Abstract
After publishing data on the Internet, the data publisher loses control over it. However, there are several situations where it is desirable to remove published information. To support this, the European Union proposed the General Data Protection Regulation (GDPR) which states that providers must remove the data when the corresponding owner requests it. However, the data might already have been copied by third parties. Therefore, Article 17 of the GDPR includes the regulation that the provider must also inform all third parties about the users request. Hence, the providers would need to track every access, which is hard to achieve. This technical infeasibility is a gap between the legislation and the current technical possibilities. To close this gap, we propose a novel service which gives the data owner the possibility to inform simultaneously all providers about her removal request.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Camera & Imaging Products Association Exchangeable Image File Format for Digital Still Cameras: Exif Version 2.3. Technical report, CIPA DC-008-2010 & JEITA CP-3451B Standard (2010)
Backes, J., Backes, M., Dürmuth, M., Gerling, S., Lorenz, S.: X-pire!-a Digital Expiration Date for Images in Social Networks. arXiv preprint arXiv:1112.2649 (2011)
Backes, M., Gerling, S., Lorenz, S., Lukas, S.: X-pire 2.0: a user-controlled expiration date and copy protection mechanism. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1633–1640. ACM (2014)
Castelluccia, C., De Cristofaro, E., Francillon, A., Kaafar, M.-A.: Ephpub: toward robust Ephemeral Publishing. In: 2011 19th IEEE International Conference on Network Protocols (ICNP), pp. 165–175. IEEE (2011)
European Commission. Factsheet on the “Right to be Forgotten” Ruling (C-131/12). http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf. Accessed 20th May 2015
European Commission. Proposal for a Regulation of the European Parliament, of the Council on the Protection of Individuals with Regard to the Processing of Personal Data, on the Free Movement of Such Data (General Data Protection Regulation), January 2012. http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf. Accessed 20th May 2015
Dabek, F., Li, J.,Sit, E., Robertson, J., Kaashoek, M.F., Morris, R.: Designing a DHT for low latency and high throughput. In: NSDI, vol. 4, pp. 85–98 (2004)
Dierks, T., Rescorla, E.: RFC 5246: The Transport Layer Security (TLS) Protocol. The Internet Engineering Task Force (2008)
Druschel, P., Backes, M., Tirtea, R.: The Right to Be Forgotten - Between Expectations and Practice (2011). http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be-forgotten. Accessed 20th May 2015
Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. J. Cryptology 1(2), 77–94 (1988)
Galperin, S., Santesson, S., Myers, M., Malpani, A., Adams, C.: X. 509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSpP (2013)
Geambasu, R., Kohno, T., Levy, A.A., Levy, H.M.: Vanish: increasing data privacy with self-destructing data. In: USENIX Security Symposium, pp. 299–316 (2009)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: Proceedings of the Seventeenth Annual ACM Symposium on Theory of Computing, pp. 291–304. ACM (1985)
Google European Privacy Requests for Search Removals (2014). http://www.google.com/transparencyreport/removals/europeprivacy/?hl=en-US. Accessed 20th May 2015
Gopalakrishnan, V., Silaghi, B., Bhattacharjee, B., Keleher, P.: Adaptive replication in peer-to-peer systems. In: Proceedings of the 24th International Conference on Distributed Computing Systems, pp. 360–369. IEEE (2004)
Hine, J.H., Dagger, P.: Securing distributed computing against the hostile host. In: Proceedings of the 27th Australasian Conference on Computer Science, vol. 26, pp. 279–286. Australian Computer Society Inc. (2004)
Jandt, S., Kieselmann, O., Wacker, A.: Recht auf Vergessen im Internet - Diskrepanz zwischen rechtlicher Zielsetzung und technischer Realisierbarkeit? Datenschutz und Datensicherheit (DuD) 37(4), 235–241 (2013)
Krawczyk, H., Canetti, R., Mihir Bellare, H.: Keyed-hashing for Message Authentication (1997). https://tools.ietf.org/html/rfc2104. Accessed 20th May 2015
Liu, Q., Safavi-Naini, R., Sheppard, N.P.: Digital rights management for content distribution. In: Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers, vol. 21, pp. 49–58. Australian Computer Society Inc. (2003)
Maymounkov, P., Mazières, D.: Kademlia: a peer-to-peer information system based on the XOR metric. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 53–65. Springer, Heidelberg (2002)
Mockapetris, P.: RFC 1034: Domain Names - Concepts and Facilities (1987)
Court of Justice of the European Union. Judgment in Case C-131/12. Press Release No 70/14, May 2014
Rainie, L., Kiesler, S., Kang, R., Madden, M.: Anonymity, privacy, and security online. Pew Research Center (2013)
Ruef, M.: Erfolgreicher Angriff gegen X-pire!, January 2011. http://www.scip.ch/?labs.20110131. Accessed: 20th May 2015
Stoica, I., Morris, R., Karger, D., Kaashoek, F.M., Balakrishnan, H.: Chord: a scalable peer-to-peer lookup service for internet applications. ACM SIGCOMM Comput. Commun. Rev. 31(4), 149–160 (2001)
Venkatesan, R., Koon, S.-M., Jakubowski, M.H., Moulin, P.: Robust image hashing. In: 2000 Proceedings of the International Conference on Image Processing, vol. 3, pp. 664–666. IEEE (2000)
Wacker, A., Schiele, G., Schuster, S., Weis, T.: Towards an authentication service for peer-to-peer based massively multiuser virtual environments. Int. J. Adv. Media Commun. 2(4), 364–379 (2008)
Wang, Q., Daudjee, K., Özsu, M.T.: Popularity-aware prefetch in P2p range caching. Peer-to-Peer Netw. Appl. 3(2), 145–160 (2010)
Wolchok, S., Hofmann, O.S., Heninger, N., Felten, E.W., Halderman, J.A., Rossbach, C.J., Waters, B., Witchel, E.: Defeating vanish with low-cost sybil attacks against large DHTs. In: NDSS (2010)
Acknowledgment
This work has been co-funded by the Social Link Project within the Loewe Program of Excellence in Research, Hessen, Germany.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Kieselmann, O., Kopal, N., Wacker, A. (2016). A Novel Approach to Data Revocation on the Internet. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management, and Security Assurance. DPM QASA 2015 2015. Lecture Notes in Computer Science(), vol 9481. Springer, Cham. https://doi.org/10.1007/978-3-319-29883-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-29883-2_9
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29882-5
Online ISBN: 978-3-319-29883-2
eBook Packages: Computer ScienceComputer Science (R0)