Remembering Andreas Pfitzmann

Andreas Pfitzmann, head of the Privacy and Data Security Research group at Technische Universität Dresden, has died.  For more than 25 years he worked on privacy and multilateral security issues.  As Caspar Bowden puts it, “Andreas was the eminence grise of serious PET research in Europe, an extraordinarily decent person, and massively influential in the public policy of privacy technology in Germany and Europe.”

Those not familiar with his work should definitely read and use A terminology for talking about privacy by data minimization – a great contribution that gives us clearly defined concepts through which scientific understanding of privacy and multilateral security can move forward.

The obituary posted by Germany's Chaos Computer Club  reveals his impact on a community that extended far beyond the walls of the university:

The sudden and unexpected death of Professor Andreas Pfitzmann on 23rd September 2010 leaves a huge gap in the lives of all who knew him. Through both his work and approach, Prof. Pfitzmann set measurably high standards. He was one of a small group of computer scientists who always clearly put forward his soundly based and independent opinion. In his endeavours to foster cross-discipline interaction, he proved instrumental in shaping both technical and political discourses on anonymity and privacy issues in Germany – thus ensuring him a well-deserved international reputation. He always managed to cross the boundaries of his discipline and make the impact of technology comprehensible. His contributions to research in this regard remain eloquent and courageous, and his insistence on even voicing inconvenient truths means he will remain a role model for us all.

In his passing we recognise and mourn the loss of an outstanding scientist, unique in his stance as a defender of people’s basic rights of anonymity and the administration of information pertaining to themselves – both of which are basic prerequisites for a thriving democracy. None of us will ever forget his rousing lectures and speeches, or the ways he found to nurture experimental, enquiring thought amongst an audience.

In Andreas Pfitzmann, too many of our members have lost a dear friend and long-term inspirer. Our thoughts are firmly with his family, to whom we extend our deepest and most profound condolences.

 I too will miss both Andreas Pfitzmann and the great clarity he brought to any conversation he participated in.

U-Prove honored by International Association of Privacy Professionals

There was great news this week about the growing support for U-Prove Minimal Disclosure technology:  it received the top award in the technology innovation category from the International Association of Privacy Professionals – the world's largest association of privacy professionals.

BALTIMORE — September 30, 2010 — Winners of the eighth annual HP-International Association of Privacy Professionals (IAPP) Privacy Innovation Awards were recognized today at the IAPP Privacy Dinner, held in conjunction with the IAPP Privacy Academy 2010.  The honorees include Symcor, Inc., Minnesota Privacy Consultants, and Microsoft Corporation.

The annual awards recognize exceptional integration of privacy and are judged from a broad field of entries. This year’s winners were selected by a panel of private and public sector privacy experts including Allen Brandt, CIPP, Corporate Counsel, Chief Privacy Official, Graduate Management Admission Council; Joanne McNabb, CIPP, CIPP/G, Chief, California Office of Privacy Protection; Susan Smith, CIPP, Americas Privacy Officer, Hewlett-Packard Company; and Florian Thoma, Chief Data Protection Officer, Siemens AG.

“On behalf of more than 7,000 privacy professionals across 50 countries, we applaud this year’s HP-IAPP Privacy Innovation Award winners,” said IAPP Executive Director Trevor Hughes.  “At a time when privacy is driving significant conversation and headlines, this year’s results show how protecting privacy and assuring organizational success go hand-in-hand.”

“HP is pleased to sponsor an award that advances privacy worldwide,” said Hewlett Packard Company Americas Privacy Officer Susan Smith.

In the Large Organization category (more than 5,000 employees), Symcor, Inc. won for its “A-integrity Process,” which is designed to manage and protect sensitive financial information that is ultimately presented to customers in the form of client statements. As the largest transactional printer in Canada, Symcor provides statement-to-payment services for some of Canada’s major financial, telecommunications, insurance, utility and payroll institutions. A-integrity established a new standard in data protection with an industry-leading error rate of less than one per million statements produced. Symcor has been improving on this rate each year.  A robust privacy incident management process was also developed to standardize error identification and resolution. Symcor’s dedicated Privacy Office provides overall governance to the process and has instilled a deep culture of privacy awareness throughout the organization.

The winner in the Small Organization category (fewer than 5,000 employees), is Minnesota Privacy Consultants (MPC). MPC helps multinational corporations and government agencies operationalize their governance of personal data. The organization won for its Privacy Maturity Model (PMM), a benchmarking tool that evaluates privacy program maturity and effectiveness. Using the Generally Accepted Privacy Principles (GAPP) framework as the basis but recognizing that the GAPP does not provide for degrees of compliance and maturity of a privacy program, MPC cross-referenced the 73 subcomponents of the GAPP framework against the six “maturity levels” of the Capability Maturity Model (CMM) developed by Carnegie Mellon University. From this, the Privacy Maturity Model (PMM) was developed to define specific criteria and weighting to various control areas based on prevailing statistics in the areas of data breaches and security enforcement actions worldwide. The Innovation Award judges recognized MPC for its successful and sophisticated approach to a very difficult problem.

Microsoft Corporation received the honor in the Technology category for “U-Prove”, a privacy-enhancing identity management technology that helps enable people to protect their identity-related information. The technology is based on advanced cryptographic protocols designed for electronic transactions and communications. It was acquired by Microsoft in 2008 and released into Proof of Concept as well as donated to the Open Source community in 2010. U-Prove technology has similar characteristics of conventionally used technologies, such as PKI certificates and SAML tokens, with additional privacy and security benefits. Through a technique of minimal disclosure, U-Prove tokens enable individuals to disclose just the information needed by applications and services, but nothing more, during online transactions. Online service providers, such as businesses and governments that are involved in transactions with individuals cannot link or collect a profile of activities. U-Prove effectively meets the security and privacy requirements of many identity systems—most notably national e-ID schemes now being contemplated by world governments. U-Prove has already won the Kuppinger Cole prize for best innovation in European identity projects and is now this year’s recipient of the HP-IAPP Privacy Innovation Award in technology.

About the IAPP
The International Association of Privacy Professionals is the world's largest association of privacy professionals with more than 7,400 members across 50 countries. The IAPP helps to define, support and improve the privacy profession globally through networking, education and certification.  More information about the IAPP is available at www.privacyassociation.org.