Towards contractual agreements for revocation of online data

Theodor Schnitzler, Markus Dürmuth, Christina Pöpper

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Once personal data is published online, it is out of the control of the user and can be a threat to users’ privacy. Retroactively deleting data after it has been published is notoriously unreliable due to the distributed and open nature of the Internet. Cryptographic approaches implementing data revocation address this problem, but have serious limitations when considering practical deployment, and they have not been broadly adopted. In this paper, we tackle the problem of data revocation from a different perspective by examining how contractual agreements can be applied to create incentives for providers to conform to expiration regulations. Specifically, we propose a protocol to automate the handling of data revocation. We have implemented a prototype smart contract on a local Ethereum blockchain to demonstrate the feasibility of our approach. Our approach has distinct advantages over existing proposals: It can deal with a wide spectrum of revocation conditions, it can be applied retroactively after data has been published, and it does not require additional effort for users accessing the published data. It thus constitutes an interesting, novel approach to data revocation.

Original languageEnglish (US)
Title of host publicationICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings
EditorsGurpreet Dhillon, Fredrik Karlsson, Karin Hedström, André Zúquete
PublisherSpringer New York LLC
Pages374-387
Number of pages14
ISBN (Print)9783030223113
DOIs
StatePublished - 2019
Event34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019 - Lisbon, Portugal
Duration: Jun 25 2019Jun 27 2019

Publication series

NameIFIP Advances in Information and Communication Technology
Volume562
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019
CountryPortugal
CityLisbon
Period6/25/196/27/19

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Fingerprint Dive into the research topics of 'Towards contractual agreements for revocation of online data'. Together they form a unique fingerprint.

Cite this