research-article

Rethinking the Proposition of Privacy Engineering

Authors:
Aaron Ceross

Department of Computer Science, University of Oxford, Oxford, United Kingdom

Department of Computer Science, University of Oxford, Oxford, United Kingdom
View Profile

,
Andrew Simpson

Department of Computer Science, University of Oxford, Oxford, United Kingdom

Department of Computer Science, University of Oxford, Oxford, United Kingdom
View Profile

NSPW '18: Proceedings of the New Security Paradigms WorkshopAugust 2018Pages 89–102https://doi.org/10.1145/3285002.3285006

Published:28 August 2018Publication History

NSPW '18: Proceedings of the New Security Paradigms Workshop

Pages 89–102

ABSTRACT

The field of privacy engineering proposes a methodological framework for designing privacy-protecting information systems. Recognising that the utilisation of privacy-enhancing techniques for data storage and analysis does not address the entire scope of individual privacy, privacy engineering incorporates influences from user sentiment, legal norms and risk analysis in order to provide a holistic approach. Framed by related design principles, such as 'Privacy-by-Design', privacy engineering purports to provide a practical, deployable set of methods by which to achieve such a holistic outcome. Yet, despite this aim, there have been difficulties in adequately articulating the value proposition of privacy engineering. Without being able to adequately define privacy or map its contours, any proposed methodology or framework will be difficult to implement in practice, if not self-defeating. This paper identifies and examines the assumptions that underpin privacy engineering, linking them to shortcomings and open questions. Further, we explore possible research avenues that may give rise to alternative frameworks.

References

Data Protection Act 2018. https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted.Google Scholar
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A31995L0046.Google Scholar
ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements. https://www.iso.org/isoiec-27001-information-security.html.Google Scholar
Health Insurance Portability and Accountability Act. https://www.gpo.gov/fdsys/pkg/PLAW-104publ191/html/PLAW-104publ191.htm, 1996.Google Scholar
ACQUISTI, A., ADJERID, I., BALEBAKO, R., BRANDIMARTE, L., CRANOR, L. F., KOMANDURI, S., LEON, P. G., SADEH, N., SCHAUB, F., SLEEPER, M., WANG, Y., AND WILSON, S. Nudges for privacy and security: Understanding and assisting users' choices online. ACM Computing Surveys (CSUR) 50, 3 (2017), 44. Google ScholarDigital Library
ACQUISTI, A., FRIEDMAN, A., AND TELANG, R. Is there a cost to privacy breaches? An event study. Proceedings of the International Conference on Information Systems (ICIS) (2006), 94.Google Scholar
ACQUISTI, A., AND GROSSKLAGS, J. Privacy and rationality in individual decision making. IEEE Security & Privacy 3, 1 (2005), 26--33. Google ScholarDigital Library
ACQUISTI, A., TAYLOR, C., AND WAGMAN, L. The economics of privacy. Journal of Economic Literature 54, 2 (2016), 442--492.Google ScholarCross Ref
AFRICAN UNION. African Union Convention on Cyber Security and Personal Data Protection. https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection, 2014.Google Scholar
AHN, G. J., Ko, M., AND SHEHAB, M. Privacy-enhanced user-centric identity management. In IEEE International Conference on Communications (June 2009), pp. 1--5. Google ScholarDigital Library
ALSHAMMARI, M., AND SIMPSON, A. C. Towards a principled approach for engineering privacy by design. In Annual Privacy Forum (2017), E. Schweighofer, H. Leitold, A. Mitrakas, and K. Rannenberg, Eds., vol. 10518 of Lecture Notes in Computer Science (LNCS), Springer, pp. 161--177.Google Scholar
ASHLEY, P., POWERS, C., AND SCHUNTER, M. From privacy promises to privacy management: A new approach for enforcing privacy throughout an enterprise. In Proceedings of the 2002 Workshop on New Security Paradigms (2002), NSPW '02, ACM, pp. 43--50. Google ScholarDigital Library
ASIA-PACIFIC ECONOMIC COOPERATION. APEC Privacy Framework. https://www.apec.org/Publications/2017/08/APEC-Privacy-Framework-(2015), 2015.Google Scholar
BACHMANN, R., GILLESPIE, N., AND PRIEM, R. Repairing trust in organizations and institutions: Toward a conceptual framework. Organization Studies 36, 9 (2015), 1123--1142.Google ScholarCross Ref
BALL, A. Review of data management lifecycle models. http://opus.bath.ac.uk/28587/, 2012.Google Scholar
BANSE, C., HERRMANN, D., AND FEDERRATH, H. Tracking users on the internet with behavioral patterns: Evaluation of its practical feasibility. In Information Security and Privacy Research (2012), D. Gritzalis, S. Furnell, and M. Theoharidou, Eds., Springer Berlin Heidelberg, pp. 235--248.Google ScholarCross Ref
BARBARO, M., ZELLER, T., AND HANSELL, S. A face is exposed for AOL searcher No. 4417749. The New York Times (August 9 2006). https://www.nytimes.com/2006/08/09/technology/09aol.html.Google Scholar
BARKHUUS, L., and DEY, A. K. Location-based services for mobile telephony: a study of users' privacy concerns. In Interact (2003), vol. 3, pp. 702--712.Google Scholar
BARNES, S. B. A privacy paradox: Social networking in the United States. First Monday 11, 9 (2006).Google ScholarCross Ref
BARTOW, A. A feeling of unease about privacy law. University of Pennsylvania Law Review 155 (2006), 52--63.Google Scholar
BÉLANGER, F., and Xu, H. The role of information systems research in shaping the future of information privacy. Information Systems Journal 25, 6 (2015), 573--578. Google ScholarDigital Library
BENNETT, C. J. In defence of privacy: The concept and the regime. Surveillance & Society 8, 4 (2011), 485.Google Scholar
BOK, S. Secrets: On the ethics of concealment and revelation. Oxford University Press, 1984.Google Scholar
BROOKS, S., GARCIA, M., LEFKOVITZ, N., LIGHTMAN, S., AND NADEAU, E. NISTIR 8062: An introduction to privacy engineering and risk managment in federal systems. January 2017.Google Scholar
BYGRAVE, L. A. Hardwiring privacy. In The Oxford Handbook of Law, Regulation, and Technology, R. Brownsword, E. Scotford, and K. Yeung, Eds. Oxford University Press, 2017, ch. 31, pp. 754--775.Google Scholar
CALO, R. The boundaries of privacy harm. Indiana Law Journal 86 (2011), 1131--1162.Google Scholar
CAMPBELL, K., GORDON, L. A., LOEB, M. P., AND ZHOU, L. The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security 11, 3 (2003), 431--448. Google ScholarDigital Library
CATE, F. H. The EU data protection directive, information privacy, and the public interest. Iowa Law Review 80 (1994), 431--443.Google Scholar
CAVOUKIAN, A., TAYLOR, S., AND ABRAMS, M. E. Privacy by design: essential for organizational accountability and strong business practices. Identity in the Information Society 3, 2 (2010), 405--413.Google ScholarCross Ref
CEROSS, A. Examining data protection enforcement actions through qualitative interviews and data exploration. International Review of Law, Computers & Technology 32, 1 (2018), 99--117.Google Scholar
CEROSS, A., AND SIMPSON, A. C. The use of data protection regulatory actions as a data source for privacy economics. In Computer Safety, Reliability, and Security (SAFECOMP) (2017), S. Tonetta, E. Schoitsch, and F. Bitsch, Eds., vol. 10489 of Lecture Notes in Computer Science (LNCS), Springer, pp. 350--360.Google Scholar
CITRON, D. K., HENRY, L. M., AND SOLOVE, D. J. Visionary pragmatism and the value of privacy in the twenty-first century. Michigan Law Review 108 (2010), 1107--1126.Google Scholar
COX, L. A. What's wrong with risk matrices? Risk Analysis 28, 2 (2008), 497--512.Google Scholar
DANEZIS, G., DOMINGO-FERRER, J., HANSEN, M., HOEPMAN, J.-H., METAYER, D. L., TIRTEA, R., AND SCHIFFNER, S. Privacy and data protection by design -- from policy to engineering. https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design, January 2015.Google Scholar
DENG, M., WUYTS, K., SCANDARIATO, R., PRENEEL, B., AND JOOSEN, W. A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3--32. Google ScholarDigital Library
DESCHEEMAEKER, E. The harms of privacy. Journal of Media Law 7, 2 (2015), 278--306.Google ScholarCross Ref
DÍAZ, C., SEYS, S., CLAESSENS, J., AND PRENEEL, B. Towards measuring anonymity. In Privacy Enhancing Technologies (2003), R. Dingledine and P. Syverson, Eds., vol. 2482 of Lecture Notes in Computer Science (LNCS), Springer, pp. 54--68. Google ScholarDigital Library
DIENLIN, T., AND TREPTE, S. Is the privacy paradox a relic of the past? An in-depth analysis of privacy attitudes and privacy behaviors. European Journal of Social Psychology 45, 3 (2015), 285--297.Google ScholarCross Ref
DINEV, T., AND HART, P. An extended privacy calculus model for e-commerce transactions. Information Systems Research 17, 1 (2006), 61--80. Google ScholarDigital Library
DWORK, C. Differential privacy. In Automata, Languages and Programming, M. Bugliesi, B. Preneel, V. Sassone, and I. Wegener, Eds., vol. 4052 of Lecture Notes in Computer Science (LNCS). Springer, 2006, pp. 1--12. Google ScholarDigital Library
EDMAN, M., AND YENER, B. On anonymity in an electronic society: A survey of anonymous communication systems. ACM Computing Surveys (CSUR) 42, 1 (2009), 5. Google ScholarDigital Library
EGELMAN, S., AND PEER, E. The myth of the average user: Improving privacy and security systems through individualization. In Proceedings of the 2015 New Security Paradigms Workshop (2015), NSPW'15, ACM, pp. 16--28. Google ScholarDigital Library
FINN, R. L., WRIGHT, D., AND FRIEDEWALD, M. Seven types of privacy. In European Data Protection: Coming of age, S. Gutwirth, R. Leenes, P. de Hert, and Y. Poullet, Eds. Springer, 2013, pp. 3--32.Google Scholar
FLORIDI, L. Open data, data protection, and group privacy. Philosophy & Technology 27, 1 (2014), 1--3.Google ScholarCross Ref
GANDY JR, O. H. The Panoptic Sort: A Political Economy of Personal Information. Critical Studies in Communication and in the Cultural Industries. ERIC, 1993.Google Scholar
GARFINKEL, S. L. De-identification of personal information. National Institute of Science and Technology Internal Report 8053 (2015).Google ScholarCross Ref
GAVISON, R. Privacy and the limits of law. The Yale Law Journal 89, 3 (1980), 421--471.Google ScholarCross Ref
GREENLEAF, G. Data protection in a globalised network. In Research Handbook on Governance of the Internet, I. Brown, Ed. Edward Elgar Publishing, 2013, pp. 221--259.Google ScholarCross Ref
GÜRSES, S., TRONCOSO, C., AND DIAZ, C. Engineering privacy by design. Computers, Privacy & Data Protection 14 (2011), 3.Google Scholar
HANSSON, S. O., AND AVEN, T. Is risk analysis scientific? Risk Analysis 34, 7 (2014), 1173--1183.Google ScholarCross Ref
HEITZENRATER, C. D., AND SIMPSON, A. C. Policy, statistics and questions: Reflections on UK cyber security disclosures. Journal of Cybersecurity 2, 1 (2016), 43--56.Google ScholarCross Ref
HONG, J. I., NG, J. D., LEDERER, S., AND LANDAY, J. A. Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In Proceedings of the 5th Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques (2004), DIS '04, ACM, pp. 91--100. Google ScholarDigital Library
HOUGHTON, D. J., AND JOINSON, A. N. Privacy, social network sites, and social relations. Journal of Technology in Human Services 28, 1-2 (2010), 74--94.Google ScholarCross Ref
HUSTINX, P. The role of data protection authorities. In Reinventing Data Protection?, S. Gutwirth, Y. Poullet, P. De Hert, C. de Terwange, and S. Nouwt, Eds. Springer, 2009, pp. 131--137.Google Scholar
INFORMATION COMMISSIONER'S OFFICE. Guide to the General Data Protection Regulation (GDPR). https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/, February 2018.Google Scholar
KEHR, F., KOWATSCH, T., WENTZEL, D., AND FLEISCH, E. Blissfully ignorant: The effects of general privacy concerns, general institutional trust, and affect in the privacy calculus. Information Systems Journal 25, 6 (2015), 607--635. Google ScholarDigital Library
KENNY, S., AND BORKING, J. The value of privacy engineering. The Journal of Information, Law and Technology, 1 (2002).Google Scholar
KOOPS, B.-J., AND LEENES, R. Privacy regulation cannot be hardcoded. a critical comment on the 'privacy by design'provision in data-protection law. International Review of Law, Computers & Technology 28, 2 (2014), 159--171. Google ScholarDigital Library
KRAMER, A. D. I., GUILLORY, J. E., AND HANCOCK, J. T. Experimental evidence of massive-scale emotional contagion through social networks. Proceedings of the National Academy of Sciences 111, 24 (2014), 8788--8790.Google ScholarCross Ref
LAHLOU, S. Identity, social status, privacy and face-keeping in digital society. Social Science Information 47, 3 (2008), 299--330.Google ScholarCross Ref
LANGE, R., AND BURGER, E. W. Long-term market implications of data breaches, not. Journal of Information Privacy and Security 13, 4 (2017), 186--206.Google Scholar
LAUFER, R. S., AND WOLFE, M. Privacy as a concept and a social issue: A multidimensional developmental theory. Journal of Social Issues 33, 3 (1977), 22--42.Google ScholarCross Ref
LE MéTAYER, D. A formal privacy management framework. In Formal Aspects in Security and Trust (FAST) (2008), P. Degano, J. Guttman, and F. Martinelli, Eds., vol. 5491 of Lecture Notes in Computer Science (LNCS), Springer, pp. 162--176. Google ScholarDigital Library
LENHARD, J., FRITSCH, L., AND HEROLD, S. A literature study on privacy patterns research. In 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA) (Aug 2017), pp. 194--201.Google ScholarCross Ref
LESSIG, L. Code is law. The Industry Standard 18 (1999).Google Scholar
LI, W., AZAR, P., LAROCHELLE, D., HILL, P., AND LO, A. W. Law is code: A software engineering approach to analyzing the United States Code. Journal of Business & Technology Law 10 (2015), 297.Google Scholar
Liu, Y., GUMMADI, K. P., KRISHNAMURTHY, B., AND MISLOVE, A. Analyzing Facebook privacy settings: User expectations vs. reality. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (2011), IMC '11, ACM, pp. 61--70. Google ScholarDigital Library
LYON, D. Surveillance as social sorting: Computer codes and mobile bodies. In Surveillance as Social Sorting, D. Lyon, Ed. Routledge, 2005, ch. 1, pp. 13--30.Google Scholar
MARGULIS, S. T. Conceptions of privacy: Current status and next steps. Journal of Social Issues 33, 3 (1977), 5--21.Google ScholarCross Ref
MARGULIS, S. T. Privacy as a social issue and behavioral concept. Journal of Social Issues 59, 2 (2003), 243--261.Google ScholarCross Ref
MARX, G. T. Privacy is not quite like the weather. In Privacy Impact Assessment (2012), D. Wright and P. de Hert, Eds., Dordrecht Springer, pp. v--xiv.Google Scholar
NARAYANAN, A., AND SHMATIKOV, V. Robust de-anonymization of large sparse datasets. In 2008 IEEE Symposium on Security and Privacy (May 2008), pp. 111--125. Google ScholarDigital Library
NEGLEY, G. Philosophical views on the value of privacy. Law and Contemporary Problems 31, 2 (1966), 319--325.Google ScholarCross Ref
NEHF, J. P. Recognizing the societal value in information privacy. Washington Law Review 78, 1 (2003), 1--92.Google Scholar
NISSENBAUM, H. The meaning of anonymity in an information age. The Information Society 15, 2 (1999), 141--144.Google ScholarCross Ref
NISSENBAUM, H. Privacy as contextual integrity. Washington Law Review 79, 1 (2004), 119--158.Google Scholar
NISSENBAUM, H. A contextual approach to privacy online. Daedalus 140, 4 (2011), 32--48.Google ScholarCross Ref
NOSKO, A., WOOD, E., AND MOLEMA, S. All about me: Disclosure in online social networking profiles: The case of Facebook. Computers in Human Behavior 26, 3 (2010), 406--418. Google ScholarDigital Library
NOTARIO, N., CRESPO, A., MARTÍN, Y. S., ALAMO, J. M. D., MÉTAYER, D. L., ANTIGNAC, T., KUNG, A., KROENER, I., AND WRIGHT, D. PREPARE: Integrating privacy best practices into a privacy engineering methodology. In 2015 IEEE Security and Privacy Workshops (May 2015), pp. 151--158. Google ScholarDigital Library
O'HARA, K. The seven veils of privacy. IEEE Internet Computing 20, 2 (2016), 86--91.Google Scholar
O'HARA, K., WHITLEY, E., AND WHITTALL, P. Avoiding the jigsaw effect: Experiences with Ministry of Justice reoffending data. https://eprints.lse.ac.uk/45214/, 2011.Google Scholar
PANDURANGAN, V. On taxis and rainbows. https://tech.vijayp.ca/of-taxis-and-rainbows-f6bc289679a1#.wq2gtd7ot, June 2014.Google Scholar
PFITZMANN, A., AND HANSEN, M. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf, Aug. 2010. v0.34.Google Scholar
PONEMON INSTITUTE. Cost of Data Breach Study: United Kingdom. https://www-03.ibm.com/security/uk-en/data-breach/, 2017.Google Scholar
POSNER, R. A. Privacy, secrecy, and reputation. Buffalo Law Review 28, 1 (1978), 1--56.Google Scholar
QIAN, H., AND SCOTT, C. R. Anonymity and self-disclosure on weblogs. Journal of Computer-Mediated Communication 12, 4 (2007), 1428--1451.Google ScholarCross Ref
REGAN, P. M. Legislating privacy: Technology, social values, and public policy. Univ of North Carolina Press, 1995. Google ScholarDigital Library
REGAN, P. M. Response to Bennett: Also in defense of privacy. Surveillance & Society 8, 4 (2011), 497--499.Google ScholarCross Ref
ROMANOSKY, S. Examining the costs and causes of cyber incidents. Journal of Cybersecurity 2, 2 (2016), 121--135.Google Scholar
RUOTI, S., KIM, N., BURGON, B., VAN DER HORST, T., AND SEAMONS, K. Confused Johnny: When automatic encryption leads to confusion and mistakes. In Proceedings of the Ninth Symposium on Usable Privacy and Security (2013), SOUPS '13, ACM, pp. 5:1--5:12. Google ScholarDigital Library
SAMARATI, P., AND SWEENEY, L. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Tech. rep., Technical report, SRI International, 1998.Google Scholar
SANDHU, R. S., COYNE, E. J., FEINSTEIN, H. L., AND YOUMAN, C. E. Role-based access control models. Computer 29, 2 (1996), 38--47. Google ScholarDigital Library
SCHAAR, P. Privacy by design. Identity in the Information Society 3, 2 (2010), 267--274.Google ScholarCross Ref
SCHMIDT, A. Implicit human computer interaction through context. Personal Technologies 4, 2-3 (2000), 191--199.Google ScholarCross Ref
SHAPIRO, S. S. Privacy risk analysis based on system control structures: Adapting system-theoretic process analysis for privacy engineering. In IEEE Security and Privacy Workshops (SPW) (May 2016), pp. 17--24.Google ScholarCross Ref
SHENG, S., BRODERICK, L., KORANDA, C. A., AND HYLAND, J. J. Why Johnny still can't encrypt: Evaluating the usability of email encryption software. In Proceedings of the 2006 Symposium On Usable Privacy and Security (2006), SOUPS '06, pp. 3--4.Google Scholar
SIMPSON, A. C. On privacy and public data: A study of data.gov.uk. Journal of Privacy & Confidentiality 3, 1 (2011), 51--65.Google ScholarCross Ref
SMITH, H. J., DINEV, T., AND Xu, H. Information privacy research: an interdisciplinary review. MIS Quarterly 35, 4 (2011), 989--1016. Google ScholarDigital Library
SOLOVE, D. J. A taxonomy of privacy. University of Pennsylvania Law Review (2006), 477--564.Google Scholar
SPENCER, S. B. Reasonable expectations and the erosion of privacy. San Diego Law Review 39 (2002), 843.Google Scholar
SPIEKERMANN, S., AND CRANOR, L. F. Engineering privacy. IEEE Transactions on Software Engineering 35, 1 (2009), 67--82. Google ScholarDigital Library
STEEVES, V. M. Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society. Oxford University Press, 2009, ch. 11. Reclaiming the Social Value of Privacy, pp. 191--208.Google Scholar
SWEENEY, L. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10, 05 (2002), 557--570. Google ScholarDigital Library
TAVANI, H. T. Philosophical theories of privacy: Implications for an adequate online privacy policy. Metaphilosophy 38, 1 (2007), 1--22.Google ScholarCross Ref
TAYLOR, L., FLORIDI, L., AND VAN DER SLOOT, B. Group privacy: New challenges of data technologies, vol. 126. Springer, 2016. Google ScholarDigital Library
TRILATERAL RESEARCH & CONSULTING. Privacy impact assessment and risk managment: Report for the Information Commissioner's Office. https://ico.org.uk/media/1042196/trilateral-full-report.pdf, May 2013.Google Scholar
TUDOR, C., CORNISH, G., AND SPICER, K. Intruder testing on the 2011 UK census: Providing practical evidence for disclosure protection. Journal of Privacy and Confidentiality 5, 2 (2014), 3.Google ScholarCross Ref
TUROW, J., AND HENNESSY, M. Internet privacy and institutional trust: Insights from a national survey. New Media & Society 9, 2 (2007), 300--318.Google ScholarCross Ref
US SECRETARY'S ADVISORY COMMITTEE ON AUTOMATED PERSONAL DATA SYSTEMS. Records, computers and the rights of citizens. Tech. rep., Office of the Assistant Secretary for Planning and Evaluation, 1973. https://aspe.hhs.gov/report/records-computers-and-rights-citizens.Google Scholar
VAN AUDENHOVE, L., CONSTANTELOU, A., POEL, M., VAN LIESHOUT, M., KOOL, L., VAN SCHOONHOVEN, B., AND DE JONGE, M. Privacy by design: an alternative to existing practice in safeguarding privacy. info 13, 6 (2011), 55--68.Google Scholar
VAN DIJCK, J. Datafication, dataism and dataveillance: Big data between scientific paradigm and ideology. Surveillance & Society 12, 2 (2014), 197.Google ScholarCross Ref
VAN DIJK, M., GENTRY, C., HALEVI, S., AND VAIKUNTANATHAN, V. Fully homomorphic encryption over the integers. In Advances in Cryptology -- EUROCRYPT 2010 (2010), H. Gilbert, Ed., vol. 6110 of Lecture Notes in Computer Science (LNCS), Springer, pp. 24--43. Google ScholarDigital Library
VAN REST, J., BOONSTRA, D., EVERTS, M., VAN RIJN, M., AND VAN PAASSEN, R. Designing privacy-by-design. In Privacy Technologies and Policy: First Annual Privacy Forum (AFP) (2014), B. Preneel and D. Ikonomou, Eds., vol. 8319 of Lecture Notes in Computer Science (LNCS), Springer, pp. 55--72. Google ScholarDigital Library
WACKS, R. Privacy and Media Freedom. Oxford University Press, 2013.Google Scholar
WADHWA, K., AND RODRIGUES, R. Evaluating privacy impact assessments. Innovation: The European Journal of Social Science Research 26, 1-2 (2013), 161--180.Google ScholarCross Ref
WALTON, R. E. Social choice in the development of advanced information technology. Human Relations 35, 12 (1982), 1073--1083.Google ScholarCross Ref
WARREN, C., AND LASLETT, B. Privacy and secrecy: A conceptual comparison. Journal of Social Issues 33, 3 (1977), 43--51.Google ScholarCross Ref
WARREN, S. D., AND BRANDEIS, L. D. The right to privacy. Harvard Law Review 4 (1890), 193--220.Google ScholarCross Ref
WATTS, D. Should social science be more solution-oriented? Nature Human Behaviour 1 (2017), 0015.Google ScholarCross Ref
WESTIN, A. F. Privacy and Freedom. The Bodley Head, 1967.Google Scholar
WHITMAN, J. Q. The two western cultures of privacy: Dignity versus liberty. Yale Law Journal 113, 6 (2004), 1151--1221.Google ScholarCross Ref
WHITTEN, A., TYGAR, J. D., WHITTEN, A., AND TYGAR, J. D. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th Conference on USENIX Security Symposium - Volume 8 (Berkeley, CA, USA, 1999), SSYM'99, USENIX Association, p. 14. Google ScholarDigital Library
WIENER, N. The human use of human beings: Cybernetics and society. No. 320. Perseus Books Group, 1988.Google Scholar
WIESE SCHARTUM, D. Making privacy by design operative. International Journal of Law and Information Technology 24, 2 (2016), 151--175.Google ScholarCross Ref
WRIGHT, D. Should privacy impact assessments be mandatory? Communications of the ACM 54, 8 (2011), 121--131. Google ScholarDigital Library
XU, H., DINEV, T., SMITH, J., AND HART, P. Information privacy concerns: Linking individual perceptions with institutional privacy assurances. Journal of the Association for Information Systems 12, 12 (2011), 798.Google ScholarCross Ref
YAO, M. Z., RICE, R. E., AND WALLIS, K. Predicting user concerns about online privacy. Journal of the Association for Information Science and Technology 58, 5 (2007), 710--722. Google ScholarDigital Library
Yu, X., AND WEN, Q. A view about cloud data security from data life cycle. In 2010 International Conference on Computational Intelligence and Software Engineering (Dec 2010), pp. 1--4.Google Scholar

Index Terms

Rethinking the Proposition of Privacy Engineering
1. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

Rethinking accountable privacy supporting services: extended abstract
DIM '08: Proceedings of the 4th ACM workshop on Digital identity management

As privacy concerns among consumers rise, service providers will increasingly want to provide services that support privacy enhancing technologies. At the same time, providers of commercial services require the security of identifying misbehaving users. ...
Read More
Privacy engineering in ubicomp
ICCSA'05: Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III

In the ubiquitous age, privacy will be the matter of trade-offs about pros and cons of revealing personal information for personalized services. Ubiquitous computing demands a fundamental shift in the control of personal information and requires ...
Read More
A privacy framework: indistinguishable privacy
EDBT '13: Proceedings of the Joint EDBT/ICDT 2013 Workshops

In this paper we illustrate a privacy framework named Indistinguishable Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
NSPW '18: Proceedings of the New Security Paradigms Workshop
August 2018
139 pages
ISBN:9781450365970
DOI:10.1145/3285002
Co-chair:
Marco Carvalho
Florida Institute of Technology
,
General Chair:
Matt Bishop
University of California, Davis
,
Program Chairs:
Anil Somayaji
Carleton University
,
Wolter Pieters
Delft University of Technology
,
Publications Chair:
Mohammad Mannan
Concordia University
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 28 August 2018
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
NSPW '18 Paper Acceptance Rate11of31submissions,35%Overall Acceptance Rate62of170submissions,36%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 230
  Total Downloads
- Downloads (Last 12 months)25
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Rethinking the Proposition of Privacy Engineering

NSPW '18: Proceedings of the New Security Paradigms Workshop

ABSTRACT

References

Cited By

Index Terms

Recommendations

Rethinking accountable privacy supporting services: extended abstract

Privacy engineering in ubicomp

A privacy framework: indistinguishable privacy