Privacy in the next generation Internet: Data Protection in the context of the European Union Policy, PhD Thesis

Published 3 Dec 2002 by Alberto Escudero Pascual

bulletDownload: escuderoa-PhD-20021030.pdf

With the growth in social, political and economic importance of the Internet, it has been recognized that the underlying technology of the next generation Internet must not only meet the many technical challenges but must also meet the social expectations of such a pervasive technology.

As evidence of the strategic importance of the development of the Internet, the European Union has adopted a communication to the Council and the European Parliament focusing on the next generation Internet and the priorities for action in migrating to the new Internet protocol IPv6 and also a new Directive (2002/58/EC) on 'processing of personal data and protection of privacy in the electronic communication sector'. The Data Protection Directive is part of a package of proposals for initiatives which will form the future regulatory framework for electronic communications networks and services. The new Directive aims to adapt and update the existing Data Protection Telecommunications Directive (97/66/EC) to take account of technological developments. However, it is not well undersood how this policy and the underlying Internet technology can be brought into alignment.

This dissertation builds upon the results of my earlier licentiate thesis by identifying three specific, timely, and important privacy areas in the next generation Internet: unique identifiers and observability, privacy enhanced location based services, and legal aspects of data traffic.

Each of the three areas identified are explored in the eight published papers that form this dissertation. The papers present recommendations to technical standarization bodies and regulators concerning the next generation Internet so that this technology and its deployment can meet the specific legal obligations of the new European Union data protection directive.

In summary, the eight papers of this dissertation show:

  • how eavesdroppers will be able to identify and track packets that belong to a particular node and the limitations of the privacy extension for stateless address autoconfiguration which in fact fails to provide privacy.
  • a network architecture that provide unlinkability between a user's personal identifiable information and location information.
  • a critical review of the policy initiatives to extend traditional powers of lawful access to communications traffic data and the European Union Data Protection Telecommunications Directive.

The dissertation concludes by presenting future work identified based on examining these three different areas.

Keyword(s): Anonymity, Location Privacy, Policy, Privacy, Security, Wireless,