Privacy-ABCs as a Case for Studying the Adoption of PETs by Users and Service Providers

  • Ioannis Krontiris
  • Zinaida Benenson
  • Anna Girard
  • Ahmad Sabouri
  • Kai Rannenberg
  • Peter Schoo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9484)

Abstract

Although in the last years there has been a growing amount of research in the field of privacy-enhancing technologies (PETs), they are not yet widely adopted in practice. In this paper we discuss the socioeconomical aspects of how users and service providers make decisions about adopting PETs. The analysis is based on our experiences from the deployment of Privacy-respecting Attribute-based Credentials (Privacy-ABCs) in a real-world scenario. In particular, we consider the factors that affect the adoption of Privacy-ABCs as well as the cost and benefit trade-offs involved in their deployment and usage, as perceived by both parties.

References

  1. 1.
    Acquisti, A.: Identity management, privacy, and price discrimination. IEEE Secur. Priv. 6(2), 46–50 (2008)CrossRefGoogle Scholar
  2. 2.
    Acquisti, A.: The economics of personal data and the economics of privacy. Background Paper for OECD Joint WPISP-WPIE Roundtable 1 (2010)Google Scholar
  3. 3.
    Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. 2, 24–30 (2005)Google Scholar
  4. 4.
    Benenson, Z., Girard, A., Krontiris, I.: User acceptance factors for anonymous credentials: an empirical investigation. In: Workshop on the Economics of Information Security (WEIS) (2015)Google Scholar
  5. 5.
    Benenson, Z., Girard, A., Krontiris, I., Liagkou, V., Rannenberg, K., Stamatiou, Y.: User acceptance of privacy-ABCs: an exploratory study. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 375–386. Springer, Heidelberg (2014)Google Scholar
  6. 6.
    Bjones, R., Krontiris, I., Paillier, P., Rannenberg, K.: Integrating anonymous credentials with eIDs for privacy-respecting online authentication. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 111–124. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  7. 7.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
  8. 8.
    Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 21–30 (2002)Google Scholar
  9. 9.
    Cameron, K., Posch, R., Rannenberg, K.: Proposal for a common identity framework: A User-Centric Identity Metasystem. In: Rannenberg, K., Royer, D., Deuker, A. (eds.) The Future of Identity in the Information Society - Opportunities and Challenges. Springer (2009)Google Scholar
  10. 10.
    Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13(3), 319–340 (1989)CrossRefGoogle Scholar
  11. 11.
    DiMaggio, P.J., Powell, W.W.: The iron cage revisited: institutional isomorphism and collective rationality in organizational fields. Am. Sociol. Rev. 48(2), 147–160 (1983)CrossRefGoogle Scholar
  12. 12.
    Dinev, T., Hart, P.: Internet privacy concerns and social awareness as determinants of intention to transact. Int. J. Electron. Commer. 10(2), 7–29 (2006)CrossRefGoogle Scholar
  13. 13.
    Economics, L.: Study on the Economic Benefits of Privacy-enhancing Technologies (PETs): Final Report to The European Commission, DG Justice, Freedom and Security. London Economics (2010)Google Scholar
  14. 14.
    Field, A.: Discovering Statistics Using IBM SPSS Statistics. Sage, London (2013)Google Scholar
  15. 15.
    Final Report to the European Commission DG Justice, Freedom and Security: Study on the economic benefits of privacy-enhancing technologies (PETs). Technical report, London Economics, July 2010Google Scholar
  16. 16.
    Fischer-Hübner, S., Hoofnagle, C., Krontiris, I., Rannenberg, K., Waidner, M.: Online privacy: towards informational self-determination on the internet (Dagstuhl Perspectives Workshop 11061). Dagstuhl Manifestos 1(1), 1–20 (2011)Google Scholar
  17. 17.
    Hansen, M., Bieker, F., Deibler, D., Obersteller, H., Schlehahn, E., Zwingelberg, H.: Legal data protection considerations. In: Rannenberg, K., Camenisch, J., Sabouri, A. (eds.) Attribute-based Credentials for Trust, pp. 143–161 (2015)Google Scholar
  18. 18.
    Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J., Rao, H.R.: Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service. Inf. Syst. J. 24(1), 61–84 (2014)CrossRefGoogle Scholar
  19. 19.
    Iacovou, C.L., Benbasat, I., Dexter, A.S.: Electronic data interchange and small organizations: adoption and impact of technology. MIS Q. 19, 465–485 (1995)CrossRefGoogle Scholar
  20. 20.
    Laudon, K.C.: Markets and privacy. Commun. ACM 39(9), 92–104 (1996)CrossRefGoogle Scholar
  21. 21.
    McKnight, D.H., Carter, M., Thatcher, J.B., Clay, P.F.: Trust in a specific technology: an investigation of its components and measures. ACM Trans. Manage. Inf. Syst. (TMIS) 2(2), 12 (2011)Google Scholar
  22. 22.
    Nofer, M., Hinz, O., Muntermann, J., Roßnagel, H.: The economic impact of privacy violations and security breaches. Bus. Inf. Syst. Eng. 6(6), 339–348 (2014)CrossRefGoogle Scholar
  23. 23.
    Patil, S., Patruni, B., Lu, H., Dunkerley, F., Fox, J., Potoglou, D., Robinson, N.: Public perception of security and privacy: results of the comprehensive analysis of PACT’s pan-european survey. Technical report, PACT EU Project Public Deliverable D4.2, June 2014Google Scholar
  24. 24.
    Pavlou, P.A.: Consumer acceptance of electronic commerce: integrating trust and risk with the technology acceptance model. Int. J. Electron. Commer. 7(3), 101–134 (2003)Google Scholar
  25. 25.
    Rogers Everett, M.: Diffusion of Innovations. Free Press, New York (1995)Google Scholar
  26. 26.
    Rubinstein, I.S.: Regulating privacy by design. Berkeley Technol. Law J. 26, 1409 (2011)Google Scholar
  27. 27.
    Sabouri, A.: Understanding the determinants of privacy-ABC technologies adoption by service providers. In: Proceedings of 14th IFIP WG 6.11 Conference on e-Business, e-Services, and e-Society, I3E 2015 Open and Big Data Management and Innovation, Delft, The Netherlands, 13–15 October 2015, vol. 9373 (2015)Google Scholar
  28. 28.
    Spiekermann, S.: User Control in Ubiquitous Computing: Design Alternatives and User Acceptance. Shaker, Aachen (2008)Google Scholar
  29. 29.
    Stamatiou, Y., Benenson, Z., Girard, A., Krontiris, I., Liagkou, V., Pyrgelis, A., Tesfay, W.: Course evaluation in higher education: the patras pilot of ABC4Trust. In: Rannenberg, K., Camenisch, J., Sabouri, A. (eds.) Attribute-based Credentials for Trust, pp. 197–239. Springer International Publishing (2015)Google Scholar
  30. 30.
    Sun, S.T., Pospisil, E., Muslukhov, I., Dindar, N., Hawkey, K., Beznosov, K.: What makes users refuse web single sign-on?: an empirical investigation of OpenID. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, p. 4. ACM (2011)Google Scholar
  31. 31.
    Tornatzky, L.G., Fleischer, M., Chakrabarti, A.K.: Processes of Technological Innovation. Lexington Books, Lexington (1990)Google Scholar
  32. 32.
    Venkatesh, V., Bala, H.: Technology acceptance model 3 and a research agenda on interventions. Decis. Sci. 39(2), 273–315 (2008)CrossRefGoogle Scholar
  33. 33.
    Venkatesh, V., Davis, F.D.: A theoretical extension of the technology acceptance model: four longitudinal field studies. Manage. Sci. 46(2), 186–204 (2000)CrossRefGoogle Scholar
  34. 34.
    Venkatesh, V., Morris, M.G., Davis, G.B., Davis, F.D.: User acceptance of information technology: toward a unified view. MIS Q. 27, 425–478 (2003)Google Scholar
  35. 35.
    Venkatesh, V., Thong, J.Y., Xu, X.: Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology. MIS Q. 36(1), 157–178 (2012)Google Scholar
  36. 36.
    Wästlund, E., Angulo, J., Fischer-Hübner, S.: Evoking comprehensive mental models of anonymous credentials. In: Camenisch, J., Kesdogan, D. (eds.) iNetSec 2011. LNCS, vol. 7039, pp. 1–14. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  37. 37.
    Wästlund, E., Wolkerstorfer, P., Köffel, C.: PET-USES: Privacy-enhancing technology-users self-estimation scale. In: Privacy and Identity Management for Life, pp. 266–274. Springer (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Ioannis Krontiris
    • 3
  • Zinaida Benenson
    • 1
  • Anna Girard
    • 1
  • Ahmad Sabouri
    • 2
  • Kai Rannenberg
    • 2
  • Peter Schoo
    • 3
  1. 1.Friedrich-Alexander-University Erlangen-NurembergErlangenGermany
  2. 2.Goethe University FrankfurtFrankfurtGermany
  3. 3.European Research CenterHuawei TechnologiesMunichGermany

Personalised recommendations