Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Setting the Stage Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

4. Privacy Protection in an Internet of Things Environment

verfasst von : Aurelia Tamò-Larrieux

Erschienen in: Designing for Privacy and its Legal Framework

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This chapter puts privacy protection into context of an Internet of Things environment and elaborates on three technologies in particular: (1) Radio Frequency Identification (RFID), which is typically used to identify objects and monitor their paths, (2) smart energy architectures, which measure and communicate energy data, and (3) smart wearable devices that are used to track health and fitness data of users. These case studies show the privacy concerns triggered by these technologies and how they are addressed by regulations, standards, and technical mechanisms. The goal of these case studies is to illustrate how regulation and technologies attempt to protect the privacy interests discussed in Chap. 3. In other words, the case studies aim to generate an understanding of how law and technology address privacy issues in various contexts. At a later stage, we will build upon these case studies when discussing the legal protection mechanisms (Chap. 5) and technical protection mechanisms (Chap. 6).

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Mapping the Privacy Rationales
Nächstes Kapitel Privacy and Data Protection Regulation in Europe
Fußnoten
1
Cf. Greengard, pp. 167 et seqq.; Peppet, p. 89; Thierer, pp. 14 et seqq.; IERC, IoT Report, 2015, pp. 16 et seqq.; PEW IoT Report, 2014; OECD, Digital Outlook, 2015, pp. 239 et seqq.; WP29, Opinion on IoT, 2014, p. 3. Note, NIST uses the term Cyber-Physical Systems sometime interchangeably with IoT, cf. NIST Framework on Cyber-Physical Systems, 2015, p. 1. In addition, the term ubiquitous computing and ambient intelligence are often used to describe such networks. See here Weiser who coined the term ubiquitous computing and Wright et al. on ambient intelligence.
 
2
OECD, Digital Outlook, 2015, p. 244; cf. also Misra/Maheswaran/Hashmi, pp. 5-6; WP 29, Opinion on IoT, 2014, p. 6 defining the IoT as devices “that can be controlled remotely over the Internet.”
 
3
Misra/Maheswaran/Hashmi, p. 10.
 
4
Cf. on applications of IoT Misra/Maheswaran/Hashmi, pp. 11-14.
 
5
Misra/Maheswaran/Hashmi, p. 10.
 
6
Cf. Greengard, pp. 1 et seqq.; Peppet, pp. 98 et seqq.; PEW IoT Report, 2014, p. 2; WP 29, Opinion on IoT, 2014, p. 3; OECD, Digital Outlook, 2015, p. 248 and p. 256 in particular.
 
7
Mattern/Flörkemeier, pp. 110-112.
 
8
Lehpamer, p. 25; Thierer, p. 9; cf. also OECD, Digital Outlook, 2015, p. 250.
 
9
Lehpamer, pp. 26-27; cf. also OECD, Digital Outlook, 2015, p. 250; RAND, IoT Report, 2012, pp. 59-61.
 
10
Short for Global System for Mobile Communications, Universal Mobile Telecommunications System, Long-Term Evolution 4th (or soon 5th) generation of mobile networks.
 
11
Cf. on the technical background of IoT in particular Chaouchi, pp. 13-20; Greengard, pp. 51 et seqq.; Höller et al., pp. 81 et seqq.; Mattern/Flörkemeier, pp. 108-110; Mattern, IoT, pp. 45 et seqq.; OECD, Digital Outlook, 2015, pp. 247 et seqq.
 
12
Cf. Misra/Maheswaran/Hashmi, pp. 6 et seqq.
 
13
Cf. Beckel et al., unpaginated; Kleiminger/Beckel/Santini, pp. 975 et seqq.
 
14
Cf. Guinard, pp. 4 et seqq.
 
15
Mattern/Flörkemeier, pp. 109-112; cf. also Chaouchi, p. 25; OECD, Digital Outlook, 2015, pp. 240 et seqq.
 
16
Greengard, pp. 37 et seqq.
 
17
Chappell, pp. 585 et seqq.; cf. also IETF, IPv6 standard.
 
18
Guinard et al., p. 97; Mattern/Flörkemeier, pp. 108-110; Mayer, pp. 7 et seqq.; cf. also Höller et al., pp. 70-72; Mayer/Guinard/Trifa, unpaginated.
 
19
Cf. Mayer, p. 8; cf. also IERC, IoT Report, 2015, pp. 19 et seqq.
 
20
Botero/Chaouchi, p. 139; cf. also Lehpamer, pp. 54 et seqq.; Polenz, pp. 12 et. seqq.; OECD, Digital Outlook, 2015, pp. 240 et seqq. Newer technologies supplement RFID’s ability to identify things (e.g., image-based identification of objects).
 
21
In particular combined with other technologies, such as the widespread availability of smartphones, RFID tags changed the way everyday devices are addressed. Cf. Greengard, pp. 34 et seqq.
 
22
Goel/Hong, p. 1.
 
23
Geisler, unpaginated; Wagner, pp. 206-212.
 
24
Peppet, p. 89, 92; Luxton et al., p. 137; Thierer, pp. 1 et seqq.; PEW Tracking for Health, 2013.
 
25
Another similar technology is NFC. NFC is a two-way communication protocol and useful for interactions, such as payments or public transport. For example, toll-systems, or transportation passes (e.g., Japan’s Suica card) rely NFC technology. Cf. OECD, Digital Outlook, 2015, p. 249.
 
26
Botero/Chaouchi, p. 130; Juels/Rivest/Szydlo, p. 103; Kerr, p. 337; Langheinrich, RFID, pp. 340-341; Lee et al., p. 237; Mattern, IoT, p. 55; Polenz, pp. 7 et seqq.
 
27
Polenz, pp. 48 et seqq.
 
28
Cf. in particular Kerr, pp. 337-338; Lampe/Flörkemeier/Haller, pp. 70 et seqq.; Leenes/Koops, Code, pp. 183 et seqq.; Polenz, pp. 48 et seqq.
 
29
Botero/Chaouchi, pp. 139-140; Juels/Rivest/Szydlo, p. 103.
 
30
Botero/Chaouchi, pp. 139-140.
 
31
EDÖB, Swiss Pass Opinion, 2016.
 
32
Cf. Polenz, pp. 86 et seqq.
 
33
Thiesse, pp. 366-370, describes the public discourse and discovers a repeating pattern between action and reaction (i.e., companies that announce the implementation of RFID tags in their latest products and corresponding reaction of anti-RFID tags organizations), leading often to the removal of the tags by the companies. Cf. also Catuogno/Turchi, p. 207 with further references; Langheinrich, RFID, pp. 329 et seqq.; Leenes/Koops, Code, pp. 186 et seqq.; Polenz, pp. 19 et seqq.
 
34
The WP 29 published a working document on RFID in 2005. This working document is a first assessment report of the RFID environment. Cf. also Cuijper/Purtova/Kosta, p. 561 with reference to WP 29, Revised Opinion on PIA for RFID, 2011 (prior WP 29, Opinion on PIA for RFID, 2010).
 
35
WP 29, Working document on RFID, 2005, pp. 9-11.
 
36
WP 29, Working document on RFID, 2005, pp. 12-13.
 
37
Cf. WP 29, Opinion on PIA for RFID, 2010; WP 29, Revised Opinion on PIA for RFID, 2011.
 
38
EC, Recommendation on RFID, 2009.
 
39
According to the EC this sign should contain information on the “identity of the operator and a point of contact for individuals to obtain the information policy for the application.” Cf. EC, Recommendation on RFID, 2009, p. 50.
 
40
EC, Recommendation on RFID, 2009, pp. 50-51. Note that the goal of increasing transparency when it comes to the data processing via “chips” is also reflected in national data protection acts of EU member states such as the German Fedreal Data Protection Act (BDSG). The BDSG included in 2011 a provision on “mobile storage and processing media for personal data” (provision § 6c), which had RFID tags in mind when drafted. Cf. Simitis/Scholz, § 6c, marginal No. 5 et seqq.
 
41
ISO is based in Geneva and their standards are universal. ISO standards are widely supported in Europe (compared to the EPC standards more widely supported in the US), cf. Lehpamer, p. 105.
 
42
Cf. EPC Global, RFID Gen. 2 standard which defines physical and logical requirements of RFID systems. According to Botero/Chaouchi, p. 136 most RFID manufacturers have implemented this EPC Global standard.
 
43
For an overview over the common RFID standards published by the ISO cf. Botero/Chaouchi, pp. 134-136, Lampe/Flörkemeier/Haller, pp. 82-84, and Lehpamer, pp. 105 et seqq. Cf. also RAND, IoT Report, 2012, pp. 56 et seqq.
 
44
Lehpamer, p. 105.
 
45
Lehpamer, p. 119. Cf. ISO/IEC 18000 standard series which define operations of various RFID technologies for item management using different frequency ranges.
 
46
WP 29, Working document on RFID, 2005, pp. 15-17.
 
47
Cf. Juels/Molnar/Wagner, pp. 74 et seqq.; Juels/Rivest/Szydlo, p. 105; Karygiannis/Eydt/Phillips, p. 552; Suzuki/Ohkubo/Kinoshita, p. 635.
 
48
A similar sledgehammer approach is the carrying of devices that actively transmit radio signals in order to interrupt or disturb the operation of close-by RFID readers. Juels/Rivest/Szydlo, p. 105 who also note that this approach may be illegal, especially if the broadcast power is too high.
 
49
Gollakota et al., pp. 2 et seqq.
 
50
Gollakota et al., p. 4.
 
51
Langheinrich, RFID, pp. 347-348.
 
52
Karygiannis/Eydt/Phillips, pp. 556-557.
 
53
Juels/Rivest/Szydlo, p. 104; Langheinrich, RFID, p. 341; cf. also Lehpamer, pp. 290-291.
 
54
Cf. Juels/Rivest/Szydlo, p. 104; Langheinrich, RFID, pp. 341-343.
 
55
Langheinrich, RFID, pp. 341-343.
 
56
Cf. Juels/Rivest/Szydlo, p. 104; Langheinrich, RFID, pp. 342-343.
 
57
This technical solution was introduced by Weis et al., pp. 206-208; cf. also Juels/Rivest/Szydlo, p. 105.
 
58
Cf. Langheinrich, RFID, pp. 344-346; Suzuki/Ohkubo/Kinoshita, p. 636; Weis et al., pp. 206-208.
 
59
Langheinrich, RFID, p. 343.
 
60
OECD, Digital Outlook, 2015, p. 261; cf. Papakonstantinou/Kloza, p. 42 on the benefits smart grids for utility provider and users.
 
61
By 2020, the member states must roll out smart meters in roughly 80% of the households. Cf. Directive 2009/72/EC in Annex 1 Para. 2; OECD, Digital Outlook, 2015, p. 261.
 
62
Papakonstantinou/Kloza, p. 41.
 
63
Wells, p. 29; Papakonstantinou/Kloza, p. 41 stating that: “[B]y contrast, a traditional meter records the amount of electricity or gas used over a time period and can potentially distinguish between peak and off-peak hours based on a clock.”; cf. also Rahman/Oo, p. 112. Note Directive 2004/22/EC defines utility “supplier of electricity, gas, heat, or water” in Annex I.
 
64
Wells, p. 29; Rahman/Oo, p. 110.
 
65
Rahman/Oo, p. 113.
 
66
Rahman/Oo, p. 110; Wagner, p. 218.
 
67
Rahman/Oo, p. 110. To a certain extent financial incentives schemes already exists without smart meters (e.g., with lower energy prices over night), however, the hope is to further optimize such schemes; Wagner, p. 218.
 
68
Cavoukian/Polonetsky/Wolf, pp. 283-284; Fhom/Bayarou, p. 235; Garcia/Jacobs, pp. 228-229; Quinn, pp. 9 et seqq.; cf. also Beckel et al., unpaginated; Kleiminger/Beckel/Santini, pp. 975 et seqq.
 
69
Garcia/Jacobs, p. 229; cf. also Beckel et al., unpaginated; Kleiminger/Beckel/Santini, pp. 975 et seqq.
 
70
The Third Energy Package consists of a bundle of Directives that promote an efficient EU gas and electricity market.
 
71
Since 2006 the EU has set in motion a legal framework to ensure efficient end-use of energy. The Directive 2006/32/EC set energy saving targets and created conditions that promote efficient delivery and end-use of energy. Cf. Art. 1 Directive 2006/32/EC. The Directive 2006/32/EC was repealed by the newer Directive 2012/27/EU, which follows the same overall objectives as its predecessor from 2006, namely the shift to a more “energy-efficient economy” accelerated by “the spread of innovative technological solutions.” Cf. Recital 1 of the Directive 2012/27/EU.
 
72
Cf. Art. 3(11) Directive 2009/72/EC.
 
73
Art. 9(2)(e) Directive 2012/27/EU.
 
74
Art. 9(2)(a) Directive 2012/27/EU; Art. 9 Directive 2012/72/EC lays the basic requirements of metering infrastructure.
 
75
Art. 9(2)(b) Directive 2012/27/EU.
 
76
Directive 2004/22/EC, Annex I, Para. 8(2) and 8(3) states that hardware components as well as software that are “critical for metrological characteristics” must be secured. Additionally, measurement data must be protected “against accidental or intentional corruption,” cf. Directive 2004/22/EC, Annex I, Para. 8(4). Annex MI-003 also sets the minimum retention period of 4 months for electricity information measured by an electrical meter, cf. Directive 2004/22/EC, Annex MI-003, Para. 5(3).
 
77
See Papakonstantinou/Kloza, pp. 53-57 for a commentary of non-binding recommendations and opinions. Cf. also the final report of the CEN/CENELEC/ETSI Joint Working Group on Standards for Smart Grids, 2011 which provides an overview over all existing standards related to smart energy architectures. It takes into account the initiatives of the Smart Grid Task Force.
 
78
Art. 4 of the EC Recommendation on Smart Metering 2012 states that such an assessment must include a description of “the envisaged processing operations, an assessment of the risks to the rights and freedoms of data subjects, the measures envisaged to address the risks, safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with Directive 95/46/EC.”
 
79
The first DPIA template by the Smart Grid Task Force was criticized by the WP 29. The WP 29 raised in particular concerns vis-à-vis “lack of clarity on the nature and objectives of the DPIA, certain methodological flaws as well as the lack of sector-specific content.” Cf. Papakonstantinou/Kloza, p. 101; cf. also WP 29, Opinion on DPIA, 2013, pp. 6 et seqq.; Kloza/van Dijk/De Hert, pp. 26-31. This criticism led the Smart Grid Task Force to revisit its template and improve it.
 
80
Smart Grid Task Force, DPIA Template 2014, pp. 21-22.
 
81
Smart Grid Task Force, DPIA Template 2014, pp. 21-22; cf. also Kloza/van Dijk/De Hert, pp. 29-31; Papakonstantinou/Kloza, pp. 101-107.
 
82
Smart Grid Task Force, DPIA Template 2014, p. 23.
 
83
Smart Grid Task Force, DPIA Template 2014, p. 27.
 
84
Smart Grid Task Force, DPIA Template 2014, p. 33; cf. also Kloza/van Dijk/De Hert, pp. 29-31; Papakonstantinou/Kloza, pp. 101-107.
 
85
Smart Grid Task Force, DPIA Template 2014, p. 35; cf. also Kloza/van Dijk/De Hert, pp. 29-31; Papakonstantinou/Kloza, pp. 101-107.
 
86
Based on the individual user-created ID/password various authorization levels to utilize one or more functions or features of smart meters can be assigned to the user. Cf. IEEE 1686-2013, p. 7; cf. also Chap. 6.
 
87
IEEE 1686-2013, p. 7.
 
88
IEEE 1686-2013, p. 8.
 
89
IEEE 1686-2013, pp. 11-12.
 
90
Note that typically, data collected via smart meter is transmitted to the utility provider via Internet Protocols, such as TCP/IP or UDP/IP. Cf. Rahman/Oo, p. 117. Another transportation medium are traditional (copper cable) power lines (cf. here Aichele/Doleski, p. 27) or radio frequency. When data is transmitted via radio frequency, smart meters must be equipped with a transceiver to send and receive data. The data is either sent through other meters via a mesh network to an aggregator or sent directly. The former often use unregulated bands (e.g., ZigBee technology), while the latter includes GSM-based technologies. Cf. Wells, p. 29.
 
91
Goel/Hong, pp. 7-8; cf. also Ali/Azad/Khorshed, pp. 179-180.
 
92
Ali/Azad/Khorshed, p. 174 et seqq.
 
93
Cf. Fhom/Bayarou, pp. 237-239 on security measures for smart grids.
 
94
Goel/Hong, p. 34; cf. also Cavoukian/Polonetsky/Wolf, p. 282.
 
95
Goel and Hong differentiate between two types of aggregation methods for smart meter data: (1) spatial aggregation, and (2) temporal aggregation. Spatial aggregation means that the smart meter data is aggregated by geographical locations. Here the “sum of meter readings of a larger grid segment is transmitted to the data recipients such as the smart grid control center, instead of the meter readings of single household.” Temporal aggregation aggregates the data of a single meter over a longer period. Such temporal aggregation is useful only when the readings from an individual meter are important, such as for billing purposes. Cf. Goel/Hong, p. 34.
 
96
Goel/Hong, p. 34.
 
97
Kursawe/Danezis/Kohlweiss, p. 175.
 
98
Peppet, p. 98; cf. also Park/Chung/Jayaraman, pp. 8 et seqq. on the attributes of wearables; Luxton et al., pp. 140-141.
 
99
They can also be embedded directly into smartphones, cf. Thierer, p. 21.
 
100
Gasser, p. 347; cf. also Greengard, pp. 38-39.
 
101
Cf. Greengard, pp. 37-40.
 
102
Peppet, pp. 98 et seqq.
 
103
E.g., Scanadu Scout, or HAPIfork which measures the pace of eating habits. Cf. Peppet, pp. 100-104.
 
104
E.g., Fitbit, Jawbone and Nike FuelBand bracelets, or similarly Apple, Samsung, or Microsoft smartwatch series, as well as Basis sport watches. Other wearables are e.g., UVeBand, or W/Me bracelets.
 
105
E.g., Mimo Baby Monitor shirts. Cf. Peppet, pp. 88 et seqq.
 
106
E.g., Lifebeam helmet, or Melon or Muse meditation assistant headbands. Cf. Peppet, pp. 88 et seqq.
 
107
E.g., DuoSkin a smart tattoo <http://​duoskin.​media.​mit.​edu/​> (last visited November 2016); Abilify MyCite, the first digital pill the Food and Drug Administration in the USA approved, cf. Belluck, NYT, 2017.
 
108
Cf. Peppet, pp. 88 et seqq. with further references.
 
109
Cf. Peppet, p. 88 with further references; cf. also Park/Chung/Jayaraman, pp. 11 et seqq.; WP29, Opinion on IoT, 2014, p. 5.
 
110
Peppet, pp. 99-104; cf. also Thierer, pp. 31 et seqq.
 
111
WP 29, Opinion on IoT, 2014, p. 5.
 
112
Haggin, WSJ, 2016.
 
113
Greengard, pp. 155-159.
 
114
Cf. on biohacking Thierer, pp. 34 et seqq. with further references.
 
115
Greengard, p. 158 in particular.
 
116
Note other rights exists in the healthcare context, e.g., Directive 2011/24/EC. However, the Directive 2011/24/EC applies only when health care professionals (defined in Art. 2 as doctors, nurses, responsible for general care, or similar) are involved. The quantified-self movement does typically not involve such health care professionals.
 
117
Recital 38 Directive 95/46/EC.
 
118
WP 29, Opinion on apps on smart devices, 2013, pp. 24-25; cf. also Code of Conduct mHealth, version 2016.
 
119
WP 29, Opinion on apps on smart devices, 2013, p. 24; cf. also Code of Conduct mHealth, version 2016.
 
120
WP 29, Opinion on apps on smart devices, 2013, p. 24; cf. also Code of Conduct mHealth, version 2016.
 
121
WP 29, Opinion on apps on smart devices, 2013, p. 25; cf. also Code of Conduct mHealth, version 2016.
 
122
WP 29, Opinion on apps on smart devices, 2013, pp. 18-21; cf. also Code of Conduct mHealth, version 2016.
 
123
Cf. Abstract of ISO 27799: 2008.
 
124
Cf. Abstract of ISO 27799: 2008.
 
125
Cf. also Greengard, pp. 38 et seqq.
 
126
Talos relys on the design of CryptDB (for more, see Chap. 6). CryptDB was designed with Web application in mind and performs all en- and decryption processes at the client-side. It does so, by using “a trusted proxy which intercepts the communication and applies en-/decryption” processes. CryptDB relies on the use of a trusted proxy—which has access to the keys and plaintext—and employs relatively expensive cryptographic schemes. Therefore, CryptDB is not best suitable for Internet of Things applications and devices with relatively low processing powers and memory. As a result, but relying on the design of CryptDB, Shafagh et al. propose Talos, a system for encrypted query processing for Internet of Things devices. Cf. Shafagh et al., p. 198; cf. also Popa et al., pp. 85 et seqq.
 
127
In Talos, Shafagh et al. further optimize the employed homomorphic encryption schemes in order to overcome the bandwidth, storage, and energy constraints still common in smart devices. Cf. Shafagh et al., pp. 197 et seqq.
 
128
Jensen/Lu/Yiu, pp. 35 et seqq.
 
129
Ardagna et al., pp. 315 et seqq.; Jensen/Lu/Yiu, pp. 33 et seqq.; Nissenbaum, Trust, p. 113; Zhang/Huang, pp. 159 et seqq.
 
130
Jensen/Lu/Yiu, p. 33; cf. also Ardagna et al., pp. 316-317.
 
131
Jensen/Lu/Yiu, p. 33.
 
132
Jensen/Lu/Yiu, p. 36; cf. also Pfitzmann et al., p. 38.
 
133
Jensen/Lu/Yiu, p. 45; cf. also Ardagna et al., pp. 315 et seqq.
 
134
Jensen/Lu/Yiu, pp. 45-46.
 
135
Jensen/Lu/Yiu, p. 46; Kato et al., p. 254.
 
136
Kato et al., pp. 249 et seqq.; cf. also Ardagna et al., pp. 315 et seqq. elaborating on different techniques for location privacy protection.
 
Literatur
Aichele, C. & Doleski, O. (2013). Einführung in den Smart Meter Rollout. In C. Aichele & O. Doleski (Eds.), Smart Meter Rollout (3-40). Heidelberg: Springer.CrossRef
Ali, S., Azad, S. & Khorshed, T. (2013). Securing the Smart Grid: A Machine Learning Approach. In A. Shawkat (Ed.), Smart Grids—Opportunities, Developments, and Trends (pp. 169-198). Berlin: Springer.
Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S. & Samarati, P. (2008). Privacy-Enhancing Location Service Information. In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, S. di Vimercatiet (Eds.), Digital Privacy—Theory, Technologies, and Practices (pp. 307-326). New York: Auerbach Publications.
Beckel, C., Sadamori, L., Santini, S. & Staake, T. (2015). Automated Customer Segmentation Based on Smart Meter Data with Temperature and Daylight Sensitivity. Proceedings of the 6th IEEE International Conference on Smart Grid Communications, Miami, USA, unpaginated.
Botero, O. & Chaouchi, H. (2010). RFID Applications and Related Research Issues. In H. Chaouchi (Ed.), The Internet of Things: Connecting Objects to the Web (pp. 129-156). London: ISTE Ltd. / New Jersey: John Wiley & Sons.CrossRef
Cavoukian, A., Polonetsky, J. & Wolf, C. (2010). Smart Privacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation. Identity in the Information Society, 3(2), 275-294.CrossRef
Chaouchi, H. (2010). Introduction to the Internet of Things. In H. Chaouchi (Ed.), The Internet of Things—Connecting Objects to the Web (pp. 1-33). London: ISTE Ltd. / Indianapolis: John Wiley & Sons.CrossRef
Chappell, L. (2007). Guide to TCP/IP (3rd edition), Boston: Thomson Course Technology.
Cuijpers, C., Purtova, N. & Kosta, E. (2014b). Data protection reform and the Internet: the draft Data Protection Regulation. In A. Savin & J. Trzaskowski (Eds.), Research Handbook on EU Internet Law (pp. 543-568). Cheltenham: Edward Elgar.
Garcia, F. & Jacobs, B. (2010). Privacy-friendly energy-metering via homomorphic encryption. Proceedings of the International Workshop on Security and Trust Management, Athens, Greece. Published in Lecture Notes in Computer Science, Vol. 6710, 226-238. <https://​doi.​org/​10.​1007/​978-3-642-22444-7_​15>
Gasser, U. (2015). Perspectives on the Future of Digital Privacy. Rechtsfragen im digitalen Zeitalter. Schweizerischer Juristentag 2015, ZSR Band 134 II, 337-448.
Goel, S. & Hong, Y. (2015). Security Challenges in Smart Grid Implementation. In S. Goel, Y. Hong, V. Papakonstantinou & D. Kloza (Eds.), Smart Grid Security (pp. 1-40). Heidelberg: Springer.
Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D. & Fu, K. (2011). They can hear your heartbeats: non-invasive security for implantable medical devices. Proceedings of the ACM SIGCOMM, Toronto, Ontario, Canada. Printed in ACM Computer Communication Review Newsletter, 41(4), 2-13. <https://​doi.​org/​10.​1145/​2018436.​2018438>CrossRef
Greengard, S. (2015). The Internet of Things. Cambridge: MIT Press.
Guinard, D. (2011). A Web of Things Application Architecture—Integrating the Real-World into the Web. Dissertation, ETH Zurich, No. 19891.
Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S. & Boyle, D. (2014). From Machine-to-Machine to the Internet of Things: Introduction to a New Age of Intelligence. Amsterdam: Elsevier.
Jensen, C., Lu, H. & Yiu, M.L. (2009). Location Privacy Techniques in Client-Server Architectures. In C. Bettini, S. Jajodia, P. Samarati & X. S. Wang, Privacy in Location-Based Applications, Vol. 5599 of the Series Lecture Notes in Computer Science (pp 31-58). Heidelberg: Springer.CrossRef
Juels, A., Rivest, R. & Szydlo, M. (2003). The blocker tag: Selective blocking of RFID tags for consumer privacy. Proceedings of the 10th ACM conference on Computer and communications security, Washington D.C., USA, 103-111. <https://​doi.​org/​10.​1145/​948109.​948126>
Karygiannis, A., Eydt, B. & Phillips, T. (2008). Practical Steps for Securing RFID Systems. In S. Ahson & M. Ilyas (Eds.), RFID Handbook, Applications, Technology, Security, and Privacy (pp. 533-571). London: CRC Press.
Kato, R., Iwata, M., Hara, T., Suzuki, A., Xie, X., Arase, Y. & Nishio, S. (2012). A dummy-based anonymization method based on user trajectory with pauses. Proceeding of the 20th International Conference on Advances in Geographic Information Systems, Redondo Beach, California, 249-258. <https://​doi.​org/​10.​1145/​2424321.​2424354>
Kerr, I. (2009). The Internet of People? Reflections on the Future Regulation of Human-Implantable Radio Frequency Identification. In I. Kerr, C. Steeves & V. Lucock (Eds.), Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society (pp. 335-357). Oxford: University Press.
Kleiminger, W., Beckel, C. & Santini, S. (2015). Household Occupancy Monitoring Using Electricity Meters. Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2015), Osaka, Japan, 975-986. <https://​doi.​org/​10.​1145/​2750858.​2807538>
Kloza, D., van Dijk, N. & De Hert, P. (2015). Assessing the European Approach to Privacy and Data Protection in Smart Grids—Lessons for Emerging Technologies. In F. Skopik & P. Smith (Eds.), Smart Grid Security: Innovative Solutions for a Modernized Grid (pp. 11-47). Amsterdam: Elsevier.CrossRef
Kursawe, K., Danezis, G. & Kohlweiss, M. (2011). Privacy-Friendly Aggregation for the Smart-Grid. In S. Fischer-Hübner & N. Hopper (Eds.), Privacy Enhancing Technologies (pp. 175-191). Heidelberg: Springer.CrossRef
Lampe, M., Flörkemeier, C. & Haller, S. (2005). Einführung in die RFID-Technologie. In E. Fleisch & F. Mattern (Eds.), Das Internet der Dinge, Ubiquitous Computing und RFID in der Praxis—Visionen, Technologien, Anwendungen, Handlungsanleitungen (pp. 69-86). Heidelberg: Springer.
Langheinrich, M. (2005). Die Privatsphäre im Ubiquitous Computing—Datenschutzaspekte der RFID-Technologie. In E. Fleisch & F. Mattern (Eds.), Das Internet der Dinge, Ubiquitous Computing und RFID in der Praxis—Visionen, Technologien, Anwendungen, Handlungsanleitungen (pp. 329-362). Heidelberg: Springer. (cited: RFID)
Lee, Y.K., Batina, L., Singelee, D., Preneel, B. & Verbauwhede, I. (2010). Anti-counterfeiting, Untraceability and Other Security Challenges for RFID Systems—Pubic-Key-Base Protocols and Hardware. In A.R. Sadeghi & D. Naccache (Eds.), Towards Hardware-Intrinsic Security—Foundations and Practice (pp. 237-257). Heidelberg: Springer.CrossRef
Leenes, R. & Koops, B.J. (2006). Code and Privacy or How Technology is Slowly Eroding Privacy. In E. Dommering & L. Asscher (Eds.), Coding Regulation—Essays on the Normative Role of Information Technology (pp. 141-203). The Hague: T.M.C. Asser Press. (cited: Code)
Lehpamer, H. (2012). RFID Design Principles (2nd edition). Boston: Artech House.
Luxton, D., June, J., Sano, A. & Bickmore, T. (2016). Intelligent Mobile, Wearable, and Ambient Technologies for Behavioral Health Care. In D. Luxton (Ed.), Artificial Intelligence in Behavioral and Mental Health Care (pp. 137-162). Amsterdam: Elsevier.CrossRef
Mattern, F. & Flörkemeier, C. (2010). Vom Internet der Computer zum Internet der Dinge. Informatik-Spektrum, 33(2), 107-121. (English version: From the Internet of Computers tot he Internet of Things. In K. Sachs, I. Petrov & P. Guerrero (Eds.), From Active Data Management to Event-Based Systems and More (pp. 242-259). Heidelberg: Springer.)
Mattern, F. (2005). Die technische Basis für das Internet der Dinge. In E. Fleisch & F. Mattern (Eds.), Das Internet der Dinge, Ubiquitous Computing und RFID in der Praxis—Visionen, Technologien, Anwendungen, Handlungsanleitungen (pp. 39-66). Heidelberg: Springer. (cited: IoT)
Mayer, S. (2014). Interacting with the Web of Things. Dissertation, ETH Zurich, No. 22203.
Misra, S., Maheswaran, M. & Hashmi, S. (2017). Security Challenges and Approaches in Internet of Things, Briefs in Electrical and Computer Engineering. Heidelberg: Springer.CrossRef
Nissenbaum, H. (2001). Securing trust online: Wisdom or oxymoron? Boston University Law Review, 81(3), 101-131. (cited: Trust)
Papakonstantinou, V. & Kloza, D. (2015). Legal Protection of Personal Data in Smart Grid and Smart Metering Systems from the European Perspective. In S. Goel, Y. Hong, V. Papakonstantinou & D. Kloza (Eds.), Smart Grid Security (pp. 41-129). Heidelberg: Springer.
Park, S., Chung, K. & Jayaraman, S. (2014). Wearables: Fundamentals, Advancements, and a Roadmap for the Future. In E. Sazonov & M. Neuman (Eds.), Wearable Sensors, Fundamentals, Implementation and Applications (pp. 1-23). Amsterdam: Elsevier.
Peppet, S. (2014). Regulating the Internet of Things: First Steps Towards Managing Discrimination, Privacy, Security & Consent. Texas Law Review, 93, 85-176.
Pfitzmann, A., Juschka, A., Stange, A.K., Steinbrecher, S. & Köpsell, S. (2008). Communication Privacy. In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, S. di Vimercatiet (Eds.), Digital Privacy—Theory, Technologies, and Practices (pp. 19-46). New York: Auerbach Publications.
Polenz, S. (2009). RFID-Techniken und Datenschutzrecht—Perspektiven der Regulierung. Dissertation, Technische Universität Chemnitz.
Popa, R.A., Redfield, C., Zeldovich, N. & Balakrishnan, H. (2011). CryptDB: protecting confidentiality with encrypted query processing. Proceedings of the 23rd ACM Symposium on Operating Systems Principles, Cascais, Portugal, 85-100. <https://​doi.​org/​10.​1145/​2043556.​2043566>
Rahman, M. & Oo, A. (2013). Smart Meter. In A. Shawkat (Ed.), Smart Grids—Opportunities, Developments, and Trends (pp. 109-133). Berlin: Springer.
Shafagh, H., Hithnawi, A., Dröscher, A., Duquennoy, S. & Hu, W. (2015). Talos: Encrypted Query Processing for the Internet of Things. Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems, Seoul, South Korea, 197-210. <https://​doi.​org/​10.​1145/​2809695.​2809723>
Simitis, S. (2014). Bundesdatenschutzgesetz Kommentar (8. Auflage). Baden-Baden: Nomos. (cited: Author, article, marginal No.)
Suzuki, K., Ohkubo, M. & Kinoshita, S. (2008). Cryptographic Approaches to RFID Security and Privacy. In: S. Ahson & M. Ilyas (Eds.), RFID Handbook, Applications, Technology, Security, and Privacy (pp. 631-641). London: CRC Press.
Thierer, A. (2015). The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation. Richmond Journal of Law & Technology, 21(6), 1-118.
Thiesse, F. (2005). Die Wahrnehmung von RFID als Risiko für die informationelle Selbstbestimmung. In E. Fleisch & F. Mattern (Eds.), Das Internet der Dinge, Ubiquitous Computing und RFID in der Praxis—Visionen, Technologien, Anwendungen, Handlungsanleitungen (pp. 363-378). Heidelberg: Springer.
Wagner, F. (2012). Datenschutz in Connected Homes. In F. Peters, H. Kersten & K.D. Wolfenstetter (Eds.), Innovativer Datenschutz (pp. 205-242). Berlin: Duncker & Humbolt.
Weis, S., Sarma, S., Rivest, R. & Engels, D. (2004). Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In D. Hutter, G. Müller, W. Stephan & M. Ullmann (Eds.), Security in Pervasive Computing (pp. 201-212). (Revised selected papers from the First International Conference, Boppard, Germany). Heidelberg: Springer.CrossRef
Weiser, M. (1991). The Computer for the 21st Century. Scientific American, 265(3), 94-104.CrossRef
Wells, Q. (2013). Smart Grid Home (international edition). New York: Cengage Learning.
Wright, D., Gutwirth, S., Friedewald, M., Vildjiounaite, E. & Punie, Y. (2008), Safeguards in a World of Ambient Intelligence. Heidelberg: Springer.
Zhang, C. & Huang, Y. (2009). Cloaking locations for anonymous location based services: a hybrid approach. GeoInformatica, 13(2), 159-182.CrossRef
Metadaten
Titel
Privacy Protection in an Internet of Things Environment
verfasst von
Aurelia Tamò-Larrieux
Copyright-Jahr
2018
Buch
Designing for Privacy and its Legal Framework

Print ISBN: 978-3-319-98623-4

Electronic ISBN: 978-3-319-98624-1

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-98624-1_4

Premium Partner

    Bildnachweise