Privacy Enhancing Technologies


Privacy Enhancing Technologies (PET) is a general term for a set of computer tools, applications and mechanisms which, when integrated in online services or applications, or when used in conjunction with such services or applications, or Privacy models - allow online User to protect the privacy of their Personally Identifiable Information (PII) provided to and handled by such services or applications.

Some of the items often implemented within Privacy Enhancing Technologies are:

Privacy Enhancing Technologies's goal is placing the responsibility related to their Personal data that is sent to, and used by, online service providers, merchants or other users.

PETs aim at allowing users to take one or more of the following actions related to their Personal data sent to, and used by, online service providers, merchants or other users:

  • increase control over their personal data sent to, and used by, online service providers and merchants (or other online users) (self-determination)
  • data minimisation: minimise the personal data collected and used by service providers and merchants
  • choose the degree of anonymity (e.g. by using pseudonyms, anonymisers or anonymous data credentials)
  • choose the degree of linkability (e.g. by using multiple virtual identities)
  • achieve Informed Consent about giving their personal data to online Service Providers and merchants
  • provide the possibility to negotiate the terms and conditions of giving their personal data to online service providers and merchants (data handling/privacy policy negotiation).[1] In Privacy Negotiations, consumers and service providers establish, maintain, and refine privacy policies as individualised agreements through the ongoing choice amongst service alternatives. In incentivised privacy negotiations, the transaction partners may additionally bundle the personal information collection and processing schemes with monetary or non-monetary rewards.[2]
  • provide the possibility to have these negotiated terms and conditions technically enforced by the infrastructures of online service providers and merchants (i.e. not just having to rely on promises, but being confident that it is technically impossible for service providers to violate the agreed upon data handling conditions)
  • provide the possibility to remotely audit the enforcement of these terms and conditions at the online service providers and merchants (assurance)
  • data tracking: allow users to log, archive and look up past transfers of their personal data, including what data has been transferred, when, to whom and under what conditions facilitate the use of their legal rights of data inspection, correction and deletion

Privacy Enhancing Technologies Examples include #

Privacy Enhancing Technologies Examples include:

Communication-anonymizing tools [2]#

Communication anonymizing tools allow users to anonymously browse the web (with Tor) or anonymously share content (Freenet). They employ a number of cryptographic techniques and security protocols in order to ensure their goal of anonymous communication. Both systems use the property that numerous users use the system at the same time which provides k-anonymity (Sweeney 2002): no individual can be uniquely distinguished from a group of size k, for large values for k. Depending on the system, the value of k can vary between a few hundred to hundreds of thousands. In Tor, messages are encrypted and routed along numerous different computers, thereby obscuring the original sender of the message (and thus providing anonymity). Similarly, in Freenet content is stored in encrypted form from all users of the system. Since users themselves do not have the necessary decryption keys, they do not know what kind of content is stored, by the system, on their own computer. This provides plausible deniability and privacy. The system can at any time retrieve the encrypted content and send it to different Freenet users.

Communication-anonymizing tools such as

  • Tor (Dingledine, Mathewson, & Syverson 2004) and Freenet (Clarke et al. 2001),
  • identity-management systems for which many commercial software packages exist (see below).

Privacy enhancing technologies also have their downsides. For example, Tor, the tool that allows anonymized communication and browsing over the Internet, is susceptible to an attack whereby, under certain circumstances, the anonymity of the user is no longer guaranteed (Back, Möller, & Stiglic 2001; Evans, Dingledine, & Grothoff 2009).

Freenet (and other tools) have similar problems (Douceur 2002). Note that for such attacks to work, an attacker needs to have access to large resources that in practice are only realistic for intelligence agencies of countries. However, there are other risks. Configuring such software tools correctly is difficult for the average user, and when the tools are not correctly configured anonymity of the user is no longer guaranteed. And there is always the risk that the computer on which the privacy-preserving software runs is infected by a Trojan horse (or other digital pest) that monitors all communication and knows the identity of the user.

Data anonymization[2]#

Another option for providing anonymity is the anonymization of data through special software. Tools exist that remove patient names and reduce age information to intervals: the age 35 is then represented as falling in the range 30–40. The idea behind such anonymization software is that a record can no longer be linked to an Natural Person, while the relevant parts of the data can still be used for scientific or other purposes. The problem here is that it is very hard to anonymize data in such a way that all links with an individual are removed and the resulting anonymized data is still useful for research purposes. Researchers have shown that it is almost always possible to reconstruct links with individuals by using sophisticated statistical methods (Danezis, Diaz, & Troncoso 2007) and by combining multiple databases (Anderson 2008) that contain personal data. Techniques such as k-anonymity might also help to generalize the data enough to make it unfeasible to de-anonymize data (LeFevre et al. 2005).

More Information#

There might be more information for this subject on one of the following: