ABSTRACT: The need for secure identity systems is growing in the digitalized society. However, these management systems are oftentimes privacy unfriendly. The attribute-based credential (ABC) technology is designed to be a privacy-friendly authentication method that aims to offer an alternative to the information overspill, a side effect of many contemporary authentication methods. So far, however, there has been little discussion about the wider implications of ABCs because they fall outside the normal research field of cryptographers and computer engineers. Extended interdisciplinary research on the societal and legal effects of ABCs is, therefore, gaining in relevance. This paper explores a range of these issues and shows that there are potential risks that require additional research before ABCs are introduced on a broader scale to society. An interdisciplinary research group writes this paper with a background in mathematics, law, computer science and philosophy.

KEYWORDS: Attribute-based credentials, Authentication, Identification, Data Minimisation, General Data Protection Regulation, Privacy by Design, Data Protection by Design, socio-technical analysis, legal analysis


Merel Koning

Merel Koning is a PhD-candidate at the Privacy and Identity Lab. Merel got a Masters degree from the Institute of Information Law of the Universiteit van Amsterdam. She is educated in the legal sciences and works in an interdisciplinary research environment at the digital security department of the computer science faculty of the Radboud University Nijmegen, the Netherlands. Merel is interested in fundamental rights enhancing technologies, including PETs. Her research is focused on intercontinental private to public personal data transfers in the field of law enforcement for surveillance purposes. Besides writing a thesis she leads a European wide investigation on the compliance of data brokers with EU data protection legislation.


Paulan Korenhof

Paulan Korenhof is a Ph.D student at the Tilburg Institute for Law, Technology and Society (TILT, Tilburg University) and at Privacy & Identity Lab (PI.Lab, a collaboration between Radboud University, SIDN, Tilburg University and TNO). She holds a masters degree in Public Law and Philosophy. Paulan is interested in the problems that digital information technologies can harbour for individuals. Her current research is focused on the World Wide Web as an external transactive memory and the so-called “Right to Be Forgotten” that aims to oppose this memory.


Gergely Alpár

Gergely Alpár is a PhD candidate in computer science; his main research interest is cryptography and privacy-enhancing identity management. He holds a masters degree in mathematics and education, and he is a Professional Doctorate in Engineering in applied mathematics. Gergely is an external member of the Privacy&Identity Lab where he organised several privacy discussions to stimulate multidisciplinary research. He was also the initiator of the first general attribute-based credential workshop (http://www.pilab.nl/ifip-summerschool-2013/workshops.html) where academic experts from all over Europe discussed future directions for the attribute-based credential technology. He is the (co)author of more than ten scientific papers, he has over 50 citations.


Jaap-Henk Hoepman

Jaap-Henk Hoepman (1966) is associate professor at the Digital Security group of the Radboud University Nijmegen, the Netherlands. He is also scientific director of the Privacy & Identity Lab. He studies privacy and identity management, focusing on the design of secure and privacy friendly protocols for the Internet of Things. He speaks on these topics at national and international congresses and publishes papers in (inter)national journals. He also appears in the media as security expert, and writes about his research in the popular press. He is actively involved in the public debate concerning security and privacy in our society. Amongst other things, Jaap-Henk is co-founder of the Privacy & Identity Lab, former member of the Executive Board of Trust in Digital Life, former chair of the IFIP working group 11.2 on “Pervasive System Security”, and former coordinator and co-founder of the Kerckhoffs Institute offering a master program in Computer Security.