; and that
She discovers that CEANNAIM is a Cloud
she knows little about the work practices
company. It has a network of employees
and expectations of her new pan-European
spread across Europe in various locations. The
co-workers.
employees are essentially sub-contractors,
and each receives a tailored, rolling contract, 3.3.7. Jorge’s Free Ads
which they are obliged to digitally sign before
A few weeks after getting back from their
returning to company HQ. The geographic
short-break in Italy, Jorge begins to receive
location declared by the employee in their
text messages on his mobile phone from
third-party-verified contract determines the
SEIRBHIS, an advertising company, offering
legal and financial jurisdiction for any redress
him discounts at various restaurants located
actions, on behalf of the company or the
in London. At first he simply ignores them,
employee should the need arise.
but after a few days of receiving this ‘spam’,
Being averse to flying, Theresa is encour- he contacts his network provider to try to
aged by the fact that the organisation does find out where these messages are coming
not have any specific physical office space from.
and, therefore, company meetings are held
Once through to the provider’s call centre,
by using on-line conferencing tools provided
an operator informs him that although the
by the Cloud. CEANNAIM’s employees use
messages are originating in the UK, they did
on-line storage for company documents,
not disclose his ‘phone number to any such
a service-based customer-relationship
organisation. The operator asks Jorge if he
management system, and service-based
subscribed to any new services recently and
financial-performance management soft-
Jorge says no, but states that he did reply to
ware.
a survey about hotels and food that he was
Theresa also discovers that employment at sent while at the airport recently. “Ah-ha,”
the company is highly dynamic, i.e. people says the operator, who then proceeds
join and leave on a very short-notice basis. to explain to Jorge that his hotel/food
When a particular skill is needed within the opinions would have been forwarded to a
company, its Human Resources (HR) service marketing firm in his country of destination
scans various on-line community outlets in its (Italy, in this case) who use them to suggest
search for suitable people. Once a number personalised services to incoming visitors.
of possible candidates have been selected While the marketing firm complied with the
from the dedicated employment sites, the privacy statement supplied to Jorge and
HR service proceeds to trawl through various didn’t distribute his preferences data to any
social-networking sites for information on other Italian hotel/food companies, they
their chosen candidates, in order to get a didn’t make any reference to NOT sharing
more rounded picture of its potential future his data with their sister companies around
employees. Europe, including SEIRBHIS, in the UK. “This
is probably how they got your number,”
Theresa is not aware of this invasive social-
concludes the call centre operator.
search and knows that she may join the
company for only a short period of time. Jorge could pursue the matter further and
However, work is scarce and she needs the make a complaint to “someone”, but at this
money. Therefore, she decides to apply for stage he doesn’t even know in which country
the job. As she enters the requested data his and Theresa’s hotel/food-related data is

24


01I NT R ODUCT I ON
stored. Jorge immediately decides to switch calls took place outside of normal office
from the network provider who facilitated hours. Grandmother Helena, would be
this intrusion and vows to never again visit further exposed if an attacker gained
the hotel or restaurant he and Theresa used access to her automated communication
on their holiday since he considers them to with the local supermarket’s home delivery
be complicit in the deceitful chain of events. service. Not to mention her vulnerability if
her health service provider’s database was

02
3.3.8. Epilogue: The Digital Shadow Is
penetrated. If an attacker intercepted both
Cast the suggested dietary advice she receives

AT S TAK E
TRUSTWORTHINESS
In these scenarios and stories, the three from the health service provider and the
characters engage considerably with the list of food automatically generated by her
digital world around them. Therefore, if an smart kitchen, then he could see whether she
attacker were to monitor the data being follows this advice or not. (Her health insurer
transferred and shared from the home PCs may be interested in this alignment.)
and mobile phones of the characters, he The Cloud nature of CEANNAIM, the
would retrieve a significant amount of raw company which invited Theresa to submit her
data about them. CV to them, means that there is much potential
For example, if someone were to access for data protection violations when Theresa
Jorge’s on-line activity, they could see that: does forward her CV. Because CEANNAIM
has employees in various European States,
(1) He booked flights from London to Italy

03
they may need to supply details on all their
recently; workers in each of those States, in order
to establish proper channels of legal and

SOCIETAL CONTE XT
TECHNOLOGY IN
(2) He has ordered a new ID Card, which will
contain his medical information; financial redress. The details supplied by
Theresa herself, as well as the summary of
(3) He had two appointments on certain days her drawn up by CEANNAIM, based on their
at particular addresses (the National Health contentious rummaging around on social
Care Administration office and the dentist’s networking sites, may then be stored in
office). several different jurisdictions around Europe.
The attacker may also discover Jorge’s dental Theresa’s control over and ownership of her
records and associated background medical own data is, thus, compromised. And this is
information. If the same attacker breached even before a security breach of the company
Jorge’s mobile phone records, he would is considered or the level of privacy and data
obtain information about Jorge and Theresa’s protection of the on-line conferencing and
04
favourite foods and the types of hotel they on-line storage tools that they use are taken
stay in, as well as the exact address of their into account.

chosen location in Italy.

What could also be easily discovered about
the couple is that they have a close friend
or family member whom they speak to
regularly; since, if someone was monitoring
Internet traffic, they would see that there are
a number of video calls between the couple
and a particular user. It would be reasonable
to deduce that there is a close relationship
between the two callers, especially if the

25


3.3.9. Super Sleuth Deductions
• An elderly woman named Helena is the
If any would-be attacker were to gain access grandmother of one of them;
to all the raw data made available, both
deliberately and unintentionally, by the • The young couple and Helena are close
characters in the above stories, he may also and get on well;
infer more contextual information about the • Helena doesn’t always follow the dietary
characters, their movements and the rela- advice she is given;
tionships between them; thereby building
up a rich and potentially lucrative profile of • Jorge and Theresa like travelling/Italy;
them. Amongst other details, he may sur- • Theresa is unemployed, but is actively
mise that: seeking work;

• Jorge and Theresa are involved in a
relationship;

26


01
02I NT R ODUCT I ON
04 Towards a Trustworthy Information Society

AT S TAK E
TRUSTWORTHINESS
In the previous chapters we discussed the be controlled by law enforcement due to its
various problems which lay ahead in the global nature.
development of an Information Society, where
Our recommendations focus on positive
widely available digitised communication,
development. Of course we cannot address
data processing and service provisioning
each and every issue discussed above.
is quickly becoming an integral part of our
The future trustworthy Information Society
physical and social lives – i.e. of real life.
will be based on an ecosystem of digital
We discussed stakeholder interests for trust,
communication, data processing and service
including security, resilience, data protection
provisioning, which should respect human
and privacy. We discussed the technology
and societal values and cultures. In our
issues in relation to societal, economic and
recommendations below we focus on some

03
legal consequences to demonstrate that real
major issues that would facilitate or stimulate
progress towards a trustworthy Information
the development of such an ecosystem.

SOCIETAL CONTE XT
TECHNOLOGY IN
Society can only be achieved by taking
account of all perspectives. Indeed, the
4.1. Research and Technology
innovation that provides many opportunities
development
and a wealth of information to citizens is at
risk if sufficient attention is not given to its Our first recommendation focuses on the
socio-economic embedding and acceptance. development of a research agenda for
We examined the subtle balance in our Trustworthy ICT. It should be noted that there
democratic societies between privacy and is a clear continuity here with the existing FP7
personal data protection on the one hand ICT Work-programme 2009-2010 given in
and public interest and legal and contractual section 2.6 of this report. Important research
obligations on the other. We argued for the activities are already implemented, but the
potential of ICT to improve security and extension of these and changes in emphasis
04
privacy simultaneously, without the need should be considered. Four major areas of
for a trade-off in a zero-sum game. We gave attention are proposed following the work

special attention to the fundamental issue of performed by the Working Groups that
creating a common framework to enable the supported RISEPTIS.
federation and interoperability of the various
(1) Security in (heterogeneous) networked,
identity management systems in Europe and
service and computing environments,
beyond.
including the elaboration of security
We see the risk that the pendulum swings challenges for the design of architectures,
too far in the direction of losing trust in protocols and environments that will
the organisation and governance of our constitute future large-scale and globally
society, due to a lack of accountability and networked ICT systems. Specifically, these
transparency, and rampant crime that cannot focus on the emerging future internet; cloud

27


computing; the “Internet of Things” with and opportunistic computing; security in
its mixed mode environments, consisting the presence of scarce resources; security
of diverse computing; communication and of services and content, and of software
storage elements; and, global e-service and data. Many specific aspects need to
infrastructures. The desired characteristics be considered such as; security policy
of dynamic, adaptive, scalable, autonomic compliance, security in dynamic aggregation
control are attractive in abstraction, though as or composition of services, protection of
global-scale systems develop, heterogeneity intellectual property and usability.
(in design, resource types, operational
(2) Trust, Privacy and claims management
policies, etc.) is often, in reality, the attribute
(meta-systems) infrastructures: Public and
that makes systematic end-to-end security a
private trust infrastructures must be pro-
challenge.
vided by trusted new stakeholders, which
This area encompasses virtualisation, the compute trust assurance using diverse trust
Cloud, and private and semi-private spaces; models (e.g. by claims on identity, repu-
realised by service-oriented platforms. It tation, recommendation, frequentation,
requires resilient underlying infrastructures voting). It will require: trust architectures and
in all environments and conditions and new protocols to delegate trust and partial
technologies to realise: ecosystems with key trust; trust instrumentation and high-level
attributes of heterogeneity and scalable scope tools at the end-user stage; cognitive and
for growth; multi-domain security; managing learning instrumentation for trust; and, pro-
heterogeneous computing environments filing services and communities.
and corresponding trust domains.
Privacy infrastructures require the
The trustworthy polymorphic future internet development of protocols, tools to check
is an important instance, requiring security privacy assurance, and multi-identity systems
of the core network and the critical nodes to maintain privacy. At the hardware level, the
through protocols and architectures at a very privacy of personal, sensitive communicating
large scale and a high data rate (embedded devices must be advanced. Important issues
security by design). It is quickly becoming include unobservability, unlinkability through
the most important Critical Infrastructure, search engines or social networks while
demanding strong physical security in bal- enabling personalised services, usability with
ance with privacy. It also requires federated, diversity and ethics.
seamless, transparent and user-friendly secu-
The management of identity claims is at the
rity of the edge networks in smart ecosystems,
core of providing trust. ID claims provision
with interoperability throughout the hetero-
on a wide scale requires that existing and
geneous landscape of access networks.
future identity management systems are
Trustworthy global computing will require interoperable or federated and enable the
contextual security with secure smart integration of privacy, accountability, non-
services in the Cloud for sharing information, repudiation and traceability and the right to
as well as cooperative environments, which oblivion at the design level, in order to provide
enjoy societal acceptance, in order to feel freedom and protection against cyber crime.
in control of the digital ambience. It will Research must focus on technologies and
also require new infrastructures, using ICT standardisation that facilitates this, as well
as a tool to make real world artefacts more as removing the barriers to interoperability,
reliable in the various application sectors. It allows use of multiple authentication devices
will need: resilient, pervasive, self-organised which are applicable for a diversity of services,

28


01I NT R ODUCT I ON
and provides auditing, reporting and access by the Think-Trust project, based on the
control. results of the Working Groups, which will be
used as input to the discussions for upcoming
(3) Underpinning engineering principles
ICT Work-programmes.
to: establish trust, privacy and security in
the digital space and develop measures or Recommendation 1: The EC should stimu-
rating models for it; implement transparency, late interdisciplinary research, technology

02
accountability and privacy properties for development and deployment that address-
the main computing entities and domains; es the trust and security needs in the

AT S TAK E
TRUSTWORTHINESS
develop metrics and tools for quantitative Information Society. The priority areas are:
security assessment and predictive security
• Security in (heterogeneous) networked,
in a complex environment; and, composition
service and computing environments,
and evaluation of large scale systems.
including a trustworthy Future Internet
Under this heading we should also consider
• Trust, Privacy and Identity management
enabling technologies, such as declarative
frameworks, including issues of meta-level
languages, biometry, certification and,
standards and of security assurances com-
certainly, cryptography.
patible with IT interoperability
(4) Data policy, governance and socio-
• Engineering principles and architectures
economic aspects, including policy and
for trust, privacy, transparency and
governance issues related to data process-
accountability, including metrics and

03
ing in the ubiquitous, scale-less Web or
enabling technologies (e.g. cryptography)
Cloud. This will raise the desire to develop

SOCIETAL CONTE XT
TECHNOLOGY IN
technology-invariant security concepts, but • Data and policy governance and related
also issues of liability and compensation. socio-economic aspects, including liability,
compensation and multi-polarity in gov-
In order to deal with the global problems
ernance and its management
of the Future Internet, we need to address
multi-polar governance and security policies
4.2. The interplay of technology,
between a large number of participating and
policy, law and socio-economics
competitive stakeholders. This will include:
mutual recognition security frameworks for The keywords in any vision for the future
competing operators; transparent security Information Society should be trust and
for re-balancing the unfair, unequal face-to- trustworthiness. These concepts have always
face relationship of the end-user in front of been and still are at the heart of our free
04
the network; tools for trust measurement, societies; this is reflected in the European
based on cost-benefit analysis; instruments Charter of Human Rights. They form the
for early detection of attacks; real-time and basis for our communications, transactions

large-scale tests for crisis management and economic and social behaviour in the
procedures. And all this must be done with private, public and privatised space.
economic viability in mind.
We have seen that societal trust – the level
The proposed interdisciplinary research of trust citizens have in other parties and
agenda is summarised in the recommendation the societal organisation as a whole – is an
below. It must include work on a number important condition for economic growth.
of paradigms, including social sciences, European society has a relatively high level
technical engineering and the socio-technical of social trust. Ensuring the continuation
interface. A detailed report is in preparation and enhancement of this in digital life is also

29


likely to have a strong beneficial effect on and semantic interoperability, but where
the digital economy. possible technical interoperability also). In
parallel to this, we see industry sectors (e.g.
The relational and contextual properties
banking) developing their own IdM systems
of trust make it impossible to completely
and within web-based services, there is an
engineer trust in digital life. It will always
emergence of interoperable or federated
depend on emotions, circumstances, and
clusters of systems (e.g. Information Card
personal moods, and it will change with
Foundation38, Liberty Alliance39).
cultures and social environs. Nevertheless,
there are elements which can help to Europe needs a common framework that
establish trust; some based on existing laws allows federation and forms of interoperability
and regulations which can be fully applied (organisational interoperability providing
or made applicable with relatively small business interfaces; semantic interoperability
changes. Building new mechanisms and in the form of common definitions and
tools that help citizens, enterprises and standardisation of data and meta-data,
public organisations to control their assets etc.) between all these systems. Formal
and flow of actions may also contribute to identification as a citizen of a Member State
the establishment of trust. should be possible throughout the EU, with
the State of citizenship being the claim
However, as argued strongly in this report,
provider. To open a bank account, electronic
technology development on its own, without
identification with the “citizen ID token”
strong regard for the societal context,
should be facilitated. Access to health and
economically, socially and legally, will lead to
other public and private services could be
the loss of trust and this will be reflected in
enabled throughout the EU with any token
less economic opportunities and prosperity.
that one has obtained for that purpose,
Recommendation 2: The EC should support anywhere within the EU.
concrete initiatives that bring together
This common framework should encompass
technology, policy, legal and social-economic
a design that guarantees the principles of
actors for the development of a trustworthy
privacy, minimal data disclosure, proportion-
Information Society. (The Partnership for
ality and other general principles laid down
Trust in Digital Life36 could be a first step.)
in the EU legal framework.

4.3. A common European At the same time, we need to ensure
framework for Identity reasonable instruments for forensic analysis
management are available, which will not only provide
possibilities for the traceability of illegal
An essential element for ensuring a
behaviour, but also for proving one’s
trustworthy Information Society is a framework
innocence (e.g. when a botnet downloads
for authentication and claim management,
illegal content on a PC of a citizen without
including governmental eID systems. Trust
their knowledge). The eIdM framework must
is built primarily on information about
include regulations and tools for anonymity,
the other party in any relationship. Such
accountability, transparency, auditing and
a framework is needed for accountability,
law enforcement.
non-repudiation and transparency. Many EU
Member States are currently in the process The Commission has proposed the devel-
of developing their own ID card systems. opment of European Large Scale Actions,
The STORK37 project is working towards on e-Identity, in its Communication40. Mem-
achieving interoperability (organisational bers of RISEPTIS have developed a roadmap

36
http://trustindigitallife.eu/Home%20Page.html
37
http://www.eid-stork.eu/
38
http://informationcard.net/
39
http://www.projectliberty.org/
40
COM (2009)116: A Strategy for ICT R&D and Innovation in Europe: Raising the Game
30


01I NT R ODUCT I ON
which details actions to be taken to achieve devices, reputation systems, etc.), as well
a common European framework. This will as Art 3.3 of Directive 1999/5 [Directive on
be presented in a follow-up report on ‘RTD radio equipment and telecommunications
and Infrastructures’ and will be based on terminal equipment and the mutual recog-
the Think-Trust Working Groups results. nition of their conformity, 1999/5/EC, OJ L
The importance of such a framework for the 91, 7.4.1999, p. 10]. The relationship with
successful development of a trustworthy COM(2007)228 [Communication on Promot-

02
Information Society can hardly be underesti- ing Data Protection by Privacy Enhancing
mated and should be given high priority. Technologies (PETs), COM(2007)228] on Pri-

AT S TAK E
TRUSTWORTHINESS
vacy Enhancing Technologies should also be
Recommendation 3: The EC, together with
considered, as well as the international con-
the Member States and industrial stake-
text, applicable law, jurisdictional problems
holders, must give high priority to the
and cross-border data flows (especially in
development of a common EU framework
relation to the developing Cloud).
for identity and authentication manage-
ment that ensures compliance with the legal Development of the legal aspects should
framework on personal data protection and be part of an overall policy that should be
privacy and allows for the full spectrum closely interlinked to technology progress.
of activities from public administration or This would enable more efficient reaction. It
banking with strong authentication when should lead to the creation of an environment
required, through to simple web activities of technology-embodied law for a digitised

03
carried out in anonymity. constitutional democracy, stimulating
the development of technical tools and

SOCIETAL CONTE XT
TECHNOLOGY IN
4.4. Further development of instruments to support implementation and
EU legal Framework for data acceptance by both industry and citizens.
protection and privacy Continuity, usability, trustworthiness and
user-centric privacy protection are essential
Discussions are ongoing on further develop-
parts of such policy.
ing the EU legal framework for data protection
and privacy. In the proposed Directive41, man- Recommendation 4: The EC should work
datory data breach notification has already towards the further development of the EU
been extended. Researchers42 have ques- data protection and privacy legal frameworks
tioned the completeness of the definition of as part of an overall consistent ecosystem
personal data, in relation to location-based of law and technology that includes all
information and profiling. Technology devel- other relevant frameworks, instruments and
04
opments in data linking suggest that in the policies. It should do so in conjunction with
future any data may become personal data research and technology developments.
at some point in time. For the future, one

might need to bring in further elements that 4.5. Large scale innovation
can strengthen the accountability of data projects
controllers and develop tools to enhance
It has been argued that Europe is in a strong
transparency in data processing. The rela-
position to take a lead in trust and security
tionship with other policy frameworks must
technology development and innovation. Its
hereby be taken into account; in particular,
current level of long-established social trust,
the relationship with consumer law and lia-
its scientific and technological capacities
bility for products and services that collect
and its well-developed industrial and service
and process data (web community serv-
structures all provide an excellent starting
ices, personalised services, identification

41
Proposal for a Regulatory framework for Electronic communication networks and services
42
Rannenberg, K. Royer, D. and Deuker, A The Future of Identity in the Information Society, Springer 2009

31


point for large forward momentum. However, 4.6. International cooperation
substantial and coherent European large-
The Internet and Web form a global
scale projects, which take full advantage
infrastructure for communication, data
of these European strengths, need to
processing and service provisioning. For these
be targeted. The previously mentioned
to be most effective it is necessary to consider
common framework for electronic identity
the global consequences of the actions taken
management is one example that needs
in Europe. Explicit steps should be taken
strong commitment from all Member States
to reach an international understanding,
and industrial stakeholders. There are also
cooperation and interoperability, and to work
other instances – for example, European
at joint international measures and standards
citizens are very active in social networks on
on governance, anti-crime measures, identity
the Web and further development of these
management, security and other relevant
networks, paying full attention to privacy
topics.
requirements and interoperability and
developing business models that stimulate The world currently comprises (blocs of)
the creation of services in such networks, nations with their own jurisdictions, and with
would fit well into European culture and agreements on the movement of persons
expertise. and the exchange of data and goods from
one nation to the other. For example,
Europe should develop a techno-legal
international or bilateral agreements exist on
ecosystem for trust, security and privacy that
the acceptance of passports satisfying certain
should be amenable to global cooperation,
data formats, goods that are compliant with
boost European growth and provide a solid
import/export law, etc. Geopolitical power
basis for international cooperation. Relevant
prevails on the basis of existing frontiers and
topics to start with could be: European
international law, with this recognition being
data processing in the Cloud; a services
critical for global stability. The Internet,
platform with the EU’s legal framework and
however, introduces political and business
governance infrastructure; next-generation
entities that do not adhere to these rules.
social networks, taking account of
Electronic (business) transfers can easily
interoperability and privacy; EU-wide, legally
go from one country to another without
accepted electronic documents, usable on
consideration of any change in jurisdiction
different media, including paper. There will
and often with the consumer being unaware
also be others, related to innovative services
of such activities. Law enforcement in the
and aiming at broad inclusion of all societal
digital world is hampered by an inability
groups in Web activities.
to bring the concerned parties to court.
Recommendation 5: The EC together with In addition, the information stored on a
industrial and public stakeholders should person’s mobile device in one country may be
develop large-scale actions towards build- considered illegal if the person is in another
ing a trustworthy Information Society which country. The spread of the virtual personal
make use of Europe’s strengths in com- space over various geopolitical and judiciary
munication, research, legal structures and entities leads to problems which are not yet
societal values - for example, a Cloud which sufficiently thought through.
complies with European law.
Introducing geographical and temporal
information in digital space may be part of
the solution, but international and bilateral
agreements between states will be the

32


01I NT R ODUCT I ON
main tools which will create semantic and Recommendation 6: The EC should recog-
organisational interoperability between nise that, in order to be effective, it should
national policies and infrastructures. It is address the global dimension and foster
important in this search for solutions not engagement in international discussions, as
to break the Internet/Web infrastructure a matter of urgency, to promote the devel-
into separately controlled pieces, since this opment of open standards and federated
would lessen its role as a global information frameworks for cooperation in developing

02
network, as well as lowering its potential for the global Information Society.
innovation.

AT S TAK E
TRUSTWORTHINESS
03
SOCIETAL CONTE XT
TECHNOLOGY IN
04

33

Riseptis report 1

More Related Content

What's hot (19)

Viewers also liked (20)

Similar to Riseptis report 1 (20)

More from vafopoulos (8)

Riseptis report 1