Post-release information privacy protection: A framework and next-generation privacy-enhanced operating system

In today’s digital world, privacy issues have received widespread public attention. Current research on information privacy protection focuses on release control and subject identity obscurity. Little work has been done, however, to prevent a piece of private information from being misused after that information has been released to external entities. This paper focuses on information privacy protection in a post-release phase. Without entirely depending on the information collector, an information owner is provided with powerful means to control and audit how his/her released information will be used, by whom, and when. The goal is to minimize the asymmetry of information flow between an information owner and an information collector. A set of innovative owner-controlled privacy protection and violation detection techniques has been proposed: Self-destroying File, Mutation Engine System, Automatic Receipt Collection, and Honey Token-based Privacy Violation Detection. Next generation privacy-enhanced operating system, which supports the proposed mechanisms, is introduced. Such a privacy-enhanced operating system stands for a technical breakthrough, which offers new features to existing operating systems. We discuss the functionalities of such an operating system and the design guidelines. To our best knowledge, no similar technical work has been found to provide post-release information privacy protection.

[1]  Marianne Winslett,et al.  Policy migration for sensitive credentials in trust negotiation , 2003, WPES '03.

[2]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[3]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[4]  James A. Landay,et al.  Modeling Privacy Control in Context-Aware Systems , 2002, IEEE Pervasive Comput..

[5]  James A. Landay,et al.  Approximate Information Flows: Socially-Based Modeling of Privacy in Ubiquitous Computing , 2002, UbiComp.

[6]  Joseph Gray Jackson,et al.  Privacy and Freedom , 1968 .

[7]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[8]  Robert Boguslaw,et al.  Privacy and Freedom , 1968 .

[9]  Pat Jefferies Multimedia, cyberspace and ethics , 2000, 2000 IEEE Conference on Information Visualization. An International Conference on Computer Visualization and Graphics.

[10]  Joan Feigenbaum,et al.  Privacy Engineering for Digital Rights Management Systems , 2001, Digital Rights Management Workshop.

[11]  Michael D. Smith,et al.  Protecting Personal Information: Obstacles and Directions , 2005, WEIS.

[12]  Pat Jefferies Multimedia, Cyberspace & Ethics , 2000 .

[13]  P. Clutterbuck,et al.  Attitudes towards information privacy , 2001 .

[14]  Grady N. Drew Using Set for Secure Electronic Commerce , 1998 .

[15]  Christian Damsgaard Jensen,et al.  Trading Privacy for Trust , 2004, iTrust.