Arguably, the engagement of citizens in internet communications increasingly demands the secure management of sensitive information. Social media, e-banking, and participation in e-government procedures, are only a small part of cases where personal data are collected and processed over the web. From a legislation perspective, awareness on this crucial matter was main motivation for the establishment of the new EU General Data Protection Regulation (GDPR), which sets clear standards on data protection requirements. Consequently, the technical community is left with the responsibility to research, design, analyse and develop state-of-the-art solutions that guarantee citizens’ personal data protection according to these standards.
This workshop puts forth the current status and the new directions of privacy-preserving technologies. We will outline the security guarantees of the existing constructions and point out their vulnerabilities. We will briefly refer to a selection of running European research projects that are privacy-oriented, and in more detail, we will present the goals and workplan of the PANORAMIX H2020 project. Furthermore, we will describe two use cases from the legal and e-government area, where the applications of novel cryptographic primitives safeguards the privacy of the participants. The aforementioned topics will be covered by four short talks that will be followed by panel discussion.
Talk 1: Communication privacy on the internet: the current status and technical challenges
Speaker: Thomas Zacharias, Ph.D., The University of Edinburgh
Abstract: In this introductory talk, we first cite the major cryptographic tools that are available for commercial use and enhance the security and privacy of internet communications. Such tools facilitate secure email and web browsing (TLS/SSL), data encryption (PGP), or end-to-end encrypted communication (Signal, OTR), while others also provide some level of anonymity in web browsing (Tor) or file sharing (Freenet). Although these solutions have contributed significantly to privacy preservation in several cases, the requirement for a complete infrastructure that can guarantee the best possible personal data protection remains an open challenge. We will focus our discussion on how curren privacy-preserving technologies are vulnerable against an attacker that has a global view of the network traffic, leaking important metadata such as the users’ identities, location and communication timespan. Finally, we will mention some selected European research projects which objective to enhance the level of privacy on the internet from a technological perspective.
Talk 2: Random Sample Justice: applying cryptography to jury trials.
Speaker: Lamprini Georgiou, LL.M., The University of Edinburgh
Abstract: Internet and Social Media have posed a number of challenges to open trial and the administration of justice in general. In this work, we focus on the institution of jurors as a means of implementing openness in a trial.
Our proposal is a complete reconceptualisation of the jury trial in criminal law. It is a code-based solution following Lessig’s theory of regulation that radically redesigns the existing process. In order to motivate our solution, we reflect on what would happen if jurors and the public in a criminal trial stopped being in a conflict condition. The basis that underpins our solution has been proposed in electronic voting in the form of a cryptographic protocol called Random Sample Voting (RSV). We examine whether it is feasible to utilise this protocol on jury trials. The main features of this protocol is that a small subset drawn at random from the voter register is authorised to participate in the election while their anonymity is protected via a cryptographic mechanism. As a result, the selected voters cannot be identified due to encryption, but nevertheless, the outcome of their vote can be verified as correct.
We describe the way RSV can be used in jury decision making giving rise to what we call Random Sample Justice, we reflect on the values of open trial and how they are preserved by our solution and we also show how it can be further enhanced by transferring the protocol execution on a smart contract that relies on a blockchain system.
Talk 3: New directions in anonymity: the goals of the PANORAMIX project
Speaker: Pyrros Chaidos, Ph.D., National and Kapodistrian University of Athens
Abstract: The PANORAMIX project is a large cooperative effort by a number of academic and business partners. It aims to provide a European infrastructure for mixing. While simple encryption-based solutions can protect our data, mixing enables us to protect metadata as well as data. In particular, if Alice is talking to Bob and Carol is talking to Dave, we only reveal that the four of them are talking but not who is talking to whom. Mixing involves re-ordering and re-encrypting internet messages so that the link between sender and receiver is hidden.
Towards that it aims to provide original research, technical specifications and working implementations of mixnet primitives. This ensures that the outputs of the project are theoretically sound as well as practical. Mixnets have a variety of applications, but within the PANORAMIX consortium, we have a focus on three use cases:
– Electronic Voting, where the mix serves the same function as a physical ballot box.
– Big Data collection, where mixing can help collect data while preserving privacy.
– Private messaging, where mixing shuffles messages so we protect the association between sender and recipient.
Talk 4: The case of e-voting: a fully anonymous e-voting system
Speaker: TBA (GRNET)
Abstract: A challenge for e-voting systems is providing anonymity to voters and verifiability of results. We want the voters to know that their ballot remains secret, and we also want them to know that their ballot has been counted faithfully. A way to guarantee both anonymity and verifiability is through the use of zero-knowledge proofs: cryptographic protocols that allow a prover to convince a verifier that a statement is true, e.g., the results are not compromised, without conveying any further information apart from the fact; in our case, without conveying any information that might lead to a breach of anonymity. We will present how such cryptographic tools are used in Zeus, an online e-voting platform. We will also describe how new developments in cryptography, in particular blockchains, can be incorporated in Zeus to further improve the e-voting process.