Towards User-Centered Privacy Risk Detection and Quantification Framework

With the prevalence of privacy incidents and recurrent leaks, privacy protection has become a concern of users and data protection entities. Previous research in privacy risk prevention has mostly followed the "collect and prevent" philosophy, e.g., by applying anonymization techniques to the user data on the back-end. These approaches neglect the users' right to informational self-determination since the privacy risk analysis and prevention takes place once the data is out of control of the user. In this paper, we present an architecture for user-centered privacy risk detection and quantification framework based on combinatorial, and probabilistic mathematical models coupled with advanced machine learning classifiers. The framework empowers users to take informed privacy prevention actions prior to unwanted revelations.

[1]  Michael Hicks,et al.  Deanonymizing mobility traces: using social network as a side-channel , 2012, CCS.

[2]  Laks V. S. Lakshmanan,et al.  Proceedings of the 2008 ACM SIGMOD international conference on Management of data , 2008, SIGMOD 2008.

[3]  Katie Shilton,et al.  Four billion little brothers? , 2009, Commun. ACM.

[4]  Rachel Greenstadt,et al.  Privacy Detective: Detecting Private Information and Collective Privacy Behavior in a Large Social Network , 2014, WPES.

[5]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[6]  Asimina Vasalou,et al.  Privacy dictionary: A new resource for the automated content analysis of privacy , 2011, J. Assoc. Inf. Sci. Technol..

[7]  Ling Liu,et al.  PrIvacy Risks And Countermeasures In Publishing And Mining Social Network Data , 2011, 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[8]  Xin Shuai,et al.  Loose tweets: an analysis of privacy leaks on twitter , 2011, WPES.

[9]  Jerome P. Reiter Estimating Risks of Identification Disclosure in Microdata , 2005 .

[10]  Xiaofeng Ding,et al.  A general framework for privacy preserving data publishing , 2013, Knowl. Based Syst..

[11]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[12]  George Danezis,et al.  Proceedings of the 2012 ACM conference on Computer and communications security , 2012, CCS 2012.

[13]  Y. de Montjoye,et al.  Unique in the shopping mall: On the reidentifiability of credit card metadata , 2015, Science.

[14]  Dan Roth,et al.  Detecting privacy-sensitive events in medical text , 2014, BCB.

[15]  Isao Echizen,et al.  New Approach to Quantification of Privacy on Social Network Sites , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[16]  Raymond Heatherly,et al.  A Game Theoretic Framework for Analyzing Re-Identification Risk , 2015, PloS one.

[17]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[18]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[19]  PAUL M. SCHWARTZ,et al.  PII 2 . 0 : Privacy and a New Approach to Personal Information , 2012 .

[20]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[21]  Asimina Vasalou,et al.  Privacy dictionary: a linguistic taxonomy of privacy for content analysis , 2011, CHI.

[22]  Wenliang Du,et al.  Privacy-MaxEnt: integrating background knowledge in privacy quantification , 2008, SIGMOD Conference.

[23]  Kang G. Shin,et al.  Location Privacy Protection for Smartphone Users , 2014, CCS.

[24]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[25]  Ernesto Damiani,et al.  A Discussion of Privacy Challenges in User Profiling with Big Data Techniques: The EEXCESS Use Case , 2013, 2013 IEEE International Congress on Big Data.

[26]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[27]  Matthias Hollick,et al.  Raising User Awareness about Privacy Threats in Participatory Sensing Applications through Graphical Warnings , 2013, MoMM '13.

[28]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[29]  Kai Rannenberg,et al.  Styx: Design and Evaluation of a New Privacy Risk Communication Method for Smartphones , 2014, SEC.

[30]  Kai Rannenberg,et al.  How to Enhance Privacy and Identity Management for Mobile Communities: Approach and User Driven Concepts of the PICOS Project , 2010, SEC.

[31]  Ken Barker,et al.  Quantifying Privacy Violations , 2011, Secure Data Management.