Overview of the CRC 1223

The dramatic rise of the Internet to the single most important medium on a global scale has been accompanied by dramatic changes in how it is used. When the CRC 1223 started, we observed that, on the one hand, billions of users rely on the Internet for their daily information, communication, business, education, and entertainment. On the other hand, despite the wide circulation of online data, despite how easy it was to access it and yet how difficult it was to permanently erase it, the online privacy of end users was a largely unsolved problem.

In a wide array of disciplines, ranging from image analysis to network security, the CRC 1223 established missing scientific foundations for the understanding of privacy and for the establishment of privacypreserving measures. In terms of understanding privacy, we investigated the consequences of disseminating image data, location data, hashtags, micro-posts and other, highly unstructured information that is dominating the online communication in our time. Our results explore the impact of how these media is used and propose countermeasures that are deployable in the here and now.

But we also explored the foundations of a new, privacy-aware Internet, where users and companies can assess and minimize the privacy risk involved in information storage and retrieval, for highly heterogeneous data and across different networks. We developed new technologies that can help users quantify their privacy, explain how their profile affects the stream of information they receive, and make informed choices concerning their privacy in a convenient, automated fashion. Other results target developers in avoiding privacy-critical bugs in their software by means of faster and more accurate software testing an information-flow analysis.

In terms of controlling privacy, we investigated state of the art proposals for anonymity in the web of today and devised novel techniques to preserve user anonymity. New, groundbreaking proposals in cryptography and protocol security are providing the foundation for privacy-preserving cloud computations. Advances in program analysis and cryptography-aware information-flow security call form the basis for new analysis techniques that rethink what information-flow control means in the mobile setting.

New, refined notions of privacy add necessary flexibility to established privacy notions and a new query language for the medical domain enables privacy-preserving sharing in databases that hold enormous amounts of sensitive information.

Group A: Understanding Privacy

Projects of group A will investigate the analysis of (leaks of) privacy-sensitive information in highly dynamic, heterogeneous settings, assessing the detrimental privacy impact incurred by user profiling and data dissemination. The central goal of this project group is to identify (potential) privacy threats, thus enabling users to take informed decisions and avoid privacy threats where possible.

Group B: Controlling Privacy

The projects in this group will investigate the comprehensive enforcement of the growing user privacy demands given the dynamics of present-day digital habitats in the Internet, as well as novel privacy-enhancing techniques for emerging technologies. The central goal of this project group is to provide improved privacy while preserving functionality to the extent possible.

Central Tasks

These two groups of research projects are complemented by a group that encompasses service-type projects for the whole CRC 1223: Infrastructure Support , and an Integrated Research Training Group for doctoral researchers.