Archive - 16th IFIP Summer School on Privacy and Identity Management 2021

16th IFIP Summer School in Esch-sur-Alzette

Call for Papers

“It’s complicated”: Exploring the relationship between cybersecurity and privacy, and improving training and awareness

The 16th IFIP Summer School on Privacy and Identity Management takes a holistic approach to society and technology, supporting interdisciplinary research exchange through keynote lectures, tutorials, workshops, and paper presentations.

In particular, we welcome contributions combining any of the following perspectives: anthropological, economic, ethical, historical, legal, media & communication, regulatory, sociological, surveillance, technical, philosophical, political, and psychological studies.

The IFIP Summer School encourages not only interdisciplinary but also broader diversity. It particularly welcomes submissions on how to foster gender and cultural balance in privacy research and policy, and notably tutorials and workshops about how to raise awareness in these matters.

Theme

Contributions dealing with the complex relations between cybersecurity and privacy are most welcome. Digital media and information technology became everyday commodities, peculating every aspect of society. Consequentially, privacy breaches might impair individual freedoms, democratic processes, and even information security. The latter becomes manifest as an increasing number of attacks on IT security are based on privacy breaches. Examples include CEO fraud, spear fishing, and leakage of consumer information like credit card details. Although there is a general consensus that security, privacy, and data protection are interrelated, the complexity of their relations has not yet been fully explored. Key questions include: What are the intersections, i.e., conflicts, overlaps or compliance challenges, between the different regulatory frameworks (e.g., GDPR, NIS Directive, PSD2, and forthcoming ePrivacy Regulation) affecting these three fields? How do they relate to technologies that protect ICT and its users (e.g., cryptography that can provide confidentiality and anonymity)? How can privacy and security be co-engineered, satisfying all by-design paradigms? What side-effects occur during such co-design? What are the possible societal consequences regarding citizen (dis)empowerment, surveillance, and human rights? A special focus of this School is placed on how to train and educate staff at all levels in industries dependent on ICT, e.g., cyber ranges and other training methods, as well as how to train the trainers (including the role of Data Protection Officers) in these efforts. Lastly, we encourage submissions dealing with outreach and awareness campaigns for the general public.

Four-phase review process

The research paper presentations and the workshops focus on involving students, and on encouraging the publication of high-quality, thorough research papers by students and young researchers. To this end, the School offers a four-phase review process for submitted papers.

Extended abstracts: at least 2 and at most 4 pages; from these submissions, the PC chairs select papers in the scope of the call for presentation.
A full length draft (up to 16 pages), in Springer LNCS format, is required to be submitted for accepted submissions before the Summer School. It will appear in the pre-proceedings.
Every Author will peer review up to two papers that are presented in the same session as their paper before the conference.
Before the second review phase, students have time to revise their papers taking into account the peer review of phase 3 and the discussion that took place at the Summer School. These revised, full papers are reviewed soon after the Summer School by Programme Committee members.

Based on these reviews, papers might be accepted, conditionally accepted, or rejected. Accepted and (after satisfactory revision) conditionally accepted papers will be included in the Summer School’s proceedings, which will be published by Springer.

Workshops are expected to last one or two hours and must generate short papers that recapitulate the outcome and the kinds of discussion raised in the School, for inclusion in the post-proceedings. Proposals should contain a 2-page statement summarising the topic(s) to be discussed and the expected contributions from the audience members, e.g. responding to a questionnaire or conducting a small experiment. Proposers should indicate whether any special equipment is needed for the workshop, such as audio-visual systems or computational equipment and support.

Tutorials are expected to last one or two hours. Proposals should contain a 2-page summary and state the level and background required for audience members to follow the tutorial.

Topics

Technical and Organisational Measures for Privacy and Security

‘by-design and default’ mechanisms for: privacy, value-sensitivity, ethics, human rights, impact and risk assessments, data protection on the ground
data breach notification and its side effects
integration of privacy and security into agile development
privacy-enhancing technologies (PETs) and transparency-enhancing technologies (TETs)
privacy and identity management (services, technologies, infrastructures, usability aspects, legal and socio-economic aspects)
privacy and security in citizens’ digital communications, online platforms platforms, e-mail and instant messaging
usable privacy & security

Metrics, Standards, Ethics and Norms

complementarity and friction between data subject rights, security, and privacy-by-design
interactions, i.e. compliance, overlaps and conflicts in challenges of cybersecurity and data protection norms (e.g., NIS directive, GDPR, PSD2, upcoming ePrivacy regulation)
privacy and security evaluation, metrics, certifications, certification mechanisms, auditing experiences, standards, and seals
privacy protection and, in particular, confidentiality of communications by both traditional players/incumbents and over the top media services
regulatory regimes and instruments, including ethical frameworks

Training and Education for Privacy and Security

awareness-raising, digital literacy and data (infrastructure) literacy – research ethics and approvals
social accountability
training and education methodologies, cyber ranges

Socio-technical perspectives on privacy and data protection

awareness, attitudes, skills and behaviour of citizens and organisations (including SMEs) regarding data privacy, surveillance, and (cyber)security
integrative approaches for diversity (gender, accessibility, economics)
relation between privacy, public values and AI-based systems, and (global) consequences for policy and society
socio-cultural practices, perspectives and (dis)trust by users/employees regarding data-driven technologies and data capture and processing, in various spheres of life (health, smart cities, banking, media, education)
data economy and ecosystems, new business models.

Why should I submit?

Accepted papers will receive thorough discussions during the School and provide students with an opportunity to be published in the IFIP AICT series by Springer. Students who present a paper can receive a course certificate awarding 3 ECTS points at the PhD level. Students whose papers were accepted as full papers for the proceedings, can receive a course certificate awarding 6 ECTS points at the PhD level. The certificate can state the topic of the paper so as to demonstrate its relationship (or otherwise) to the student’s master or PhD thesis. We encourage submissions from students from emerging economies: support is innovation history of being applied to from the IFIP Digital Equity Fund to ease student travel.

Last but not least, our modern campus embraces its rich history of innovation; monumental industrial sculptures remind visitors and residents alike that the place once gave home to the most modern steel works of the beginning twentieth century, later the first blast furnace of the Montanunion and now is turned into a modern city quarter that gives home to our young university.

Programme

Tue, 17.08.2021

Time	Track
9:00	Opening
9:15	Keynote: Kai Kimppa Ethical social engineering penetration testing – can it be done?
10:15	Break
10:30	Session: Informational self determination Violeta Vasileva Consistent Approach of Research for User’s Cyber Awareness, Identity Management and Proposal for Solution in Order to Enhance User’s Competencies in Public Cyberspace Rosalie Waelen A loss of informational control due to facial recognition technology: ethical and societal implications Alexander Richter and Delphine Reinhardt Exploration of Factors that can Impact the Willingness of Employees to Share Smart Watch Data with their Employers
12:00	Break
12:00	Session: Knowledge imbalances Mario Filipe Cavalcanti and Eneus Trindade Algorithms and data protection in Brazilian television advertising. Joakim Kävrestad, Allex Hagberg, Robert Roos, Jana Rambusch and Marcus Nohlberg Including users with cognitive challenges in the design of usable privacy and security Marco Houben Weaponizing data processing agreements for addressing power asymmetry through digital platforms in education
14:00	Break
14:15	Tutorial: Michael Friedewald and Ina Schiering Implementing Data Protection Impact Assessments in Practice
15:15	End

Wed, 18.08.2021

Time	Track
9:00	Keynote: Sebastian Pape Serious Games for Security and Privacy Awareness
10:00	Break
10:15	Tutorial Felix Bieker The State of Surveillance
11:15	Break
10:15	Session: Finance and taxes Niklas Sommerer, Martin Latzenhofer and Stefan Schauer Measuring Privacy within the KRAKEN Database Myriam Clouet Towards a Generic Approach for Modeling and Verifying Properties for Preserving Privacy Elias Grünewald Cloud Native Privacy Engineering through DevPrivOps
14:30	Break
14:45	Workshop: Harry Halpin and Iness Ben Guirat Usability for Mixnets
15:45	End

Thu, 19.08.2021

Time	Track
9:00	Keynote: François Thill (Ministère de l’Économie, Directeur Cyber Sécurité) TBA
10:00	Break
10:15	Tutorial: Sandra Schmitz Are we all on the same page? On establishing a common understanding of the state of the art
11:15	Break
12:00	Session: Location privacy Tamara Stefanović and Silvia Ghilezan Privacy Challenges of Digital Contact Tracing Rémy Scholler, Jean-François Couchot, Oumaïma Alaoui-Ismaïli, Eric Ballot and Denis Renaud Observing road freight traffic from mobile network signalling data while respecting privacy and business confidentiality Amirhossein Adavoudi Jolfaei, Stefan Schiffner, Andy Rupp and Thomas Engel Systematic Literature Review on Privacy-Preserving Electronic Toll Collection
13:00	Break
13:30	Session: IoT and smart things Nathanaël Denis, Sophie Chabridon and Maryline Laurent Bringing Privacy, Security and Performance to the Internet of Things through Usage Control and Blockchains Jorge Pereira Campos The Dynamics of Data Donation: Smart City, e-Participation, and [Privacy] Risk
14:30	Break
15:00	Workshop: Jorge Bernal Bernabe, Jesus Garcia, Stephan Krenn, Vasia Liagkou, Antonio Skarmeta and Rafael Torres Privacy-Preserving Identity Management
16:00	End

Fri, 20.08.2021

Time	Track
9:00	Workshop: Felix Schaber Practical Privacy-by-Design Where It Matters Most: Analyzing the Whistleblower Submission System SecureDrop Using Systems Theory
10:00	Break
10:15	Session: e-Health Claudio Pighini, Alessio Vezzoni, Simone Mainini Andrea G., Migliavacca, Alessandro Montanari, Maria R. Guarneri, Enrico G. Caiani and Ambra Cesareo SynCare: an Innovative Remote Patient Monitoring System secured by Cryptography and Blockchain Aiste Gerybaite What do medical devices, data protection and cybersecurity all have in common? Exploring regulatory interplay in health IoE Yakini Tchouka, Jean-Francois Couchot, Christophe Guyeux and David Laiymani De-Identification of Medical Records for ICD-10 Codes Association Ramona Schmidt and Ina Schiering Gamification in mHealth – Opportunities and Privacy Risks
12:15	Break
12:30	Closing Keynote: Jakub Čegan (Masaryk University) Training Development in KYPO Cyber Range Platform
13:30	End of Event remarks and food for thoughts for the next year
13:45	End

Committee

Programme Chairs

Ina Schiering (Ostfalia University of Applied Sciences)
Michael Friedewald (Fraunhofer ISI)
Stephan Krenn (AIT Austrian Institute of Technology)

Steering Committee

Jan Camenisch (Dfinity, Switzerland)
Marit Hansen (ULD)
Anja Lehmann (Hasso Plattner Institute
Digital Engineering Faculty, University of Potsdam)
Ronald Leenes (Tilburg University)
Simone Fischer-Hübner (Karlstad University, Sweden)
Diane Whitehouse (The Castlegate Consultancy)
Charles Raab (University of Edinburgh)
Kai Rannenberg (Goethe University Frankfurt)

General Chair

Stefan Schiffner (University of Luxembourg)

Programme Committee

Kjetil Rommetveit (University of Bergen)
Jana Dittmann (Uni Magdeburg)
Florian Adamsky (Hof University of Applied Sciences)
Joachim Meyer (Tel Aviv University)
Henrich C. Pöhls (University of Passau)
Stefan Strauss (Austrian Academy of Sciences, Institute of Technology Assessment (ITA)
Diane Whitehouse (IFIP working group 9.2 on social accountability and ICT)
Jan Hajny (VUT Brno)
Delphine Reinhardt (University of Göttingen)
Christiane Kuhn (Karlsruhe Institute of Technology)
Jo Pierson (Vrije Universiteit Brussel)
Arnold Roosendaal (Privacy Company)
Stefan Katzenbeisser (University of Passau)
José M. Del Álamo (Universidad Politécnica de Madrid)
Josep Domingo-Ferrer (Universitat Rovira i Virgili)
Jani Koskinen (University of Turku)
Rose-Mharie Åhlfeldt (University of Skövde)
Paula Helm (Univeristy of Tübingen)
Kai Kimppa (University of Turku)
Meiko Jensen Kiel (University of Applied Sciences)
Sebastian Pape (Goethe University Frankfurt)
Simone Van Der Hof (Leiden University)
Robin Pierce (TILT Tilburg Law School)
Galina Ivanova (University of Ruse)
Dominik Herrmann (University of Bamberg)
Simone Fischer-Hübner (Karlstad University)
Maria Grazia Porcedda (Trinity College Dublin)
Sandra Schmitz (Université du Luxembourg)
Tobias Pulls (Karlstad University)
Sébastien Canard (Orange Labs)

Organizers

Organized by

In Cooperation with

Supported By