Conflicts between privacy and property: The discourse in personal and organizational knowledge

The paper critically examines knowledge ownership when personal or organizational knowledge is transferred between individuals or between individuals and organizations. Employing a form of discourse analysis, we analyse the data from three complementary perspectives (international treaties and conventions on privacy and intellectual property, employment and merchant account contracts, and verdicts from knowledge-related legal cases) to unveil the conflicts between privacy and property rights. The results show a dialectical view where ownership shifts between the individual and the organization/community and therefore, the individual may or may not necessarily own what he knows.Privacy and property have been central issues in computational ethics for more than two decades. The use of information systems for strategic purposes offers new challenges for these established ethical concepts. Knowledge is not only a form of property governed by intellectual property law; it is also an individual attribute and, as part of the personality, it may be governed by privacy law. As a result, the dialectical view also shows that the ownership shift between the individual and the organization/community means that the organization may or may not necessarily own what it knows.     

Privacy and Commercial Use of Personal Data: Policy Developments in the United States

In the online and offline worlds, the value of personal information – especially information about commercial purchases and preferences – has long been recognised. Exchanges and uses of personal information have also long sparked concerns about privacy. Public opinion surveys consistently indicate that overwhelming majorities of the American public are concerned that they have lost all control over information about themselves and do not trust organisations to protect the privacy of their information. Somewhat smaller majorities favour federal legislation to protect privacy. Despite public support for stronger privacy protection, the prevailing policy stance for over thirty years has been one of reluctance to legislate and a preference for self‐regulation by business to protect privacy. Although some privacy legislation has been adopted, policy debates about the commercial uses of personal information have been dominated largely by business concerns about intrusive government regulation, free speech and the flow of commercial information, costs, and effectiveness. Public concerns about privacy, reflected in public opinion surveys and voiced by a number of public interest groups, are often discredited because individuals seem to behave as though privacy is not important. Although people express concern about privacy, they routinely disclose personal information because of convenience, discounts and other incentives, or a lack of understanding of the consequences. This disconnect between public opinion and public behaviour has been interpreted to support a self‐regulatory approach to privacy protections with emphasis on giving individuals notice and choice about information practices. In theory the self‐regulatory approach also entails some enforcement mechanism to ensure that organisations are doing what they claim, and a redress mechanism by which individuals can seek compensation if they are wronged. This article analyses the course of policy formulation over the last twenty years with particular attention on how policymakers and stakeholders have used public opinion about the commercial use of personal information in formulating policy to protect privacy. The article considers policy activities in both Congress and the Federal Trade Commission that have resulted in an emphasis on “notice and consent.” The article concludes that both individual behaviour and organisational behaviour are skewed in a privacy invasive direction. People are less likely to make choices to protect their privacy unless these choices are relatively easy, obvious, and low cost. If a privacy protection choice entails additional steps, most rational people will not take those steps. This appears logically to be true and to be supported by behaviour in the physical world. Organisations are unlikely to act unilaterally to make their practices less privacy invasive because such actions will impose costs on them that are not imposed on their competitors. Overall then, the privacy level available is less than what the norms of society and the stated preferences of people require. A consent scheme that is most protective of privacy imposes the largest burden on the individual, as well as costs to the individual, while a consent scheme that is least protective of privacy imposes the least burden on the individual, as well as fewer costs to the individual. Recent experience with privacy notices that resulted from the financial privacy provisions in Gramm‐Leach‐Bliley supports this conclusion. Finally, the article will consider whether the terrorist attacks of 11 September have changed public opinion about privacy and what the policy implications of any changes in public opinion are likely to be.     

How to assess privacy violations in the age of Big Data? Analysing the three different tests developed by the ECtHR and adding for a fourth one

It is commonly believed that privacy cases are resolved by balancing the private interest (e.g. personal autonomy) and the common interest (e.g. national security) involved with a particular privacy violation. Clearly, this approach no longer holds in the age of Big Data, in which massive amounts of personal data are gathered without a pre-established goal. Not only is the balancing test inapplicable because it is often unclear how certain data gathering and processing initiatives improve the societal interest, but it is also hard to demonstrate whether and if so how an individual has suffered from such massive data processing systems. Besides the balancing test, however, the European Court of Human Rights (ECtHR) applies two other tests when dealing with privacy issues. Both have an added value when applied to privacy violations following from Big Data processes. Still, if Article 8 of the European Convention on Human Rights (ECHR) is to retain its significance in the new technological environment, it might be necessary to develop a new test, the rudiments of which might already be found in the Court's case law.     

A novel approach for constructing privacy-aware architecture utilizing Shannon's entropy

The right to privacy refers to an individual's decision about how personal information can be gathered, utilized, and disseminated. Individual consent and openness are the most important foundations for gaining consumers' confidence, and this pushes businesses to use privacy-enhancing techniques while developing systems. The purpose of a privacy-aware design is to safeguard data in such a manner that it does not expand an adversary's current understanding of an individual beyond what would be permitted. When these data pieces are coupled with the plethora of source data accessible outside the system to identify a user, this becomes crucial. Individual privacy is protected by privacy rules all around the globe, but they are often complicated and ambiguous, making their translation into practical and technologically privacy-friendly structures difficult. The main contribution of this article is that we use Shannon's entropy (SE) to construct an objective measure that may guide our major technical design choices. And for privacy-aware architecture, simplifying the state-of-the-art security approaches given in the literature.     

Dimensionality of information disclosure behavior

In studies of people's privacy behavior, the extent of disclosure of personal information is typically measured as a summed total or a ratio of disclosure. In this paper, we evaluate three information disclosure datasets using a six-step statistical analysis, and show that people's disclosure behaviors are rather multidimensional: participants' disclosure of personal information breaks down into a number of distinct factors. Moreover, people can be classified along these dimensions into groups with different “disclosure styles”. This difference is not merely in degree, but rather also in kind: one group may for instance disclose location-related but not interest-related items, whereas another group may behave exactly the other way around. We also found other significant differences between these groups, in terms of privacy attitudes, behaviors, and demographic characteristics. These might for instance allow an online system to classify its users into their respective privacy group, and to adapt its privacy practices to the disclosure style of this group. We discuss how our results provide relevant insights for a more user-centric approach to privacy and, more generally, advance our understanding of online privacy behavior.     

The disclosure of private data: measuring the privacy paradox in digital services

Privacy is a current topic in the context of digital services because such services demand mass volumes of consumer data. Although most consumers are aware of their personal privacy, they frequently do not behave rationally in terms of the risk-benefit trade-off. This phenomenon is known as the privacy paradox. It is a common limitation in research papers examining consumers’ privacy intentions. Using a design science approach, we develop a metric that determines the extent of consumers’ privacy paradox in digital services based on the theoretical construct of the privacy calculus. We demonstrate a practical application of the metric for mobile apps. With that, we contribute to validating respective research findings. Moreover, among others, consumers and companies can be prevented from unwanted consequences regarding data privacy issues and service market places can provide privacy-customized suggestions.     

数据发布中的隐私保护研究综述*

如何在发布涉及个人隐私的数据时保证敏感信息不泄露,同时又能最大程度地提高发布数据的效用,是隐私保护中面临的重大挑战。近年来国内外学者对数据发布中的隐私保护（privacy-preserving data publishing,PPDP）进行了大量研究,适时地对研究成果进行总结,能够明确研究方向。对数据发布领域的隐私保护成果进行了总结,介绍了常用的隐私保护模型和技术、隐私度量标准和算法,重点阐述了PPDP在不同场景中的应用,指出了PPDP可能的研究课题和应用前景。     

Magentix2: A privacy-enhancing Agent Platform

Agent Platforms are the software that supports the development and execution of Multi-agent Systems. There are many Agent Platforms developed by the agent community, but they hardly consider privacy. This leads to agent-based applications that invade users’ privacy. Privacy can be threatened by two main information activities: information collection and information processing. Information collection can be prevented using traditional security mechanisms. Information processing can be prevented by minimizing data identifiability, i.e., the degree by which personal information can be directly attributed to a particular individual. However, minimizing data identifiability may directly affect other crucial issues in Multi-agent Systems, such as accountability, trust, and reputation. In this paper, we present the support that the Magentix2 Agent Platform provides for preserving privacy. Specifically, it provides mechanisms to avoid information collection and information processing when they are not desired. Moreover, Magentix2 provides these mechanisms without compromising accountability, trust, and reputation. We also provide in this paper an application built on top of Magentix2 that exploits its support for preserving privacy. Finally, we provide an extensive evaluation of the support that Magentix2 provides for preserving privacy based on that application. We specifically test whether or not privacy loss can be minimized by using the support that Magentix2 provides, whether or not this support introduces a bearable performance overhead, and whether or not existing trust and reputation models can be implemented on top of Magentix2.     

k-Anonymous data collection

To protect individual privacy in data mining, when a miner collects data from respondents, the respondents should remain anonymous. The existing technique of Anonymity-Preserving Data Collection partially solves this problem, but it assumes that the data do not contain any identifying information about the corresponding respondents. On the other hand, the existing technique of Privacy-Enhancing k-Anonymization can make the collected data anonymous by eliminating the identifying information. However, it assumes that each respondent submits her data through an unidentified communication channel. In this paper, we propose k-Anonymous Data Collection, which has the advantages of both Anonymity-Preserving Data Collection and Privacy-Enhancing k-Anonymization but does not rely on their assumptions described above. We give rigorous proofs for the correctness and privacy of our protocol, and experimental results for its efficiency. Furthermore, we extend our solution to the fully malicious model, in which a dishonest participant can deviate from the protocol and behave arbitrarily.     

Towards privacy-driven design of a dynamic carpooling system

Dynamic carpooling (also known as instant or ad-hoc ridesharing) is a service that arranges one-time shared rides on very short notice. This type of carpooling generally makes use of three recent technological advances: (i) navigation devices to determine a driver’s route and arrange the shared ride; (ii) smartphones for a traveller to request a ride from wherever she happens to be; and (iii) social networks to establish trust between drivers and passengers. However, the mobiquitous environment in which dynamic carpooling is expected to operate raises several privacy issues. Among all the personal identifiable information, learning the location of an individual is one of the greatest threats against her privacy. For instance, the spatio-temporal data of an individual can be used to infer the location of her home and workplace, to trace her movements and habits, to learn information about her centre of interests or even to detect a change from her usual behaviour. Therefore, preserving location privacy is a major issue to be able to leverage the possibilities offered by dynamic carpooling. In this paper we use the principles of privacy-by-design to integrate the privacy aspect in the design of dynamic carpooling, henceforth increasing its public (and political) acceptability and trust.     

Rationality-based beliefs affecting individual’s attitude and intention to use privacy controls on Facebook: An empirical investigation

Online social networking sites like Facebook provides a fast and easy way to connect with friends and family. Users need to post and share their personal information in order to get the best possible experiences on Facebook. However, the spreading of private information can also lead to serious and harmful issues. Therefore, privacy becomes an important component in the use of Facebook and it is the user’s responsibility to protect his or her profile. This study draws upon the theory of planned behavior and the rational choice theory to investigate the rationality-based beliefs affecting individual’s attitude and intention to use privacy controls on Facebook. The results show that individual’s attitude toward using privacy controls is influenced by benefit of using privacy controls, cost of using privacy controls, and cost of not using privacy controls. Further, benefits of using privacy controls is shaped by beliefs regarding intrinsic benefit and resource safety; cost of not using privacy controls is shaped by beliefs regarding resource vulnerability, threat severity, privacy risk and privacy intrusion; and cost of using privacy controls is shaped by beliefs about intrinsic cost and work impediment. Theoretical and practical implications of the findings are discussed in the paper.     

An effective approach for the protection of privacy text data in the CloudDB

Due to the advantages of pay-on-demand, expand-on-demand and high availability, cloud databases (CloudDB) have been widely used in information systems. However, since a CloudDB is distributed on an untrusted cloud side, it is an important problem how to effectively protect massive private information in the CloudDB. Although traditional security strategies (such as identity authentication and access control) can prevent illegal users from accessing unauthorized data, they cannot prevent internal users at the cloud side from accessing and exposing personal privacy information. In this paper, we propose a client-based approach to protect personal privacy in a CloudDB. In the approach, privacy data before being stored into the cloud side, would be encrypted using a traditional encryption algorithm, so as to ensure the security of privacy data. To execute various kinds of query operations over the encrypted data efficiently, the encrypted data would be also augmented with additional feature index, so that as much of each query operation as possible can be processed on the cloud side without the need to decrypt the data. To this end, we explore how the feature index of privacy data is constructed, and how a query operation over privacy data is transformed into a new query operation over the index data so that it can be executed on the cloud side correctly. The effectiveness of the approach is demonstrated by theoretical analysis and experimental evaluation. The results show that the approach has good performance in terms of security, usability and efficiency, thus effective to protect personal privacy in the CloudDB.     

Flexible sensitive K-anonymization on transactions

In recent years, privacy breaches have been a great concern on the published data. Only removing one’s personal identification information is not sufficient to protect individual’s privacy. Privacy preservation technology for published data is devoted to preventing re-identification and retaining the useful information in published data. In this work, we propose a novel algorithm to deal with sensitive and quasi-identifier items, respectively, in transactional data. The proposed algorithm maintains at least the same or a stronger privacy level for transactional data with 1/k. In numerical experiments, our proposed algorithm shows better running time and better data utility.

     

Privacy enhancing technology

This article provides an overview of some of the emerging technologies that currently and potentially will impact the privacy of every individual. The focus is centred around computer or computer-driven applications, although there are other techniques that can be used to impact personal privacy. The author has no marketing, referral or commission relationship with any of the vendors mentioned below.     

融合双区块链的征信数据存储和查询方案

征信数据涉及个人的高度隐私,在收集和查询的过程中极易泄露或者收集到不真实的数据,征信数据的泄露会给被泄露人带来名誉损害和财产威胁等严重影响,为减少征信数据采集时用户隐私泄露、信息不对称、易篡改、易伪造和过中心化等问题,提出了一种融合双区块链的征信数据存储和查询方案,该方案由两条链组成,一条链用于存储多人的实时征信数据收...     

Privacy is dead,get over it! 1 Information privacy and the dream of a risk-free society

The use of information and communications technology and the ‘digitalisation’ of everyday tasks has resulted in a paradigm shift where vast amounts of personal information about individuals, their opinions and habits is generated and stored in the databases of those providing online services. The mere existence of those data pools has created ‘unwholesome’ desires in both private and public organisations which cover that data for their own purposes. This article looks at the way in which the ‘market value’ of privacy seems to be falling as individuals are persuaded to disclose information about themselves in order to minimise real or perceived risks. It examines the way in which our perception of risk has changed in recent years and the way in which that perception may be manipulated. It analyses the link between risk perception, data processing and individual concepts of privacy as well as the dangers that increased privacy intrusion represents for the relationship between the individual and the state and the relationship between citizens.     

社保系统个人信息隐私保护算法

针对社会保障信息系统中公民的个人信息隐私保护越来越困难的现状,介绍了社保系统的隐私保护难题包括如何保护信息安全和如何界定隐私信息2个方面,分析了隐私信息保护的2个根源性问题在于个人信息的不当采集和不当使用,在此基础上提出了利用转换原始数据的方式保护隐私信息的算法,阻止了信息拥有者对隐私信息直接或间接的获取,为社保系统中个人信息隐私保护的实现提供了一定的研究思路。     

Thoughts on k-anonymization

k-Anonymity is a method for providing privacy protection by ensuring that data cannot be traced to an individual. In a k-anonymous dataset, any identifying information occurs in at least k tuples. To achieve optimal and practical k-anonymity, recently, many different kinds of algorithms with various assumptions and restrictions have been proposed with different metrics to measure quality. This paper evaluates a family of clustering-based algorithms that are more flexible and even attempts to improve precision by ignoring the restrictions of user-defined Domain Generalization Hierarchies. The evaluation of the new approaches with respect to cost metrics shows that metrics may behave differently with different algorithms and may not correlate with some applications’ accuracy on output data.     

Web mining and privacy concerns: Some important legal issues to be consider before applying any data and information extraction technique in web-based environments

Web mining is a concept that gathers all techniques, methods and algorithms used to extract information and knowledge from data originating on the web (web data). A part of this technique aims to analyze the behavior of users in order to continuously improve both the structure and content of visited web sites. Behind this quite altruistic belief – namely, to help the user feel comfortable when they visit a site through a personalization process – there underlie a series of processing methodologies which operate at least arguably from the point of view of the users’ privacy.Thus, an important question arises; to what extent may the desire to improve the services offered through a web site infringe upon the privacy of those who visit it? The use of powerful processing tools such as those provided by web mining may threaten users’ privacy.Current legal scholarship on privacy issues suggests a flexible approach that enables the determination, within each particular context, of those behaviors that can threaten individual privacy. However, it has been observed that TIC professionals, with the purpose of formulating practical rules on this matter, have a very narrow-minded concept of privacy, primarily centered on the dichotomy between personal identifiable information (PII) and anonymous data.The aim of this paper is to adopt an integrative approach based on the distinctive attributes of web mining in order to determine which techniques and uses are harmful.