NO.182 Biggest Failures in Privacy

Shonan Village Center

October 30 - November 2, 2023 (Check-in: October 29, 2023 )


  • Frederik Armknecht
    • University of Mannheim, Germany
  • Isao Echizen
    • NII, Japan
  • Kazue Sako
    • Waseda University, Japan


The rapid progress in the development and widespread use of IT systems is giving rise to a variety of problems in security and privacy. In fall 2019, a Dagstuhl Seminar on the 'Biggest Failures in Security' took place that two of the organizers attended. At the seminar, researchers with various background gathered together to share their experiences and challenges regarding achieving security indifferent fields. The discussion tried to identify the main recurring reasons within disciplines why security solutions fail, and how they impact solutions developed in other sub-disciplines. During these discussions, three sub-topics emerged that have been investigated by respective working groups: 1) Certification and standardization of security properties, 2) Human Factor, and 3) Education, respectively.

The seminar was very successful and participants wanted to continue further discussions on these aspects as follow-up seminars in Dagstuhl. Due to the lack of time and space, the seminar covered only security topics. We believe a similar discussion on privacy, which is another interdisciplinary challenge, deserves a similar broad top-down approach with experts in each sub-discipline in privacy research.

There are many approaches in privacy research. One is algorithmic evaluation to transform a set of raw personal data to another set of data so the processing on the transformed set would not cause privacy leakage, like research on k-anonymity and differential privacy. There are studies on Privacy Enhancing Technologies (PETS) that often uses cryptography to deliver the service while protecting sensitive data. There are also physical devices developed to protect a physical entity from privacy invasion by surveillance cameras or eavesdroppers. Ann Cavoukian proposed the notion of “Privacy By Design” where all the services should consider privacy implications and provide measures to avoid it when designing a system. International Standardization bodies are publishing standards on Privacy Framework and demonstrate some of the procedures to implement privacy by design. There are also legal studies to regulate privacy risks.

As seen in the various approaches exemplified above, the term 'privacy' encompasses many different aspects. Sometimes it is about secrecy of data. Sometimes it is the ability to control their data. Sometimes it is ability to make decision on themselves. Sometimes it is a right to left alone. As GDPR is now charging big fines for not respecting the regulation, service providers are forced to add new functionality which introduced new threat to individuals. Another challenging aspect of privacy is that there are various stakeholders. If there is only you and an adversary, privacy is most protected when you simply shut all the communication with outside world. The issue of privacy arises because you have some kind of a relation with another stakeholder who may have a contradicting purpose. While the goal of security is something all stakeholders wants to achieve if they have enough resources, the goal of privacy is sometimes a deal among parties who have different interest. In some cases, those who have more power may infringe the privacy rights of a weaker entity, or one's privacy is under attack without being able to notice its existence. A further challenge is that privacy is mainly an aspect that impacts humans. However, humans cannot understand the real consequences of the decisions when accepting terms of use in IT services. It is not only ignorance of a human being, but as the technology used behind the system is so complex and advances daily that it is essentially impossible for one to understand what kind of processing is happening.

For these and other reasons, privacy-preserving solutions can never rely on technology alone but touch a variety of different disciplines. We will discuss challenges to maintain our privacy from various disciplines, including technology, regulation, social and ethical impacts. To this end, the following seminar structure is planned:

Days 1 : Introductory talks

We will invite experts from different, selected subfields to introduce the main challenges in their field to the broad audience. These talks are meant as overview talks. The concrete agenda will be planned a couple of months before the seminar talk, as it depends on the list of participants. At the moment, we identified the following four topics:

  • Topic 1: Best practices and failures

What is the current state of privacy-preserving techniques and how/why do they fail?

  • Topic 2: Necessity for privacy

How does an ordinary user make decisions on privacy related issues and its impact to the society? What are the requirements and principles laid in privacy related regulations?

  • Topic 3: Formal foundations

How is privacy formally/scientifically covered? Are these approaches sufficient/practical?

  • Topic 4:Digital Identify

It is often said that Internet is missing an identity layer for people. What we have now is the burden to maintain long and different passwords for each and every service we use, or rely on large platforms that collect and process much more information than we realize. The European Commission is considering a European Digital Identity Framework and recently published the Common Union Tool Box. From an academic point of view, what are the aspects we need to consider if we were to implement an ideal identity layer?

We plan one slot per topic per day, i.e., four slots on day 1 and four on day 2, respectively. Each slot should have one talk of about 1 hour and give ample opportunities for discussions afterwards.

Days 2+3: Working groups

At the beginning of day 3, a wrap-up session is planned. The main goal is to identify a number of concrete questions that will be investigated in separate working groups afterwards. The number and total duration of the working groups cannot be anticipated at the moment. Assuming a number of around 35 participants, we think that not more than 5 working groups should take place in parallel but leave the final decision to the participants. Of course, participants can swap the working groups and we plan to have slots where all participants can exchange the current state of discussions.

Day 4: Wrap up

At the beginning, the different working groups will report their findings. Afterwards, the participants should plan the next steps, i.e., how to continue after the seminar is over. We hope that a variety of inter-disciplinary research collaborations will be initiated with this seminar.