[liberationtech] Attention: BfDI opinion on the hearing of the interior committee on 27 January 2020

[ＷｏｈｌｇｅｍｕｔｈＳｖｅｎ / WOHLGEMUTH，SVEN]

Dear all,

That’s an interesting news.
Unfortunately, data breach is an inevitable threat and incidents due to conceptual system risk. Even though the cryptographic encryption protocol would be 100% secure with a proof on this claim, there are still flaws in software, and at the end its secure key exchange and judgement about the other’s identity. Encryption is an implementation of access control.

We have published recently a study on granting access to “friends”, or in other words access control for data protection in the Web.

a)    A Secure Decision-Support Scheme for Self-Sovereign Identity Management

b)    Competitive Compliance with Blockchain

Ad (a)
Access management using the Web seems to be heading for failure. While the Web offers a lot of convenience, the negative aspects of the shadow are increasing, such as fake news, slander, flaming, fraud, and kidnapping that exploits the irresponsible anonymity of the Internet. In this paper, as a solution, we examine a method of constructing a social graph from the access history of information recorded on the hyper ledger based on anonymous credentials and blockchain. In this scheme, information is delivered through many "friends" while securing authentication and authorization at the network layer level with a certified cryptographic protocol. The final decision is made by a human who has gained AI support while viewing the social graph. In the process, it is also revealed which “friend” owns which information. With this scheme, the true value of the Web can be brought closer to the original ideal while achieving the effect of “People get their personal information back from the digital giants” that the MIT project Solid of Sir Tim Berners-Lee is aiming.

Slides & paper @ https://www.researchgate.net/publication/338710779_A_Secure_Decision-Support_Scheme_for_Self-Sovereign_Identity_Management


(a)  is based on (b):
Authentication is essential for sharing information in IoT and its secondary use with AI-capable machines. The aim is to support humans in optimizing risk of supply chains for industrial manufacturing and service provisioning in a timely manner. The ultimate aim is sustainability. The problem for deciding on authentication is probably imperfect information on compliance. Its asymmetric implications of the meaning of contracts for secure information sharing may cause vulnerability of data breach and misuse. A traditional way to avoid harm of that asymmetry requires authentic and consistent sharing of audit information on violation of a certification policy to a centralized audit intelligence. This information sharing is, however, subject to the problem of single point of failure of the centralized audit intelligence. With our work on Security by Design, we show a non-central approach of clarifying accountability to reduce the risk caused by asymmetric implications of the meaning of contracts on authentication. Our signaling and screening scheme SK4SC provides personal digital evidences on compliance to multilateral policies on using information or in other words on trustworthiness. Blockchains are used to realize their symmetric distribution while users share risk on accountability with competition on incentives in a privacy-enhancing manner. Customer relationship management with royalty points, e.g., for eGovernment with taxation, is an example for using SK4SC as digital platform. Keywords: Security by design, risk management, accountability, identity management, social innovation Online available @ https://h-suwa.github.io/percomworkshops2019/papers/p967-wohlgemuth.pdf and at IEEE @ https://ieeexplore.ieee.org/document/8730684

Slides @ https://www.researchgate.net/publication/331672930_Competitive_Compliance_with_Blockchain

Best regards,
Sven Wohlgemuth

BTW: VERBOTEN is written with one T; jawohl is nice ;-)


From: LT <lt-bounces at lists.liberationtech.org> On Behalf Of Andres Leopoldo Pacheco Sanfuentes
Sent: Saturday, February 8, 2020 3:07 AM
To: Robert Mathews (OSIA) <mathews at hawaii.edu>
Cc: lt at lists.liberationtech.org
Subject: [!]Re: [liberationtech] Attention: BfDI opinion on the hearing of the interior committee on 27 January 2020

jawohl here Herr Místa Matthews!


So all that crap about mobile phones being “cracked” by the state would be VERBOTTEN, JA?😈


Regards / Saludos / Grato

Andrés Leopoldo Pacheco Sanfuentes


On Feb 7, 2020, at 11:59 AM, Robert Mathews (OSIA) <mathews at hawaii.edu<mailto:mathews at hawaii.edu>> wrote:
 The BfDI is the German Federal Commissioner for Data Protection and Freedom of Information.   What follows is a recent release from them.    BTW, you will want to consider this development ADJACENTLY, with the past few news items I have provided here recently...  Now, 'the ball' is in each of our hands!

That which follows, is a plain "GOOGLE TRANSLATE" output.

"Stellungnahme des BfDI zur Anhörung des Innenausschusses am 27. Januar 2020"
"BfDI opinion on the hearing of the interior committee on 27 January 2020"


Veröffentlicht am 27.01.2020

BfDI Standardartikel : Stellungnahme des BfDI zur Anhörung des Innenausschusses am 27. Januar 2020

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), Ulrich Kelber, äußert sich heute in der Anhörung des Innenausschusses zum Thema "Recht auf Verschlüsselung - Privatsphäre und Sicherheit in digitalen Räumen stärken"

Gemäß Datenschutz-Grundverordnung sind personenbezogene Daten in einer Weise zu verarbeiten, die eine angemessene Sicherheit dieser Daten gewährleistet. Dabei müssen die eingesetzten Sicherheitsverfahren dem Stand der Technik entsprechen und auch tatsächlich zu einem geeigneten Schutzniveau führen. Um diese Schutzwirkung nicht zu konterkarieren, dürfen keine Hintertüren in die Verschlüsselungssysteme eingebaut werden. Der BfDI fordert deshalb eine Ende-zu-Ende-Verschlüsselungen in neuen Telekommunikationstechnologien und den Ausbau von Datenschutz als Standortfaktor. Der Staat müsse Vorbild in der digitalen Verwaltung sein. Zur Bewältigung dieser Herausforderungen sei Verschlüsselung ein wesentlicher Erfolgsfaktor.

-->

Published on 01/27/2020

BfDI standard article: BfDI statement on the hearing of the interior committee on January 27, 2020

The Federal Commissioner for Data Protection and Freedom of Information (BfDI), Ulrich Kelber, spoke today in the hearing of the interior committee on the subject "Right to encryption - Strengthen privacy and security in digital spaces"

According to the General Data Protection Regulation, personal data are to be processed in a way that ensures adequate security of this data. The security procedures used must correspond to the state of the art and actually lead to a suitable level of protection. In order not to counteract this protective effect, no back doors may be built into the encryption systems. The BfDI therefore calls for end-to-end encryption in new telecommunications technologies and the expansion of data protection as a location factor. The state must be a role model in digital administration. Encryption is a key success factor in overcoming these challenges.
--

Dr. Robert Mathews, D.Phil.
Principal Technologist &
Distinguished Senior Research Scholar
Office of Scientific Inquiry & Applications (OSIA)
University of Hawai'i
--
Liberationtech is public & archives are searchable from any major commercial search engine. Violations of list guidelines will get you moderated: https://clicktime.symantec.com/3DKDsaAJiGtNLwGr1iQgk287Vc?u=https%3A%2F%2Flists.ghserv.net%2Fmailman%2Flistinfo%2Flt. Unsubscribe, change to digest mode, or change password by emailing lt-owner at lists.liberationtech.org<mailto:lt-owner at lists.liberationtech.org>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200210/85aa6439/attachment-0001.html>