Rethinking the Proposition of Privacy Engineering

The field of privacy engineering proposes a methodological framework for designing privacy-protecting information systems. Recognising that the utilisation of privacy-enhancing techniques for data storage and analysis does not address the entire scope of individual privacy, privacy engineering incorporates influences from user sentiment, legal norms and risk analysis in order to provide a holistic approach. Framed by related design principles, such as 'Privacy-by-Design', privacy engineering purports to provide a practical, deployable set of methods by which to achieve such a holistic outcome. Yet, despite this aim, there have been difficulties in adequately articulating the value proposition of privacy engineering. Without being able to adequately define privacy or map its contours, any proposed methodology or framework will be difficult to implement in practice, if not self-defeating. This paper identifies and examines the assumptions that underpin privacy engineering, linking them to shortcomings and open questions. Further, we explore possible research avenues that may give rise to alternative frameworks.

[1]  S. Humphreys Economic Cooperation , 2018, Kinship in Ancient Athens.

[2]  J. Murphy The General Data Protection Regulation (GDPR) , 2018, Irish medical journal.

[3]  Aaron Ceross Examining data protection enforcement actions through qualitative interviews and data exploration , 2018 .

[4]  E. Descheemaeker The harms of privacy , 2015, The Campbell Legacy.

[5]  Eric Burger,et al.  Long-term market implications of data breaches, not , 2017 .

[6]  Parliamentary Counsel Data Protection Bill , 2017 .

[7]  Andrew C. Simpson,et al.  The Use of Data Protection Regulatory Actions as a Data Source for Privacy Economics , 2017, SAFECOMP Workshops.

[8]  Yang Wang,et al.  Nudges for Privacy and Security , 2017, ACM Comput. Surv..

[9]  Sebastian Herold,et al.  A Literature Study on Privacy Patterns Research , 2017, 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA).

[10]  Wenlong Li,et al.  Book review: Group Privacy: New Challenges of Data Technologies , 2017 .

[11]  Andrew C. Simpson,et al.  Towards a Principled Approach for Engineering Privacy by Design , 2017, APF.

[12]  Kaitlin M. Ball African Union Convention on Cyber Security and Personal Data Protection , 2017, International Legal Materials.

[13]  Naomi B. Lefkovitz,et al.  An Introduction to Privacy Engineering and Risk Management in Federal Systems , 2017 .

[14]  D. Watts Should social science be more solution-oriented? , 2017, Nature Human Behaviour.

[15]  Sasha Romanosky,et al.  Examining the costs and causes of cyber incidents , 2016, J. Cybersecur..

[16]  Dag Wiese Schartum,et al.  Making privacy by design operative , 2016, Int. J. Law Inf. Technol..

[17]  Stuart S. Shapiro,et al.  Privacy Risk Analysis Based on System Control Structures: Adapting System-Theoretic Process Analysis for Privacy Engineering , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[18]  Kieron O'Hara,et al.  The Seven Veils of Privacy , 2016, IEEE Internet Comput..

[19]  Curtis R. Taylor,et al.  The Economics of Privacy , 2016 .

[20]  L. Cranor,et al.  Nudges for Privacy and Security , 2017, ACM Comput. Surv..

[21]  Andrew C. Simpson,et al.  Policy, Statistics, and Questions: Reflections on UK Cyber Security Disclosures , 2016, WEIS.

[22]  France Bélanger,et al.  The role of information systems research in shaping the future of information privacy , 2015, Inf. Syst. J..

[23]  Elgar Fleisch,et al.  Blissfully ignorant: the effects of general privacy concerns, general institutional trust, and affect in the privacy calculus , 2015, Inf. Syst. J..

[24]  Simson L. Garfinkel,et al.  De-Identification of Personal Information , 2015 .

[25]  Serge Egelman,et al.  The Myth of the Average User: Improving Privacy and Security Systems through Individualization , 2015, NSPW.

[26]  Reinhard Bachmann,et al.  Repairing Trust in Organizations and Institutions: Toward a Conceptual Framework , 2015 .

[27]  David Wright,et al.  PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology , 2015, 2015 IEEE Security and Privacy Workshops.

[28]  Sabine Trepte,et al.  Is the privacy paradox a relic of the past? An in‐depth analysis of privacy attitudes and privacy behaviors , 2015 .

[29]  Josep Domingo-Ferrer,et al.  Privacy and Data Protection by Design - from policy to engineering , 2014, ArXiv.

[30]  G. Danezis,et al.  Privacy and Data Protection by Design , 2015 .

[31]  William Li,et al.  Law is Code: A Software Engineering Approach to Analyzing the United States Code , 2014 .

[32]  Sven Ove Hansson,et al.  Is Risk Analysis Scientific? , 2014, Risk analysis : an official publication of the Society for Risk Analysis.

[33]  Jeffrey T. Hancock,et al.  Experimental evidence of massive-scale emotional contagion through social networks , 2014, Proceedings of the National Academy of Sciences.

[34]  J. Dijck Datafication, dataism and dataveillance: Big Data between scientific paradigm and ideology , 2014 .

[35]  Ronald Leenes,et al.  Privacy regulation cannot be hardcoded. A critical comment on the ‘privacy by design’ provision in data-protection law , 2014 .

[36]  L. Floridi Open Data, Data Protection, and Group Privacy , 2014, Philosophy & Technology.

[37]  Keith Spicer,et al.  Intruder Testing on the 2011 UK Census: Providing Practical Evidence for Disclosure Protection , 2014, J. Priv. Confidentiality.

[38]  Henry Pearce,et al.  Privacy and media freedom , 2013, Comput. Law Secur. Rev..

[39]  Scott Ruoti,et al.  Confused Johnny: when automatic encryption leads to confusion and mistakes , 2013, SOUPS.

[40]  G. Greenleaf Data protection in a globalised network , 2013 .

[41]  Kush Wadhwa,et al.  Evaluating privacy impact assessments , 2013 .

[42]  Michael Friedewald,et al.  Seven Types of Privacy , 2013, European Data Protection.

[43]  Maarten H. Everts,et al.  Designing Privacy-by-Design , 2012, APF.

[44]  Hannes Federrath,et al.  Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility , 2012, SEC.

[45]  A. H. Ball,et al.  Review of Data Management Lifecycle Models , 2012 .

[46]  Kieron O'Hara,et al.  Avoiding the Jigsaw Effect: Experiences With Ministry of Justice Reoffending Data , 2011 .

[47]  Heng Xu,et al.  Information Privacy Concerns: Linking Individual Perceptions with Institutional Privacy Assurances , 2011, J. Assoc. Inf. Syst..

[48]  Heng Xu,et al.  Information Privacy Research: An Interdisciplinary Review , 2011, MIS Q..

[49]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[50]  H. Nissenbaum A Contextual Approach to Privacy Online , 2011, Daedalus.

[51]  L. Kool,et al.  Privacy by Design: an alternative to existing practice in safeguarding privacy , 2011 .

[52]  David Wright,et al.  Should privacy impact assessments be mandatory? , 2011, Commun. ACM.

[53]  Andrew Simpson,et al.  On Privacy and Public Data: a Study of data.gov.uk , 2011, J. Priv. Confidentiality.

[54]  Priscilla M. Regan Response to Bennett: Also in Defense of Privacy , 2011 .

[55]  Colin J. Bennett In Defense of Privacy: The Concept and the Regime , 2011 .

[56]  Carmela Troncoso,et al.  Engineering Privacy by Design , 2011 .

[57]  Wouter Joosen,et al.  A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements , 2011, Requirements Engineering.

[58]  Qiaoyan Wen,et al.  A View about Cloud Data Security from Data Life Cycle , 2010, 2010 International Conference on Computational Intelligence and Software Engineering.

[59]  M. Calo The Boundaries of Privacy Harm , 2010 .

[60]  A. Cavoukian,et al.  Privacy by Design: essential for organizational accountability and strong business practices , 2010 .

[61]  Stuart S. Shapiro,et al.  Privacy by design , 2010, Commun. ACM.

[62]  Eileen Wood,et al.  All about me: Disclosure in online social networking profiles: The case of FACEBOOK , 2010, Comput. Hum. Behav..

[63]  David J. Houghton,et al.  Privacy, Social Network Sites, and Social Relations , 2010 .

[64]  D. Citron,et al.  Visionary Pragmatism and the Value of Privacy in the Twenty-First Century , 2010 .

[65]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[66]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[67]  Bülent Yener,et al.  On anonymity in an electronic society: A survey of anonymous communication systems , 2009, CSUR.

[68]  Gail-Joon Ahn,et al.  Privacy-Enhanced User-Centric Identity Management , 2009, 2009 IEEE International Conference on Communications.

[69]  Ian R. Kerr,et al.  Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society , 2009 .

[70]  P. Hustinx The Role of Data Protection Authorities , 2009 .

[71]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[72]  Daniel Le Métayer,et al.  A Formal Privacy Management Framework , 2009, Formal Aspects in Security and Trust.

[73]  Saadi Lahlou,et al.  Identity, social status, privacy and face-keeping in digital society , 2008 .

[74]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[75]  Louis Anthony (Tony)Cox What's Wrong with Risk Matrices? , 2008 .

[76]  Louis Anthony Cox,et al.  What's Wrong with Risk Matrices? , 2008, Risk analysis : an official publication of the Society for Risk Analysis.

[77]  Hua Qian,et al.  Anonymity and Self-Disclosure on Weblogs , 2007, J. Comput. Mediat. Commun..

[78]  Ronald E. Rice,et al.  Predicting user concerns about online privacy , 2007, J. Assoc. Inf. Sci. Technol..

[79]  Herman T. Tavani,et al.  PHILOSOPHICAL THEORIES OF PRIVACY: IMPLICATIONS FOR AN ADEQUATE ONLINE PRIVACY POLICY , 2007 .

[80]  Ann Bartow A Feeling of Unease About Privacy Law , 2006 .

[81]  Susan B. Barnes,et al.  A privacy paradox: Social networking in the United States , 2006, First Monday.

[82]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[83]  Tamara Dinev,et al.  An Extended Privacy Calculus Model for E-Commerce Transactions , 2006, Inf. Syst. Res..

[84]  S. van der Hof,et al.  Code As Law , 2006 .

[85]  Massimo Barbaro,et al.  A Face Is Exposed for AOL Searcher No , 2006 .

[86]  J. Borges,et al.  A TAXONOMY OF PRIVACY , 2006 .

[87]  Alessandro Acquisti,et al.  Is There a Cost to Privacy Breaches? An Event Study , 2006, WEIS.

[88]  David Lyon,et al.  Surveillance as Social Sorting : Privacy, Risk and Automated Discrimination , 2005 .

[89]  David Lyon,et al.  Surveillance as social sorting : Computer codes and mobile bodies , 2005 .

[90]  Albrecht Schmidt,et al.  Implicit human computer interaction through context , 2000, Personal Technologies.

[91]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[92]  James A. Landay,et al.  Privacy risk models for designing privacy-sensitive ubiquitous computing systems , 2004, DIS '04.

[93]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[94]  James Q. Whitman The Two Western Cultures of Privacy: Dignity versus Liberty , 2004 .

[95]  S. Margulis Privacy as a Social Issue and Behavioral Concept , 2003 .

[96]  Lei Zhou,et al.  The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[97]  James P. Nehf,et al.  Recognizing the Societal Value in Information Privacy , 2003 .

[98]  Anind K. Dey,et al.  Location-Based Services for Mobile Telephony: a Study of Users' Privacy Concerns , 2003, INTERACT.

[99]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[100]  Paul Ashley,et al.  From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise , 2002, NSPW '02.

[101]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[102]  Shaun B. Spencer,et al.  Reasonable Expectations and the Erosion of Privacy , 2002 .

[103]  Steve Kenny,et al.  The Value of Privacy Engineering , 2002, J. Inf. Law Technol..

[104]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[105]  Helen Nissenbaum,et al.  The Meaning of Anonymity in an Information Age , 1999, Inf. Soc..

[106]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[107]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[108]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[109]  R. Gellman Legislating privacy: Technology, social values, and public policy , 1996 .

[110]  Fred H. Cate,et al.  The EU Data Protection Directive, Information Privacy, and the Public Interest , 1995 .

[111]  Celia Lury,et al.  Cultural Rights: Technology, Legality and Personality.@@@The Panoptic Sort: A Political Economy of Personal Information. , 1993 .

[112]  O. Gandy Toward a political economy of personal information , 1993 .

[113]  O. Gandy The Panoptic Sort: A Political Economy of Personal Information. Critical Studies in Communication and in the Cultural Industries. , 1993 .

[114]  J. Rubenfeld The Right of Privacy , 1989 .

[115]  R. Walton Social Choice in the Development of Advanced Information Technology , 1982 .

[116]  S. Bok Secrets: On the Ethics of Concealment and Revelation , 1982 .

[117]  R. Gavison Privacy and the Limits of Law , 1980 .

[118]  Richard A. Posner,et al.  Privacy, Secrecy, and Reputation , 1978 .

[119]  R. Laufer,et al.  Privacy as a Concept and a Social Issue: A Multidimensional Developmental Theory , 1977 .

[120]  S. Margulis Conceptions of Privacy: Current Status and Next Steps , 1977 .

[121]  Barbara Laslett,et al.  Privacy and Secrecy: A Conceptual Comparison , 1977 .

[122]  Records, Computers and the Rights of Citizens , 1973 .

[123]  Joseph Gray Jackson,et al.  Privacy and Freedom , 1968 .

[124]  GLENN,et al.  Philosophical Views on the Value of Privacy , 1966 .

[125]  C. J. Nuesse The Human Use of Human Beings: Cybernetics and Society , 1952 .

[126]  Norbert Wiener,et al.  The human use of human beings - cybernetics and society , 1988 .

[127]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .