180 likes | 322 Views
An Economic Valuation Approach for (Privacy Enhancing) Identity Management Services Session: The economics of privacy FIA - Future Internet Assembly 2011-05-18/19 Budapest, Hungary. Prof. Dr. Kai Rannenberg T-Mobile Chair of Mobile Business & Multilateral Security
E N D
An Economic Valuation Approach for (Privacy Enhancing) Identity Management ServicesSession: The economics of privacy FIA - Future Internet Assembly2011-05-18/19Budapest, Hungary Prof. Dr. Kai Rannenberg T-Mobile Chair ofMobile Business & Multilateral Security Goethe University Frankfurt, Germany www.m-chair.net
Challenges to be addressed • Innovative business models for privacy • Pricing for/of privacy • Privacy as a service (product?) • An Economic valuation approach for privacy-enhancing Identity Management (IdM) services
Economic valuation of privacy-enhancing IdM services • Motivation: • Valuation approach to overcome the shortcomings of decision making processes • Decision making processes of IdM service providers on market introductions of (or investments in) privacy-enhancing IdM services • Results: • Set of decision relevant economic consequences of adopting, mediating or providing privacy-enhancing IdM services • An indication to which extent privacy-enhancing IdM services are economically feasible • Testing by: • Real-life IdM infrastructure scenarios
Process & Structure Model Process Model • Step 1: Description of the Baseline Option and feasible Delta Options • Step 2: Identification of each Stakeholder’s Costs and Benefits • Step 3: Selection of Key Costs and Benefits for each Stakeholder • Step 4: Clustering and Mapping of Key Costs and Benefits • Step 5: Assessment and Aggregation of clustered and mapped Key Costs and Benefits • Step 6: Visualisation of assessed and aggregatedKey Costs and Benefits Structure Model • Perspectives for each Stakeholder • Cost and Benefit Dimensions for private and institutional Perspectives • Costs and Benefits for each Dimension • Key Costs and Benefits • Cause Effect Chains for each Key Cost and Benefit • Weighting Factors for each Cause Effect Chain • Dimension Values • Decision Values
Identity Management Service Scenarios Attribute Verification Service Scenario Authentication Service Scenario Privacy Policy Enforcement Service Scenario Baseline Option • Delta Option 1 • Delta Option 2
Identity Management Service Scenarios Attribute Verification Service Scenario Authentication Service Scenario Privacy Policy Enforcement Service Scenario Baseline Option • Delta Option 1 • Delta Option 2
Identity Management Service Scenarios Attribute Verification Service Scenario Authentication Service Scenario Privacy Policy Enforcement Service Scenario Baseline Option • Delta Option 1 • Delta Option 2
Results of the Valuation – Exemplary Application Dimension Values(Aggregated Costs & Benefits) Decision Values(Aggregated Dimension Values)
Results of the Valuation - Summary Attribute Verification Service Scenario Authentication Service Scenario Privacy Policy Enforcement Service Scenario Dimension Values • Decision Values
BenefitsSummary • Takes into account monetary as well as non-monetary costs and benefits • Presents decision-relevant information in a simple and structured way without over-challenging the decision maker • Integrates perspectives of different stakeholders, so that interdependencies can be evaluated • Enables a stronger focus on (and integration of) privacy-effects on consumers as an essential factor for economic success
BenefitsProcessing of input • Considers • individual value perceptions of stakeholders to enable application field-specific valuations of IdM services • interdependencies between costs and benefits by using cause-effect chains • Enables the aggregation of costs and benefits to a one dimensional decision factor • Offers a • standardized and balanced evaluation approach by using predetermined holistic value-systems for stakeholders • standardized procedure for a repeatedly occurring decision problem for a better comparison beyond company and department boundaries
BenefitsOrganisation of decision making • Leads to an improved decision making basis and to a higher transparency of the decision making process • Reduces intuitive (and consequently highly subjective) valuations, or rather, makes them at least more transparent for others • Structures complex decision processes and simplifies a separation into transparent sub-aspects • Enables a • division of work and thereby a specialization on sub-problems • parallelization of separate evaluation- and decision-steps • Provides a structured basis for discussions within a decision making group • Considers impacts on the decision maker’s individual goals and overall strategy
2011 StatementCloud ComputingSecurity and Privacy Issues Example (economic and business) concerns Typical issues with regard to the dependence on the cloud computing provider: • Risks for availability and business continuity; • Absence of contracts between the customer and provider; • Lack of “power-balancing” regulation, that exists for other utilities. • www.cepis.org • www.cepis.org/index.jsp?p=641&n=825f • www.cepis.org/media/CEPIS_Cloud_Computing_Security_v172.pdf
Working Group meetingsJune 15, Espoo, Finland • Description of common characteristics of the identified most important services • Possible threats to user’s information privacy & security • What are the elements of trust, which are currently unsatisfied and what role can technology play • Technology requirements & roadmap • Law and policy driven design of technology enabling democratic structures, honours human rights and freedoms • Validation of important services in the light of upcoming EU legislation • Investigation of the economic and societal impact of new trustworthy ICT solutions • Definition of a R&D project portfolio with impact.
Conclusion and Outlook • New ICT services are coming ever closer to people. • Privacy requires e.g. • Minimisation and decentralisation of data • Empowering users (“Multilateral Security”) on e.g. data flows • Privacy by Design • Related economic analysis and regulation • PrimeLife Summit Event, 2011-06-07 Lucernewww.sec2011.org • Kai.Rannenberg@m-chair.net • www.m-chair.net • www.primelife.eu • www.picos-project.eu • www.abc4trust.eu • www.fidis.net • www.prime-project.eu
References • Ann Cavoukian: Privacy by Design … Take the Challenge; www.privacybydesign.ca • FIDIS: Future of Identity in the Information Society; www.fidis.net • Stefan Figge, Gregor Schrott, Jan Muntermann, Kai Rannenberg: EARNING M-ONEY - A Situation based Approach for Mobile Business Models; Forthcoming in: Proceedings of the 11th European Conference on Information Systems (ECIS) 2003; June 19-21, 2003, Naples, Italy • ISO/IEC JTC 1/SC 27/WG 5: Identity Management and Privacy Technologies; www.jtc1sc27.din.de • Kahl, Christian; Boettcher, Katja; Tschersich, Markus; Heim, Stephan; Rannenberg, Kai (2010): How to enhance Privacy and Identity Management for Mobile Communities: Approach and User driven Concepts of the PICOS Project, In: Proceedings of 25th IFIP International Information Security Conference Security & Privacy − Silver Linings in the Cloud (IFIP SEC 2010) Springer (2010), 20-23 September 2010, Brisbane, Australia, ISBN: 978-3642152566 • PICOS: Privacy and Identity Management for Community Services; www.picos-project.eu • PRIME: Privacy and Identity Management for Europe; www.prime-project.eu • PrimeLife: Privacy and Identity Management for Life; www.primelife.eu • PrimeLife Deliverable 6.1.2 (upcoming): Economic valuation of Identity Management Enablers • Kai Rannenberg: Multilateral Security – A concept and examples for balanced security; Pp. 151-162 in: Proceedings of the 9th ACM New Security Paradigms Workshop 2000, September 19-21, 2000 Cork, Ireland; ACM Press; ISBN 1-58113-260-3 • Kai Rannenberg: CamWebSim and Friends: Steps towards Personal Security Assistants; Pp. 173 - 176 in Viktor Seige et al.: The Trends and Challenges of Modern Financial Services – Proceedings of the Information Security Summit; May 29-30, 2002, Prague; Tate International; ISBN 80-902858-5-6 • Kai Rannenberg: Identity management in mobile cellular networks and related applications; Information Security Technical Report; Vol. 9, No. 1; 2004; pp. 77 – 85; ISSN 1363-4127 • Kai Rannenberg: Contribution to the European Commission Consultation on the legal framework for the fundamental right to protection of personal data; 2009-12-31; http://ec.europa.eu/justice_home/news/consulting_public/news_consulting_0003_en.htm • T-Mobile Chair for Mobile Business & Multilateral Security; www.m-chair.net • Jan Zibuschka, Lothar Fritsch, Mike Radmacher, Tobias Scherner, Kai Rannenberg: Enabling Privacy of Real-Life LBS: A Platform for Flexible Mobile Service Provisioning; in Proceedings of the 22nd IFIP TC-11 International Information Security Conference 2007; 14-16 May 2007, Sandton, South Africa; Springer IFIP Series • Jan Zibuschka, Mike Radmacher, Tobias Scherner, Kai Rannenberg: Empowering LBS Users: Technical, Legal and Economic Aspects; in: Proceedings of the eChallenges conference 2007; The Hague, The Netherlands