Advertisement

Quantifying Privacy Violations

  • Mishtu Banerjee
  • Rosa Karimi Adl
  • Leanne Wu
  • Ken Barker
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6933)

Abstract

Understanding privacy in a data storage environment has become of increasing interest to the data management and user communities over the past decade. Previous work has produced a number of definitions with greater or lesser specificity. The value of a particular definition can only be understood in light of how it helps us understand when a privacy violation occurs. This paper builds upon earlier work that defines privacy using a four-dimensional taxonomy with an inherent sense of increasing privacy exposure. This taxonomy is extended to formally capture the notions of (a) privacy violations, (b) the severity of a privacy violation, and (c) the likelihood of data providers ceasing to provide data due to privacy exposures. The privacy violation model developed here provides an operational framework to characterize and estimate privacy violation in a relational database system. It also allows one to calculate the consequences to the data provider of widening privacy policies. We describe a quantitative analysis of violations that captures discrepancies between the data collector’s stated policies and practices in comparison to the data providers’ data preferences. We demonstrate this analysis using a simple example and show how the accumulation of privacy violations can have a detrimental effect upon the data collector.

Keywords

Privacy Policy House Policy Data Provider Privacy Preference Privacy Violation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barker, K., Askari, M., Banerjee, M., Ghazinour, K., Mackas, B., Majedi, M., Pun, S., Williams, A.: A data privacy taxonomy. In: Sexton, A.P. (ed.) BNCOD 26. LNCS, vol. 5588, pp. 42–54. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Dwork, C.: Ask a better question, get a better answer a new approach to private data analysis. In: Schwentick, T., Suciu, D. (eds.) ICDT 2007. LNCS, vol. 4353, pp. 18–27. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Dwork, C.: Differential privacy: A survey of results. In: Agrawal, M., Du, D., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 1–19. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Ghazinour, K., Barker, K.: Capturing p3p semantics using an enforceable lattice-based structure. In: Proceedings of the 4th International Workshop on Privacy and Anonymity in the Information Society, PAIS 2011, pp. 4:1–4:6. ACM, New York (2011), http://doi.acm.org/10.1145/1971690.1971694 Google Scholar
  6. 6.
    Gianini, G., Damiani, E.: A game-theoretical approach to data-privacy protection from context-based inference attacks: A location-privacy protection case study. In: Jonker, W., Petkovic, M. (eds.) SDM 2008. LNCS, vol. 5159, pp. 133–150. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    van Heerde, H., Fokkinga, M., Anciaux, N.: A framework to balance privacy and data usability using data degradation. In: International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 146–153 (29-31, 2009)Google Scholar
  8. 8.
    Huberman, B.A., Adar, E., Fine, L.R.: Valuating privacy. IEEE Security & Privacy 3, 22–25 (2005)CrossRefGoogle Scholar
  9. 9.
    Jafari, M., Fong, P.W., Safavi-Naini, R., Barker, K., Sheppard, N.P.: Towards defining semantic foundations for purpose-based privacy policies. In: Proceedings of the first ACM conference on Data and application security and privacy, CODASPY 2011, pp. 213–224. ACM, New York (2011), http://doi.acm.org/10.1145/1943513.1943541 Google Scholar
  10. 10.
    Kobsa, A.: Privacy-enhanced web personalization. In: Brusilovsky, P., Kobsa, A., Nejdl, W. (eds.) Adaptive Web 2007. LNCS, vol. 4321, pp. 628–670. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Kumaraguru, P., Cranor, L.F.: Privacy indexes: A survey of Westin’s studies. Tech. rep., Carnegie Mellon University (2005)Google Scholar
  12. 12.
    Lebanon, G., Scannapieco, M., Fouad, M.R., Bertino, E.: Beyond k-anonymity: A decision theoretic framework for assessing privacy risk. Trans. Data Privacy 2, 153–183 (2009), http://portal.acm.org/citation.cfm?id=1744063.1744064 MathSciNetGoogle Scholar
  13. 13.
    Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: IEEE 23rd International Conference on Data Engineering, ICDE 2007, pp. 106–115 (2007)Google Scholar
  14. 14.
    Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1 (March 2007), http://doi.acm.org/10.1145/1217299.1217302
  15. 15.
    Ngoc, T.H., Echizen, I., Komei, K., Yoshiura, H.: New approach to quantification of privacy on social network sites. In: International Conference on Advanced Information Networking and Applications (2005)Google Scholar
  16. 16.
    Preibusch, S.: Implementing privacy negotiations in e-commerce (2005)Google Scholar
  17. 17.
    Ren, Y., Xiao, Z.: A privacy data release method based on game theory. In: 2nd International Conference on e-Business and Information System Security (EBISS) 2010, pp. 1–4 (May 2010)Google Scholar
  18. 18.
    Renỳi, A.: Probability Theory. Dover Press, New York (2007)zbMATHGoogle Scholar
  19. 19.
    Rozanov, Y.: Probability Theory: A Concise Course. Dover Press, New York (1977)zbMATHGoogle Scholar
  20. 20.
    Sweeney, L.: k-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness, and Knowledge-based Systems 10(5)Google Scholar
  21. 21.
    Westin, A.F.: Social and political dimensions of privacy. Journal of Social Issues 59(2), 431–453 (2003)CrossRefGoogle Scholar
  22. 22.
    Williams, A., Barker, K.: Controlling inference: avoiding p-level reduction during analysis. In: Proceedings of the fifth Australasian symposium on ACSW frontiers, ACSW 2007, vol. 68, pp. 193–200. Australian Computer Society, Inc., Darlinghurst (2007), http://portal.acm.org/citation.cfm?id=1274531.1274554 Google Scholar
  23. 23.
    Wu, L., Majedi, M., Ghazinour, K., Barker, K.: Analysis of social networking privacy policies. In: EDBT 2010: Proceedings of the 2010 EDBT/ICDT Workshops, pp. 1–5. ACM, New York (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Mishtu Banerjee
    • 1
  • Rosa Karimi Adl
    • 1
  • Leanne Wu
    • 1
  • Ken Barker
    • 1
  1. 1.Advanced Database Systems Laboratory, Department of Computer ScienceUniversity of CalgaryCalgaryCanada

Personalised recommendations