A citizen privacy protection model for e-government mashup services

The Web 2.0 technologies allow dynamic content creation using syndications or mashups, extracted from diverse data sources, including government enterprise data. As a primary source of citizen data, the government has the obligation not only to make public data available for citizen access as stated in the Freedom of Information Act, but also to protect the privacy of individual citizen's records as stated in the Privacy Act. Unlike in the electronic commercial environment where the user can view the company privacy policy and indicate transaction data to be protected through opt-out mechanisms, opt-out in the mashup environment with government data is not so easy. In a mashup, a third party mashup Web application provider requests the individual's data from the government agencies through Web services. Since the data is public data not necessarily provided through an electronic interaction, individual citizens are not necessarily able to express fine-grained privacy policies on how data may be used. In addition, the government agency's privacy policy is very coarse grained, and the relative sensitivity of individual citizens is not considered. In this paper, we provide a Privacy Protection Model for Mashup Applications, using a mashup related multi-dimensional privacy protection space which includes parameters to specify mashup providers, mashup-specific operators, and mashup purposes. A personal privacy policy network is a distributed architecture where citizens can publish their individual privacy policies that can be applied to the use of their data and consulted by data providers including government agencies.

[1]  Julita Vassileva,et al.  A Review on Trust and Reputation for Web Service Selection , 2007, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07).

[2]  Gerald J. Sussman,et al.  Data-Purpose Algebra: Modeling Data Usage Policies , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[3]  Mary Ann Davidson,et al.  Enterprise Security for Web 2.0 , 2007, Computer.

[4]  Liam Peyton,et al.  Tracking privacy compliance in B2B networks , 2004, ICEC '04.

[5]  Anas Abou El Kalam,et al.  Privacy requirements implemented with a JavaCard , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[6]  Athman Bouguettaya,et al.  Infrastructure for E-Government Web Services , 2003, IEEE Internet Comput..

[7]  Lori L. DeLooze Providing Web Service Security in a Federated Environment , 2007, IEEE Security & Privacy.

[8]  Clare-Marie Karat,et al.  Usable security and privacy: a case study of developing privacy management tools , 2005, SOUPS '05.

[9]  Larry Korba,et al.  Privacy in distributed electronic commerce , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[10]  Stefania Galizia WSTO: A Classification-Based Ontology for Managing Trust in Semantic Web Services , 2006, ESWC.

[11]  Christin Moore The growing trend of government involvement in IT security , 2004, InfoSecCD '04.

[12]  Ramakrishnan Srikant,et al.  An XPath-based preference language for P3P , 2003, WWW '03.

[13]  W. Liu,et al.  Trustworthy service selection and composition - reducing the entropy of service-oriented Web , 2005, INDIN '05. 2005 3rd IEEE International Conference on Industrial Informatics, 2005..

[14]  Ty Mey Eap,et al.  Federated security: lightweight security infrastructure for object repositories and Web services , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[15]  T. Ager,et al.  Policy-Based Management and Sharing of Sensitive Information Among Government Agencies , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.