On Lo­ca­tio­nal Pri­va­cy in the Ab­sence of An­ony­mous Pay­ments

Til­man Frosch, Sven Schä­ge, Mar­tin Goll, Thors­ten Holz

Gut­wirth, S., Lee­nes R., P. De Hert and Y. Poul­let, Data pro­tec­tion on the Move. Cur­rent De­ve­lop­ments in ICT and Pri­va­cy/Data Pro­tec­tion. Sprin­ger (forth­co­ming, 2015), Dord­recht.


Ab­stract

In this paper we deal with the si­tua­ti­on that in cer­tain con­texts ven­dors have no in­cen­ti­ve to im­ple­ment an­ony­mous pay­ments or that exis­ting re­gu­la­ti­on prevents com­ple­te cust­o­m­er an­ony­mi­ty. While the paper di­s­cus­ses the pro­blem also in a ge­ne­ral fa­shion, we use the re­ch­ar­ging of elec­tric ve­hi­cles using pu­blic char­ging in­fra­struc­tu­re as a wor­king ex­amp­le. Here, cust­o­m­ers leave ra­ther de­tai­led mo­ve­ment trails, as they au­then­ti­ca­te to char­ge and the whole pro­cess is post-paid, i.e., are bil­led after con­sump­ti­on. In an at­tempt to en­force trans­pa­ren­cy and give cust­o­m­ers the in­for­ma­ti­on ne­cessa­ry to dis­pu­te a bill they deem in­ac­cu­ra­te, Ger­ma­ny and other Eu­ropean coun­tri­es re­qui­re to re­tain the ID of the en­er­gy meter used in each char­ging pro­cess. Si­mi­lar in­for­ma­ti­on is also re­tained in other ap­p­li­ca­ti­ons, where Point of Sales ter­mi­nals are used. While this hap­pens in the cust­o­m­ers' best in­te­rest, this in­for­ma­ti­on is a lo­ca­ti­on bound token, which com­pro­mi­ses cust­o­m­ers' lo­ca­tio­nal pri­va­cy and thus al­lows for the crea­ti­on of ra­ther de­tai­led mo­ve­ment pro­files. We adapt a ca­re­ful­ly cho­sen group si­gna­tu­re sche­me to match these legal re­qui­re­ments and show how mo­dern cryp­to­gra­phic me­thods can re­u­ni­te the, in this case, con­flic­ting re­qui­re­ments of trans­pa­ren­cy on the one hand and lo­ca­tio­nal pri­va­cy on the other. In our so­lu­ti­on, the user's iden­ti­ty is ex­pli­cit­ly known du­ring a tran­sac­tion, yet the user's lo­ca­ti­on is con­cea­led, ef­fec­tive­ly hin­de­ring the crea­ti­on of a mo­ve­ment pro­fi­le based on fi­nan­ci­al tran­sac­tions.

[pdf]

Tags: E-Mo­bi­li­ty, eu­ropean char­ging in­fra­struc­tu­re, group si­gna­tu­res, Lo­ca­ti­on Pri­va­cy, lo­ca­tio­nal pri­va­cy, mo­ve­ment pro­files