Forensics and Privacy-Enhancing Technologies

Logging and Collecting Evidence in Flocks
  • Martin Olivier
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 194)


Flocks is a privacy-enhancing technology (PET) used to hide the web usage patterns of employees in an organization against profiling or mere inspection by administrators and other officials. However, Flocks is intended to support the identification of senders of malicious requests by means of a legitimate forensic investigation.

This paper formalizes what should be logged for an appropriate forensic investigation. Also, it considers exactly what evidence should be explored once a malicious request has been noticed. It argues that (i) evidence that would have been collected about a malicious request if the PET were not used, should still be collected, and (ii) evidence that becomes visible by some legitimate means because the PET is used, should be collected. However, information that has not become visible by such legitimate means, but is available because the PET is being used, should not be collected. In the latter case, privacy concerns override the fact that a malicious request might be uncovered by investigating more logged information. These positions are defended and formalized using mathematical notation.


Privacy-enhancing technologies logging evidence collection 


  1. [1]
    R. Agrawal, J. Kiernan, R. Srikant and Y. Xu, Hippocratic databases, Proceedings of the Twenty-Eighth International Conference on Very Large Databases, 2002.Google Scholar
  2. [2]
    P. Ashley, S. Hada, G. Karjoth and M. Schunter, E-P3P privacy policies and privacy authorization, Proceedings of the ACM Workshop on Privacy in the Electronic Society, pp. 103–109, 2003.Google Scholar
  3. [3]
    C. Boyd and P. Forster, Time and date issues in forensic computing — A case study, Digital Investigation, vol. 1(1), pp. 8–23, 2004.Google Scholar
  4. [4]
    D. Brezinski and T. Killalea, Guidelines for evidence collection and archiving, RFC 3227, The Internet Society, February 2002.Google Scholar
  5. [5]
    I. Brown and B. Laurie, Security against compelled disclosure, Proceedings of the Sixteenth Annual Computer Security Applications Conference, pp. 2–10, 2000.Google Scholar
  6. [6]
    M. Caloyannides, Encryption wars: Shifting tactics, IEEE Spectrum, vol. 37(5), pp. 46–51, 2000.CrossRefGoogle Scholar
  7. [7]
    D. Chaum, Untraceable electronic mail, return addresses and digital pseudonyms, Communications of the ACM, vol. 24(2), pp. 84–88, 1981.CrossRefGoogle Scholar
  8. [8]
    G. Du Pont, The time has come for limited liability operators of true anonymity remailers in cyberspace: An examination of the possibilities and the perils, Journal of Technology Law & Policy, vol. 6(2), pp. 175–217, 2001.Google Scholar
  9. [9]
    A. Froomkin, Flood control on the information ocean: Living with anonymity, digital cash and distributed databases, University of Pittsburgh Journal of Law and Commerce, vol. 395(15), 1996.Google Scholar
  10. [10]
    E. Gabber, P. Gibbons, D. Kristol, Y. Matias and A. Mayer, Consistent, yet anonymous, web access with LPWA, Communications of the ACM, vol. 42(2), pp. 42–47, 1999.CrossRefGoogle Scholar
  11. [11]
    I. Goldberg, D. Wagner and E. Brewer, Privacy-enhancing technologies for the Internet, Proceedings of the Forty-Second IEEE International Computer Conference, pp. 103–109, 1997.Google Scholar
  12. [12]
    D. Goldschlag, M. Reed and P. Syverson, Onion routing, Communications of the ACM, vol. 42(2), pp. 39–41, 1999.CrossRefGoogle Scholar
  13. [13]
    IBM, Privacy in a connected world (, 2002.Google Scholar
  14. [14]
    G. Karjoth, M. Schunter and M. Waidner, Platform for Enterprise Privacy Practices: Privacy-enabled management of customer data, Proceedings of the Second International Workshop on Privacy Enhancing Technologies, 2003.Google Scholar
  15. [15]
    M. Olivier, A layered architecture for privacy-enhancing technologies, South African Computer Journal, vol. 31, pp. 53–61, 2003.Google Scholar
  16. [16]
    M. Olivier, Flocks: Distributed proxies for browsing privacy, in Proceedings of SAICSIT 2004 — Fulfilling the Promise of ICT, G. Marsden, P. Kotze and A. Adesina-Ojo (Eds.), pp. 79–88, 2004.Google Scholar
  17. [17]
    Organization for Economic Cooperation and Development (OECD), Inventory of privacy-enhancing technologies (PETs), Report DSTI/ICCP/REG(2001)l/FINAL, 2002.Google Scholar
  18. [18]
    J. Postel, Transmission control protocol, RFC 793, Defense Advanced Research Projects Agency, Fairfax, Virginia, 1981.Google Scholar
  19. [19]
    D. Price, Micro View — Clipper: Soon a de facto standard? IEEE Micro, vol. 14(4), pp. 80–79, 1994.CrossRefGoogle Scholar
  20. [20]
    PrivacyRight, Control of personal information: The economic benefits of adopting an enterprise-wide permissions management platform (, 2001.Google Scholar
  21. [21]
    M. Reiter and A. Rubin, Anonymous web transactions with Crowds, Communications of the ACM, vol. 42(2), pp. 32–48, 1999.CrossRefGoogle Scholar
  22. [22]
    A. Rieke and T. Demuth, JANUS: Server anonymity in the worldwide web, Proceedings of the EICAR International Conference, pp. 195–208, 2001.Google Scholar
  23. [23]
    V. Seničar, B. Jerman-Blažič and T. Klobučar, Privacy-enhancing technologies: Approaches and development, Computer Standards & Interfaces, vol. 25, pp. 147–158, 2003.CrossRefGoogle Scholar
  24. [24]
    Wave Systems, User managed privacy: A new approach for addressing digital privacy and personal information on the Internet (, 2000.Google Scholar
  25. [25]
    H. Wolfe, Evidence acquisition, Computers & Security, vol. 22(3), pp. 193–195, 2003.CrossRefGoogle Scholar
  26. [26]
    H. Wolfe, Evidence analysis, Computers & Security, vol. 22(4), pp. 289–291, 2003.CrossRefGoogle Scholar
  27. [27]
    H. Wolfe, Encountering encryption, Computers & Security, vol. 22(5), pp. 388–391, 2003.CrossRefGoogle Scholar
  28. [28]
    H. Wolfe, Presenting the evidence report, Computers & Security, vol. 22(6), pp. 479–481, 2003.MathSciNetCrossRefGoogle Scholar
  29. [29]
    H. Wolfe, Forensic evidence testimony — Some thoughts, Computers & Security, vol. 22(7), pp. 577–579, 2003.CrossRefGoogle Scholar
  30. [30]
    H. Wolfe, Setting up an electronic evidence forensics laboratory, Computers & Security, vol. 22(8), pp. 670–672, 2003.CrossRefGoogle Scholar

Copyright information

© International Federation for Information Processing 2006

Authors and Affiliations

  • Martin Olivier

There are no affiliations available

Personalised recommendations