Skip to main content
SpringerLink
Log in

Valuating Privacy with Option Pricing Theory

  • Conference paper
  • First Online:
Economics of Information Security and Privacy

Abstract

One of the key challenges in the information society is responsible handling of personal data. An often-cited reason why people fail to make rational decisions regarding their own informational privacy is the high uncertainty about future consequences of information disclosures today. This chapter builds an analogy to financial options and draws on principles of option pricing to account for this uncertainty in the valuation of privacy. For this purpose, the development of a data subject's personal attributes over time and the development of the attribute distribution in the population are modeled as two stochastic processes, which fit into the Binomial Option Pricing Model (BOPM). Possible applications of such valuation methods to guide decision support in future privacy-enhancing technologies (PETs) are sketched.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security and Privacy 3(1), 26–33 (2005)

    Google Scholar 

  2. Acquisti, A., Varian, H.R.: Conditioning prices on purchase history. Marketing Science 24(3), 1–15 (2005)

    Google Scholar 

  3. Amram, M., Kulatilaka, N.: Real Options: Managing Strategic Investment in an Uncertain World. Harvard Business School Press (1999)

    Google Scholar 

  4. Baran, P.: Communications, computers and people. Tech. rep., RAND Corporation, Santa Monica, CA (1965)

    Google Scholar 

  5. Berendt, B., Günther, O., Spiekermann, S.: Privacy in e-commerce: Stated preferences vs. actual behavior. Communications of the ACM 48(4), 101–106 (2005)

    Google Scholar 

  6. Black, F., Scholes, M.: The pricing of options and corporate liabilities. Journal of Political Economy 81, 637–654 (1973)

    Google Scholar 

  7. Blanchette, J.F., Johnson, D.G.: Data retention and the panoptic society: The social benefits of forgetfulness. Information Society 18(1), 33–45 (2002)

    Google Scholar 

  8. Böhme, R.: A comparison of market approaches to software vulnerability disclosure. In: G. Müller (ed.) Emerging Trends in Information and Communication Security (Proc. of ETRICS), LNCS, vol. 3995, pp. 298–311. Springer, Berlin Heidelberg (2006)

    Google Scholar 

  9. Böhme, R., Koble, S.: Pricing strategies in electronic marketplaces with privacy-enhancing technologies. Wirtschaftsinformatik 49(1), 16–25 (2007)

    Google Scholar 

  10. Clauß, S.: A framework for quantification of linkability within a privacy-enhancing identity management system. In: G.Müller (ed.) Emerging Trends in Information and Communication Security (ETRICS), LNCS, vol. 3995, pp. 191–205. Springer, Berlin Heidelberg (2006)

    Google Scholar 

  11. Cox, J., Ross, S., Rubinstein, M.: Option pricing: A simplified approach. Journal of Financial Economics (1979)

    Google Scholar 

  12. Daneva, M.: Applying real options thinking to information security in networked organizations. Tech. Rep. TR-CTIT-06-11, Centre for Telematics and Information Technology, University of Twente, Enschede, NL (2006)

    Google Scholar 

  13. Denning, D.E., Denning, P.J., Schwart, M.D.: The tracker: A threat to statistical database security. ACM Trans. on Database Systems 4(1), 76–96 (1979)

    Google Scholar 

  14. Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: P. Syverson, R. Dingledine (eds.) Workshop on Privacy Enhancing Technologies, LNCS, vol. 2482. Springer, Berlin Heidelberg (2002)

    Google Scholar 

  15. Fischer, L., Katzenbeisser, S., Eckert, C.:Measuring unlinkability revisited. In: Proc. ofWorkshop on Privacy in the Electronic Society (WPES), pp. 105–109. ACMPress, New York (2008)

    Google Scholar 

  16. Fischer-Hübner, S.: Zur reidentifikationssicheren statistischen Auswertung personenbezogener Daten in staatlichen Datenbanken [Towards reidentification-secure statistical data analysis of personal data in governmental databases]. Diploma thesis, Universität Hamburg (1987). In German

    Google Scholar 

  17. Fischer-Hübner, S.: IT-security and privacy: Design and use of privacy-enhancing security mechanisms, LNCS, vol. 1958. Springer, Berlin Heidelberg (2001)

    Google Scholar 

  18. Franz, M., Meyer, B., Pashalidis, A.: Attacking unlinkability: The importance of context. In: N. Borisov, P. Golle (eds.) Privacy Enhancing Technologies, LNCS, vol. 4776, pp. 1–16. Springer, Berlin Heidelberg (2007)

    Google Scholar 

  19. Gordon, L.A., Loeb,M.P.: The economics of information security investment. ACMTrans. on Information and System Security 5(4), 438–457 (2002)

    Google Scholar 

  20. Gordon, L.A., Loeb, M.P., Lucyshyn, W.: Information security expenditures and real options: A wait-and-see approach. Computer Security Journal 14(2), 1–7 (2003)

    Google Scholar 

  21. Grossklags, J., Acquisti, A.:When 25 cents is too much: An experiment on willingness-to-sell and willingness-to-protect personal information. In:Workshop of Economics and Information Security (WEIS). CarnegieMellon University, Pittsburgh, PA (2007). http://weis2007. econinfosec.org/papers/66.pdf

    Google Scholar 

  22. Hansen, M., Pfitzmann, A., Steinbrecher, S.: Identity management throughout one’s whole life. Information Security Technical Report 13(2), 83–94 (2008)

    Google Scholar 

  23. Herath, H.S.B., Herath, T.C.: Investments in information security: A real options perspective with Bayesian postaudit. Journal ofManagement Information Systems 25(3), 337–375 (2008)

    Google Scholar 

  24. Huberman, B.A., Adar, E., Fine, L.R.: Valuating privacy. IEEE Security and Privacy 3(1), 22–25 (2005)

    Google Scholar 

  25. Kelly, D.J., Raines, R.A., Grimaila, M.R., Baldwin, R.O., Mullins, B.E.: A survey of state-ofthe- art in anonymity metrics. In: Proc. of ACM Workshop on Network Data Anonymization (NDA), pp. 31–40. ACM Press, New York (2008)

    Google Scholar 

  26. Li, J., Su, X.: Making cost effective security decision with real option thinking. In: Proc. of International Conference on Software Engineering Advances (ICSEA 2007), pp. 14–22. IEEE Computer Society, Washington, DC, USA (2007)

    Google Scholar 

  27. Matsuura, K.: Security tokens and their derivatives. Tech. rep., Centre for Communications Systems Research (CCSR), University of Cambridge, UK (2001)

    Google Scholar 

  28. Merton, R.C.: Theory of rational option pricing. Bell Journal of Economics and Management Science 4(1), 141–183 (1973)

    Google Scholar 

  29. Odlyzko, A.: Privacy, economics, and price discrimination on the Internet. In: N. Sadeh (ed.) ICEC2003: Fifth International Conference on Electronic Commerce, pp. 355–366 (2003)

    Google Scholar 

  30. Ozment, A.: Bug auctions: Vulnerability markets reconsidered. In: Workshop of Economics and Information Security (WEIS). University ofMinnesota,Minneapolis,MN (2004). http: //www.dtc.umn.edu/weis2004/ozment.pdf

    Google Scholar 

  31. Peyton Jones, S.: Composing contracts: An adventure in financial engineering. In: J.N. Oliveira, P. Zave (eds.) FME 2001: Formal Methods for Increasing Software Productivity, LNCS, vol. 2021. Springer, Berlin Heidelberg (2001)

    Google Scholar 

  32. Peyton Jones, S., Eber, J.M.: How to write a financial contract. In: J. Gibbons, O. de Moor (eds.) The Fun of Programming. Palgrave Macmillan (2003)

    Google Scholar 

  33. Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management – A consolidated proposal for terminology. http: //dud.inf.tu-dresden.de/Anon_Terminology.shtml (2008). (Version 0.31)

    Google Scholar 

  34. Purser, S.A.: Improving the ROI of the security management process. Computers & Security 23, 542–546 (2004)

    Google Scholar 

  35. Schlörer, J.: Zum Problem der Anonymität der Befragten bei statistischen Datenbanken mit Dialogauswertung [On the problem of respondents’ anonymity in statistical databases with dialogue analysis]. In: D. Siefkes (ed.) 4. GI-Jahrestagung, LNCS, vol. 26, pp. 502–511. Springer, Berlin Heidelberg (1975)

    Google Scholar 

  36. Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: P. Syverson, R. Dingledine (eds.) Workshop on Privacy Enhancing Technologies, LNCS, vol. 2482. Springer, Berlin Heidelberg (2002)

    Google Scholar 

  37. Shannon, C.E.: A mathematical theory of communications. Bell System Technical Journal 27, 379–423, 623–656 (1948)

    Google Scholar 

  38. Soo Hoo, K.J.: How much is enough? A risk-management approach to computer security. In: Workshop on Economics and Information Security (WEIS). Berkeley, CA (2002). http://www.sims.berkeley.edu/resources/affiliates/ workshops/econsecurity/

    Google Scholar 

  39. Steinbrecher, S., Köpsell, S.: Modelling unlinkability. In: R. Dingledine (ed.) Workshop on Privacy Enhancing Technologies, LNCS, vol. 2760, pp. 32–47. Springer, Berlin Heidelberg (2003)

    Google Scholar 

  40. Sweeney, L.: k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10(5), 571–588 (2002)

    Google Scholar 

  41. Tóth, G., Hornák, Z., Vajda, F.:Measuring anonymity revisited. In: S. Liimatainen, T. Virtanen (eds.) Proc. of the Ninth Nordic Workshop on Secure IT Systems, pp. 85–90. Espoo, Finland (2004)

    Google Scholar 

  42. Willenborg, L., De Waal, T.: Statistical Disclosure Control in Practice. Springer, New York (1996)

    Google Scholar 

  43. Wolfers, J., Zitzewitz, E.: Prediction markets. Journal of Economic Perspectives 18(2), 107– 126 (2004)

    Google Scholar 

  44. Xiaoxin, W., Bertino, E.: Achieving k-anonymity in mobile and ad hoc networks. In: Proc. of IEEE ICNPWorkshop on Secure Network Protocols, pp. 37–42. IEEE Press, New York (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fakulteten för Ekonomi, Kommunikation och IT, Karlstads Universitet, Universitetsgatan 2, 65188, Karlstad, Sweden

    Stefan Berthold

  2. International Computer Science Institute, 1947 Center Street, Ste 600, 94704, Berkeley, CA, USA

    Rainer Böhme

Authors
  1. Stefan Berthold
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rainer Böhme
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stefan Berthold .

Editor information

Editors and Affiliations

  1. , Center for Research on Computation, Harvard University, Oxford St 33, Cambridge, 02138, USA

    Tyler Moore

  2. , King's College, University of Aberdeen, Aberdeen, Scotland, AB24 3UE, United Kingdom

    David Pym

  3. , Department of Economics, University of Bath, Claverton Down, Bath, BA2 7AY, United Kingdom

    Christos Ioannidis

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media, LLC

About this paper

Cite this paper

Berthold, S., Böhme, R. (2010). Valuating Privacy with Option Pricing Theory. In: Moore, T., Pym, D., Ioannidis, C. (eds) Economics of Information Security and Privacy. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-6967-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-6967-5_10

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-6966-8

  • Online ISBN: 978-1-4419-6967-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation