The Wicked Problem of Privacy : Design Challenge for Crypto-based Solutions

Alaqra, Ala Sarah

January 2018

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is a continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within the eHealth use-case. Redactable signatures are  a privacy enhancing scheme allowing to remove parts of a signed document by a specified party for achieving data minimization without invalidating the respective signature. We mainly used semi-structures interviews and focus groups in our investigations. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions. / Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers continuously study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is the continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within an eHealth use-case. Redactable signatures are a privacy-enhancing scheme, which allow the removal of parts of a signed document by a specified party without invalidating the respective signature. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions. / <p>Paper 3 was included as manuscript in the thesis.</p>

Data privacy

wicked problems

user-centered design

crypto-based solutions

usability

data minimization

redactable signatures

Computer Sciences

Datavetenskap (datalogi)

Anonymization of directory-structured sensitive data / Anonymisering av katalogstrukturerad känslig data

Folkesson, Carl

January 2019

Data anonymization is a relevant and important field within data privacy, which tries to find a good balance between utility and privacy in data. The field is especially relevant since the GDPR came into force, because the GDPR does not regulate anonymous data. This thesis focuses on anonymization of directory-structured data, which means data structured into a tree of directories. In the thesis, four of the most common models for anonymization of tabular data, k-anonymity, ℓ-diversity, t-closeness and differential privacy, are adapted for anonymization of directory-structured data. This adaptation is done by creating three different approaches for anonymizing directory-structured data: SingleTable, DirectoryWise and RecursiveDirectoryWise. These models and approaches are compared and evaluated using five metrics and three attack scenarios. The results show that there is always a trade-off between utility and privacy when anonymizing data. Especially it was concluded that the differential privacy model when using the RecursiveDirectoryWise approach gives the highest privacy, but also the highest information loss. On the contrary, the k-anonymity model when using the SingleTable approach or the t-closeness model when using the DirectoryWise approach gives the lowest information loss, but also the lowest privacy. The differential privacy model and the RecursiveDirectoryWise approach were also shown to give best protection against the chosen attacks. Finally, it was concluded that the differential privacy model when using the RecursiveDirectoryWise approach, was the most suitable combination to use when trying to follow the GDPR when anonymizing directory-structured data.

data anonymization

data privacy

directory-structured data

k-anonymity

l-diversity

t-closeness

differential privacy

GDPR

Computer Engineering

Datorteknik

Data Surveillance: Theory, Practice & Policy

Clarke, Roger Anthony, Roger.Clarke@xamax.com.au

January 1997

Data surveillance is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons. This collection of papers was the basis for a supplication under Rule 28 of the ANU's Degree of Doctor of Philosophy Rules. The papers develop a body of theory that explains the nature, applications and impacts of the data processing technologies that support the investigation or monitoring of individuals and populations. Literature review and analysis is supplemented by reports of field work undertaken in both the United States and Australia, which tested the body of theory, and enabled it to be articulated. The research programme established a firm theoretical foundation for further work. It provided insights into appropriate research methods, and delivered not only empirically-based descriptive and explanatory data, but also evaluative information relevant to policy-decisions. The body of work as a whole provides a basis on which more mature research work is able to build.

data surveillance

human identification

identifiers

data privacy

information privacy

computer matching

profiling

Australia Card

Tax File Number

A Robust Data Obfuscation Technique for Privacy Preserving Collaborative Filtering

Parameswaran, Rupa

10 May 2006

Privacy is defined as the freedom from unauthorized intrusion. The availability of personal information through online databases, such as government records, medical records, and voters and #146; lists, pose a threat to personal privacy. The concern over individual privacy has led to the development of legal codes for safeguarding privacy in several countries. However, the ignorance of individuals as well as loopholes in the systems, have led to information breaches even in the presence of such rules and regulations. Protection against data privacy requires modification of the data itself. The term {em data obfuscation} is used to refer to the class of algorithms that modify the values of the data items without distorting the usefulness of the data. The main goal of this thesis is the development of a data obfuscation technique that provides robust privacy protection with minimal loss in usability of the data. Although medical and financial services are two of the major areas where information privacy is a concern, privacy breaches are not restricted to these domains. One of the areas where the concern over data privacy is of growing interest is collaborative filtering. Collaborative filtering systems are being widely used in E-commerce applications to provide recommendations to users regarding products that might be of interest to them. The prediction accuracy of these systems is dependent on the size and accuracy of the data provided by users. However, the lack of sufficient guidelines governing the use and distribution of user data raises concerns over individual privacy. Users often provide the minimal information that is required for accessing these E-commerce services. The lack of rules governing the use and distribution of data disallows sharing of data among different communities for collaborative filtering. The goals of this thesis are (a) the definition of a standard for classifying DO techniques, (b) the development of a robust cluster preserving data obfuscation algorithm, and (c) the design and implementation of a privacy-preserving shared collaborative filtering framework using the data obfuscation algorithm.

Data privacy

Data obfuscation

Data mining

Collaborative filtering

Database security

Data mining

Cluster analysis Computer programs

Demand response of domestic consumers to dynamic electricity pricing in low-carbon power systems

McKenna, Eoghan

January 2013

The ability for domestic consumers to provide demand response to dynamic electricity pricing will become increasingly valuable for integrating the high penetrations of renewables that are expected to be connected to electricity networks in the future. The aim of this thesis is to investigate whether domestic consumers will be willing and able to provide demand response in such low-carbon futures. A broad approach is presented in this thesis, with research contributions on subjects including data privacy, behavioural economics, and battery modelling. The principle argument of the thesis is that studying the behaviour of consumers with grid-connected photovoltaic ('PV') systems can provide insight into how consumers might respond to dynamic pricing in future low-carbon power systems, as both experience irregular electricity prices that are correlated with intermittent renewable generation. Through a combination of statistical and qualitative methods, this thesis investigates the demand response behaviour of consumers with PV systems in the UK. The results demonstrate that these consumers exhibit demand response behaviour by increasing demand during the day and decreasing demand during the evening. Furthermore, this effect is more pronounced on days with higher irradiance. The results are novel in three ways. First, they provide quantified evidence that suggests that domestic consumers with PV systems engage in demand response behaviour. Second, they provide evidence of domestic consumers responding to irregular electricity prices that are correlated with intermittent renewable generation, thereby addressing the aim of this thesis, and supporting the assumption that consumers can be expected to respond to dynamic pricing in future markets with high penetrations of renewables. Third, they provide evidence of domestic consumers responding to dynamic pricing that is similar to real-time pricing, while prior evidence of this is rare and confined to the USA.

333.793

Datenschutz in Call Centern – Bestandsaufnahme zur Aufzeichnung und Verwendung personenbezogener Daten

Hrach, Christian, Alt, Rainer

25 January 2012

Dienstleister in der Telekommunikationsbranche haben nicht zuletzt aus rechtlicher Sicht die Pflicht zu einem sensiblen Umgang mit personenbezogenen Daten. Dies bezieht sich nicht nur auf Kundendaten, sondern ebenso auf mitarbeiterbezogene Daten zur Führung eines Call Centers. Je nach Situation und Anwendungsfall regeln die Verwendungsmöglichkeiten dieser Daten in Call Centern das allgemeine Persönlichkeitsrecht und das Bundesdatenschutzgesetz (BDSG). Daraus ergibt sich für die Entwicklung und den Einsatz von Call Center-spezifischen Anwendungssystemen (z.B. Kampagnenmanagement-Systeme, Dialer) die Herausforderung, zum einen die Einhaltung rechtlicher Bestimmungen sicherzustellen, aber zum anderen den häufig detailreichen Informationsbedarfen der Call Center-Leitungsebenen zu entsprechen. Neben rechtlichen Beschränkungen bei der Handhabung von Kundendaten sind hier die Grenzen und Grauzonen bezüglich der Verwendungsmöglichkeiten von Leistungsdaten zur Mitarbeiterüberwachung und -beurteilung (z.B. verdecktes Mithören oder Gesprächsaufzeichnung) zu berücksichtigen.

Datenschutz

Call Center

Kundendaten

Mitarbeiterdaten

Mitarbeiterüberwachung

Data Privacy

Call Center

Customer Data

Employee Data

Employee Monitoring

ddc:330

Geotagging in social media : exploring the privacy paradox

Menfors, Martina, Fernstedt, Felicia

January 2015

Increasingly, online social media networks allow users to use geotagging. This method of adding location data to various content shared in real time has introduced privacy related issues and threats to the users of such networks. Previous research present opposing findings on whether users actually care about their location privacy or not, and it has also been shown that users often display a behaviour inconsistent with their concerns. When asked, users tend to report high privacy concerns, but in contrast, they will then not let their privacy concerns affect or limit their behaviour online; the privacy paradox is a description of this dichotomy. The problem, however, is not only that location privacy seems to be a paradoxical issue; the sharing of location data provides users with new possibilities that can potentially have negative consequences for them, such as someone else being able to identify one’s identity, home location, habits or other sensitive information. Social media network users communicate that a part of this is due to the lack of control over which information they share, with whom and where.This study employs a qualitative method, using unstructured interviews in a pre-study and a self-completion questionnaire. The purpose of the study is to examine and gain a better understanding of how the privacy paradox can help to better explain users’ location data disclosure preferences in the context of social media networking, and to help social media network developers in order to reduce privacy-related issues in social media networking applications with geotagging capabilities. The findings indicate that the paradox indeed is evident in user’s stated geotagging behaviour, and that users are slightly more worried about their location privacy than their overall online privacy. The conclusions offer a couple of different explanations for the paradox, and we argue that the contradiction of the paradox can be seen as a constant trade-off between benefits and risks of geotagging. We also give some examples of such advantages and disadvantages.

Location Data Privacy

Geotagging

Geo-social Networks (GeoSNs)

Privacy Paradox

Privacy concerns

Computer and Information Sciences

Data- och informationsvetenskap

Public Awareness of Data Privacy and its Effects

Sichel, Grant

04 May 2021

No description available.

Artificial Intelligence

Computer Science

computer science

data privacy

public opinion

artificial intelligence

browser cookies

internet of things

data collection

Play for the Black Box — Using Critical Play to raise awareness of data privacy issues

Giesa, Anette Isabella

January 2020

In the development of digitally connected solutions that require the use of personal data, the issue of data privacy is an important factor that must be taken into account. Simply informing users about how data is used and getting their consent with a simple click is not enough to create awareness of the issue of data privacy and let them make a conscious decision about the use of their personal data. Furthermore, there is a big gap in knowledge about what personal data is and what is considered sensitive data. Especially the knowledge about what biometric identifiers that they are used in a variety of everyday life applications and in which sense the handling can be problematic is unknown.This thesis project explores how the use of critical play in form of an activist game can create awareness of the issue of data privacy, inform about the value of biometric data and foster self-reflection of handling one’s own personal data. Through the simulation of dependencies between personal data, the motivation to share them and the aggregation of personal data in combination with real and prospective use cases, players are empowered to reflect on their behaviour and to critically deal with the topic of data privacy.

data privacy

critical play

activist game

creating awareness

biometric data

bio signals

designer's responsibility

Engineering and Technology

Teknik och teknologier

Fighting the Biggest Lie on the Internet : Improving Readership of Terms of Service and Privacy Policies

Ziegenbein, Marius-Lukas

January 2022

When joining a new service, in order to access its features, users are often required to accept the terms of service and privacy policy. However, the readership of these documents is mostly non-existent, leaving an information asymmetry, the imbalance of knowledge between two parties. Due to this, users are sacrificing their online data privacy without being aware of the consequences. The purpose of this work is to investigate the readership of terms of service and privacy policies among users of social media services. We implemented a prototype called ‘ShareIt’, which resembles a photo-sharing platform to gain insight about readership, behavior and effectiveness of our adjusted presentations of terms of service and privacy policies in regard to readership and comprehension. We conducted a survey experiment using the prototype with 31 participants and concluded, that 80,6% of our participants did not spend more than ten seconds in our terms of serviceand privacy policy. The observed behavior suggests, that social media users are used to sharing information on the internet which in addition to their trust towards online services leads to the aforementioned low readership. We presented adjustments to the presentation of terms of service and privacy policies which showed a slight tendency of higher engagement in comparison to the current way of accessing these documents. This result however, due to the lack of readership examined for our participants, has to remain debatable and needs further investigation.

Readership

data privacy

terms of service

privacy policy

social media

survey research

prototype

user behavior

Information Systems