From Democratie.Nu
Jump to navigationJump to search

Privacy preserving electronic petitions

30 June 2008

Abstract. We present the design of a secure and privacy preserving e-petition system that we have implemented as a proof-of-concept demonstrator. We use the Belgian e-ID card as source of authentication, and then proceed to issue an anonymous credential that is used to sign petitions. Our system ensures that duplicate signatures are detectable, while preserving the anonymity of petition signers. We analyze the privacy and security requirements of our application, present an overview of its architecture, and discuss the applicability of data protection legislation to our system. .....

Assuming that citizens possess electronic e-ID cards (as is the case in Belgium), an obvious way to implement e-petitions is to have citizens sign them using the key pair available on their e-ID card. However, such a solution is problematic from a privacy point of view. The e-ID public key certicate (needed to verify the digital signature) contains a lot of information about the holder of the card, such as her name, National Registry Number, and date of birth. Revealing all this information for the purposes of signing a petition would definitely be against the data minimization principle, which is the legal philosophy underpinning data protection regulation. Data minimization constitutes that minimal amounts of personal data may be processed, but only in as far as strictly necessary for legitimate purposes. In other words, processing of data must be adequate, relevant and not excessive in relation to the purposes of collection and processing.

Additional data protection issues arise when the petitions allow sensitive information to be derived about the user, the processing of which is in general prohibited by data protection legislation. As discussed in Sect. 7, such information can relate|among other categories of data|to political opinions, religious or philosophical beliefs, all of which are considered as \sensitive personal data" in the European Directive of Data Protection [EC, 1995]. ......