Using trust and anonymity to expand the use of anonymizing systems that improve security across organizations
- 68 Downloads
To mitigate risks inherent in sharing sensitive cyber-security information, recent research has examined anonymizing systems (ANS) that hide the identities of participants and decouple data from their originators. ANS are particularly compelling as a potential support to cyber-security information sharing because the cost of implementation is relatively low, and the more organizations and nations that participate, the more everyone benefits. Although such systems are promising to both developing and mature cyber-infrastructures, they still have not been widely adopted for use in sharing cyber-security information. Relatively little prior research has investigated the perception and adoption of these systems, despite their potential value for organizations and nations in supporting the battle against cyber-crime. Given these opportunities, this study tries to better understand the factors that foster adoption of ANS. Accordingly, we present a theoretical model intended to explain the trust process involved in user adoption of ANS. We theorize that users’ beliefs regarding trust in the information provided by the system and the risks associated with using the system, as well as beliefs in the system’s anonymizing capability, will lead to greater levels of adoption. Further, perceptions of system quality are theorized to contribute to user trusting beliefs. The results of a free-simulation experiment largely validate the proposed model. These results should help inform the next generation of ANS development and deployment.
Keywordsanonymizing systems security infrastructure security anonymity trust in IT cyber security
We appreciate help from Robert Sainsbury in collecting this data and support from Georgia State University.
- Barclay, D., Higgins, C. and Thompson, R. (1995) The partial least squares (PLS) approach to causal modeling: Personal computer adoption and use as an illustration. Technology Studies 2(2): 285–309.Google Scholar
- Bollen, K.A. (2014) Structural Equations with Latent Variables. Hoboken, NJ: John Wiley & Sons.Google Scholar
- Boss, S.R., Galletta, D.F., Lowry, P.B., Moody, G.D. and Polak, P. (2015) What do users have to fear? Using fear appeals to engender threats and fear that motivate protective behaviors in users. MIS Quarterly 39in press.Google Scholar
- Cassell, J. (ed.) (2000) Nudge nudge wink wink: Elements of face-to-face conversation for embodied conversational agents. In: Embodied Conversational Agents. Cambridge, MA: MIT Press, pp. 1–27.Google Scholar
- Chin, W. (1998) The partial least squares approach to structural equation modeling. In: G.A. Marcoulides (ed.) Modern Methods for Business Research. Hillsdale, NJ: Lawrence Erlbaum Associates, pp. 294–336.Google Scholar
- Chin, W.W., Marcolin, B.L. and Newsted, P.R. (2003b) A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Information Systems Research 14(2): 189–217.CrossRefGoogle Scholar
- Chin, W. and Newsted, P. (1999) Structural equation modeling analysis with small samples using partial least squares. In: R.H. Hoyle (ed.) Statistical Strategies for Small Sample Research,. pp. 307–341, http://www.amazon.com/Statistical-Strategies-Small-Sample-Research/dp/0761908862.
- Cohen, J. (1988) Statistical Power Analysis for the Behavioral Sciences. 2nd edn. Hillsdale, NJ: Routledge.Google Scholar
- Cook, T.D. and Campbell, D.T. (1979) Quasi-Experimentation: Design and Analysis Issues for Field Settings. Boston, MA: Houghton Mifflin.Google Scholar
- Dingledine, R., Mathewson, N. and Syverson, P. (2004) Tor: The Second-Generation Onion Router: Proceedings of the 13th Usenix Security Symposium. DTIC Document.Google Scholar
- Dynes, S., Goetz, E. and Freeman, M. (2007) Cyber security: Are economic incentives adequate? In: E. Goetz and S. Shenoi (eds.) Critical Infrastructure Protection. New York: Springer.Google Scholar
- Fishbein, M. and Ajzen, I. (1975) Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research. Reading, MA: Addison-Wesley.Google Scholar
- Friedman, B. and Millett, L.I. (1997) Reasoning about computers as moral agents: A research note. In: B. Friedman (ed.) Human Values and the Design of Computer Technology. Stanford, CA: CSLI Publications, pp. 201–207.Google Scholar
- Fromkin, H.L. and Streufert, S. (1976) Laboratory experimentation. In: B. Dunnette (ed.) Handbook of Industrial and Organizational Psychology. Chicago, IL: Rand McNally College Publishing Company, pp. 415–465.Google Scholar
- Gefen, D., Karahanna, E. and Straub, D. (2003) Trust and TAM in online shopping: An integrated model. MIS Quarterly 27(1): 51–90.Google Scholar
- Gefen, D., Pavlou, P.A., Benbasat, I., McKnight, D.H., Stewart, K. and Straub, D.W. (2006) Should institutional trust matter in information systems research? Communications of the AIS 19(7): 205–222.Google Scholar
- Gefen, D., Straub, D. and Boudreau, M. (2000) Structural equation modeling and regression: Guidelines for research practice. Communications of the Association for Information Systems 4(7): 1–70.Google Scholar
- Gordon, M., Slade, L. and Schmitt, N. (1986) The ‘science of the sophomore’ revisited: From conjecture to empiricism. Academy of Management Review 11(1): 191–207.Google Scholar
- Jarvenpaa, S.L. and Tractinsky, N. (1999) Consumer trust in an internet store: A cross-cultural validation. Journal of Computer-Mediated Communication 5(2): 1–35.Google Scholar
- Komiak, S. and Benbasat, I. (2006) The effects of personalization and familiarity on trust and adoption of recommendation agents. MIS Quarterly 30(4): 941–960.Google Scholar
- Lippert, S.K. (2001) An exploratory study into the relevance of trust in the context of information systems technology. Unpublished PhD dissertation, The George Washington University.Google Scholar
- Lowry, P.B., Gaskin, J., Twyman, N.W., Hammer, B. and Roberts, T.L. (2013a) Taking ‘fun and games’ seriously: Proposing the hedonic-motivation system adoption model (HMSAM). Journal of the Association for Information Systems 14(11): 617–671.Google Scholar
- Lowry, P.B., Moody, G., Vance, A., Jensen, M., Jenkins, J.L. and Wells, T. (2012) Using an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumers. Journal of the American Society for Information Science and Technology 63(4): 755–766.CrossRefGoogle Scholar
- Lowry, P.B., Posey, C., Bennett, R.J. and Roberts, T.L. (2015a) Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust. Information Systems Journal 25(3): 193–230.CrossRefGoogle Scholar
- Marcoulides, G. and Saunders, C. (2006) PLS: A silver bullet? MIS Quarterly 30(2): iii–ix.Google Scholar
- Mayer, R., Davis, J. and Schoorman, F. (1995) An integrative model of organizational trust. Academy of Management Review 20(3): 709–734.Google Scholar
- McKnight, D.H. (2005) Trust in information technology. In: G.B. Davis (ed.) The Blackwell Encyclopedia of Management. Vol. 7. Oxford: Blackwell Publishing, Management Information Systems pp. 329–331.Google Scholar
- Øverlier, L. and Syverson, P. (2006) Locating hidden servers. 2006 IEEE Symposium on Security and Privacy,. pp. 100–114, http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1624004&tag=1.
- Palmer, A. (2012) Deep web: Drugs, guns, assassins, jet planes all for sale on vast anonymous network, http://wwwmirror.co.uk/news/uk-news/deep-web-drugs-guns-assassins-1337131, accessed 6 May 2015.
- Pinsonneault, A. and Heppel, N. (1996) Anonymity in group support systems research: New conceptualization and measure. In System Sciences, 1997, Proceedings of the Thirtieth Hawaii International Conference on, vol. 2, pp. 134–145, 7–10 Jan.Google Scholar
- Posey, C., Roberts, T.L., Lowry, P.B., Bennett, R.J. and Courtney, J. (2013) Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly 37(4): 1189–1210.Google Scholar
- Reeves, B. and Nass, C. (1996) The Media Equation: How People Treat Computers, Television, and New Media Like Real People and Places. New York: Cambridge University Press.Google Scholar
- Rezmierski, V., Rothschild, D.M., Kazanis, A.S. and Rivas, R.D. (2005) Final Report of the Computer Incident Factor Analysis and Categorization (CIFAC) Project: University of Michigan.Google Scholar
- Ringle, C.M., Wende, S. and Will, A. (2005) SmartPLS 2.0.M3. Hamburg: SmartPLS, http://www.smartpls.com.
- Straub, D., Boudreau, M. and Gefen, D. (2004) Validation guidelines for IS positivist research. Communications of the Association for Information Systems 13(24): 380–427.Google Scholar
- Vaishnavi, V., Vandenberg, A., Baskerville, R. and Zheng, G. (2006) TQN: a novel approach to generating information security data. Paper presented at the 16th Workshop on Information Technologies and Systems (WITS), Milwaukee, WI.Google Scholar
- Vance, A., Lowry, P.B. and Eggett, D. (2015) A new approach to the problem of access policy violations: Increasing perceptions of accountability through the user interface. MIS Quarterly 39(2): 345–366.Google Scholar
- Wang, W. and Benbasat, I. (2005) Trust and adoption of online recommendation agents. Journal of the Association for Information Systems 6(3): 72–101.Google Scholar
- Zimbardo, P., Arnold, W. and Levine, D. (1970) The human choice: Individuation, reason, and order versus deindividuation, impulse, and chaos. In: W.J. Arnold and D. Levine (eds.) 1969 Nebraska Symposium on Motivation. Lincoln, NE: University of Nebraska Press, pp. 237–307.Google Scholar