Advertisement

Valuating Privacy with Option Pricing Theory

  • Stefan Berthold
  • Rainer Böhme
Conference paper

Abstract

One of the key challenges in the information society is responsible handling of personal data. An often-cited reason why people fail to make rational decisions regarding their own informational privacy is the high uncertainty about future consequences of information disclosures today. This chapter builds an analogy to financial options and draws on principles of option pricing to account for this uncertainty in the valuation of privacy. For this purpose, the development of a data subject's personal attributes over time and the development of the attribute distribution in the population are modeled as two stochastic processes, which fit into the Binomial Option Pricing Model (BOPM). Possible applications of such valuation methods to guide decision support in future privacy-enhancing technologies (PETs) are sketched.

Keywords

Option Price Personal Data Information Security Real Option Data Subject 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security and Privacy 3(1), 26–33 (2005)Google Scholar
  2. 2.
    Acquisti, A., Varian, H.R.: Conditioning prices on purchase history. Marketing Science 24(3), 1–15 (2005)Google Scholar
  3. 3.
    Amram, M., Kulatilaka, N.: Real Options: Managing Strategic Investment in an Uncertain World. Harvard Business School Press (1999)Google Scholar
  4. 4.
    Baran, P.: Communications, computers and people. Tech. rep., RAND Corporation, Santa Monica, CA (1965)Google Scholar
  5. 5.
    Berendt, B., Günther, O., Spiekermann, S.: Privacy in e-commerce: Stated preferences vs. actual behavior. Communications of the ACM 48(4), 101–106 (2005)Google Scholar
  6. 6.
    Black, F., Scholes, M.: The pricing of options and corporate liabilities. Journal of Political Economy 81, 637–654 (1973)Google Scholar
  7. 7.
    Blanchette, J.F., Johnson, D.G.: Data retention and the panoptic society: The social benefits of forgetfulness. Information Society 18(1), 33–45 (2002)Google Scholar
  8. 8.
    Böhme, R.: A comparison of market approaches to software vulnerability disclosure. In: G. Müller (ed.) Emerging Trends in Information and Communication Security (Proc. of ETRICS), LNCS, vol. 3995, pp. 298–311. Springer, Berlin Heidelberg (2006)Google Scholar
  9. 9.
    Böhme, R., Koble, S.: Pricing strategies in electronic marketplaces with privacy-enhancing technologies. Wirtschaftsinformatik 49(1), 16–25 (2007)Google Scholar
  10. 10.
    Clauß, S.: A framework for quantification of linkability within a privacy-enhancing identity management system. In: G.Müller (ed.) Emerging Trends in Information and Communication Security (ETRICS), LNCS, vol. 3995, pp. 191–205. Springer, Berlin Heidelberg (2006)Google Scholar
  11. 11.
    Cox, J., Ross, S., Rubinstein, M.: Option pricing: A simplified approach. Journal of Financial Economics (1979)Google Scholar
  12. 12.
    Daneva, M.: Applying real options thinking to information security in networked organizations. Tech. Rep. TR-CTIT-06-11, Centre for Telematics and Information Technology, University of Twente, Enschede, NL (2006)Google Scholar
  13. 13.
    Denning, D.E., Denning, P.J., Schwart, M.D.: The tracker: A threat to statistical database security. ACM Trans. on Database Systems 4(1), 76–96 (1979)Google Scholar
  14. 14.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: P. Syverson, R. Dingledine (eds.) Workshop on Privacy Enhancing Technologies, LNCS, vol. 2482. Springer, Berlin Heidelberg (2002)Google Scholar
  15. 15.
    Fischer, L., Katzenbeisser, S., Eckert, C.:Measuring unlinkability revisited. In: Proc. ofWorkshop on Privacy in the Electronic Society (WPES), pp. 105–109. ACMPress, New York (2008)Google Scholar
  16. 16.
    Fischer-Hübner, S.: Zur reidentifikationssicheren statistischen Auswertung personenbezogener Daten in staatlichen Datenbanken [Towards reidentification-secure statistical data analysis of personal data in governmental databases]. Diploma thesis, Universität Hamburg (1987). In GermanGoogle Scholar
  17. 17.
    Fischer-Hübner, S.: IT-security and privacy: Design and use of privacy-enhancing security mechanisms, LNCS, vol. 1958. Springer, Berlin Heidelberg (2001)Google Scholar
  18. 18.
    Franz, M., Meyer, B., Pashalidis, A.: Attacking unlinkability: The importance of context. In: N. Borisov, P. Golle (eds.) Privacy Enhancing Technologies, LNCS, vol. 4776, pp. 1–16. Springer, Berlin Heidelberg (2007)Google Scholar
  19. 19.
    Gordon, L.A., Loeb,M.P.: The economics of information security investment. ACMTrans. on Information and System Security 5(4), 438–457 (2002)Google Scholar
  20. 20.
    Gordon, L.A., Loeb, M.P., Lucyshyn, W.: Information security expenditures and real options: A wait-and-see approach. Computer Security Journal 14(2), 1–7 (2003)Google Scholar
  21. 21.
    Grossklags, J., Acquisti, A.:When 25 cents is too much: An experiment on willingness-to-sell and willingness-to-protect personal information. In:Workshop of Economics and Information Security (WEIS). CarnegieMellon University, Pittsburgh, PA (2007). http://weis2007. econinfosec.org/papers/66.pdfGoogle Scholar
  22. 22.
    Hansen, M., Pfitzmann, A., Steinbrecher, S.: Identity management throughout one’s whole life. Information Security Technical Report 13(2), 83–94 (2008)Google Scholar
  23. 23.
    Herath, H.S.B., Herath, T.C.: Investments in information security: A real options perspective with Bayesian postaudit. Journal ofManagement Information Systems 25(3), 337–375 (2008)Google Scholar
  24. 24.
    Huberman, B.A., Adar, E., Fine, L.R.: Valuating privacy. IEEE Security and Privacy 3(1), 22–25 (2005)Google Scholar
  25. 25.
    Kelly, D.J., Raines, R.A., Grimaila, M.R., Baldwin, R.O., Mullins, B.E.: A survey of state-ofthe- art in anonymity metrics. In: Proc. of ACM Workshop on Network Data Anonymization (NDA), pp. 31–40. ACM Press, New York (2008)Google Scholar
  26. 26.
    Li, J., Su, X.: Making cost effective security decision with real option thinking. In: Proc. of International Conference on Software Engineering Advances (ICSEA 2007), pp. 14–22. IEEE Computer Society, Washington, DC, USA (2007)Google Scholar
  27. 27.
    Matsuura, K.: Security tokens and their derivatives. Tech. rep., Centre for Communications Systems Research (CCSR), University of Cambridge, UK (2001)Google Scholar
  28. 28.
    Merton, R.C.: Theory of rational option pricing. Bell Journal of Economics and Management Science 4(1), 141–183 (1973)Google Scholar
  29. 29.
    Odlyzko, A.: Privacy, economics, and price discrimination on the Internet. In: N. Sadeh (ed.) ICEC2003: Fifth International Conference on Electronic Commerce, pp. 355–366 (2003)Google Scholar
  30. 30.
    Ozment, A.: Bug auctions: Vulnerability markets reconsidered. In: Workshop of Economics and Information Security (WEIS). University ofMinnesota,Minneapolis,MN (2004). http: //www.dtc.umn.edu/weis2004/ozment.pdfGoogle Scholar
  31. 31.
    Peyton Jones, S.: Composing contracts: An adventure in financial engineering. In: J.N. Oliveira, P. Zave (eds.) FME 2001: Formal Methods for Increasing Software Productivity, LNCS, vol. 2021. Springer, Berlin Heidelberg (2001)Google Scholar
  32. 32.
    Peyton Jones, S., Eber, J.M.: How to write a financial contract. In: J. Gibbons, O. de Moor (eds.) The Fun of Programming. Palgrave Macmillan (2003)Google Scholar
  33. 33.
    Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management – A consolidated proposal for terminology. http: //dud.inf.tu-dresden.de/Anon_Terminology.shtml (2008). (Version 0.31)Google Scholar
  34. 34.
    Purser, S.A.: Improving the ROI of the security management process. Computers & Security 23, 542–546 (2004)Google Scholar
  35. 35.
    Schlörer, J.: Zum Problem der Anonymität der Befragten bei statistischen Datenbanken mit Dialogauswertung [On the problem of respondents’ anonymity in statistical databases with dialogue analysis]. In: D. Siefkes (ed.) 4. GI-Jahrestagung, LNCS, vol. 26, pp. 502–511. Springer, Berlin Heidelberg (1975)Google Scholar
  36. 36.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: P. Syverson, R. Dingledine (eds.) Workshop on Privacy Enhancing Technologies, LNCS, vol. 2482. Springer, Berlin Heidelberg (2002)Google Scholar
  37. 37.
    Shannon, C.E.: A mathematical theory of communications. Bell System Technical Journal 27, 379–423, 623–656 (1948)Google Scholar
  38. 38.
    Soo Hoo, K.J.: How much is enough? A risk-management approach to computer security. In: Workshop on Economics and Information Security (WEIS). Berkeley, CA (2002). http://www.sims.berkeley.edu/resources/affiliates/ workshops/econsecurity/Google Scholar
  39. 39.
    Steinbrecher, S., Köpsell, S.: Modelling unlinkability. In: R. Dingledine (ed.) Workshop on Privacy Enhancing Technologies, LNCS, vol. 2760, pp. 32–47. Springer, Berlin Heidelberg (2003)Google Scholar
  40. 40.
    Sweeney, L.: k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10(5), 571–588 (2002)Google Scholar
  41. 41.
    Tóth, G., Hornák, Z., Vajda, F.:Measuring anonymity revisited. In: S. Liimatainen, T. Virtanen (eds.) Proc. of the Ninth Nordic Workshop on Secure IT Systems, pp. 85–90. Espoo, Finland (2004)Google Scholar
  42. 42.
    Willenborg, L., De Waal, T.: Statistical Disclosure Control in Practice. Springer, New York (1996)Google Scholar
  43. 43.
    Wolfers, J., Zitzewitz, E.: Prediction markets. Journal of Economic Perspectives 18(2), 107– 126 (2004)Google Scholar
  44. 44.
    Xiaoxin, W., Bertino, E.: Achieving k-anonymity in mobile and ad hoc networks. In: Proc. of IEEE ICNPWorkshop on Secure Network Protocols, pp. 37–42. IEEE Press, New York (2005)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Fakulteten för Ekonomi, Kommunikation och ITKarlstads UniversitetKarlstadSweden
  2. 2.International Computer Science InstituteBerkeleyUSA

Personalised recommendations