- Annette Beyer (for administrative matters)
Centralized collections of user data have threatened privacy due to data mining and intentional or accidental data leakage to third parties. Online social networks and social media sites are prominent examples, as they attract the lion's share of the Internet users' time today. These recent, Web- based services frequently provide comprehensive personalization, aiming at a precise identification of the individuals using them. While offering valuable services to the individuals on the Web, they collect large amounts of information about the users, including the content willingly uploaded by the users themselves, but more importantly patterns in their preferences and behavior as well as relations to others. All this personally identifiable information is concentrated at a very low number of companies that are logically centralized service providers. Large collections of extensive, detailed personal information are needed by these providers, since their exploitation, primarily for targeted advertisement, represents the main business model.
Numerous attempts have been undertaken to counter such threats. Considering the centralized collection of the information to be a primary cause for such threats, a promising approach is to create services such as online social networks, private data storage and backup, or anonymous content dissemination in a distributed fashion, thus removing the centralized provider with all its knowledge and power. Typically, the gatekeeper functionality of the centralized service provider is replaced by using cryptographic means for access control, metadata-minimizing system design, and other privacy-enhancing technologies to prevent unauthorized data leakages.
While there have been advances on the technical front for decentralized social networks, usability and user acceptance are a challenge and Economics remains a key issue to address head on in order for any decentralized approach to work. A decentralized approach to privacy-preserving systems inherently means a paradigm shift from today's, mostly Web-based, services. This shift opens a range of research questions in terms of Computer Science (feasibility, scalability, security, new privacy challenges, robustness, resource allocation, resource heterogeneity, efficiency, mobility, etc.) and other disciplines such as Economics, Law, Policy Research, and Sociology. Considering the vast acceptance and ubiquity of these services and their impact on the daily life of individuals, decentralization for privacy is not limited to academic research but needs contributions from other parts of society, such as industry, activists, communities, and policy makers.
We see a number of challenges to be overcome when pursuing the idea of decentralization as a means to increasing the control and privacy of the users. Serving as nuclei for discussions at the seminar, we divide them into three grand challenges User Challenge, Economic Challenge, and Technological Challenge.
Distributed and decentralized systems offer more potential resilience to various failures, and, on paper, higher aggregate availability than centralized systems. Centralized management repositories lead to potential risks to users' privacy and the temptation to monetize processing of large aggregates of such data, as seen in systems such as webmail, search and online social networks. Recent years have seen the emergence of projects building prototypes with varying levels of decentralization to reduce these risks. Such systems have not seen great success in contrast to large cloud services. This seminar bought together diverse groups to tackle a series of questions to attempt to answer what may be the root causes of the logjam preventing success of these alternative approaches. There appears to be some consensus amongst at least some groups that there are good reasons for these alternatives. We present here the output of our group working sessions on these questions. We also provide the reasoning and outcomes of the discussions along with an evaluation of the effectiveness of our mode of working in this seminar.
- Jonathan Anderson (University of Cambridge, GB) [dblp]
- N. Asokan (University of Helsinki, FI) [dblp]
- Rainer Böhme (Universität Münster, DE) [dblp]
- Nikita Borisov (University of Illinois - Urbana Champaign, US) [dblp]
- Sonja Buchegger (KTH Royal Institute of Technology, SE) [dblp]
- Ramon Caceres (AT&T Labs Research - Florham Park, US) [dblp]
- Jan Camenisch (IBM Research GmbH - Zürich, CH) [dblp]
- Jon Crowcroft (University of Cambridge, GB) [dblp]
- George Danezis (Microsoft Research UK - Cambridge, GB) [dblp]
- Claudia Diaz (KU Leuven, BE) [dblp]
- Vijay Erramilli (Telefónica Research - Barcelona, ES) [dblp]
- Simone Fischer-Hübner (Karlstad University, SE) [dblp]
- Paul Francis (MPI-SWS - Kaiserslautern, DE) [dblp]
- Ian Goldberg (University of Waterloo, CA) [dblp]
- Artur Hecker (Huawei Technologies - München, DE) [dblp]
- Urs Hengartner (University of Waterloo, CA) [dblp]
- Jaeyeon Jung (Microsoft Corporation - Redmond, US) [dblp]
- Dali Kaafar (INRIA - Grenoble, FR) [dblp]
- Gunnar Kreitz (KTH Royal Institute of Technology, SE) [dblp]
- Balachander Krishnamurthy (AT&T Labs Research - Florham Park, US) [dblp]
- Leonardo A. Martucci (Karlstad University, SE) [dblp]
- Bart Preneel (KU Leuven, BE) [dblp]
- Stefanie Roos (TU Darmstadt, DE) [dblp]
- Krzysztof Rzadca (University of Warsaw, PL) [dblp]
- Hervais-Clemence Simo Fhom (Fraunhofer SIT - Darmstadt, DE) [dblp]
- Thorsten Strufe (TU Darmstadt, DE) [dblp]
- Paul Syverson (NRL - Washington, US) [dblp]
- Claire Vishik (Intel - London, GB) [dblp]
- Marcel Waldvogel (Universität Konstanz, DE) [dblp]
- security / cryptology
- society / human-computer interaction
- distributed systems
- social networks