Privacy Under Conditions of Concurrent Interaction with Multiple Parties

  • Martin S. Olivier
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 142)


This paper explores the possibility to represent the privacy policies of an individual, as well as the processing steps of those who (concurrently) process the data, using a simple process algebra, FSP. The approach leads to the identification of two major classes of privacy policies: aggregation policies and quantitative policies. Automated analysis (with the LTSA tool) of such policies, in combination with the actions of parties that process personal information allows the automated discovery of possible breaches of privacy.

It is demonstrated that addressing the breaches often involves tradeoffs, such discontinuing interaction with some parties, so that policies are no longer violated.


Privacy Policy Process Algebra Trigger Action Reachability Analysis Privacy Violation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    S. B. Adler, E. F. Bangerter, K. A. Bohrer, J. Brown, N. Howard, J. Camenisch, A. M. Gilbert, D. Kesdogan, M. P. Leonard, X. Liu, M. R. McCullough, A. C. Nelson, C. C. Palmer, C. S. Powers, M. Schnyder, E. Schonberg, M. Schunter, E. van Herreweghen, and M. Waidner. Using an object model to improve handling of personally identifiable information. United States Patent Application 20030004734, January 2003.Google Scholar
  2. [2]
    R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databases. In 28th Int’l Conf. on Very Large Databases (VLDB). Hong Kong, 2002.Google Scholar
  3. [3]
    P. Ashley, S. Hada, G. Karjoth, and M. Schunter. E-P3P privacy policies and privacy authorization. In Proceedings of the ACM workshop on Privacy in the Electronic Society, pages 103–109. ACM Press, 2003.Google Scholar
  4. [4]
    D. Brin. The Transparent Society — Will Technology Force us to Choose between Privacy and Freedom? Perseus Books, Reading, MA, 1998.Google Scholar
  5. [5]
    M. A. Caloyannides. Encryption wars: Shifting tactics. IEEE Spectrum, 37(5):46–51, 2000.CrossRefGoogle Scholar
  6. [6]
    D. Chadwick, M. S. Olivier, P. Samarati, E. Sharpston, and B. Thuraishingham. Privacy and civil liberties. In E. Gudes and S. Shenoi, editors, Research Directions in Database and Application Security, pages 331–346. Kluwer, 2003.Google Scholar
  7. [7]
    G. T. Duncan and S. Mukherjee. Microdata disclosure limitation in statistical databases: Query size and random sample query control. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 278–287, Oakland, CA, USA, May 1991.Google Scholar
  8. [8]
    A. Etzioni. The Limits of Privacy. Basic Books, New York, NY, 1999.Google Scholar
  9. [9]
    A. Etzioni. Medical records — enhancing privacy, preserving the common good. Hastings Center Report, 23(2): 14–23, 1999.Google Scholar
  10. [10]
    S. Fischer-Hübner and A. Ott. From a formal privacy model to its implementation. In 21st National Information Systems Security Conference, Arlington, VA, USA, October 1998.Google Scholar
  11. [11]
    E. Gabber, P. B. Gibbons, D. M. Kristol, Y. Matias, and A. Mayer. Consistent, yet anonymous, web access with LPWA. Communications of the ACM, 42(2):42–47, February 1999.CrossRefGoogle Scholar
  12. [12]
    S. Garfinkel. PGP: Pretty Good Privacy. O’Reilly, 1995.Google Scholar
  13. [13]
    D. M. Goldschlag, M. G. Reed, and P. F. Syverson. Onion routing. Communications of the ACM, 42(2):39–41, February 1999.CrossRefGoogle Scholar
  14. [14]
    S. Hunt. Market overview: Privacy management technologies. Giga Information Group, February 2003.Google Scholar
  15. [15]
    IBM. Enterprise privacy architecture: Securing returns on e-business. Executive brief, IBM, 2001.Google Scholar
  16. [16]
    IBM. Privacy in a connected world. White paper, IBM, May 2002.Google Scholar
  17. [17]
    IDcide. IDcide introduces corporate privacy compliance software. Press release, February 2001.
  18. [18]
    D. G. Johnson. Computer Ethics. Prentice Hall, third edition, 2001.Google Scholar
  19. [19]
    G. Karjoth, M. Schunter, and M. Waidner. Privacy-enabled services for enterprises. Research Report RZ 3391 (# 93437), IBM Research, 2002.Google Scholar
  20. [20]
    G. Karjoth, M. Schunter, and M. Waidner. Platform for Enterprise Privacy Practices: Privacy-enabled management of customer data. In R. Dingledine and P. Syverson, editors, Privacy Enhancing Technologies: Second International Workshop, PET2002, San Francisco, CA, USA, April 14–15, 2002, Revised Papers. Springer, 2003.Google Scholar
  21. [21]
    G. Lawton. Is technology meeting the privacy challenge? IEEE Computer, 34(9):16–18, 2001.Google Scholar
  22. [22]
    J. Magee and J. Kramer. Concurrency — State Models & Java Programs. Wiley, 1999.Google Scholar
  23. [23]
    M. S. Olivier. Database privacy. SIGKDD Explorations, 4(2):20–27, 2003.MathSciNetGoogle Scholar
  24. [24]
    M. S. Olivier. A layered architecture for privacy-enhancing technologies. In J. H. P. Eloff, H. S. Venter, L. Labuschagne, and M. M. Eloff, editors, Proceedings of the Third Annual Information Security South Africa Conference (ISSA2003), pages 113–126, Sandton, South Africa, July 2003.Google Scholar
  25. [25]
    M. S. Olivier. Privacy under conditions of concurrent interaction with multiple parties. In S. de Capitani di Vimercati, I. Ray, and I. Ray, editors, Proceedings of the Seventeenth Anual IFIP WG11.3 Working Conference on Database and Application Security, pages 103–117, Estes Park, Colorado, USA, August 2003 (Preproceedings).Google Scholar
  26. [26]
    M. S. Olivier. Using organisational safeguards to make justifiable decisions when processing personal data. In J. H. P. Eloff, P. Kotzé, A. P. Engelbrecht, and M. M. Eloff, editors, IT Research in Developing Countries (SAICSIT 2003), pages 275–284, Sandton, South Africa, September 2003.Google Scholar
  27. [27]
    E. F. Paul, F. D. Miller, and J. Paul, editors. The Right to Privacy. Cambridge University Press, Cambridge, 2000.Google Scholar
  28. [28]
    PrivacyRight. Control of personal information — the economic benefits of adopting an enterprise-wide permissions management platform. White Paper, 2001.
  29. [29]
    J. Reagle and L. F. Cranor. The platform for privacy preferences. Communications of the ACM, 42(2):48–55, February 1999.CrossRefGoogle Scholar
  30. [30]
    M. K. Reiter and A. D. Rubin. Anonymous web transactions with Crowds. Communications of the ACM, 42(2):32–48, February 1999.CrossRefGoogle Scholar
  31. [31]
    A. Rosenberg. Privacy as a matter of taste and right. In E. F. Paul, F. D. Miller, and J. Paul, editors, The Right to Privacy, pages 68–90, Cambridge, 2000. Cambridge University Press.Google Scholar
  32. [32]
    P. Ryan, S. Schneider, M. Goldsmith, G. Lowe, B. Roscoe, and G. Lower. Modelling and Analysis of Security Protocols. Addison Wesley, 2000.Google Scholar
  33. [33]
    P. Samarati. Protecting respondents’ identities in microdata release. IEEE Transactions on Knowledge and Data Engineering, 13(6): 1010–1027, 2001.CrossRefGoogle Scholar
  34. [34]
    S. Schneider and A. Sidiropoulos. CSP and anonymity. In Proceedings of European Symposium on Research in Computer Security, number 1146 in Lecture Notes in Computer Science, pages 198–218. Springer-Verlag, 1996.Google Scholar
  35. [35]
    D. Stamate, H. Luchian, and B. Paechter. A general model for the answer-perturbation techniques. In Seventh International Working Conference on Scientific and Statistical Database Management, pages 90–96, Charlottesville, VA, USA, Sep 1994. IEEE.Google Scholar
  36. [36]
    L. Sweeney. Datafly: A system for providing anonymity in medical data. InT.Y. Lin and S. Qian, editors, Database Security XI: Status and Prospects, pages 356–381. Chapman & Hall, 1998.Google Scholar
  37. [37]
    W. Teepe, R. P. van de Riet, and M. S. Olivier. Workflow analyzed for security and privacy in using databases. In B. Thuraisingham, R. P. van de Riet, K. R. Dittrich, and Z. Tari, editors, Data and Applications Security — Developments and Directions, pages 271–282. Kluwer, 2001.Google Scholar
  38. [38]
    Tivoli Software. Enable your applications for privacy with IBM Tivoli Privacy Manager for e-business. Technical discussion, IBM, July 2002.Google Scholar
  39. [39]
    Tivoli Software. IBM Tivoli Privacy Manager for e-business. Commercial brochure, IBM, 2002.Google Scholar
  40. [40]
    R. Whitaker. The End of Privacy — How Total Surveillance is Becoming a Reality. New Press, New York, NY, 1999.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Martin S. Olivier
    • 1
  1. 1.Department of Computer ScienceUniversity of PretoriaSouth Africa

Personalised recommendations