Privacy in the clouds

Informational self-determination refers to the right or ability of individuals to exercise personal control over the collection, use and disclosure of their personal data by others. The basis of modern privacy laws and practices around the world, informational privacy has become a challenging concept to protect and promote in a world of ubiquitous and unlimited data sharing and storage among organizations. The paper advocates a “user-centric” approach to managing personal data online. However, user-centricity can be problematic when the user—the data subject—is not directly involved in transactions involving the disclosure, collection, processing, and storage of their personal data. Identity data is increasingly being generated, used and stored entirely in the networked “Cloud”, where it is under control of third parties. The paper explores possible technology solutions to ensure that individuals will be able to exercise informational self-determination in an era of network grid computing, exponential data creation, ubiquitous surveillance and rampant online fraud. The paper describes typical “Web 2.0” use scenarios, suggests some technology building blocks to protect and promote informational privacy online, and concludes with a call to develop a privacy-respective information technology ecosystem for identity management. Specifically, the paper outlines four fundamental technological approaches to help assure widespread and enduring online participation, confidence and trust in the information society.

[1]  Michael Gurski,et al.  P3P and Privacy: An update for the Privacy Community , 2004 .

[2]  Thomas Daemen and Ira Rubinstein The Identity Metasystem: Towards a Privacy-Compliant Solution to the Challenges of Digital Identity , 2006 .

[3]  Daniel J. Solove The Future of Reputation: Gossip, Rumor, and Privacy on the Internet , 2007 .

[4]  Tim O'Reilly,et al.  What is Web 2.0: Design Patterns and Business Models for the Next Generation of Software , 2007 .

[5]  Nicholas G. Carr,et al.  The Big Switch: Rewiring the World, from Edison to Google , 2008 .

[6]  Steve Kenny,et al.  The Value of Privacy Engineering , 2002, J. Inf. Law Technol..

[7]  Ian R. Kerr,et al.  Buddy Bots: How Turing's Fast Friends Are Undermining Consumer Privacy , 2005, Presence: Teleoperators & Virtual Environments.

[8]  Ian R. Kerr Ensuring the Success of Contract Formation in Agent-Mediated Electronic Commerce , 2001, Electron. Commer. Res..

[9]  G. lachello Protecting personal data: can IT security management standards help? , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[10]  Larry Korba,et al.  Towards Meeting the Privacy Challenge: Adapting DRM , 2002, Digital Rights Management Workshop.

[11]  Malcolm Crompton,et al.  Web Seals: A Review of Online Privacy Programs , 2006 .

[12]  Jessica Vitak,et al.  Digital footprints: online identity management and search in the age of transparency , 2007 .

[13]  N. Carr The end of corporate computing , 2005 .

[14]  Lawrence Lessig,et al.  Code and Other Laws of Cyberspace , 1999 .

[15]  Daniel J. Solove The Digital Person , 2022 .

[16]  Robert O'Harrow,et al.  No place to hide , 1997, Science.

[17]  Louise Story To Aim Ads, Web Is Keeping Closer Eye on You , 2008 .

[18]  Siani Pearson,et al.  Securing Information Transfer in Distributed Computing Environments , 2008, IEEE Security & Privacy.

[19]  Ian R. Kerr Bots, Babes and the Californication of Commerce , 2005 .

[20]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[21]  Scott A. Golder,et al.  Security Issues and Recommendations for Online Social Networks. , 2007 .