ALBERT

Description:    Driven by privacy-related fears, users of Online Social Networks may start to reduce their network activities. This trend can have a negative impact on network sustainability and its business value. Nevertheless, very little is understood about the privacy-related concerns of users and the impact of those concerns on identity performance. To close this gap, we take a systematic view of user privacy concerns on such platforms. Based on insights from focus groups and an empirical study with 210 subjects, we find that (i) Organizational Threats and (ii) Social Threats stemming from the user environment constitute two underlying dimensions of the construct “Privacy Concerns in Online Social Networks”. Using a Structural Equation Model, we examine the impact of the identified dimensions of concern on the Amount, Honesty, and Conscious Control of individual self-disclosure on these sites. We find that users tend to reduce the Amount of information disclosed as a response to their concerns regarding Organizational Threats. Additionally, users become more conscious about the information they reveal as a result of Social Threats. Network providers may want to develop specific mechanisms to alleviate identified user concerns and thereby ensure network sustainability. Content Type Journal Article Pages 39-63 DOI 10.1007/s12394-009-0019-1 Authors Hanna Krasnova, Humboldt-Universität zu Berlin Berlin Germany Oliver Günther, Humboldt-Universität zu Berlin Berlin Germany Sarah Spiekermann, Humboldt-Universität zu Berlin Berlin Germany Ksenia Koroleva, Humboldt-Universität zu Berlin Berlin Germany Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 2 Journal Issue Volume 2, Number 1

Description:    This paper introduces Nymity’s Privacy Risk Optimization Process (PROP), a process that enables the implementation of privacy into operational policies and procedures, which embodies in Privacy by Design for business practices. The PROP is based on the International Organization for Standardization (ISO) concept that risk can be positive and negative; and further defines Risk Optimization as a process whereby organizations strive to maximize positive risks and mitigate negative ones. The PROP uses these concepts to implement privacy into operational policies and procedures. This paper was produced by Nymity and the Office of the Information and Privacy Commissioner of Ontario, Canada. It was presented by Terry McQuay, President of Nymity, at “Privacy by Design: The Definitive Workshop,” in Madrid, Spain, on November 2nd, 2009. The workshop was hosted by Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada, and Yoram Hacohen, Head of the Israeli Law, Information and Technology Authority. Content Type Journal Article Pages 379-396 DOI 10.1007/s12394-010-0067-6 Authors Terry McQuay, Nymity Inc. Toronto ON Canada Ann Cavoukian, Information and Privacy Commissioner of Ontario Toronto ON Canada Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 3 Journal Issue Volume 3, Number 2

Description:    An accountability-based privacy governance model is one where organizations are charged with societal objectives, such as using personal information in a manner that maintains individual autonomy and which protects individuals from social, financial and physical harms, while leaving the actual mechanisms for achieving those objectives to the organization. This paper discusses the essential elements of accountability identified by the Galway Accountability Project, with scholarship from the Centre for Information Policy Leadership at Hunton & Williams LLP. Conceptual Privacy by Design principles are offered as criteria for building privacy and accountability into organizational information management practices. The authors then provide an example of an organizational control process that uses the principles to implement the essential elements. Initially developed in the ‘90s to advance privacy-enhancing information and communication technologies, Dr. Ann Cavoukian has since expanded the application of Privacy by Design principles to include business processes. Content Type Journal Article Pages 405-413 DOI 10.1007/s12394-010-0053-z Authors Ann Cavoukian, Information & Privacy Commissioner of Ontario, Canada Toronto ON Canada Scott Taylor, Hewlett-Packard Company Palo Alto CA USA Martin E. Abrams, Hunton & Williams LLP Centre for Information Policy Leadership Richmond VA USA Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 3 Journal Issue Volume 3, Number 2

Description:    A first comparison of the innovation processes of introducing electronic identities on a national level in Austria, Belgium, Germany and Spain, based on extensive expert interviews with key actors, has been amended by four more country reports from Denmark, Finland, Estonia and Sweden in order to check the validity of generalisations derived from the first four cases. The extended comparison with the four additional countries increases the variance between the eID systems in Europe by showing differing technical and organisational features, such as purely software-based solutions, e.g. in Denmark, or complete outsourcing of the eIDMs, e.g. in Sweden. In the second part of the paper, the conceptual framework of the comparative study, a combination of path analysis, institutional actor theory and policy field analysis will be reflected. It has resulted in a fruitful approach allowing for the explanation of some, but by no means all, of the differences between the national eIDMs in Europe. Content Type Journal Article Pages 235-245 DOI 10.1007/s12394-010-0063-x Authors Herbert Kubicek, Institut für Informationsmanagement Bremen Gmbh (ifib) Am Fallturm 1 28359 Bremen Germany Torsten Noack, Institut für Informationsmanagement Bremen Gmbh (ifib) Am Fallturm 1 28359 Bremen Germany Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 3 Journal Issue Volume 3, Number 1

Description:    With the proliferation of networked electronic communication came daunting capabilities to collect, process, combine and store data, resulting in hitherto unseen transformational pressure on the concepts of trust, security and privacy as we know them. The Future Internet will bring about a world where real life will integrate physical and digital life. Technology development for data linking and mining, together with unseen data collection, will lead to unwarranted access to personal data, and hence, privacy intrusion. Trust and identity lie at the basis of many human interactions and transactions, and societies have developed legitimate concern for privacy being essential for freedom and creativity. The burgeoning development of the Information Society, particularly during the past fifteen years, transcended the societal readiness to respond to the transformational change evoked by ICT. We have reached the eleventh hour for the preservation of trust and privacy as elements that can be transposed into our digital future. Europe has been at the forefront in recognizing the importance of privacy protection in relation to digital data, witness the advanced European legislation in this domain. The European Commission recognizes that appropriate measures need to combine technology development with legal means, user awareness and tools supporting data controllers to comply with law in an accountable and transparent way, and that empower users with a controlling stake in managing their personal data. Activities are underway at many levels. European RTD programmes play their role in supporting research in trustworthy ICT, privacy enhancing technologies, privacy-by-design in service layers as well as in networks, enabling technologies such as cryptography, and in generalized frameworks for trust and privacy-protective identity management. Content Type Journal Article Pages 397-404 DOI 10.1007/s12394-010-0058-7 Authors Dirk van Rooy, EU Research programme on Information and Communication Technologies Brussels Belgium Jacques Bus, EU Research programme on Information and Communication Technologies Brussels Belgium Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 3 Journal Issue Volume 3, Number 2

Description:    The never ending growth of digital information and the availability of low-cost storage facilities and networks capacity is leading users towards moving their data to remote storage resources. Since users’ data often holds identity-related information, several privacy issues arise when data can be stored in untrusted domains. In addition digital identity management is becoming extremely complicated due to the identity replicas proliferation necessary to get authentication in different domains. GMail and Amazon Web Services, for instance, are two examples of online services adopted by million of users throughout the world which hold huge amounts of sensitive users data. State-of-the-art encryption tools for large-scale distributed infrastructures allow users to encrypt content locally before storing it on a remote untrusted repository. This approach can experience performance drawbacks, when very large data-sets must be encrypted/decrypted on a single machine. The proposed approach extends the existing solutions by providing two additional features: (1) the encryption can also be delegated to a pool of remote trusted computing resources, and (2) the definition of the encryption context which drives the tool to select the best strategy to process the data. The performance benchmarks are based on the results of tests carried out both on a local workstation and on the Grid INFN Laboratory for Dissemination Activities (GILDA) testbed. Content Type Journal Article Pages 99-114 DOI 10.1007/s12394-009-0033-3 Authors Giulio Galiero, Engineering Ingegneria Informatica S.p.A. Rome 00185 Italy Gabriele Giammatteo, Engineering Ingegneria Informatica S.p.A. Rome 00185 Italy Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 2 Journal Issue Volume 2, Number 2

Description:    Over the past few years, the Virtual Organization (VO) paradigm has been emerging as an ideal solution to support collaboration among globally distributed entities (individuals and/or organizations). However, due to rapid technological and societal changes, there has also been an astonishing growth in technologies and services for mobile users. This has opened up new collaborative scenarios where the same participant can access the VO from different locations and mobility becomes a key issue for users and services. The nomadicity and mobility introduces additional challenges for managing collaboration in VO environments. This paper focuses on the Identity Management challenge in a Mobile Dynamic VO environment, which is a VO that takes into account nomadicity and seamless mobility aspects as elaborated within the EU funded project Akogrimo (Access to Knowledge through the Grid in a mobile world). The resulting work is the design of the Akogrimo Identity Management system supporting the authentication and authorization process across the different administrative domains of the Mobile Dynamic VO. This design follows the service oriented approach and integrates the different perspectives: that of the network, that of the user and that of the service provider. Such an integration requires facing challenges; both from the architectural and technological viewpoints because different ‘worlds’ (i.e. network and service level) leverage different (and sometimes conflicting) approaches when addressing Identity Management. Content Type Journal Article Pages 115-136 DOI 10.1007/s12394-009-0036-0 Authors Matteo Gaeta, Centro di RIcerca in Mtematica Pura ed Applicata Fisciano Italy Juergen Jaehnert, Rechenzentrum Universität Stuttgart Abteilungsleiter Netze und Kommunikationssysteme Stuttgart Germany Kleopatra Konstanteli, ICCS - National Technical University of Athens Fisciano Italy Sergio Miranda, Dipartimento di Ingegneria dell’Informazione e Matematica Applicata Fisciano Italy Pierluigi Ritrovato, Centro di RIcerca in Mtematica Pura ed Applicata Fisciano Italy Theodora Varvarigou, ICCS - National Technical University of Athens Fisciano Italy Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 2 Journal Issue Volume 2, Number 2

Description:    The present paper summarizes the development of the national electronic Identity Management System (eIDMS) in Estonia according to a conceptual framework developed in an European comparative research project outlined in the first chapter of this special issue. Its main function is to amend the picture of the European eIDMS landscape by presenting a case with high involvement of the private sector and thereby checking the generalizations from the comparisons of Austria, Belgium, Germany and Spain, presented by Kubicek and Noack in the previous chapter of this special issue. Starting with a short introduction into the historical background of identity documents in Estonia the national population register, the passport as well as the bank ID are described as the main pillars of the Estonian eIDMS, on which the national ID card builds on, which has been introduced in 2002. The technical features of the eID and the ID card are described in Section two as well as the areas of application and the processes for production and distribution. Section three presents the actors constellation, Section four the time line of the development process, starting from 1997. Section five deals with the diffusion and promotion of the ID card and the eID authentication function. After a very low and slow take up during the first 5 years due to a cooperation agreement between major banks, telecom operators and the government usage has increased. But still the authentication by Internet banks, which provides authentication services to third parties, including government, is the biggest competitor for the eID function on the national eID card. Only recently the major banks have announced to slowly fade out the password cards and PIN calculators as alternative modes of bank authentication. Content Type Journal Article Pages 213-233 DOI 10.1007/s12394-010-0044-0 Authors Tarvi Martens, Certification Centre Pärnu Ave. 141 11314 Tallinn Estonia Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 3 Journal Issue Volume 3, Number 1

Description:    This paper looks at the history of identification in England over the past 1,000 years. It contends that techniques and technologies of identification do not identify a single entity but a number of forms of personality, including the juridical person, the citizen and the deviant. Individuals can be the bearers of more than one of these personalities at the same time, or over the course of their life. These personalities are created by social performances to which people are trained to react conventionally. As such identity, and its identification, is a social and cultural phenomenon, rather than a ‘thing’. Each of the personalities noted above has been identified historically in differing ways -through possessions or techniques in the case of the juridical person, though the community in the case of the citizen, and on, or through, the body in the case of the deviant. In the contemporary world these distinctions are being effaced, as all forms of identification are being reduced to the body and the database. This levelling of social forms of being has implication for what it means to be a person in our society, and for public perceptions of new techniques and technologies of identification. Content Type Journal Article Pages 345-354 DOI 10.1007/s12394-009-0035-1 Authors Edward Higgs, University of Essex Colchester UK Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 2 Journal Issue Volume 2, Number 3

Description: Edgar A. Whitley & Ian Hosein: Global challenges for identity policies Content Type Journal Article Pages 359-361 DOI 10.1007/s12394-009-0032-4 Authors Viktor Mayer-Schönberger, National University of Singapore Information + Innovation Policy Research Centre Kent Ridge Singapore Journal Identity in the Information Society Online ISSN 1876-0678 Journal Volume Volume 2 Journal Issue Volume 2, Number 3