Abstract
Personal identifying information is released without much control from the end user to service providers. We describe a system to scrutinize the stated claims of a service provider on safeguarding PII by interrogating their infrastructure. We attempt to empower end users by providing means to communicate their privacy concerns in a common language understood by the service provider, allowing them to set baseline privacy practices for service providers to adhere to, and providing a means of retrieving information from the service provider in the common language to base their PII release decisions.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
AOL Search Data Scandal, http://en.wikipedia.org/wiki/AOL_search_data_scandal
Office of the Secretary, Standards for Privacy of Individually Identifiable Health Information, Federal Register, vol. 67–157 (August 2002), http://www.hhs.gov/ocr/hipaa/privrulepd.pdf
Data Protection Act (1998) - UK, http://www.opsi.gov.uk/ACTS/acts1998/19980029.htm
Kobsa, A.: Tailoring Privacy to Users’ Needs. In: Bauer, M., Gmytrasiewicz, P.J., Vassileva, J. (eds.) UM 2001. LNCS (LNAI), vol. 2109, pp. 303–313. Springer, Heidelberg (2001)
Trust-e Privacy Seal Program, http://www.truste.org/
BBBOnLine Privacy Seal Program, http://www.bbbonline.org/privacy/
Cranor, L.F., Hogben, G., Langheinrich, M., Marchiori, M., Presler-Marshal, M., Reagle, J., Schunter, M.: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, W3C Working Draft 10 (February 2006)
Berlanger, F., Hiller, J.S., Smith, W.J.: Trustworthiness in electronic commerce: the role of privacy, security, and site attributes. Journal of Strategic Information Systems 11, 245–270 (2002)
Shneiderman, B.: Designing Trust Into Online Experiences. Communications of the ACM 43-12, 57–59 (2000)
Leenes, R., Fischer-Hubner, S. (ed.): Prime Framework version 2, https://www.prime-project.eu/prime_products/reports/fmwk/pub_del_D14.1.b_ec_wp14.1_V1_final.pdf
Cranor, L.F.: Web Privacy with P3P, O’Reilly and Associates (2002)
Clarke, R.: Platform for Privacy Preferences: A Critique, http://www.anu.edu.au/people/Roger.Clarke/DV/P3PCrit.html
Ackerman, M.S.: Privacy in pervasive environments: next generation labelling protocols. In: Personal Ubiquitous Computing 2004, pp. 430–439, Springer, Heidelberg (2004)
Pearson, S.: Towards Automated Evaluation of Trust Constraints. In: Stølen, K., Winsborough, W.H., Martinelli, F., Massacci, F. (eds.) iTrust 2006. LNCS, vol. 3986, pp. 252–266. Springer, Heidelberg (2006)
PRIME principles, https://www.prime-project.eu/about/principles/
VeriSign Identity Protection, http://www.verisign.com/products-services/security-services/identity-protection/index.html
Moulinos, K., Iliadis, J., Tsoumas, V.: Towards secure sealing of privacy policies. Information Management & Computer Security 12-4, 350–361 (2004)
Sommer, D. (ed.): PRIME Architecture version 2, (will appear mid to late 2007) https://www.primeproject.eu/prime_products/reports/arch/
Petterson, J.S.: R1 - First report from the pilot study on privacy technology in the framework of consumer support infrastructure. Working Paper, Department of Information Systems and Centre for HumanIT, Karlstad University, Karlstad (December 2006)
Cranor, L.F.: What Do They “Indicate?”: Evaluating Security and Privacy Indicators. Interactions, 45–47 (2006)
Hogben, G., Jackson, T., Wilikens, M.: A Fully Compliant Research Implementation of the P3P Standard for Privacy Protection: Experiences and Recommendations. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 104–125. Springer, Heidelberg (2002)
Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprise. In: DEXA 2002, IEEE, Los Alamitos (2002)
Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-Enabled management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Backes, M., Pfitzmann, B., Schunter, M.: A Toolkit for Managing Enterprise Privacy Policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)
Clarke, R.: P3P Re-visited, http://www.anu.edu.au/people/Roger.Clarke/DV/P3PRev.html
P3P 1.0 Implementation Report, http://www.w3.org/P3P/implementation-report.html
AT&T, AT&T Privacy Bird, http://www.privacybird.com
Arshad, F.: Privacy Fox – A JavaScript-based P3P Agent for Mozilla Firefox, http://privacyfox.mozdev.org/PaperFinal.pdf
Casassa Mont, M.: Dealing with privacy obligations: Important aspects and technical approaches. In: Katsikas, S.K., Lopez, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Elahi, T.E., Pearson, S. (2007). Privacy Assurance: Bridging the Gap Between Preference and Practice. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)