Abstract
The large-scale change emergent from the global proliferation of cloud computing, smart homes, the internet of things and machine learning requires a novel view on the flow of confidential information and its classification. The security of an organisation is affected by the privacy enjoyed by its members. Sufficient data on those members can be leveraged in a so-called abduction attack aiming to extract confidential information from the organisation. The intention of this paper is to foster awareness of this effect. To illustrate it we develop a model of actors and data flows and discuss three scenarios in which he confidentiality achievable by an organisation is limited by the privacy of its members.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Numeric references to sections of the original text removed from quotation.
References
Comments of the Electronic Privacy Information Center to the Federal Trade Commission on privacy and security implications of the Internet of Things. Published comments, Federal Trade Commission (FTC) (2013)
Internet of Things - privacy & security in a connected world. FTC Staff Report. Federal Trade Commission, January 2015
Internet of Things - status and implications of an increasingly connected world. Report to congressional requesters, United States Government Accountability Office Center for Science, Technology, and Engineering, May 2017
Information technology - security techniques - information security management systems - overview and vocabulary. International Standard ISO/IEC 27000:2018. International Organization for Standardization (2018)
Boeckl, K., et al.: Considerations for managing Internet of Things (IoT) cybersecurity and privacy risks. Draft NISTIR 8228. National Institute of Standards and Technology (NIST) (2018)
Cadwalladr, C., Graham-Harrison, E.: Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach. The Guardian, March 2018
Cohen, J.E.: Configuring the networked self: law, code, and the play of everyday practice. Yale University Press (2012)
Danezis, G., Lewis, S., Anderson, R.: How much is location privacy worth? In: Proceedings of the Workshop on the Economics of Information Security Series (WEIS) (2005)
de Montjoye, Y.-A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Reports 3(1376) (2013)
Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. J. Privacy Confidentiality 7(3), 17–51 (2017)
Dwork, C., Naor, M.: On the difficulties of disclosure prevention in statistical databases or the case for differential privacy. J. Privacy Confidentiality 2(1) (2010)
Lu, H., Li, Y., Vaidya, J., Atluri, V.: An efficient online auditing approach to limit private data disclosure. In: 12th International Conference on Extending Database Technology (EDBT). Research Collection School Of Information Systems (2009)
Mittelstadt, B.: From individual to group privacy in big data analytics. Philos. Technol. 30, 475–494 (2017)
Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, Washington, DC, pp. 111–125. IEEE Computer Society (2008)
Renaud, K., Galvez-Cruz, D.: Privacy: aspects, definitions and a multi-faceted privacy preservation approach. In: Proceedings of the 2010 Information Security for South Africa Conference, ISSA 2010, pp. 1–8, September 2010
Solove, D.J.: Privacy self-management and the consent dilemma. Harvard Law Rev. 126(7) (2013)
Su, J., Shukla, A., Goel, S., Narayanan, A.: De-anonymizing web browsing data with social networks. In: Proceedings of the 26th International Conference on World Wide Web, WWW 2017, pp. 1261–1269. Republic and Canton of Geneva, Switzerland. International World Wide Web Conferences Steering Committee (2017)
Tan, J., Sharif, M., Bhagavatula, S., Beckerle, M., Mazurek, M., Bauer, L.: Comparing hypothetical and realistic privacy valuations, pp. 168–182, October 2018
Vinocur, N.: How one country blocks the world on data privacy. Politico, 24 April 2019
Warren, S.D., Brandeis, L.D.: The right to privacy. Harvard Law Rev. 4(5), 193–220 (1890)
Zhou, B., Pei, J., Luk, W.S.: A brief survey on anonymization techniques for privacy preserving publishing of social network data. SIGKDD Explor. Newsl. 10(2), 12–22 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Danciu, V. (2019). Individual Privacy Supporting Organisational Security. In: Dang, T., Küng, J., Takizawa, M., Bui, S. (eds) Future Data and Security Engineering. FDSE 2019. Lecture Notes in Computer Science(), vol 11814. Springer, Cham. https://doi.org/10.1007/978-3-030-35653-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-35653-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-35652-1
Online ISBN: 978-3-030-35653-8
eBook Packages: Computer ScienceComputer Science (R0)