Head Belly Root
Notes Privacy Is Hard Creative Commons License
Chapter 7

Privacy And Security Are A Zero-Sum Game

  1. Parts of this chapter are based on earlier materials: J.-H. Hoepman, "Revocable Privacy," XOT (blog), November 21, 2008.
  2. M. Smith and M. Green, "A Discussion of Surveillance Backdoors: Effectiveness, Collateral Damage and Ethics," February 5, 2016.
  3. This is not the case for Bitcoin; see S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System" (October 31, 2008). Bitcoin (and most of the other cryptocurrencies) records all transactions between merely pseudonymous accounts on a public distributed ledger. These pseudonymous accounts are easily linked to their actual owners using a few basic heuristics. See S. Meiklejohn et al., "A Fistful of Bitcoins: Characterizing Payments among Men with no Names," in Proceedings of the 2013 Internet Measurement Conference IMC 2013, ed. K. Papagiannaki, P. Krishna Gummadi, and C. Partridge (New York: ACM, 2013), 127–140; S. Goldfeder et al., "When the Cookie Meets the Blockchain: Privacy Risks of Web Payments via Cryptocurrencies," arXiv:1708.04748 (2017).
  4. At least for handling transactions. Obtaining cash and depositing cash still involves a bank or some kind of intermediary.
  5. For a colorful description of David's background and work, see S. Levy, Crypto: How the Code Rebels Beat the Government: Saving Privacy in the Digital Age (New York: Viking Press, 2001).
  6. D. Chaum, "Blind Signatures for Untraceable Payments," in Advances in Cryptology—CRYPTO, ed. D. Chaum, R. L. Rivest, and A. T. Sherman (New York: Plenum Press, 1982), 199–203.
  7. Chaum, "Security without Identification."
  8. D. Chaum, A. Fiat, and M. Naor, "Untraceable Electronic Cash," in Advances in Cryptology—CRYPTO '88, 8th Annual International Cryptology Conference, ed. S. Goldwasser (Berlin: Springer, 1988), 319–327.
  9. J.-H. Hoepman, "Distributed Double Spending Prevention," in 15th Int. Workshop on Security Protocols 2007, ed. B. Christianson et al. (Berlin: Springer, 2010), 152–165.
  10. Wikipedia, "DigiCash," last modified December 30, 2019.
  11. J.-H. Hoepman, "Revocable Privacy," ENISA Quarterly Review 5, no. 2 (June 2009): 16–17; W. Lueks, M. Everts, and J.-H. Hoepman, "Revocable Privacy: Principles, Use Cases, and Technologies," in Annual Privacy Forum (APF 2015) (Berlin: Springer, 2016), 124–143.
  12. Like the corresponding legal concept of traceable anonymity, coined by Daniel Solove. See D. J. Solove, "The Virtues of Anonymity," New York Times, March 11, 2016.
  13. L. Lessig, Code and Other Laws of Cyberspace (New York: Basic Books, 1999).
  14. Lueks, Everts, and Hoepman, "Revocable Privacy: Principles, Use Cases, and Technologies."
  15. A. Shamir, "How to Share a Secret," Communications of the ACM 22, no. 11 (1979): 612–613.
  16. Chaum's work was highly influential, and Stadler explored the concept further in his PhD thesis back in 1996: M. Stadler, "Cryptographic Protocols for Revocable Privacy" (PhD thesis, Swiss Federal Institute of Technology, Zürich, 1996). More recent examples of revocable privacy approaches include limiting the amount a person can spend at a single merchant while remaining anonymous or revoking anonymity of users that do not pay their bill at a merchant. See J. Camenisch, S. Hohenberger, and A. Lysyanskaya, "Balancing Accountability and Privacy Using E-Cash (Extended Abstract)," in Security and Cryptography for Networks 2006, 5th International Conference, ed. R. D. Prisco and M. Yung (Berlin: Springer, 2006); J. Camenisch, T. Groß, and T. S. Heydt-Benjamin, "Rethinking Accountable Privacy Supporting Services: Extended Abstract," in Proceedings of the 4th Workshop on Digital Identity Management, ed. E. Bertino and K. Takahashi (New York: ACM, 2008), 1–8.
  17. D. Galindo and J.-H. Hoepman, "Non-interactive Distributed Encryption: A New Primitive for Revocable Privacy," in ACM Workshop on Privacy in the Electronic Society 2011, ed. Y. Chen and J. Vaidya (New York: ACM, 2011), 81–92; W. Lueks, J.-H. Hoepman, and K. Kursawe, "Forward-Secure Distributed Encryption," in Privacy Enhancing Technologies—14th International Symposium, PETS, ed. E. D. Cristofaro and S. J. Murdoch (Amsterdam: Springer, 2014), 123–142.
  18. See Wikipedia
  19. It blocks editing of pages over Tor in general, for example. See Wikipedia, "Wikipedia: Advice to Users Using Tor," last modified May 21, 2019. It allows the creation of pseudonymous accounts, but it does log the IP addresses through which such accounts are accessed: Wikipedia, "Wikipedia: Wikipedia Is Anonymous," last modified April 17, 2019. The title of that page is really a misnomer; Wikipedia is pseudonymous at best.
  20. W. Lueks, M. Everts, and J.-H. Hoepman, "Vote to Link: Recovering from Misbehaving Anonymous Users," in ACM Workshop on Privacy in the Electronic Society 2016, ed. E. R. Weippl, S. Katzenbeisser, and S. D. C. di Vimercati (New York: ACM, 2016), 111–122.