Engineering Privacy

2005

Abstract--The paper considers the basic privacy requirements namely anonymity, pseudonimity, unlinkability and unobservability and how these requirements can be linked with related system implementation techniques thus guiding design decisions during system development. Index terms--privacy, privacy requirements, privacy enhancing technologies

2015

This report contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services. The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements. Furthermore, the report reflects limitations of the approach. It concludes with recommendations on how to overcome and mitigate these limits.

Information & Software Technology, 2009

Privacy and data protection are pivotal issues in the nowadays society. They concern the right to prevent dissemination of sensitive or confidential information of individuals. Many studies have been proposed on this topic from various perspectives, namely sociological, economic, legal, and technological. We have recognized the legal perspective as being the basis of all other perspectives. Actually, data protection regulations set the legal principles and requirements that must be met by organizations when processing personal data. The objective of this work is to provide a reference base for the development of methodologies tailored to design privacy-aware systems to be compliant with data protection regulations.

2002

Privacy may be interpreted in different ways in different contexts, and may be achieved by means of different mechanisms. It is also frequently intertwined with security concerns. However, other requirements such as functionality, usability and reliability, must also be addressed since they often compete among each other. While the understanding of technical mechanisms for addressing privacy has been growing, systematic approaches are needed to guide software engineers to elicit, model and reason about privacy requirements and to address them during design. In a networked world, multi-agent systems have been emerging as a new approach. Each agent may have his own goals and beliefs and social relationships with each other. Each agent may have his own perspective concerning privacy. Perspectives from different agents may conflict with each other. Moreover, they may conflict with other requirements such as availability and performance. In this paper we present a framework to model the way agents interact with each other to achieve their goals. The framework uses a catalogue to guide the software engineer through alternatives for achieving privacy. Each alternative will be modeled showing how it contributes to privacy as well as to other requirements within this agent or in other agents. The approach is based on the i* framework. Privacy is modeled as a special type of goal. We show how one can model privacy concerns for each agent and the different alternatives for operationalizing it. An example in the health care domain is used to illustrate.

2017

The growth in cloud-based services tailored for users means more and more personal data is being exploited, and with this comes the need to better handle user privacy. Software technologies concentrating on privacy preservation typically present a one-size fits all solution. However, users have different viewpoints of what privacy means to them and therefore, configurable and dynamic privacy preserving solutions have the potential to create useful and tailored services without breaching any user's privacy. In this paper, we present a model of user-centered privacy that can be used to analyse a service's behaviour against user preferences, such that a user can be informed of the privacy implications of that service and what fine-grained actions they can take to maintain their privacy. We show through a case-study that the user-based privacy model can: i) provide customizable privacy aligned with user needs; and ii) identify potential privacy breaches. CCS CONCEPTS Security and privacy → Domain-specific security and privacy architectures; Social and professional topics → Privacy policies; Computer systems organization → Cloud computing;

2009

Abstract A major challenge in the field of software engineering is to make users trust the software that they use in their everyday professional or recreational activities. Trusting software depends on various elements, one of which is the protection of user privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. It can also be defined as the right to determine when, how and to what extend information about them is communicated to others.

Modern Socio-Technical Perspectives on Privacy, 2022

This chapter introduces relevant privacy frameworks from academic literature that can be useful to practitioners and researchers who want to better understand privacy and how to apply it in their own contexts. We retrace the history of how networked privacy research first began by focusing on privacy as information disclosure. Privacy frameworks have since evolved into conceptualizing privacy as a process of interpersonal boundary regulation, appropriate information flows, design-based frameworks, and, finally, user-centered privacy that accounts for individual differences. These frameworks can be used to identify privacy needs and violations, as well as inform design. This chapter provides actionable guidelines for how these different frameworks can be applied in research, design, and product development.

2015 IEEE Security and Privacy Workshops, 2015

Data protection authorities worldwide have agreed on the value of considering privacy-by-design principles when developing privacy-friendly systems and software. However, on the technical plane, a profusion of privacy-oriented guidelines and approaches coexists, which provides partial solutions to the overall problem and aids engineers during different stages of the system development lifecycle. As a result, engineers find difficult to understand what they should do to make their systems abide by privacy by design, thus hindering the adoption of privacy engineering practices. This paper reviews existing best practices in the analysis and design stages of the system development lifecycle, introduces a systematic methodology for privacy engineering that merges and integrates them, leveraging their best features whilst addressing their weak points, and describes its alignment with current standardization efforts.

International Journal of E-Business Research, 2005

Increasingly, the Internet is used as a common tool for communication, information gathering, and online transactions. Information privacy is threatened as users are expected to reveal personal information without knowing the consequences of sharing their information. To that end, research groups, both from academia and industry, have embarked on the development of privacy enhancement technologies. One such technology is Platform for Privacy Preferences (P3P). Developed by the World Wide Web Consortium (W3C), P3P has a number of prominent stakeholders such as IBM, Microsoft, and AT&T. Yet, there is little published information on what P3P is and to what extent it is being adopted by e-business organizations. This study is exploratory in nature and aims at addressing these questions; in particular, we look at P3P both as a new technology and as a standard. We use our empirical data on top 500 interactive companies to assess its adoption.

iNetSec 2009 – Open Research Problems in Network Security, 2009

Although many believe that we have lost the battle for privacy, protection of what's left of the user's privacy is all the more important. Not only should a user be able to minimize the disclosure of her personal data, she should also have rights to decide what happens with her data once they have been disclosed. In order to minimize user interaction when deciding whether or not to reveal personal data, privacy policy languages were developed. However, these languages are inadequate and cannot properly deal with the complex interactions between users, service providers, third parties, identity providers and others. Also, tool support for composing and verifying these policies and mechanisms for enforcing them are lagging behind. This paper argues the need for better privacy policies and proposes some solutions. Throughout the paper, our statements are applied to three sample applications in three different domains: e-health, banking and social networks.