Towards contractual agreements for revocation of online data

Theodor Schnitzler, Markus Dürmuth, Christina Poepper

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Once personal data is published online, it is out of the control of the user and can be a threat to users’ privacy. Retroactively deleting data after it has been published is notoriously unreliable due to the distributed and open nature of the Internet. Cryptographic approaches implementing data revocation address this problem, but have serious limitations when considering practical deployment, and they have not been broadly adopted. In this paper, we tackle the problem of data revocation from a different perspective by examining how contractual agreements can be applied to create incentives for providers to conform to expiration regulations. Specifically, we propose a protocol to automate the handling of data revocation. We have implemented a prototype smart contract on a local Ethereum blockchain to demonstrate the feasibility of our approach. Our approach has distinct advantages over existing proposals: It can deal with a wide spectrum of revocation conditions, it can be applied retroactively after data has been published, and it does not require additional effort for users accessing the published data. It thus constitutes an interesting, novel approach to data revocation.

Original languageEnglish (US)
Title of host publicationICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings
EditorsGurpreet Dhillon, André Zúquete, Fredrik Karlsson, Karin Hedström
PublisherSpringer New York LLC
Pages374-387
Number of pages14
ISBN (Print)9783030223113
DOIs
StatePublished - Jan 1 2019
Event34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019 - Lisbon, Portugal
Duration: Jun 25 2019Jun 27 2019

Publication series

NameIFIP Advances in Information and Communication Technology
Volume562
ISSN (Print)1868-4238

Conference

Conference34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019
CountryPortugal
CityLisbon
Period6/25/196/27/19

Fingerprint

Personal data
Threat
Prototype
Incentives
Privacy
World Wide Web

ASJC Scopus subject areas

  • Information Systems and Management

Cite this

Schnitzler, T., Dürmuth, M., & Poepper, C. (2019). Towards contractual agreements for revocation of online data. In G. Dhillon, A. Zúquete, F. Karlsson, & K. Hedström (Eds.), ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings (pp. 374-387). (IFIP Advances in Information and Communication Technology; Vol. 562). Springer New York LLC. https://doi.org/10.1007/978-3-030-22312-0_26

Towards contractual agreements for revocation of online data. / Schnitzler, Theodor; Dürmuth, Markus; Poepper, Christina.

ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. ed. / Gurpreet Dhillon; André Zúquete; Fredrik Karlsson; Karin Hedström. Springer New York LLC, 2019. p. 374-387 (IFIP Advances in Information and Communication Technology; Vol. 562).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Schnitzler, T, Dürmuth, M & Poepper, C 2019, Towards contractual agreements for revocation of online data. in G Dhillon, A Zúquete, F Karlsson & K Hedström (eds), ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. IFIP Advances in Information and Communication Technology, vol. 562, Springer New York LLC, pp. 374-387, 34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019, Lisbon, Portugal, 6/25/19. https://doi.org/10.1007/978-3-030-22312-0_26
Schnitzler T, Dürmuth M, Poepper C. Towards contractual agreements for revocation of online data. In Dhillon G, Zúquete A, Karlsson F, Hedström K, editors, ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. Springer New York LLC. 2019. p. 374-387. (IFIP Advances in Information and Communication Technology). https://doi.org/10.1007/978-3-030-22312-0_26
Schnitzler, Theodor ; Dürmuth, Markus ; Poepper, Christina. / Towards contractual agreements for revocation of online data. ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. editor / Gurpreet Dhillon ; André Zúquete ; Fredrik Karlsson ; Karin Hedström. Springer New York LLC, 2019. pp. 374-387 (IFIP Advances in Information and Communication Technology).
@inproceedings{b401198f0274417694d190341eefbb04,
title = "Towards contractual agreements for revocation of online data",
abstract = "Once personal data is published online, it is out of the control of the user and can be a threat to users’ privacy. Retroactively deleting data after it has been published is notoriously unreliable due to the distributed and open nature of the Internet. Cryptographic approaches implementing data revocation address this problem, but have serious limitations when considering practical deployment, and they have not been broadly adopted. In this paper, we tackle the problem of data revocation from a different perspective by examining how contractual agreements can be applied to create incentives for providers to conform to expiration regulations. Specifically, we propose a protocol to automate the handling of data revocation. We have implemented a prototype smart contract on a local Ethereum blockchain to demonstrate the feasibility of our approach. Our approach has distinct advantages over existing proposals: It can deal with a wide spectrum of revocation conditions, it can be applied retroactively after data has been published, and it does not require additional effort for users accessing the published data. It thus constitutes an interesting, novel approach to data revocation.",
author = "Theodor Schnitzler and Markus D{\"u}rmuth and Christina Poepper",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-22312-0_26",
language = "English (US)",
isbn = "9783030223113",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer New York LLC",
pages = "374--387",
editor = "Gurpreet Dhillon and Andr{\'e} Z{\'u}quete and Fredrik Karlsson and Karin Hedstr{\"o}m",
booktitle = "ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings",

}

TY - GEN

T1 - Towards contractual agreements for revocation of online data

AU - Schnitzler, Theodor

AU - Dürmuth, Markus

AU - Poepper, Christina

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Once personal data is published online, it is out of the control of the user and can be a threat to users’ privacy. Retroactively deleting data after it has been published is notoriously unreliable due to the distributed and open nature of the Internet. Cryptographic approaches implementing data revocation address this problem, but have serious limitations when considering practical deployment, and they have not been broadly adopted. In this paper, we tackle the problem of data revocation from a different perspective by examining how contractual agreements can be applied to create incentives for providers to conform to expiration regulations. Specifically, we propose a protocol to automate the handling of data revocation. We have implemented a prototype smart contract on a local Ethereum blockchain to demonstrate the feasibility of our approach. Our approach has distinct advantages over existing proposals: It can deal with a wide spectrum of revocation conditions, it can be applied retroactively after data has been published, and it does not require additional effort for users accessing the published data. It thus constitutes an interesting, novel approach to data revocation.

AB - Once personal data is published online, it is out of the control of the user and can be a threat to users’ privacy. Retroactively deleting data after it has been published is notoriously unreliable due to the distributed and open nature of the Internet. Cryptographic approaches implementing data revocation address this problem, but have serious limitations when considering practical deployment, and they have not been broadly adopted. In this paper, we tackle the problem of data revocation from a different perspective by examining how contractual agreements can be applied to create incentives for providers to conform to expiration regulations. Specifically, we propose a protocol to automate the handling of data revocation. We have implemented a prototype smart contract on a local Ethereum blockchain to demonstrate the feasibility of our approach. Our approach has distinct advantages over existing proposals: It can deal with a wide spectrum of revocation conditions, it can be applied retroactively after data has been published, and it does not require additional effort for users accessing the published data. It thus constitutes an interesting, novel approach to data revocation.

UR - http://www.scopus.com/inward/record.url?scp=85068225352&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85068225352&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-22312-0_26

DO - 10.1007/978-3-030-22312-0_26

M3 - Conference contribution

AN - SCOPUS:85068225352

SN - 9783030223113

T3 - IFIP Advances in Information and Communication Technology

SP - 374

EP - 387

BT - ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings

A2 - Dhillon, Gurpreet

A2 - Zúquete, André

A2 - Karlsson, Fredrik

A2 - Hedström, Karin

PB - Springer New York LLC

ER -