Formal Reasoning About Privacy and Trust in Loyalty Systems

Individuals disclose personal information to complex services via their front-end which interacts with underlying sub-services. The services involve multiple collaborating parties that may share the collected personal data to accurately profile individuals. Even though their data handling practices are declared in their privacy policies, they are still opaque for individuals. Data protection regulations restrain service providers to collect personal data that is strictly necessary for their purposes. The present paper shows the potential of a logic based framework for analyzing privacy of electronic services by applying the approach to two loyalty schemes. Different query types are defined that provide meaningful feedback for both end users and service designers.

[1]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[2]  Siani Pearson,et al.  Privacy Management in Global Organisations , 2012, Communications and Multimedia Security.

[3]  Daniel Le Métayer Privacy by design: a formal framework for the analysis of architectural choices , 2013, CODASPY '13.

[4]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[5]  Dilsun Kirli Kaynar,et al.  Experiences in the logical specification of the HIPAA and GLBA privacy laws , 2010, WPES '10.

[6]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[7]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[8]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[9]  Koen Decroix,et al.  A Framework for Formal Reasoning about Privacy Properties Based on Trust Relationships in Complex Electronic Services , 2013, ICISS.

[10]  Ashwini Rao,et al.  Formal analysis of privacy requirements specifications for multi-tier applications , 2013, 2013 21st IEEE International Requirements Engineering Conference (RE).

[11]  Johan Wittocx,et al.  The IDP system: A model expansion system for an extension of classical logic , 2008 .

[12]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[13]  Koen Decroix,et al.  A Formal Approach for Inspecting Privacy and Trust in Advanced Electronic Services , 2013, ESSoS.