Abstract
One of the key challenges in the information society is responsible handling of personal data. An often-cited reason why people fail to make rational decisions regarding their own informational privacy is the high uncertainty about future consequences of information disclosures today. This chapter builds an analogy to financial options and draws on principles of option pricing to account for this uncertainty in the valuation of privacy. For this purpose, the development of a data subject's personal attributes over time and the development of the attribute distribution in the population are modeled as two stochastic processes, which fit into the Binomial Option Pricing Model (BOPM). Possible applications of such valuation methods to guide decision support in future privacy-enhancing technologies (PETs) are sketched.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security and Privacy 3(1), 26–33 (2005)
Acquisti, A., Varian, H.R.: Conditioning prices on purchase history. Marketing Science 24(3), 1–15 (2005)
Amram, M., Kulatilaka, N.: Real Options: Managing Strategic Investment in an Uncertain World. Harvard Business School Press (1999)
Baran, P.: Communications, computers and people. Tech. rep., RAND Corporation, Santa Monica, CA (1965)
Berendt, B., Günther, O., Spiekermann, S.: Privacy in e-commerce: Stated preferences vs. actual behavior. Communications of the ACM 48(4), 101–106 (2005)
Black, F., Scholes, M.: The pricing of options and corporate liabilities. Journal of Political Economy 81, 637–654 (1973)
Blanchette, J.F., Johnson, D.G.: Data retention and the panoptic society: The social benefits of forgetfulness. Information Society 18(1), 33–45 (2002)
Böhme, R.: A comparison of market approaches to software vulnerability disclosure. In: G. Müller (ed.) Emerging Trends in Information and Communication Security (Proc. of ETRICS), LNCS, vol. 3995, pp. 298–311. Springer, Berlin Heidelberg (2006)
Böhme, R., Koble, S.: Pricing strategies in electronic marketplaces with privacy-enhancing technologies. Wirtschaftsinformatik 49(1), 16–25 (2007)
Clauß, S.: A framework for quantification of linkability within a privacy-enhancing identity management system. In: G.Müller (ed.) Emerging Trends in Information and Communication Security (ETRICS), LNCS, vol. 3995, pp. 191–205. Springer, Berlin Heidelberg (2006)
Cox, J., Ross, S., Rubinstein, M.: Option pricing: A simplified approach. Journal of Financial Economics (1979)
Daneva, M.: Applying real options thinking to information security in networked organizations. Tech. Rep. TR-CTIT-06-11, Centre for Telematics and Information Technology, University of Twente, Enschede, NL (2006)
Denning, D.E., Denning, P.J., Schwart, M.D.: The tracker: A threat to statistical database security. ACM Trans. on Database Systems 4(1), 76–96 (1979)
Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: P. Syverson, R. Dingledine (eds.) Workshop on Privacy Enhancing Technologies, LNCS, vol. 2482. Springer, Berlin Heidelberg (2002)
Fischer, L., Katzenbeisser, S., Eckert, C.:Measuring unlinkability revisited. In: Proc. ofWorkshop on Privacy in the Electronic Society (WPES), pp. 105–109. ACMPress, New York (2008)
Fischer-Hübner, S.: Zur reidentifikationssicheren statistischen Auswertung personenbezogener Daten in staatlichen Datenbanken [Towards reidentification-secure statistical data analysis of personal data in governmental databases]. Diploma thesis, Universität Hamburg (1987). In German
Fischer-Hübner, S.: IT-security and privacy: Design and use of privacy-enhancing security mechanisms, LNCS, vol. 1958. Springer, Berlin Heidelberg (2001)
Franz, M., Meyer, B., Pashalidis, A.: Attacking unlinkability: The importance of context. In: N. Borisov, P. Golle (eds.) Privacy Enhancing Technologies, LNCS, vol. 4776, pp. 1–16. Springer, Berlin Heidelberg (2007)
Gordon, L.A., Loeb,M.P.: The economics of information security investment. ACMTrans. on Information and System Security 5(4), 438–457 (2002)
Gordon, L.A., Loeb, M.P., Lucyshyn, W.: Information security expenditures and real options: A wait-and-see approach. Computer Security Journal 14(2), 1–7 (2003)
Grossklags, J., Acquisti, A.:When 25 cents is too much: An experiment on willingness-to-sell and willingness-to-protect personal information. In:Workshop of Economics and Information Security (WEIS). CarnegieMellon University, Pittsburgh, PA (2007). http://weis2007. econinfosec.org/papers/66.pdf
Hansen, M., Pfitzmann, A., Steinbrecher, S.: Identity management throughout one’s whole life. Information Security Technical Report 13(2), 83–94 (2008)
Herath, H.S.B., Herath, T.C.: Investments in information security: A real options perspective with Bayesian postaudit. Journal ofManagement Information Systems 25(3), 337–375 (2008)
Huberman, B.A., Adar, E., Fine, L.R.: Valuating privacy. IEEE Security and Privacy 3(1), 22–25 (2005)
Kelly, D.J., Raines, R.A., Grimaila, M.R., Baldwin, R.O., Mullins, B.E.: A survey of state-ofthe- art in anonymity metrics. In: Proc. of ACM Workshop on Network Data Anonymization (NDA), pp. 31–40. ACM Press, New York (2008)
Li, J., Su, X.: Making cost effective security decision with real option thinking. In: Proc. of International Conference on Software Engineering Advances (ICSEA 2007), pp. 14–22. IEEE Computer Society, Washington, DC, USA (2007)
Matsuura, K.: Security tokens and their derivatives. Tech. rep., Centre for Communications Systems Research (CCSR), University of Cambridge, UK (2001)
Merton, R.C.: Theory of rational option pricing. Bell Journal of Economics and Management Science 4(1), 141–183 (1973)
Odlyzko, A.: Privacy, economics, and price discrimination on the Internet. In: N. Sadeh (ed.) ICEC2003: Fifth International Conference on Electronic Commerce, pp. 355–366 (2003)
Ozment, A.: Bug auctions: Vulnerability markets reconsidered. In: Workshop of Economics and Information Security (WEIS). University ofMinnesota,Minneapolis,MN (2004). http: //www.dtc.umn.edu/weis2004/ozment.pdf
Peyton Jones, S.: Composing contracts: An adventure in financial engineering. In: J.N. Oliveira, P. Zave (eds.) FME 2001: Formal Methods for Increasing Software Productivity, LNCS, vol. 2021. Springer, Berlin Heidelberg (2001)
Peyton Jones, S., Eber, J.M.: How to write a financial contract. In: J. Gibbons, O. de Moor (eds.) The Fun of Programming. Palgrave Macmillan (2003)
Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management – A consolidated proposal for terminology. http: //dud.inf.tu-dresden.de/Anon_Terminology.shtml (2008). (Version 0.31)
Purser, S.A.: Improving the ROI of the security management process. Computers & Security 23, 542–546 (2004)
Schlörer, J.: Zum Problem der Anonymität der Befragten bei statistischen Datenbanken mit Dialogauswertung [On the problem of respondents’ anonymity in statistical databases with dialogue analysis]. In: D. Siefkes (ed.) 4. GI-Jahrestagung, LNCS, vol. 26, pp. 502–511. Springer, Berlin Heidelberg (1975)
Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: P. Syverson, R. Dingledine (eds.) Workshop on Privacy Enhancing Technologies, LNCS, vol. 2482. Springer, Berlin Heidelberg (2002)
Shannon, C.E.: A mathematical theory of communications. Bell System Technical Journal 27, 379–423, 623–656 (1948)
Soo Hoo, K.J.: How much is enough? A risk-management approach to computer security. In: Workshop on Economics and Information Security (WEIS). Berkeley, CA (2002). http://www.sims.berkeley.edu/resources/affiliates/ workshops/econsecurity/
Steinbrecher, S., Köpsell, S.: Modelling unlinkability. In: R. Dingledine (ed.) Workshop on Privacy Enhancing Technologies, LNCS, vol. 2760, pp. 32–47. Springer, Berlin Heidelberg (2003)
Sweeney, L.: k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10(5), 571–588 (2002)
Tóth, G., Hornák, Z., Vajda, F.:Measuring anonymity revisited. In: S. Liimatainen, T. Virtanen (eds.) Proc. of the Ninth Nordic Workshop on Secure IT Systems, pp. 85–90. Espoo, Finland (2004)
Willenborg, L., De Waal, T.: Statistical Disclosure Control in Practice. Springer, New York (1996)
Wolfers, J., Zitzewitz, E.: Prediction markets. Journal of Economic Perspectives 18(2), 107– 126 (2004)
Xiaoxin, W., Bertino, E.: Achieving k-anonymity in mobile and ad hoc networks. In: Proc. of IEEE ICNPWorkshop on Secure Network Protocols, pp. 37–42. IEEE Press, New York (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this paper
Cite this paper
Berthold, S., Böhme, R. (2010). Valuating Privacy with Option Pricing Theory. In: Moore, T., Pym, D., Ioannidis, C. (eds) Economics of Information Security and Privacy. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-6967-5_10
Download citation
DOI: https://doi.org/10.1007/978-1-4419-6967-5_10
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-6966-8
Online ISBN: 978-1-4419-6967-5
eBook Packages: Computer ScienceComputer Science (R0)