Breaking the Privacy Kill Chain: Protecting Individual and Group Privacy Online

  • Jongwoo Kim
  • Richard L. Baskerville
  • Yi Ding


Online social networks (OLSNs) are electronically-based social milieux where individuals gather virtually to socialize. The behavior and characteristics of these networks can provide evidence relevant for detecting and prosecuting policy violations, crimes, terrorist activities, subversive political movements, etc. Some existing methods and tools in the fields of business analytics and digital forensics are useful for such investigations. While the privacy rights of individuals are widely respected, the privacy rights of social groups are less well developed. In the current development of OLSNs and information technologies, the compromise of group privacy may lead to the violation of individual privacy. Adopting an explorative literature review, we examine the privacy kill chain that compromises group privacy as a means to compromise individual privacy. The latter is regulated, while the former is not. We show how the kill chain makes the need for protecting group privacy important and feasible from the perspectives of social, legal, ethical, commercial, and technical perspectives. We propose a research agenda to help societies and organizations strike the proper balance between the benefits and costs of both OLSNs and investigative technologies.


Ethics Privacy Online social network Business intelligence Digital forensics Information security 


  1. Acar, A. S., & Polonsky, M. (2007). Online social networks and insights into marketing communications. Journal of Internet Commerce, 6(4), 55–72.CrossRefGoogle Scholar
  2. Adams, B. L., Malone, F. L., & James Jr., W. (1994). Ethical reasoning in confidentiality decisions. The CPA Journal, 64(7), 56–57.Google Scholar
  3. Alvarez, R. M. (2016). Computational social science. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
  4. Amiri, A. (2007). Dare to share: protecting sensitive knowledge with data sanitization. Decision Support Systems, 43(1), 181–191.CrossRefGoogle Scholar
  5. Ashworth, L., & Free, C. (2006). Marketing dataveillance and digital privacy: using theories of justice to understand consumers’ online privacy concerns. Journal of Business Ethics, 67(2), 107–123.CrossRefGoogle Scholar
  6. Audi, R. (2012). Virtue ethics as a resource in business. Business Ethics Quarterly, 22(2), 273–291.CrossRefGoogle Scholar
  7. Baskerville, R., & Dulipovici, A. (2006). The ethics of knowledge transfers and conversions: Property or privacy rights? In R. H. Sprague (Ed.), Proceedings of the 39th Hawaii international conference on system sciences (HICSS-39) (pp. 144–CD-ROM 141-149). Los Alamitos: IEEE Computer Society.CrossRefGoogle Scholar
  8. Baskerville, R., & Sainsbury, R. (2006). Distrusting online: Social deviance in virtual teamwork. In R. H. Sprague (Ed.), Proceedings of the 39th Hawaii international conference on system sciences (HICSS-39) (pp. 121–CD-ROM 121-129). Los Alamitos: IEEE Computer Society.Google Scholar
  9. Baumer, D. L., Earp, J. B., & Poindexter, J. C. (2004). Internet privacy law: a comparison between the United States and the European Union. Computers & Security, 23(5), 400–412.CrossRefGoogle Scholar
  10. Belanger, F., & Xu, H. (2015). The role of information systems research in shaping the future of information privacy. Information Systems Journal, 25(6), 573–578.CrossRefGoogle Scholar
  11. Bloustein, E. (2002). Individual and group privacy. Pallone: Transaction Publishers.Google Scholar
  12. Bonchi, F., Castillo, C., Gionis, A., & Jaimes, A. (2011). Social network analysis and mining for business applications. ACM Transactions on Intelligent Systems and Technology (TIST), 2(3), 22:21–22:37.Google Scholar
  13. Borna, S., & Sharma, D. (2011). Considering privacy as a public good and its policy ramifications for business organizations. Business and Society Review, 116(3), 331–353.CrossRefGoogle Scholar
  14. Boyd, D. (2004). Friendster and publicly articulated social networking. New York: Association for Computing Machinery.CrossRefGoogle Scholar
  15. Boyd, D., & Ellison, N. (2007). Social network sites: definition, history, and scholarship. Journal of Computer-Mediated Communication, 13(1), 210–230.CrossRefGoogle Scholar
  16. Boyd, D. M., & Ellison, N. B. (2010). Social network sites: definition, history, and scholarship. IEEE Engineering Management Review, 38(3), 16–31.CrossRefGoogle Scholar
  17. Brooks, D. J., & Corkill, J. (2014). Corporate security and the stratum of security management. In Corporate security in the 21st century (pp. 216–234). Springer.Google Scholar
  18. Brown, C. L. T. (2009). Computer evidence: Collection and preservation (2nd ed.). Newton: Charles River Media.Google Scholar
  19. Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Understanding emergence and outcomes of information privacy concerns: A case of Facebook. In Proceedings of the 31st international conference on information systems (ICIS 2010) (pp. 12–15). St. Louis.Google Scholar
  20. Bygrave, L. A. (2014). A right to be forgotten? Communications of the ACM, 58(1), 35–37. Scholar
  21. Calluzzo, V. J., & Cante, C. J. (2004). Ethics in information technology and software use. Journal of Business Ethics, 51(3), 301–312.CrossRefGoogle Scholar
  22. Chaudhuri, S., Dayal, U., & Narasayya, V. (2011). An overview of business intelligence technology. Communications of the ACM, 54(8), 88–98.CrossRefGoogle Scholar
  23. Chen, H., Chiang, R. H., & Storey, V. C. (2012). Business intelligence and analytics: from big data to big impact. MIS Quarterly, 36(4), 1165–1188.Google Scholar
  24. Cheng, J., Hoffman, J., LaMarche, T., Tavil, A., Yavad, A., & Kim, S. (2009). Forensics tools for social network security solutions. In Proceedings of student-faculty research day, CSIS (pp. A4.1–A4.8). Pace University.Google Scholar
  25. Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: an integrated model based on social control and deterrence theory. Computers & Security, 39, 447–459.CrossRefGoogle Scholar
  26. Clemons, E. (2009). The complex problem of monetizing virtual electronic social networks. Decision Support Systems, 48(1), 46–56.CrossRefGoogle Scholar
  27. Cockburn, A. (2015). Kill chain: The rise of the high-tech assassins. New York: Henry Holt & Co..Google Scholar
  28. Cocking, D., van den Hoven, J., & Timmermans, J. (2012). Introduction: one thousand friends. Ethics and Information Technology, 14(3), 179–184.CrossRefGoogle Scholar
  29. Court, D., Elzinga, D., Mulder, S., & Vetvik, O. J. (2009). The consumer decision journey. Seattle: McKinsey Quarterly.Google Scholar
  30. Crisp, R. (2000). Aristotle: Nicomachean ethics. Cambridge: Cambridge University Press.Google Scholar
  31. Culnan, M. J., & Williams, C. C. (2009). How ethics can enhance organizational privacy: lessons from the Choicepoint and TJX data breaches. MIS Quarterly, 33(4), 673–687.CrossRefGoogle Scholar
  32. Dinev, T. (2014). Why would we care about privacy? European Journal of Information Systems, 23(2), 97–102.CrossRefGoogle Scholar
  33. Dinev, T., & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17(1), 61–80.CrossRefGoogle Scholar
  34. Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless Communications and Mobile Computing, 13(18), 1587–1611.CrossRefGoogle Scholar
  35. Donaldson, T., & Werhane, P. (Eds.). (1999). Ethical issues in business: A philosophical approach. Upper Saddle River: Prentice Hall.Google Scholar
  36. Dumsday, T. (2008). Group privacy and government surveillance of religious services. The Monist, 91(1), 170–186.CrossRefGoogle Scholar
  37. Dunn, B. J. (2010). Best Buy’s CEO on learning to love social media. Harvard Business Review, 88, 43–48.Google Scholar
  38. Edelman, D. C. (2010). Branding in the digital age. Harvard Business Review, 88(12), 14–18.Google Scholar
  39. Emerson, R. M. (1976). Social exchange theory. Annual Review of Sociology, 2, 335–362.CrossRefGoogle Scholar
  40. European Union (2000). The charter of fundamental rights of the European Union. Accessed 12 June 2005.
  41. Finke, R. A., Ward, T. B., & Smith, S. M. (1992). Creative cognition: Theory, research, and applications. Cambridge: MIT press.Google Scholar
  42. Frijda, N. H. (1986). The emotions (Studies in emotion & social interaction). New York: Cambridge University Press.Google Scholar
  43. Frijda, N. H., Kuipers, P., & ter Schure, E. (1989). Relations among emotion, appraisal, and emotional action readiness. Journal of Personality and Social Psychology, 57(2), 212–228.CrossRefGoogle Scholar
  44. Garfinkel, S. L. (2010). Digital forensics research: the next 10 years. Digital Investigation, 7, S64–S73.CrossRefGoogle Scholar
  45. Gerber, M., & Von Solms, R. (2008). Information security requirements–interpreting the legal aspects. Computers & Security, 27(5), 124–135.CrossRefGoogle Scholar
  46. Ghinita, G., Karras, P., Kalnis, P., & Mamoulis, N. (2007). Fast data anonymization with low information loss. In Proceedings of the 33rd international conference on very large data bases (pp. 758–769). VLDB Endowment.Google Scholar
  47. Granovetter, M. (1983). The strength of weak ties: a network theory revisited. Sociological Theory, 1, 201–233.CrossRefGoogle Scholar
  48. Gross, R., Acquisti, A., & Heinz III, H. (2005). Information revelation and privacy in online social networks. In ACM workshop on privacy in the electronic society (pp. 71–80). New York: ACM.Google Scholar
  49. Haggerty, J. (2009). Visual analytics of social networks for digital forensics. Accessed 13 Dec 2009.
  50. Haggerty, J., Taylor, M., & Gresty, D. (2008). Determining culpability in investigations of malicious e-mail dissemination within the organisation. Paper presented at the WDFIA '08 third international annual workshop on digital forensics and incident analysis, 9 October.Google Scholar
  51. Himma, K. E., & Tavani, H. T. (Eds.). (2008). The handbook of information and computer ethics. Hoboken: Wiley.Google Scholar
  52. Hofstede, G., & Hofstede, G. (1991). Cultures and organizations. New York: McGraw-Hill.Google Scholar
  53. Hogan, B., & Quan-Haase, A. (2010). Persistence and change in social media. Bulletin of Science, Technology & Society, 30(5), 309–315.CrossRefGoogle Scholar
  54. Howard, B. (2008). Analyzing online social networks. Association for Computing Machinery, Communications of the ACM, 51(11), 14–16.CrossRefGoogle Scholar
  55. Hu, H., & Wang, X. (2009). Evolution of a large online social network. Physics Letters A, 373(12/13), 1105–1110.CrossRefGoogle Scholar
  56. Huber, M., Mulazzani, M., Leithner, M., Schrittwieser, S., Wondracek, G., & Weippl, E. (2011). Social snapshots: Digital forensics for online social networks. In Proceedings of the 27th annual computer security applications conference (pp. 113–122). ACM.Google Scholar
  57. Hull, G., Lipford, H. R., & Latulipe, C. (2011). Contextual gaps: privacy issues on Facebook. Ethics and Information Technology, 13(4), 289–302. Scholar
  58. Hursthouse, R. (2007). Virtue theory (pp. 45–61). Oxford: Blackwell.Google Scholar
  59. Hutchins, E., Cloppert, M., & Amin, R. (2011). Analysis of adversary campaigns and intrusion kill chains. In J. Ryan (Ed.), Leading issues in information warfare and security research (Vol. 1, pp. 80–106). Reading: Academic Publishing International.Google Scholar
  60. Il-Horn, H., Kai-Lung, H. U. I., Sang-Yong Tom, L. E. E., & Png, I. P. L. (2007). Overcoming online information privacy concerns: an information-processing theory approach. Journal of Management Information Systems, 24(2), 13–42.CrossRefGoogle Scholar
  61. Inness, J. C. (1996). Privacy, intimacy, and isolation. USA: Oxford University Press.CrossRefGoogle Scholar
  62. Isik, O., Jones, M. C., & Sidorova, A. (2013). Business intelligence success: the roles of BI capabilities and decision environments. Information Management, 50(1), 13–23.CrossRefGoogle Scholar
  63. Kenneth McBride, N. (2014). ACTIVE ethics: an information systems ethics for the internet age. Journal of Information, Communication and Ethics in Society, 12(1), 21–44.CrossRefGoogle Scholar
  64. Kerr, J., & Teng, K. (2012). Cloud computing: legal and privacy issues. Journal of Legal Issues and Cases in Business, 1, 1–11.Google Scholar
  65. Kleinberg, J. (2000). The small-world phenomenon: An algorithmic perspective. In Proceedings of the thirty-second annual ACM symposium on theory of computing (pp. 163–170). ACM.Google Scholar
  66. Kleinberg, J., Papadimitriou, C., & Raghavan, P. (2003). Auditing boolean attributes. Journal of Computer and System Sciences, 66(1), 244–253.CrossRefGoogle Scholar
  67. Kumar, V., & Mirchandani, R. (2012). Winning with data: social media-increasing the ROI of social media marketing. MIT Sloan Management Review, 54(1), 55.Google Scholar
  68. Laudon, K. C., & Traver, C. G. (2009). E-commerce: Business, technology, society (5th ed.). Upper Saddle River: Prentice Hall.Google Scholar
  69. Li, H., Sarathy, R., & Xu, H. (2011). The role of affect and cognition on online consumers' decision to disclose personal information to unfamiliar online vendors. Decision Support Systems, 51(3), 434–445. Scholar
  70. Li, Y., Chen, M., Li, Q., & Zhang, W. (2012). Enabling multilevel trust in privacy preserving data mining. IEEE Transactions on Knowledge and Data Engineering, 24(9), 1598–1612.CrossRefGoogle Scholar
  71. Li, J., Yan, H., Liu, Z., Chen, X., Huang, X., & Wong, D. S. (2017). Location-sharing systems with enhanced privacy in mobile online social networks. IEEE Systems Journal, 11(2), 439–448.CrossRefGoogle Scholar
  72. Lu, R., Zhu, H., Liu, X., Liu, J. K., & Shao, J. (2014). Toward efficient and privacy-preserving computing in big data era. IEEE Network, 28(4), 46–50.CrossRefGoogle Scholar
  73. Lusoli, W., & Compañó, R. (2010). From security versus privacy to identity: an emerging concept for policy design? Digital Policy, Regulation and Governance, 12(6), 80–94. Scholar
  74. Mason, R. O. (1986). Four ethical issues of the information age. MIS Quarterly, 10(1), 5–12.CrossRefGoogle Scholar
  75. McAfee, A., & Brynjolfsson, E. (2012). Big data: the management revolution. Harvard Business Review, 90(10), 60–69.Google Scholar
  76. McKnight, A. (2012). Privacy rights left behind at the border: the exhaustive, exploratory searches effectuated in United States v. Cotterman. Brigham Young University Law Review, 2012(2), 591–606.Google Scholar
  77. Merriam-Webster (2010). Forensics. Merriam-Webster Online Dictionary.Google Scholar
  78. Milberg, S., Smith, H., & Burke, S. (2000). Information privacy: corporate management and national regulation. Organization Science, 11(1), 35–57.CrossRefGoogle Scholar
  79. Milgram, S. (1967). The small world problem. Psychology Today, 2(1), 60–67.Google Scholar
  80. Mingers, J., & Walsham, G. (2010). Toward ethical information systems: the contribution of discourse ethics. MIS Quarterly, 34(4), 833–854.CrossRefGoogle Scholar
  81. Mishra, A. N., Anderson, C., Angst, C. M., & Agarwal, R. (2012). Electronic health records assimilation and physician identity evolution: an identity theory perspective. Information Systems Research, 23(3), 738–760,844,846.CrossRefGoogle Scholar
  82. Moor, J. H. (2005). Why we need better ethics for emerging technologies. Ethics and Information Technology, 7(3), 111–119.CrossRefGoogle Scholar
  83. Myers, M. D., & Miller, L. (1996). Ethical dilemmas in the use of information technology: an Aristotelian perspective. Ethics & Behavior, 6(2), 153–160.CrossRefGoogle Scholar
  84. Narayanan, A., & Shmatikov, V. (2009). De-anonymizing social networks. In 30th IEEE symposium on security and privacy (pp. 173–187). IEEE.Google Scholar
  85. OECD (2013). OECD guidelines on the protection of privacy and transborder flows of personal data. Accessed 22 April 2018.
  86. Park, C., Keil, M., & Kim, J. W. (2009). The effect of IT failure impact and personal morality on IT project reporting behavior. IEEE Transactions on Engineering Management, 56(1), 45–60.CrossRefGoogle Scholar
  87. Pegna, D. L. (2015). Big data sends cybersecurity back to the future.
  88. Peng, G., & Woodlock, P. (2009). The impact of network and recency effects on the adoption of e-collaboration technologies in online communities. Electronic Markets, 19(4), 201–210.CrossRefGoogle Scholar
  89. Pojman, L. P., & Fieser, J. (2011). Ethics: Discovering right and wrong. Scholar
  90. Porter, M., & Kramer, M. R. (2006). Strategy and society: the link between competitive advantage and corporate social responsibility. Harvard Business Review, 84(12), 78–92.Google Scholar
  91. Posey, C., Lowry, P. B., Roberts, T. L., & Ellis, T. S. (2010). Proposing the online community self-disclosure model: the case of working professionals in France and the U.K. who use online communities. European Journal of Information Systems, 19(2), 181–195. Scholar
  92. Posner, R. (1981). The economics of privacy. The American Economic Review, 71(2), 405–409.Google Scholar
  93. Post, R. C. (1989). The social foundations of privacy: community and self in the common law tort. California Law Review, 77(5), 957–1010.CrossRefGoogle Scholar
  94. Rastogi, V., Hay, M., Miklau, G., & Suciu, D. (2009). Relationship privacy: Output perturbation for queries with joins. In Proceedings of the twenty-eighth ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems (pp. 107–116). ACM.Google Scholar
  95. Regan, P. M. (1995). Legislating privacy: Technology, social values, and public policy. Chapel Hill: Univ of North Carolina Pr.Google Scholar
  96. Rosenblum, D. (2007). What anyone can know: the privacy risks of social networking sites. IEEE Security and Privacy, 5(3), 40–49.CrossRefGoogle Scholar
  97. Sarathy, R., & Robertson, C. J. (2003). Strategic and ethical considerations in managing digital privacy. Journal of Business Ethics, 46(2), 111–126.CrossRefGoogle Scholar
  98. Shapiro, B., & Baker, C. R. (2001). Information technology and the social construction of information privacy. Journal of Accounting and Public Policy, 20(4,5), 295–322.CrossRefGoogle Scholar
  99. Silenzio, V. M. B., Duberstein, P. R., Tang, W., Lu, N., Tu, X., & Homan, C. M. (2009). Connecting the invisible dots: reaching lesbian, gay, and bisexual adolescents and young adults at risk for suicide through online social networks. Social Science & Medicine, 69(3), 469–474.CrossRefGoogle Scholar
  100. Smith, H. J. (1994). Managing privacy: Information technology and corporate america. Chapel Hill: University of North Carolina Press.Google Scholar
  101. Stigler, G. (1980). An introduction to privacy in economics and politics. The Journal of Legal Studies, 9(4), 623–644.CrossRefGoogle Scholar
  102. Suchman, M. C. (1995). Managing legitimacy: strategic and institutional approaches. Academy of Management Review, 20(3), 571–610.Google Scholar
  103. Tavani, H. T. (2007). Ethics and technology: Ethical issues in an age of information and communication technology. Hoboken: Wiley.Google Scholar
  104. Taylor, L. (2017). Safety in numbers? Group privacy and big data analytics in the developing world. In L. Taylor, L. Floridi, & B. van der Sloot (Eds.), Group privacy: New challenges of data technologies. Cham: Springer International.CrossRefGoogle Scholar
  105. Thomson, J. J. (1975). The right to privacy. Philosophy & Public Affairs, 4(4), 295–314.Google Scholar
  106. Tow, W. N.-F. H., Dell, P., & Venable, J. (2010). Understanding information disclosure behaviour in Australian Facebook users. Journal of Information Technology, 25(2), 126–136. Scholar
  107. United Nations (1948). Universal declaration of human rights. Accessed 12 June 2005.
  108. Vallor, S. (2012). Flourishing on facebook: virtue friendship & new social media. Ethics and Information Technology, 14(3), 185–199. Scholar
  109. van den Hoven, J., & Weckert, J. (Eds.). (2008). Information technology and moral philosophy. Cambridge: Cambridge University Press.Google Scholar
  110. Volokh, E. (2000). Personalization and privacy. Association for Computing Machinery. Communications of the ACM, 43(8), 84–88.CrossRefGoogle Scholar
  111. Walsham, G. (1993). Ethical issues in information systems development: The analyst as moral agent. In Proceedings of the IFIP WG8. 2 working group on information systems development: human, social, and organizational aspects: human, organizational, and social dimensions of information systems development (pp. 281–294). North-Holland Publishing Co.Google Scholar
  112. Walsham, G. (2006). Doing interpretive research. European Journal of Information Systems, 15(3), 320–330.CrossRefGoogle Scholar
  113. Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220.CrossRefGoogle Scholar
  114. Xu, H., Dinev, T., Smith, H. J., & Hart, P. (2008). Examining the formation of individual’s privacy concerns: Toward an integrative view. Paper presented at the proceedings of international conference on information systems (ICIS), Paris.Google Scholar
  115. Yang, T.-H., Ku, C.-Y., & Liu, M.-N. (2016). An integrated system for information security management with the unified framework. Journal of Risk Research, 19(1), 21–41.CrossRefGoogle Scholar
  116. Young, K. (2009). Online social networking: an Australian perspective. International Journal of Emerging Technologies & Society, 7(1), 39–57.Google Scholar
  117. Young, S., Dutta, D., & Dommety, G. (2009). Extrapolating psychological insights from Facebook profiles: a study of religion and relationship status. Cyberpsychology & Behavior, 12(3), 347–350.CrossRefGoogle Scholar
  118. Zainudin, N. M., Merabti, M., & Llewellyn-Jones, D. (2011). A digital forensic investigation model and tool for online social networks. In 12th annual postgraduate symposium on convergence of telecommunications, networking and broadcasting (PGNet 2011) (pp. 27–28). Liverpool.Google Scholar
  119. Zimmer, M. (2010). “But the data is already public”: on the ethics of research in Facebook. Ethics and Information Technology, 12(4), 313–325. Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  • Jongwoo Kim
    • 1
  • Richard L. Baskerville
    • 2
    • 3
  • Yi Ding
    • 4
  1. 1.Department of Management Science and Information SystemsUniversity of Massachusetts BostonBostonUSA
  2. 2.Department of Computer Information SystemsGeorgia State UniversityAtlantaUSA
  3. 3.Curtin UniversityBentleyAustralia
  4. 4.School of Science & TechGeorgia Gwinnett CollegeLawrencevilleUSA

Personalised recommendations