TY - GEN
T1 - Towards contractual agreements for revocation of online data
AU - Schnitzler, Theodor
AU - Dürmuth, Markus
AU - Pöpper, Christina
N1 - Funding Information:
under grant 16KIS0581.
Funding Information:
This research was supported by the BMBF InStruct project under grant 16KIS0581.
Publisher Copyright:
© IFIP International Federation for Information Processing 2019.
PY - 2019
Y1 - 2019
N2 - Once personal data is published online, it is out of the control of the user and can be a threat to users’ privacy. Retroactively deleting data after it has been published is notoriously unreliable due to the distributed and open nature of the Internet. Cryptographic approaches implementing data revocation address this problem, but have serious limitations when considering practical deployment, and they have not been broadly adopted. In this paper, we tackle the problem of data revocation from a different perspective by examining how contractual agreements can be applied to create incentives for providers to conform to expiration regulations. Specifically, we propose a protocol to automate the handling of data revocation. We have implemented a prototype smart contract on a local Ethereum blockchain to demonstrate the feasibility of our approach. Our approach has distinct advantages over existing proposals: It can deal with a wide spectrum of revocation conditions, it can be applied retroactively after data has been published, and it does not require additional effort for users accessing the published data. It thus constitutes an interesting, novel approach to data revocation.
AB - Once personal data is published online, it is out of the control of the user and can be a threat to users’ privacy. Retroactively deleting data after it has been published is notoriously unreliable due to the distributed and open nature of the Internet. Cryptographic approaches implementing data revocation address this problem, but have serious limitations when considering practical deployment, and they have not been broadly adopted. In this paper, we tackle the problem of data revocation from a different perspective by examining how contractual agreements can be applied to create incentives for providers to conform to expiration regulations. Specifically, we propose a protocol to automate the handling of data revocation. We have implemented a prototype smart contract on a local Ethereum blockchain to demonstrate the feasibility of our approach. Our approach has distinct advantages over existing proposals: It can deal with a wide spectrum of revocation conditions, it can be applied retroactively after data has been published, and it does not require additional effort for users accessing the published data. It thus constitutes an interesting, novel approach to data revocation.
UR - http://www.scopus.com/inward/record.url?scp=85068225352&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85068225352&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-22312-0_26
DO - 10.1007/978-3-030-22312-0_26
M3 - Conference contribution
AN - SCOPUS:85068225352
SN - 9783030223113
T3 - IFIP Advances in Information and Communication Technology
SP - 374
EP - 387
BT - ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings
A2 - Dhillon, Gurpreet
A2 - Karlsson, Fredrik
A2 - Hedström, Karin
A2 - Zúquete, André
PB - Springer New York LLC
T2 - 34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019
Y2 - 25 June 2019 through 27 June 2019
ER -