Abstract
Privacy is an ancient concept, but its interpretation and application in the area of e-commerce are still new. It is increasingly widely accepted, however, that by giving precedence to consumer privacy bigger benefits can be reaped by all parties involved. There has been much investigation into the concept of privacy, legal frameworks for protecting this most impalpable of human values and, more recently, computing technologies that help preserve an individual’s privacy in today’s environment. In this paper we review the historical development of this fundamental concept, discussing how advancements both in society and in technology have challenged the right to privacy, and we survey the existing computing technologies that promote consumer privacy in e-commerce. Our study shows that historically the protection of privacy has been driven primarily both by our understanding of privacy and by the advancement of technology, analyses the limitations of privacy protections for current e-commerce applications, and identifies directions for the future development of successful privacy enhancing technologies.
Similar content being viewed by others
References
Ackerman, M.S., Cranor, L.F., & Reagle, J. (1999). Privacy in e-commerce: examining user scenarios and privacy preferences. In Proceedings of the 1st ACM conference on electronic commerce (pp. 1–8). New York: ACM
Adam, N.R., & Worthmann, J. C. (1989). Security-control methods for statistical databases: a comparative study. ACM Computing Surveys, 21(4), 515–556
Agrawal, D., & Aggarwal, C.C. (2001). On the design and quantification of privacy preserving data mining algorithms. In Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems (pp. 247–255). New York: ACM
Agrawal, R., & Srikant, R. (2000). Privacy-preserving data mining. In Proceedings of the 2000 ACM SIGMOD international conference on management of data (pp. 439–450). New York: ACM
Arendt, H. (1958). The Human Condition. Chicago: University of Chicago Press
Ashley, P., Hada, S., Karjoth, G., & Schunter, M. (2002). E-p3p privacy policies and privacy authorization. In Proceeding of the ACM workshop on privacy in the electronic society (pp. 103–109). New York: ACM
Ashley, P., Powers, C., & Schunter, M. (2002). From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise. In Proceedings of the 2002 workshop on new security paradigms (pp. 43–50). New York: ACM
Beck, L.L. (1980). A security mechanism for statistical databases. ACM Transactions on Database Systems, 5(3), 316–338
Benn, S.I., & Gaus, G.F. (1983). Public and Private in Social Life. St. Martins Press
Bloustein, E.J. (1964). Privacy as an aspect of human dignity. New York University Law Review, 39, 962–1007
Brin, D. The transparent society. http://www.wired.com/wired/archive/4.12/fftransparent.html
Camenisch, J., & Lysyanskaya, A. (2001). An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In B. Pfitzmann (Ed.), Advances in cryptology—EUROCRYPT 2001. Lecture Notes in Computer Science, vol. 2045 (pp. 93–118). Heidelberg: Springer
Camenisch, J., & Van Herreweghen, E. (2002). Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM conference on computer and communications security (pp. 21–30). New York: ACM
Chaum, D. (1985). Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10), 1030–1044
Chaum, D., & Evertse, J.-H. (1987). A secure and privacy-protecting protocol for transmitting personal information between organizations. In CRYPTO 86. Lecture Notes in Computer Science, vol. 263 (pp. 118–167). Heidelberg: Springer
Chaum, D.L. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 84–90
Chen, L. (1995). Access with pseudonyms. In E. Dawson and J. Golić (Eds.), Cryptography: policy and algorithms. Lecture Notes in Computer Science, vol. 1029 (pp. 232–243). Heidelberg: Springer
Chin, F.Y., & Ozsoyoglu, G. (1982). Auditing and inference control in statistical databases. IEEE Transactions Software Engineering, 8(6), 113–139
Clayton, R., Danezis, G., & Kuhn, M.G. (2001). Real world patterns of failure in anonymity systems. In Information hiding: 4th international workshop, IHW 2001. Lecture Notes in Computer Science, vol. 2137 (pp. 230–244). Heidelberg: Springer
Cranor, L.F. (2002). The role of privacy advocates and data protection authorities in the design and deployment of the platform for privacy preferences. In Proceedings of the 12th annual conference on computers, freedom and privacy, (pp. 1–8). New York: ACM
Cyber Dialogue (2001). Cyber dialogue survey reveals lost revenue for retailers due to widespread consumer privacy concerns. http://www.cyberdialogue.com/news/releases/2001/11-07-uco-retail.html
Damguård, I. (1990). Payment systems and credential mechanism with provable security against abuse by individuals. In CRYPTO 88. Lecture Notes in Computer Science, vol. 403 (pp. 328–335). Heidelberg: Springer
Denning, D.E., & Denning, P.J. (1979). Data security. ACM Computing Surveys, 11(3), 227–249
Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation onion router. In Proceedings of the 13th USENIX security symposium (August)
Elovici, Y., Shapira, B., & Maschiach, A. (2002). A new privacy model for hiding group interests while accessing the web. In Proceeding of the ACM workshop on privacy in the electronic society (pp. 63–70). New York: ACM
European Parliament, Report on echelon. http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf
Forrester Research (1999). Post-web retail (September). http://www.forrester.com/
Forrester Research (2001). Privacy concerns cost e-commerce $15 billion (September). http://www.forrester.com/
Foster, I., Kesselman, C., & Tuecke, S. (2001). The anatomy of the grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 15(3), 200–222
Fried, C. (1968). Privacy [a moral analysis]. Yale Law Journal, 77, 475–493
Gartner Research (2005). Increased phishing and online attacks cause dip in consumer confidence (June). http://www.gartner.com/
Gerstein, R.S. (1978). Intimacy and privacy. Ethics, 89, 76–81
Goldschlag, D., Reed, M., & Syverson, P. (1999). Onion routing. Communications of the ACM, 42(2), 39–41
Goldschlag, D.M., Reed, M.G., & Syverson, P.F. (1996). Hiding routing information. In Information Hiding (pp. 137–150). Berlin/Heidelberg: Springer
Goldwasser, S. (1997). Multi party computations: past and present. In Proceedings of the sixteenth annual ACM symposium on principles of distributed computing (pp. 1–6). New York: ACM
Habermas, J. (1989). The structural transformation of the public sphere: an inquiry into a category of bourgeois society. Cambridge: MIT (translated by T. Burger)
Harris Interactive (2002). First major post-9/11 privacy survey finds consumers demanding companies do more to protect privacy. http://www.harrisinteractive.com/news/allnewsbydate.asp?NewsID=429
IBM Global Services (1999). IBM multi-national consumer privacy survey. Conducted by Louis Harris and Associates, Inc. http://www.ibm.com/services/files/privacy_survey_oct991.pdf
Jupiter Research (2002). Seventy percent of us consumers worry about online privacy, but few take protective action. http://www.jupiterresearch.com/xp/jmm/press/2002/pr_060302.html
Kahn, D. (1996). The history of steganography. In Proceedings of the first international workshop on information hiding, London, UK. (pp. 1–5). Berlin: Springer
Katzenbeisser, S., & Petitcolas, F.A. (Eds.) (2000). Information hiding techniques for steganography and digital watermarking. Norwood: Artech House
Kewney, G. Wireless lamp posts take over the world! http://www.theregister.co.uk/content/69/34894.html
Lysyanskaya, A., Rivest, R.L., Sahai, A., & Wolf, S. (1999). Pseudonym systems. In Proceedings of the sixth annual workshop on selected areas in cryptography (SAC’99). Lecture Notes in Computer Science, vol. 1758. Heidelberg: Springer
McBurney, P., & Parsons, S. (2003). Posit spaces: a performative model of e-commerce. In Proceedings of the second international joint conference on autonomous agents and multiagent systems (pp. 624–631). New York: ACM
Milberg, S.J., Burke, S.J., Smith, H.J., & Kallman, E.A. (1995). Values, personal information privacy, and regulatory approaches. Communications of the ACM, 38(12), 65–74
Moor, J.H. (1997). Towards a theory of privacy in the information age. ACM SIGCAS Computers and Society, 27(3), 27–32
Moores, T.T., & Dhillon, G. (2003). Do privacy seals in e-commerce really work? Communications of the ACM, 46(12), 265–271
Murphy, R.F. (1984). Social distance and the veil. In Philosophical dimensions of privacy: an anthology (pp. 34–54). Cambridge: Cambridge University Press (chapter 2)
Nielsen, J., Molich, R., Snyder, C., & Farrell, S. (2000). E-commerce user experience. Technical report, Nielson Norman Group
Odlyzko, A. (2003). Privacy, economics, and price discrimination on the internet. In Proceedings of the 5th international conference on electronic commerce (pp. 355–366). New York: ACM
Patton, M.A., & Jøsang, A. (2004). Technologies for trust in electronic commerce. Electronic Commerce Research, 4(1–2), 9–21
Posner, R.A. (1984). An economic theory of privacy. In Philosophical dimensions of privacy: an anthology (pp. 333–345). Cambridge: Cambridge University Press (chapter 15)
Privacy International. National id cards. http://www.privacy.org/pi/activities/idcard/
Prosser, W.L. (1960). Privacy [a legal analysis]. Harvard Law Review, 48, 338–423
Rachels, J. (1975). Why privacy is important. Philosophy and Public Affairs, 4(4), 323–333
Reagle, J., & Cranor, L.F. (1999). The platform for privacy preferences. Communications of the ACM, 42(2), 48–55
Reiss, S.P. (1984). Practical data-swapping: the first steps. ACM Transactions on Database Systems, 9(1), 20–37
Reiter, M.K., & Rubin, A.D. (1998). Crowds: anonymity for web transactions. ACM Transactions on Information System Security 1(1), 66–92
Reiter, M.K., & Rubin, A.D. (1999). Anonymous web transactions with crowds. Communications of the ACM, 42(2), 32–48
Rezgui, A., Ouzzani, M., Bouguettaya, A., & Medjahed, B. (2002). Preserving privacy in web services. In Proceedings of the fourth international workshop on Web information and data management (pp. 56–62). New York: ACM
Saxonhouse, A.W. (1983). Classical greek conceptions of public and private. In Public and private in social life (pp. 363–384). New York: St. Martins (chapter 15)
Schlaeger, C., & Pernul, G. (2005). Authentication and authorisation infrastructures in b2c e-commerce. In Proceedings of the sixth international conference on electronic commerce and Web technologies (EC-Web’05). Lecture Notes in Computer Science. Heidelberg: Springer
Schlörer, J. (1975). Identification and retrieval of personal records from a statistical data bank. Methods of Information in Medicine, 14(1), 7–13
Schlörer, J. (1977). Confidentiality and security in statistical data banks. In Proceedings of workshop on data documentation (pp. 101–123). Munich: Verlag Dokumentation
Schlörer, J. (1981). Security of statistical databases: multidimensional transformation. ACM Transactions on Database Systems, 6(1), 95–112
Schoeman, F. (1984). Privacy: philosophical dimensions of the literature. In Philosophical dimensions of privacy: an anthology (pp. 1–33). Cambridge: Cambridge University Press (chapter 1)
Schoemen, F.D. (1984). Philosophical dimensions of privacy: an anthology. Cambridge: Cambridge University Press
Shoshani, A. (1982). Statistical databases: characteristics, problems, and some solutions. In Proceedings of the eighth international conference on very large data bases. September 8–10, Mexico city, Mexico (pp. 208–222). San Francisco, CA: Morgan Kaufmann
Smith, R., & Shao, J. (2003). Preserving privacy when preference searching in e-commerce. In P. Samarati and P. Syverson (Eds.), Proceedings of the 2003 ACM workshop on privacy in the electronic society (WPES’03) (pp. 101–110). New York: ACM
Syverson, P. (2003). The paradoxical value of privacy. In Proceedings of the 2nd annual workshop on economics and information security, WEIS 2003
Thomson, J.J. (1975). The right to privacy. Philosophy and Public Affairs, 4(4), 295–314
Tuerkheimer, F.M. (1993). The underpinnings of privacy protection. Communications of the ACM, 36(8), 69–73
US Office of Federal Statistical Policy and Standards (1978). Statistical policy working paper 2: report on statistical disclosure and disclosure avoidance techniques
Volokh, E. (2000). Personalization and privacy. Communications of the ACM, 43(8), 84–88
Warren, S.D., & Brandeis, L.D. (1890). The right to privacy [the implicit made explicit]. Harvard Law Review, 4(5), 193–220
Wasserstrom, R.A. (1984). Privacy: some arguments and assumptions. In Philosophical dimensions of privacy: an anthology (pp. 317–332). Cambridge: Cambridge University Press (chapter 14)
Weintraub, J. (1997). The theory and politics of the public/private distinction. In Public and private in thought and practise (pp. 1–42). Chicago: University of Chicago Press (chapter 1)
Weintraub, J., & Kumar, K. (1997). Public and private in thought and practise. Chicago: University of Chicago Press
Westin, A.F. (1967). Privacy and freedom. New York: Atheneum
Westin, A.F. (1984). The origins of modern claims to privacy. In Philosophical dimensions of privacy: an anthology (pp. 56–74). Cambridge, UK: Cambridge University Press (chapter 3)
Westin, A.F. (1991). Equifax-Harris consumer privacy survey. New York: Louis Harris & Associates
Westin, A.F. (1994). Equifax-Harris consumer privacy survey. New York: Louis Harris & Associates
Yates, J. (1769). Millar vs. Taylor. In 4 Burr. (pp. 2303–2379)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Smith, R., Shao, J. Privacy and e-commerce: a consumer-centric perspective. Electron Commerce Res 7, 89–116 (2007). https://doi.org/10.1007/s10660-007-9002-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-007-9002-9