Word
Action number 13205 Last updated 13/12/2011 12:27:26 Year 2012
Title Citizen Digital Footprint
Acronym CIDIPRINT
Type Action
Url
Institute JRC.G Institute for the Protection and Security of the Citizen (Ispra)
Leader MAHIEU Vincent JRC.G.7   E-Mail
Thematic Area TA6 - Security and crisis management
TA6.HLO3 - Assess new and emerging Information and Communication Technologies (ICT), their impact, and associated risks for the European Citizen
1 Prosperity in a Knowledge intensive society
1.4 Information Society

INFSO - Information Society and Media
JRC - Joint Research Centre
JUST - Justice
MOVE - Mobility and Transport


ENISA - European Network and Information Security Agency
ISO - International Organization for Standardization (ISO)
MS EU - Member states EU
UN ECE - UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE

INFSO - Information Society and Media
JUST - Justice
MOVE - Mobility and Transport


ENISA - European Network and Information Security Agency
ETSI - European Telecommunications Standards Institute (ETSI)
Smart Environment, Trust and Security, Digital Confidence, Mobile Applications, Privacy and Data Protection, Data Lifecycle, Information and Communication Technologies, ICT public awareness and acceptance, Social Networking, Digital Foot Print, Digital Shadow, Digital Evidence, Ad-hoc networks, User Profiling, Risk Assessment and Analysis, Scenario Analysis, Cloud computing, In-Vehicle Secured Systems, Digital Tachograph, e-Driving License, Professional Drivers identification, Privacy Enhancing Technologies (PETS), Privacy-by-Design principles.
Rationale
The action has been created in 2011 to assess new and emerging Information and Communication Technologies (ICT) in respect to their impact and associated risks for the European Citizen. It has the clear intention to identify ways and measures to protect the citizen against cyber-related threats. In this context, the action will address some of the key challenges put forward in the Communication from the Commission 'A Digital Agenda from Europe', in particular the action areas 2.3 Trust and Security and also the action area 2.1 a vibrant digital single market.

While interacting online or mobile with digital information systems, the citizen is creating a steadily increasing trail of personal and individual data. These data are recorded and possibly archived somewhere, owned by someone, and potentially used in various ways. Most of the time, the citizen is, to some extent, aware of this and actively contributing to the data generation and collection. The existence of citizen’s digital footprints may lead to further potentially unexpected and unwanted processing with unforeseeable consequences for the citizen and the society at large.

The rise of mobile communication and applications, of online communities and of social networking together with more diffused geo-location services, augment the risks of misusing these data, and the vulnerability of the citizen. Citizens will find themselves exposed to unintended use of their digital footprints. This reality calls for a systematic scenario-based assessment of the impacts of these emerging technologies and societal trends on the citizen.

The Digital Agenda communication states also that if the citizen trust in digital applications and interactions is not or no more guaranteed (e.g. if derived use of his data is felt as an intrusion), then the use and development of the whole digital single market is at risk.

The borderless nature off digital transactions and communications to which the citizen is exposed in our days calls for a multi-disciplinary approach, where the JRC can play a key role in the definition of international standards and best practice guidelines, including the deployment of privacy-enhancing technologies as well as development based on privacy-by-design. This will be in synergy or complementary to rules, practices, public awareness programs, and legal framework in standard situations. But will also become relevant when it comes to identify liabilities and accountability in case of incidents.
Summary of the activity
The intent of CIDIPRINT is to assess the impact of the digital society on the citizens from a safety and security perspective, and propose measures and recommendations having a tangible impact on regulatory options.To do so, it is intended to apply classical risk analysis methodologies to these safety and security threats, also to develop a demonstration capacity (CIDIPRINT demo room) and contribute to standards definition. These assessments should take into account existing principles of privacy and data protection law, especially the purpose of collection of information, its necessity, and proportionality.

The Action will focus on the following 2 areas:

1: Mobile Applications and Services – This area includes typically applications executed on mobile devices (e.g. phones, tablets). Examples are mobile payments and mobile cloud interfaces. Typical cyber threats such as surveillance, traceability, sniffing and eavesdropping or denial of service will be considered.

2: In–vehicle Secured Systems – Support to the implementation of the digital tachograph (a secured mandatory in-vehicle recording equipment of drivers’ activities) and its technical evolution (e.g. short range communication, Geo-location, stronger security, and interface with other in-vehicle platforms dealing with security or enforcement aspects).


The Action intends to apply and develop for its research a simple analysis scheme based on the following 3 elements:

1: Digital identification between Citizen and Processes - Who is involved?
2: Citizen Digital Data - What information is dealt with?
3: Digital Processing - How is the information processed?

These 3 basic stages are almost always present when a user interact with the digital society, and contain all specific risks.

Digital Identification covers questions such as: Is the interacting profile the right one (the right individual)? Is the service or application provider also the correct one? It covers also issues connected to stolen profiles, identities, credentials, authentication and security protocols.

Citizen Digital Data relates to the individual data and encompasses aspects like data protection, data security, data access and rights and the data lifecycle. Also the growing concern regarding secondary or derived use of data (user profiling, behavioural engineering…).

Digital Processing looks at the large variety of interaction processes that allow a digital profile (citizen) to interact and create data that can be re-processed: mobile applications, cloud services, use of smart cards, RFID tags and e-payments.

To support this analysis scheme, the action will develop a demonstration capacity. Therefore, a specific effort will be dedicated to the CIDIPRINT demo room, in order to create in a controlled laboratory environment the conditions to reveal and study possible risks as described above.

The objectives 2012 for the action have been structured in the following way:

Objective 1 and 2 relate to a set of deliverable combining the 3 elements of our approach and focus on the citizen footprint privacy and security exposure in the area “Mobile Applications and Services”

Objective 3 covers the area “In–vehicle Secured Systems” and relates to the continuous support the action is providing to the DG MOVE regarding the digital tachograph and his coming technical evolution-extension.


 
  1
ICT Impact on the security and privacy of the citizen: evaluation of specific impacts related to digital processes in mobile applications
Deliverable  1.1
Edition of a report to assess a set of Digital Footprint Scenarios. The report will study the Digital Footprint Risks for the citizen using risk assessment techniques. It will include the analysis of users' identification issues such as the use of Universal Integrated Circuit Card to secure data in cloud storage and the analysis of possible profiling techniques in the context of behavioural engineering.
21/12/2012
JRC Scientific Support - Scientific and policy reports
Digital Agenda for Europe
TypeYearNumberTitle
COM 2010245 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee, and the Committee of the Regions: A Digital Agenda for Europe - COM(2010)245 final/2
JRC - Joint Research Centre
Deliverable  1.2
Joint analysis paper in collaboration with ENISA on the impact of cloud computing on citizens privacy and security.
27/07/2012
JRC Scientific Support - Scientific and policy reports
Digital Agenda for Europe
INFSO - Information Society and Media
JRC - Joint Research Centre
ENISA - European Network and Information Security Agency
Deliverable  1.3
Feasibility study to explore the possibility to extend coming European Cyber Exercises with a Data Protection or Citizen Data Breach dimension
21/12/2012
JRC Scientific Support - Scientific and policy reports
Digital Agenda for Europe
JRC - Joint Research Centre
JUST - Justice
ENISA - European Network and Information Security Agency
MS EU - Member states EU
  2
Lifecycle of citizen Digital Data: to deepen the understanding of where and how the citizen individual data are at risk.
Deliverable  2.1
Technical note on the life cycle of the use of Radio Frequency Tags (RFID), in particular tag deactivation, in the supply chain. A case study will be carried out for textile and textile production with the option to review potential for fighting against product piracy.
21/12/2012
JRC Scientific Support - Scientific and policy reports
Digital Agenda for Europe
JRC - Joint Research Centre
Deliverable  2.2
Development a proposal of an application for mobile devices where the Citizen could perform a self-assessment on his mobile device to understand and raise awareness on the security level and exposure of his sensitive information. This proposal will focus on wireless communication such as Bluetooth and NFC in the context of mobile e-payment.
28/09/2012
JRC Scientific Support - Technical systems
Digital Agenda for Europe
Deliverable  2.3
Comparison of security tools and forensics analysis tools in the transition from IPv4 to IPv6.
21/12/2012
JRC Scientific Support - Scientific and policy reports
Digital Agenda for Europe
JRC - Joint Research Centre
Deliverable  2.4
Written contribution to the definition the ISO/IEC 27037 standard "Guidelines for identification, collection, acquisition, and preservation of digital evidence" with focus on mobile devices.
21/12/2012
JRC Scientific Support - Scientific and policy reports
Digital Agenda for Europe
ISO - International Organization for Standardization (ISO)
Deliverable  2.5
Assessment of essential threats in respect to the citizens digital footprint and possible misuse of citizen digital data regarding security and privacy (e.g. case-study on the protection regulatory framework of the Smart Grid reference architecture and of the list of Smart Meter functionalities). This will possibly occur in various types of demonstration events or ambient: CIDIPRINT demo room, on-site live experiments, international fairs or conferences.
21/12/2012
JRC Scientific Support - Technical systems
JRC - Joint Research Centre
  3
In-vehicle Secured Systems: support DG-Move in the implementation of the Digital Tachograph system and in the on-going revision process of the related regulation.
Deliverable  3.1
In the context of the DG MOVE support to the definition of the new annex 1B for the Digital Tachograph, a specific contribution to the project of increasing the security of the system (specific studies, edition of supporting technical documents, organization of meetings, preparation and participation to workshops).
21/12/2012
JRC Scientific Support - Scientific and policy reports
Digital Agenda for Europe
MOVE - Mobility and Transport
MS EU - Member states EU
UN ECE - UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE
Deliverable  3.2
In the context of the DG MOVE support to the definition of the new annex 1B for the Digital Tachograph, a specific contribution to the project of implementing a short range communication for controllers and of augmenting the tachograph with Global Navigation Satellite Systems (GNSS) features (specific studies, edition of supporting technical documents, organization of meetings, preparation and participation workshops).
21/12/2012
JRC contributions to policy documents
Digital Agenda for Europe
MOVE - Mobility and Transport
MS EU - Member states EU
Deliverable  3.3
In the context of the DG MOVE support to the definition of the new annex 1B for the Digital Tachograph, a specific contribution to the project of merging Professional Driver Cards with e-Driving Licenses (organization of meetings, workshops, edition of supporting technical documents).
21/12/2012
JRC contributions to policy documents
Digital Agenda for Europe
MOVE - Mobility and Transport
MS EU - Member states EU
Deliverable  3.4
In the context of the DG MOVE AA relating to the digital tachograph, to manage the transition due to the possible renewal of the MoU between DG MOVE - JRC - UNECE (extension of interoperability tests to other labs, collaboration with AETR...). Edition of technical supporting notes to assess the various options. Edition of the new MoU.
31/10/2012
JRC Scientific Support - Scientific and policy reports
MOVE - Mobility and Transport
UN ECE - UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE
Deliverable  3.5
Run the European Root Certification Authority (ERCA) and possibly improve the efficiency and the documentation of the procedures (evaluation of trusted courier alternative, use of second generation ERCA and documentation of it).
31/12/2012
JRC Scientific Support - Scientific information systems and databases
Digital Agenda for Europe
MOVE - Mobility and Transport
UN ECE - UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE
Deliverable  3.6
Perform Digital Tachograph (DT) interoperability tests and develop expertise and services in the evaluation of malfunctioning cards (MEBA collaboration, new card analysis software implementation, tests on tachograph cards aging).
31/12/2012
JRC Scientific Support - Validated methods, Reference methods and measurements
Digital Agenda for Europe
MOVE - Mobility and Transport
MS EU - Member states EU
UN ECE - UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE
  • Search by Keyword icon.help