| Biographies
| Abstracts & Slides
|
Thomas
Benz, PTV
Thomas Benz graduated from the University of Karlsruhe with a Diploma in
Mechanical Engineering. Having worked as a research assistant at the
Institute for Transportation Studies at the University of Karlsruhe he
received a PhD in Civil Engineering from the University of Karlsruhe.
Since then he has worked continuously in the field of ADAS/IVI starting
with PROMETHEUS. Today, he is responsible for ADAS/IVI applications and
micro-simulation at PTV Planung Transport Verkehr AG in Karlsruhe,
Germany. He has been involved in various consultancy and research
projects on the national and international level. |
ITS Applications and Privacy
See the joint presentation abstracts and slides below. |
Caspar Bowden, Chief Privacy Adviser, Microsoft EMEA
Caspar Bowden is Chief Privacy Adviser for Microsoft in Europe, Middle-East
and Africa. His goal is to ensure that users of Microsoft products and
services are in control of their personal data and that fair
information practices are respected. He is a specialist in data
protection policy, privacy enhancing technology research, identity
management and authentication. He was formerly director of the
Foundation for Information Policy Research, an independent think-tank
that studies the interaction between computers and society, and
promotes public understanding and dialogue between UK and European
civil society and policy-makers in the fields of e-commerce, copyright,
law enforcement and national security, e-government, cryptography and
digital signatures. He was appointed expert adviser to the UK
parliament for the passage of three bills concerning privacy issues,
and was co-organizer of the influential Scrambling for Safety public
conferences on UK encryption and surveillance policy. His previous
career over two decades ranged from investment banking (proprietary
trading risk-management for option arbitrage), to software engineering
(graphics engines and cryptography), including work for Goldman Sachs,
Microsoft Consulting Services, Acorn, Research Machines, and IBM. |
Why Policymakers Are Ambivalent about Radical PETs
Certain categories of Privacy Enhancing Technology allow fulfillment of
functional application scenarios whilst simultaneously requiring
processing of very little or zero personal data, typically using
counter-intuitive techniques from cryptography. In principle such
designs ought to be very attractive to policymakers because they give
radical effect to the minimization principle of Data Protection law.
However, personal data is sought after by parties other than the data
controller (typically for law enforcement or policy analysis), and
utilizing techniques for radical data minimization would imply that
„freestanding“ Data Protection and human rights justification for
„blanket“ collection of such data is necessary. This talk will examine
this controversy from Council of Europe R.87 (1987) to the present day
in both a legal and technical context. |
Emilio Davila Gonzalez, European Commission
Emilio Davila Gonzalez graduated as a Telecommunication Engineer from the Polytechnic University of Madrid and holds a Degree in Law from the Spanish Open University. Since 2002 he has worked in the ICT for Transport unit within Directorate General for Information Society and Media, as Research Project Officer. He follows closely the standardisation activities related to Intelligent Transport Systems. He is also involved in the eCall initiative and the privacy implications of cooperative systems. Prior to this, he worked within Directorate General for Research in the programme supporting SMEs participation in the RTD Community Framework Programme. Before joining the European Commission, he set up and directed the liaison office in Brussels for the Spanish Association for New Technologies, AENTEC. | ITS and Privacy: Commission Actions
This talk will present an overview of the strategic plans of the European Commission regarding Intelligent Transportation Systems (ITS) and the role of privacy in the ITS action plan.
Slides  |
Claudia Diaz, Katholieke Universiteit Leuven
Claudia Diaz received her master degree in Telecommunications Engineering at the University of Vigo (Spain), and her Ph.D. in engineering at the Katholieke Universiteit Leuven (Belgium). She is currently a post-doctoral researcher at the K.U.Leuven group COSIC (Computer Security and Industrial Cryptography). Her research is broadly focused on the topic of Privacy Enhancing Technologies, and she has published widely on topics including anonymous communications, anonymity metrics, steganographic file systems, and traffic analysis. She has organized several workshops including the 8th Privacy Enhancing Technologies Symposium, and has served as reviewer in nearly forty program committees and journals. She is an associate editor of the journal of Identity in the Information Society (IDIS), a member of the Advisory Board of the Privacy Enhancing Technologies Symposium (PETS), and a member of the Scientific Committee of the Computers, Privacy and Data Protection (CPDP) Conference. |
Workshop Summary: Identified Challenges
The conclusions are presented from an overall analysis of the topics covered in the workshop.
Slides |
Peter Eckersley, Electronic Frontier Foundation
Peter Eckersley is a Senior Staff Technologist at the Electronic Frontier Foundation. His research interests include privacy enhancing technologies, digital copyright and alternatives to digital copyright, network neutrality and network testing, censorship circumvention. Peter's recent privacy projects include the Panopticlick browser fingerprinting experiment, the HTTPS Everywhere Firefox extension, and EFF white papers on location privacy and surveillance self-defence. |
|
Hannes Federrath, Universität Regensburg, General Chair of PET Symposium
From 1989-1994 Hannes Federrath studied computer science and earned a Ph. D. degree from Dresden University of Technology in 1998. He worked as a researcher in the group on Information and coding theory at Dresden University of Technology from 1994-1999. Between September 1999 and August 2000 he was a guest researcher at the International Computer Science Institute. Between September 2000 and August 2001 he was a guest professor, and until March 2003 he served as the head of the working group on IT-Security at Freie University Berlin, Department of Computer Science in Germany. Since April 2003 he is a full professor at University Regensburg. | |
Johann-Christoph Freytag, Humboldt Universität zu Berlin
Johann-Christoph Freytag is currently full professor for
databases and information systems at the Computer Science Department of the
Humboldt-Universitaet zu Berlin, Germany. Before joining the department in 1994,
he was a research staff member at the IBM Almaden Research Center (1985-1987),
a researcher at the European Computer Industry Research Centre (ECRC, in
Munich, Germany, 1987-1989), and the head of Digital's Database Technology
Center (also in Munich, 1990-1993). He holds a Ph.D. in Applied Mathematics/Computer
Science from Harvard University, MA.
|
Welcome to Workshop
A brief introduction to Humboldt University, the workshop organisers, PRECIOSA partners, PRECIOSA sponsors, and the workshop agenda.
Slides
Motivation
Introduction to Motivation session
Slides
Making Data Private
In this presentation, a brief introduction is provided on how to keep
data private in a DBMS context. There are different techniques that can be
applied. The focus will mainly be on those used in the PRECIOSA project.
Slides |
Christophe Geuens, Katholieke Universiteit Leuven
Christophe Geuens (°1982) obtained his law degree at K.U.Leuven in 2007. His main field of expertise is liability law, contract law and privacy and data protection law. Currently he is working on projects related to Intelligent Transport systems and Automotive Applications. He is active on FP7-EVITA that is aiming at developing a secure on-board architecture. He is also active in IBBT-Mobiroute that aims to develop an adaptive multi-modal route planner. Since 2008 he has been participating in the eSecurity Working Group of the eSafety Forum. |
Requirements from the Legal Framework
This will deal with the ITS Legal Framework. The current status of the framework will be discussed. The current framework lacks harmonization and issues resulting from this lack of harmonization will be indicated. Attention will also be paid to the proposal for an ITS-Directive that is currently discussed at the European level.
Slides |
Peter Jesty, E-FRAME
Peter Jesty has been working in the field of ITS since the start of the FP2 DRIVE I R&D programme in 1989. His initial work in functional safety required him to gain a knowledge of all the applications and services being considered, and this led naturally to an additional interest in ITS Architectures. He was a member of the KAREN project that created the European ITS Framework (FRAME) Architecture (2000), and then of the FRAME-S project which disseminated its use throughout the EU. He is a member of the FRAME Team that maintains the FRAME Architecture, and is currently the coordinator of the FP7 project E FRAME whose objective is to promote the deployment of cooperative systems through the use of the FRAME Architecture. |
Privacy as a Requirement in ITS Applications
The FRAME Architecture comprises a set of User Needs and a Functional Viewpoint and encompasses most of the ITS applications and services that have been considered for implementation across the EU. At the higher levels of abstraction privacy is normally considered to be a non-functional requirement, but at the lower-levels there will be a number of functions to support this attribute. This presentation will address the issue of to what degree should one expect to see privacy in a high-level ITS Architecture such as the FRAME Architecture, and those architectures derived from it.
Slides
|
Christophe Jouvray, TRIALOG
Christophe Jouvray has more than 10 year experience in embedded systems and engineering process for embedded systems. He is currently involved in the development of security, trust and privacy metamodels for embedded systems. Prior to joining Trialog, he was with CEA List (a French laboratory specialized in real-time embedded system modeling) and at IEF (Fundamental Electronic Institute at Orsay University) where he worked on (i) real-time embedded modeling, (ii) software component approaches, and (iii) middleware and execution platform. He holds a PhD from University of Orsay. His PhD thesis was on the support of model driven engineering for intelligent sensors.
|
The Promise of Model Driven Engineering
Models facilitate the abstraction of a complex problem to a simpler view. Model-Driven Engineering is becoming widely used in application development. This presentation will focus mainly on the use of the model-based approach for privacy issues.
Slides |
Frank Kargl, Universiteit Twente
Frank Kargl is an associate professor in the Distributed and Embedded Security (DIES) research group at the University of Twente, Netherlands. He holds a doctorate degree (Dr.rer.nat.) and diploma in informatics (Dipl.-Inf.) from Ulm University, Germany. For more than five years, he has been actively involved in research on security and privacy of intelligent transportation systems, and especially V2X communication through pan-European projects like SeVeCom (FP6) and PRECIOSA (FP7). He also contributes to standardization and deployment preparation of such systems, e.g., in the Car-2-Car Communication Consortium (C2C-CC) and ETSI. |
Challenges and the Road Ahead
Design, standardization, and deployment of ITS and V2X systems is making rapid progress. However, there is often no general consensus regarding questions of protecting personal data and private information in such systems. One such issue is the use of pseudonyms in V2X and whether they should be resolvable or not. This talk aims to highlight some of those aspects and point out what challenges need to be solved in order to make ITS and V2X fulfil the promise of traffic safety, efficiency, and enhanced driver comfort without introducing a Big Brother on wheels.
Slides
|
Lina Konstantinopoulou, ERITCO
Lina
Konstantinopoulou, joined ERTICO in November 2008 as a Project Manager.
At ERTICO, she coordinated the DEPN sub-project of the FP6 CVIS and the
FP7 CITYLOG project. She received a BA (Hons) in European Economics and a
Masters degree in Economics of International Trade & European
Integration from the University of Staffordshire, UK. Lina previously
worked for the Institute of Communications & Computer Systems (ICCS)
of the National Technical University of Athens as EU Project Manager
for three years, and at the secretariat and public relations office of
ITS HELLAS non profit organisation. Her research interest focuses on the
cost benefit analysis and deployment issues of ITS and cooperative
systems.
| ITS Applications and Privacy
The deployment of intelligent
transport systems has been somewhat slower
than anticipated. This has not been caused only by technological
limitations. It is rather because of non-technical concerns such as
institutional issues and commercial considerations. One of the
objectives of the CVIS project and especially the DEPN (Deployment
enablers) sub-project is to ensure that the core technologies and
applications are fundamentally deployable and that non-technical issues
have been identified and their potential impact on deployment described
along with recommendations as to how these issues could be addressed.
This presentation underlines these potential non-technical barriers or
risks to deployment as studied in the CVIS project with a focus on the
security and privacy issues and puts in place recommendations for them
for the future.
Slides
The CVIS application which was selected to be
implemented within the PRECIOSA framework will be presented. It will be
demonstrated that a seemingly privacy-critical application is
best-suited as a candidate to technically achieve privacy. The selection
of the COMO application will be described and the technical details
will be provided with a special focus on privacy issues.
Slides |
Martin Kost, Humboldt Universität zu Berlin
Martin Kost is a Ph.D. student with the Database and Information Systems Group at Humboldt-Universität zu Berlin. Between 2006 and 2007 he lead project DESWAP (Development Environment for Semantic Web APplications). The DESWAP system is primarily used for component-based system development applying Semantic Web technologies. One important goal was to develop a tool that seamlessly integrates with common software development processes. In March 2008 Martin Kost joined the EU-funded project PRECIOSA.
In his PhD thesis Martin Kost focuses on the application of semantic technologies and technologies from software engineering to investigate new mechanisms for protecting privacy in cooperative Intelligent Transportation Systems and (distributed) database management systems.
He holds a diploma in informatics (Dipl.-Inf.) from Humboldt-Universität zu Berlin in 2006. |
Privacy Analysis
In many European countries, legislative bodies usually define privacy requirements. Data protection supervisors are responsible for implementing and monitoring such privacy requirements in evolving application domains, such as ICT. In general, different stakeholders specify (high level) application requirements in ICT. Engineers, together with domain experts, translate these requirements into technical specifications. There exist several methodologies, best practices, and tools to support such a translation processes where experts analyze the application at various stages and levels. The purpose of such an analysis is to identify, among others, lingering privacy issues and to decide if these issues are addressed appropriately.
Concerning privacy, the translation process is poorly defined and supported. We must develop a “Privacy by Design” apporach which adapts existing technologies and methodlologies to support developers and programmers in translating high level privacy requirements into technical solutions that can be verified formally. In this talk, we present a brief introduction on how to analyze ITS systems regarding privacy aspects and give an outlook how such technical privacy analysis supports already existing translation processes.
Slides |
Antonio Kung, TRIALOG
Antonio Kung has more than 25 years experience in embedded systems. He was initially involved in the development of real-time kernels, before co-founding TRIALOG in 1987, where he now serves as CTO. He heads the company product development (kernels, protocols) as well as collaborative projects with a focus on embedded systems, networking and security (e.g. SeVeCom, Preciosa, Evita). He is the co-chair of the eSecurity working group in the eSafety forum. He holds a Master's degree from Harvard University and an Engineering degree from Ecole Centrale Paris. |
Consensus Building on Best Available Techniques
In July 2009, the EDPS issued an opinion on the ITS directive. It recommended that ITS applications should apply a Privacy by Design process, based on the concept of Best Available Techniques (BATs). BATs have been used in the case of the Integrated Pollution Prevention and Control (IPPC ) directive. They imply a consensus building process which involves many stakeholders with the objective to converge towards cost effective measures. Applied to ITS, it would involve various working groups, either transversal (e.g. one on Privacy by Design) or vertical (e.g. road charging).
Slides |
Daniel Le Métayer, INRIA
Daniel Le Métayer is Research Director for INRIA (the French National Institute for Research in Computer Science and Control) and head of a new initiative called LICIT for "Legal Issues in Communication and Information Technologies". The main goal of LICIT is to foster interactions between research activities in law and ICT. From 2000 to 2006, Daniel Le Métayer worked for Trusted Logic, a leading company in security and open middleware for embedded systems. Daniel Le Métayer has been involved in various international projects on IT security, software design and analysis, testing, etc. He has also served on programme committees of many IT international conferences and he has been the editor of special issues of computer science journals such as ACM Transactions on Software Engineering and Theoretical Computer Science. |
A Formal Approach to Privacy by Design
In this talk we shall illustrate the relevance of formal methods for privacy through two examples: 1) the formal definition of privacy policies and their implementation by compliant software agents and 2) a general framework for Privacy by Design based on the expression of privacy requirements and the systematic exploration of the design space to derive acceptable architectures.
Slides |
Karsten Neumann, Data Protection Commission, State of Mecklenburg-Vorpommern, Germany
Karsten Neumann received a degree in political science at the Naval College of Stralsund and studied law at the University of Greifswald, specialising in international organisation law and comparative European law. He lectured in European politics, was the chair of a regional board of the Socialist Party, a Stralsund city council member, a member of the Mecklenburg-Vorpommern State Parliament, and a staff member of the Minister for Social Affairs, responsible for legislation, parliamentary, and cabinet affairs. He is currently the parliamentary Commissioner of Data Protection and Freedom of Information in the State of Mecklenburg-Vorpommern, Germany, and is an alternate member of the Article 29 Working Group.
|
The Role of Data Protection Agencies
This presentation gives an overview of the role, organisation, and cooperation of the European data protection authorities. Despite few resources, the authorities have had an early involvement in development projects. Data protection law faces major technological challenges. Therefore, in both Europe and in Germany, there is work on revising the laws.
Slides
|
Gregory Neven, IBM Research Zurich
Gregory Neven is a permanent researcher at the IBM Research Zurich laboratories and leads the policy activity within the EU project PrimeLife. He obtained a PhD from Katholieke Universiteit Leuven in 2004. His main research interests are privacy policy languages and provably secure cryptography.
|
The PrimeLife Policy Language
This presentation will give details on the structure and architecture of the policy language developed by the EU project PrimeLife. We define privacy-enhancing extensions that add credential-based access control capabilities and two-sided data handling policies to the industry standards XACML and SAML. Credential-based access control serves as an abstraction for various authentication technologies, but is particularly suited to leverage the privacy advantages of anonymous credentials. Our data handling extensions allow the data controller to express how revealed information will be treated and the data subject to express how her information should be treated, and provides an automated matching procedure between these policies.
Slides |
Jörg Pohle, Humboldt Universität zu Berlin
Jörg Pohle studied Law, Political Science, and Computer Science at
Humboldt University with a Diploma thesis about the security of election
computers in Germany. He is now working and lecturing with the working
group "Computer Science in Education and Society". His doctoral thesis
is about the translation of privacy related legal regulations into
technical requirements. |
Audits Don't Make Any Sense
The number of privacy audits has risen considerably in the last years. This talk will compare safety auditing for vehicles like the car inspection system in Germany with privacy auditing as it is done today. It will be shown why the former is working as designed, and the latter is not.
Slides
|
Christoph Ruland, Universität Siegen
Christoph Ruland received a diploma (1974) and doctorate degree (1976) in mathematics from the University of Bonn. He worked for six years in industry developing communication protocols and managing network projects and products. 1982 he became a professor for telecommunications at the University for Applied Sciences in Aachen. Since that time his main research area has been the integration of cryptography and security into communications systems. In 1988 he founded KrpytoKom, a company for cryptographic information, security and communications technology. He became a full professor for data communications systems at the University of Siegen, Department for Electrical Engineering and Computer Science in 1992. He published more than 100 papers and 2 books. He is member of ISO/IEC SC 27 (Security Techniques) and co-chair of the eSafety eSecurity working group of the European Commission. For the last 10 years his research has been focussed on security in real-time systems and industrial applications.
|
Bringing Stakeholders Together
Introduction to Deployment panel
Slides
|
Ahmad-Reza Sadeghi, Ruhr-Universität Bochum
Prof. Ahmad-Reza Sadeghi is the head of the System Security Lab within the
Horst Görtz Institute (HGI) at Ruhr-University Bochum (RUB). He received
his MSc in Mechanical and in Electrical Engineering, and his PhD in Computer
Science with the focus on privacy protecting cryptographic systems.
Prior to academia he worked in Research and Development of
Telecommunications enterprises, amongst others Ericson Telecommunications.
Currently, he is leading several research and development projects on design
and implementation of trustworthy computing platforms, trusted cloud
computing and eHealth, security hardware, particularly Physically Unclonable
Functions (PUF), and cryptographic compilers. He is one of the leading
researchers in the field of Trusted Computing and Trustworthy
Infrastructures. He serves as a program committee member or program chair for
a variety of conferences and workshops on (applied) cryptography and
information security, and he advises governments and enterprises on Trusted
Computing technology. His main research interests are trusted platforms,
privacy preserving cryptographic protocols, and security hardware.
|
Trusted Virtual Domains
A Trusted Virtual Domain (TVD) is a coalition of virtual machines that are
distributed over multiple physical platforms and share a common security
policy. It allows groups of related virtual machines running on separate
physical machines to be connected together as though there were on their own
separate network fabric and, at the same time, helps to enforce cross-group
security requirements such as isolation, confidentiality, security, and
information flow control. TVDs are very well suited basis technology for
cloud computing applications and to be deployed in the context of
large-scale IT systems such as Datacenters, eHealth and eGovernment, etc.
In this talk we present our security architecture for TVDs where we mainly
focus on the incorporation of Trusted Computing functionality into TVD
framework. We describe the main components and protocols necessary to
realize the TVD design on a cross-platform architecture.
Slides
|
Florian Schaub, Universität Ulm
Florian Schaub is a researcher at the Institute of Media Informatics at Ulm University in Germany. He is working towards a Ph.D. in Computer Science with a focus on user-centric approaches for privacy and trust in smart environments. In the context of the EU-funded PRECIOSA project, Mr. Schaub contributes to privacy policy enforcement solutions for ITS as well as pseudonym approaches for V2X. Mr. Schaub graduated with a Diplom in Computer Science from Ulm University in 2008, after receiving a Bachelor of Information Technology degree from Deakin University, in 2006.
|
The PRECIOSA Architecture for Enforcement of Privacy Policies
The talk outlines the concept of mandatory enforcement of privacy policies as envisioned by the PRECIOSA project. Privacy policy enforcement empowers users to tightly couple their data with privacy policies and rely on the system to impose such policies onto any data processors. PRECIOSA designed a Privacy-enforcing Runtime Architecture for ITS that implements this idea. Privacy preferences are expressed in the PRECIOSA Privacy Policy Language (P3L). "Mandatory Privacy Control" (MPC) components ensure compliance with privacy policies on data access. "MPC Integrity Protection" (MPC) leverages trusted computing principles to prevent tampering and circumvention of the MPC.
Slides
|
Carmela Troncoso, Katholieke Universiteit Leuven
Carmela Troncoso is currently a researcher in the COSIC (Computer Security and Industrial Cryptography) research group at the Katholieke Universiteit Leuven (Belgium). Her research focuses on Privacy Enhancing Technologies, especially anonymous communications and Privacy by Design based architectures. Her papers have been published in top quality conferences specialized on these topics. |
Data Minmisation as a Principle for Architecture Design: The Case of Road Charging
Systems based on vehicular communications have inherent privacy risks stemming from the sharing of location data. This talk will illustrate how privacy can be integrated in the design of architectures for such systems. Road Charging is used as an illustrative use case, along with an architecture that provides the necessary functionality while disclosing the minimal amount of location data.
Slides
|