Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

Enhancing Privacy for Biometric Identification Cards

Most developed countries have started the implementation of biometric electronic identification cards, especially passports. The European Union and the United States of America struggle to introduce and standardize these electronic documents. Due to the personal nature of the biometric elements used for the generation of these cards, privacy issues were raised on both sides of the Atlantic Ocean, leading to civilian protests and concerns. The lack of transparency from the public authorities responsible with the implementation of such identification systems, and the poor technological approaches chosen by these authorities, are the main reasons for the negative popularity of the new identification methods. The following article shows an approach that provides all the benefits of modern technological advances in the fields of biometrics and cryptography, without sacrificing the privacy of those that will be the beneficiaries of the new systemsecurity, smart card, identification, passport, biometrics, public key infrastructure, government, identification

Balancing Security and Democracy: The Politics of Biometric Identification in the European Union

What are the relations between security policies and democratic debate, oversight and rights? And what is the role of expertise in shaping such policies and informing the democratic process? The inquiry that follows tries to answer such questions in the context of the European Union and taking the case of biometric identification, an area where security considerations and the possible impacts on fundamental rights and rule of law are at stake, and where expertise is crucial. Some hypotheses are explored through the case study: that 'securitisation' and 'democratisation' are in tension but some hybrid strategies can emerge, that the plurality of 'authoritative actors' influences policy frames and outcomes, and that knowledge is a key asset in defining these authoritative actors. A counter-intuitive conclusion is presented, namely that biometrics-which seems prima facie an excellent candidate for technocratic decision making, sheltered from democratic debate and accountability-is characterised by intense debate by a plurality of actors. Such pluralism is limited to those actors who have the resources-including knowledge-that allow for inclusion in policy making at EU level, but is nevertheless significant in shaping policy. Tragic events were pivotal in pushing for action on grounds of security, but the chosen instruments were in store and specific actors were capable of proposing them as a solution to security problems; in particular, the strong role of executives is a key factor in the vigorous pursuit of biometric identification. However this is not the whole story, and limited pluralism-including plurality of expertise-explains specific features of the development of biometrics in the EU, namely the central role of the metaphor of 'balancing' security and democracy, and the 'competitive cooperation' between new and more consolidated policy areas. The EU is facing another difficult challenge in the attempt of establishing itself as a new security actor and as a supranational democratic polity: important choices are involved to assure that citizens' security is pursued on the basis of rule of law, respect of fundamental rights and democratic accountability.democracy; pluralism; security/internal

Verifying Privacy-Type Properties in a Modular Way

Formal methods have proved their usefulness for analysing the security of protocols. In this setting, privacy-type security properties (e.g. vote-privacy, anonymity, unlink ability) that play an important role in many modern applications are formalised using a notion of equivalence. In this paper, we study the notion of trace equivalence and we show how to establish such an equivalence relation in a modular way. It is well-known that composition works well when the processes do not share secrets. However, there is no result allowing us to compose processes that rely on some shared secrets such as long term keys. We show that composition works even when the processes share secrets provided that they satisfy some reasonable conditions. Our composition result allows us to prove various equivalence-based properties in a modular way, and works in a quite general setting. In particular, we consider arbitrary cryptographic primitives and processes that use non-trivial else branches. As an example, we consider the ICAO e-passport standard, and we show how the privacy guarantees of the whole application can be derived from the privacy guarantees of its sub-protocols

Security and Privacy in RFID Applications

Concerns about privacy and security may limit the deployment of RFID technology and its benefits, therefore it is important they are identified and adequately addressed. System developers and other market actors are aware of the threats and are developing a number of counter measures. RFID systems can never be absolutely secure but effort needs to be made to ensure a proper balance between the risks and the costs of counter measures. The approach taken to privacy and security should depend on the application area and the context of a specific application. In this chapter, we selected and discussed four application areas, but there are many others where privacy and security issues are relevant.JRC.J.4-Information Societ

Coding Privacy

Lawrence Lessig famously and usefully argues that cyberspace is regulated not just by law but also by norms, markets and architecture or code. His insightful work might also lead the unwary to conclude, however, that code is inherently anti-privacy, and thus that an increasingly digital world must therefore also be increasingly devoid of privacy. This paper argues briefly that since technology is a neutral tool, code can be designed as much to fight for privacy as against it, and that what matters now is to look at what incentivizes the creation of pro- rather than anti-privacy code in the mainstream digital world. This paper also espouses the idea that privacy is better built in from scratch as a feature or default, rather than a bug —the idea of privacy by design —as is more common at present, bolted on via after-the-fact privacy-enhancing technologies or PETS. Existing examples of privacy-invasive and privacy-supportive code, drawn from the worlds of social networking, spam and copyright protection, are used to show how privacy may be pushed as a brand or feature rather than a cost or bug