Overview#Privacy Enhancing Technologies (PET) is a general term for a set of computer tools, applications and mechanisms which, when integrated in online services or applications, or when used in conjunction with such services or applications, or Privacy models - allow online User to protect the privacy of their Personally Identifiable Information (PII) provided to and handled by such services or applications.
Some of the items often implemented within Privacy Enhancing Technologies are:
Privacy Enhancing Technologies's goal is placing the responsibility related to their Personal data that is sent to, and used by, online service providers, merchants or other users.
PETs aim at allowing users to take one or more of the following actions related to their Personal data sent to, and used by, online service providers, merchants or other users:
- increase control over their personal data sent to, and used by, online service providers and merchants (or other online users) (self-determination)
- data minimisation: minimise the personal data collected and used by service providers and merchants
- choose the degree of anonymity (e.g. by using pseudonyms, anonymisers or anonymous data credentials)
- choose the degree of linkability (e.g. by using multiple virtual identities)
- achieve Informed Consent about giving their personal data to online Service Providers and merchants
- provide the possibility to have these negotiated terms and conditions technically enforced by the infrastructures of online service providers and merchants (i.e. not just having to rely on promises, but being confident that it is technically impossible for service providers to violate the agreed upon data handling conditions)
- provide the possibility to remotely audit the enforcement of these terms and conditions at the online service providers and merchants (assurance)
- data tracking: allow users to log, archive and look up past transfers of their personal data, including what data has been transferred, when, to whom and under what conditions facilitate the use of their legal rights of data inspection, correction and deletion
Communication-anonymizing tools such as
- Tor (Dingledine, Mathewson, & Syverson 2004) and Freenet (Clarke et al. 2001),
- identity-management systems for which many commercial software packages exist (see below).
Privacy enhancing technologies also have their downsides. For example, Tor, the tool that allows anonymized communication and browsing over the Internet, is susceptible to an attack whereby, under certain circumstances, the anonymity of the user is no longer guaranteed (Back, Möller, & Stiglic 2001; Evans, Dingledine, & Grothoff 2009).
Freenet (and other tools) have similar problems (Douceur 2002). Note that for such attacks to work, an attacker needs to have access to large resources that in practice are only realistic for intelligence agencies of countries. However, there are other risks. Configuring such software tools correctly is difficult for the average user, and when the tools are not correctly configured anonymity of the user is no longer guaranteed. And there is always the risk that the computer on which the privacy-preserving software runs is infected by a Trojan horse (or other digital pest) that monitors all communication and knows the identity of the user.patient names and reduce age information to intervals: the age 35 is then represented as falling in the range 30–40. The idea behind such anonymization software is that a record can no longer be linked to an Natural Person, while the relevant parts of the data can still be used for scientific or other purposes. The problem here is that it is very hard to anonymize data in such a way that all links with an individual are removed and the resulting anonymized data is still useful for research purposes. Researchers have shown that it is almost always possible to reconstruct links with individuals by using sophisticated statistical methods (Danezis, Diaz, & Troncoso 2007) and by combining multiple databases (Anderson 2008) that contain personal data. Techniques such as k-anonymity might also help to generalize the data enough to make it unfeasible to de-anonymize data (LeFevre et al. 2005).
More Information#There might be more information for this subject on one of the following:
- Attribute references
- Data anonymization
- Federated Identity
- Glossary Of LDAP And Directory Terminology
- Incremental authorization
- Life Management Platform
- MBUN number
- Privacy Considerations
- Web Blog_blogentry_231015_1