Improving understanding of website privacy policies

Levy, Stephen Eric

24 January 2005

Machine-readable privacy policies have been developed to help reduce user effort in understanding how websites will use personally identifiable information (PII). The goal of these policies is to enable the user to make informed decisions about the disclosure of personal information in web-based transactions. However, these privacy policies are complex, requiring that a user agent evaluate conformance between the users privacy preferences and the sites privacy policy, and indicate this conformance information to the user. The problem addressed in this thesis is that even with machine-readable policies and current user agents, it is still difficult for users to determine the cause and origin of a conflict between privacy preferences and privacy policies. The problem arises partly because current standards operate at the page level: they do not allow a fine-grained treatment of conformance down to the level of a specific field in a web form. In this thesis the Platform for Privacy Preferences (P3P) is extended to enable field-level comparisons, field-specific conformance displays, and faster access to additional field-specific conformance information. An evaluation of a prototype agent based on these extensions showed that they allow users to more easily understand how the website privacy policy relates to the users privacy preferences, and where conformance conflicts occur.

Usability

Human-Computer Interaction

P3P

Privacy

E-commerce

Improving availability awareness with relationship filtering

Davis, Scott M.

06 January 2006

Awareness servers provide information about a person to help observers determine whether a person is available for contact. A trade -off exists in these systems: more sources of information, and higher fidelity in those sources, can improve peoples decisions, but each increase in information reduces privacy. In this thesis, we look at whether the type of relationship between the observer and the person being observed can be used to manage this trade-off. We conducted a survey that asked people what amount of information from different sources that they would disclose to seven different relationship types. We found that in more than half of the cases, people would give different amounts of information to different relationships. We then constructed a prototype system and conducted a Wizard of Oz experiment where we took the system into the real world and observed individuals using it. Our results suggest that awareness servers can be improved by allowing finer-grained control than what is currently available.

privacy

Availability awareness

awareness servers.

instant messaging

Privacy in the Age of the Internet

Russell, Bronwen Elizabeth

15 April 2009

This paper addresses the claim that there is zero privacy for Canadians on the internet. For the interpersonal computing era 1992 to 2007, the relationship between the three major agents (i.e., individual users, federal government, and business) operating on the internet was examined. Three questions guided the research: how has the popular press educated Canadians about internet privacy? what has been the response of the federal government? how have online companies protected the privacy of Canadians? Content analyses of (a) Macleans magazine, (b) the Privacy Commissioner's Annual Reports to Parliament, (c) and the privacy policies of the most visited websites were conducted. Complex Adaptive Systems theory indicated that privacy is an emergent property arising from the interaction of the agents and that the internet is an environment where the agents' interactions lead to limited privacy.

internet

internet privacy

complex adaptive systems

Privacy Preserving Billing Protocol for Smart Grid

Artan, William

13 July 2012

Smart grid is an advanced electrical grid equipped with communication capability which is utilized to improve the efficiency, reliability, and sustainability of electricity services. Countries within Europe, North America and East Asia are undergoing a transformation from an antiquated infrastructure to the smart grid. However, some of problems arise due to the security and privacy issues of smart grid. Since smart meters and a grid operator can interact through its communication channel, there is a possibility that a hacker can hack into the system to steal information or even cut off the electricity service. Moreover, people are protesting and refusing to use smart meter since it enables the grid operator to perform frequent meter reading which unveils the customers¡¦ private energy usage information that could be abused. To cope with the privacy issue, we proposed an enhanced version of aggregation protocol from Garcia-Jacobs protocol where our protocol protects not only customers¡¦ energy consumption information but also the consumption information of a neighborhood. Furthermore, we proposed a novel privacy preserving billing protocol based on Priced Oblivious Transfer (POT) protocol which guarantees the grid operator to get the correct amount of money without knowing the individual energy consumption of the customers. Additionally, we also implement our proposed protocols.

smart meter

smart grid

privacy preserving

billing

Advanced Dynamic Encryption – A Security Enhancement Protocol for IEEE 802.11 and Hybrid Wireless Network

Yu, Peter Huan Pe

2010 December 1900

Data integrity and privacy are the two most important security requirements in wireless communication. Most mechanisms rely on pre-share key data encryption to prevent unauthorized users from accessing confidential information. However, a fixed secret key is vulnerable to cracking by capturing sufficient packets or launching a dictionary attack. In this research, a dynamic re-keying encryption protocol was developed to enhance the security protection for IEEE 802.11 and hybrid wireless network. This protocol automatically updates the secret key during the end-to-end transmission between wireless devices to protect the network and the communication privacy. In addition, security analyses are given to verify the protection of this protocol. Experiment results also validate that the dynamic encryption approach can perform as efficiently as other security architectures while providing an additional layer of data protection.

Security

Privacy

Protocol

Wireless Network

Encryption

Self-Regulation Mechanisms in the Practice of Information Privacy

Lin, Hsing-Tzu

21 June 2003

Today, many privacy abuses can be traced to the lack of organization policies governing the conduct of the personnel who are in charge of managing the information systems. IT professionals, who are the most important gatekeepers to the information privacy practices, have the oversight responsibility for information privacy since they have the most extensive knowledge of their organization¡¦s systems and data. In this research, we have studied the impact of managerial policies concerning ethical codes and rewards/penalty perception on IS professionals¡¦ self-regulation capacity against privacy abuses. Specificially, based upon the Moment-of-Truth model and paradigm of self-regulation, we investigated how IS professionals¡¦ ethical judgment, subjective norm, privacy self-efficacy and intention may reciprocally interact with their business environment that was characterized by its use of ethical codes and the rewards/penalty system. We first proposed an ethical dicision model based on the paradigm of self-regulation and validated the appropriateness of this model for studying information privacy. We then demonstrated how the perception of the rewards/penalty may impact the ethical judgment, subjective norm, privacy self-efficay, and ethical intention. We discovered that the rewards/penalty perception had a moderating effect on the relationship between ethical judgment and intention, and that the ethical codes had the moderating effect on the relationship between privacy self-efficacy and intention.

IS Personnel

Self-Regulation Mechanism

Privacy

none

Rong, Liang-Sun

20 July 2009

In recent years, research has shown that the issue of security is an essential indicator for public well-being. Along with the advance of science and technology, the application of monitor, which includes the field of crime investigation and prevention, has become more and more importance. Furthermore, the location of monitor is also involved with personal privacy. As a result, it is necessary to prove which one is better for explanation of sense of happiness. Based on the Maslow theory of needs, this study explores the relationship between Kaohsiung resident needs and the installation of monitor in terms of quantitative research methods. For the variable of installation demand, it adopts the way of self-questionnaire mining dimensions including security, social, respect, self-actualization and cognitive needs. After validity analysis, the positive cognitive demand had three factors along with seven independent variables, the reliability above 0.7. Dependent variable of the installation of monitor was adapted from Chinese version of Hu Yan (2000). In this study, the version of SPSS 12.0 software was used for statistical analysis along with Likert scale scores. The higher score of scale is, the more sense of happiness does. After practical analysis, it was found that the people with installed monitor will have higher degree of feeling and safety, not to mention the sense of happiness. They feel that they live in the protection of life and have a sense of accomplishment more than the other events of middle level. In terms of age, work, marriage, positive cognitive and living environment, there is significant difference among them. However, there is no significant difference between monitor alliance and happiness. The study assumed that there are some significant positive correlations among the aspects of safety, community, respect and self-actualization, and it shows that it is necessary to install the street monitor. However, for the aspects of privacy violation as well as stalk information leakage, it was significantly lower degree of positive correlation, indicating the doubtful attitude of public for installation monitor. Therefore, the study infers there might be some impact on personal privacy, so it is necessary to set up stricter management practices on the use of information to alleviate people¡¦s concerns and to prevent people from human rights with law. Within this study, it explains the overall sense of happiness for 72.1%. Maslow's theory is closely linked with the public safety protection measures in life, and it is a practical application. As a result, it proposed the follow-up researchers to delve into the effect of monitor, especially on crime prevention.

sense of happiness

Monitor

privacy

Defense Space Theory

A Study of Internet Privacy Invasion in PTT

Li, Ming-Han

03 February 2010

Although technology is well developed, personal data is well spread in internet ,too. We can see a lot of privacy invasion in PTT. People can find a lot of data about someone from his name or movie. People are afraid of being caught in internet. But why some people support this kind of privacy invasion but some don¡¦t. What is the main factor? This study uses description and different kind of event to observe if description can affect people¡¦s decision toward privacy invasion. We separate description into violate and non-violate, and we use two stage survey to observe when people face different kind of description, is there any different between violate and non-violate description toward privacy decision making. In the end, we find how sex, description, and event affect privacy decision making, and we bring up a suggestion of privacy situational desion and the main factor toward privacy decision making.

PTT

word description

privacy decision making

Protect Data Privacy in E-Healthcare in Sweden

An, Nan

January 2007

<p>Sweden healthcare adopted much ICT (information and communication technology). It is a highly information intensive place. This thesis gives a brief description of the background of healthcare in Sweden and ICT adoption in healthcare, introduces an Information system security model, describes the technology and law about data privacy and carries out a case through questionnaire and interview.</p>

Data privacy

health care

Sweden

Informatics

Informatik

PRIVACY AND IDENTITY MANAGERMENT ON SOCIAL NETWORKING SITES WITH REFRENCE TO FACEBOOK

Agadagba, Kelvin Yoreme

January 2011

According to Nicole B. Ellison and Danah M. Boyd in their article on “Social network sites: Definition, History, and Scholarship”, they defined Social Networking Sites as “Web-based services that allow individuals to (1) Construct a public or semi-public profile within a bounded system, (2) Articulate a list of other users with whom they share a connection, and (3) View and traverse their list of connections and those made by others within the system”( 2007). In other words, Social Networking Sites (SNSs) are websites that are designed to simplify communication between users who share similar activities, attitudes and interests. Today the growth and role of social networking sites has become an issue not only for the users themselves but also for scholars and industrial researchers. My aim in this research will be to explore Social Networking Sites in general. The concept of Social Networking Sites is very broad; therefore my main study will be dealing primarily with how privacy and restrictions plays a role in identity management with reference to Facebook.

Facebook

Privacy

Identity Management

Social Networking Sites