Security and privacy are not only general requirements of a society but also indispensable for innovative applications of social infrastructures. The aim is sustainable welfare of a society by improving its resilience. Initiatives for a data-centric society, e.g. Japan with Digital Japan Creation Project (ICT Hatoyama Plan), follow a technological approach based on cyber-physical systems (CPS) for an infrastructure with such data-centric services. Such adaptive IT systems should integrate heterogeneous systems for monitoring and coordinating economic and public domains of a society to automatically predict and prepare for known interferences even if not to response to and recover from unknown, inevitable ones in real-time. This flexibility requires availability of a sufficient amount of authentic personal data from different origins for the analyzing services implying disclosure of personal data to third parties, their aggregation, and secondary usage.
The key issues are neither availability of computing resources nor collection of personal data. Recent advances in technology make scalable data-centric services possible. Latest findings show a rise in welfare caused by personalized services accompanied by a decline of conservative understanding of the protection of personal data. While collection of personal data is of no real concern to most, their cross-domain usage including their secondary usage is. The key issue to be resolved is acceptable enforcement of agreed social and business rules for the usage of personal/sensitive data.
A common and unique default security policy is not appropriate for security and privacy by CPS connected via the Internet. Individual security requirements of all participants should be formalized, multilateral negotiated as well as acceptable enforced to achieve a balance between security and privacy for a broad part of a society. By the regulated German national eID infrastructure of the Perso (German ID card) it is possible to assign each citizen in Germany an electronic pseudonymized identity. Hence, security and privacy can be individualized as a prerequisite to enforce multilateral security.
The Federal Ministry of the Interior (BMI) funds the project PersoApp since April 2013. Based on this project partners from science and industry build an open source community over the next three years. The goal is to push forward the software development for using electronic identification based on the new ID card.
The consortium consists of
- AGETO Service GmbH
- Center for Advanced Security Research Darmstadt (CASED) (head of consortium)
- Fraunhofer Institute for Secure Information Technology (SIT)
- Technical University of Darmstadt
Supported by more than 40 national and foreign companies, data protection organizations, public authorities, and research organizations.