Abstract
Online social networks (OLSNs) are electronically-based social milieux where individuals gather virtually to socialize. The behavior and characteristics of these networks can provide evidence relevant for detecting and prosecuting policy violations, crimes, terrorist activities, subversive political movements, etc. Some existing methods and tools in the fields of business analytics and digital forensics are useful for such investigations. While the privacy rights of individuals are widely respected, the privacy rights of social groups are less well developed. In the current development of OLSNs and information technologies, the compromise of group privacy may lead to the violation of individual privacy. Adopting an explorative literature review, we examine the privacy kill chain that compromises group privacy as a means to compromise individual privacy. The latter is regulated, while the former is not. We show how the kill chain makes the need for protecting group privacy important and feasible from the perspectives of social, legal, ethical, commercial, and technical perspectives. We propose a research agenda to help societies and organizations strike the proper balance between the benefits and costs of both OLSNs and investigative technologies.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Acar, A. S., & Polonsky, M. (2007). Online social networks and insights into marketing communications. Journal of Internet Commerce, 6(4), 55–72.
Adams, B. L., Malone, F. L., & James Jr., W. (1994). Ethical reasoning in confidentiality decisions. The CPA Journal, 64(7), 56–57.
Alvarez, R. M. (2016). Computational social science. Cambridge: Cambridge University Press.
Amiri, A. (2007). Dare to share: protecting sensitive knowledge with data sanitization. Decision Support Systems, 43(1), 181–191.
Ashworth, L., & Free, C. (2006). Marketing dataveillance and digital privacy: using theories of justice to understand consumers’ online privacy concerns. Journal of Business Ethics, 67(2), 107–123.
Audi, R. (2012). Virtue ethics as a resource in business. Business Ethics Quarterly, 22(2), 273–291.
Baskerville, R., & Dulipovici, A. (2006). The ethics of knowledge transfers and conversions: Property or privacy rights? In R. H. Sprague (Ed.), Proceedings of the 39th Hawaii international conference on system sciences (HICSS-39) (pp. 144–CD-ROM 141-149). Los Alamitos: IEEE Computer Society.
Baskerville, R., & Sainsbury, R. (2006). Distrusting online: Social deviance in virtual teamwork. In R. H. Sprague (Ed.), Proceedings of the 39th Hawaii international conference on system sciences (HICSS-39) (pp. 121–CD-ROM 121-129). Los Alamitos: IEEE Computer Society.
Baumer, D. L., Earp, J. B., & Poindexter, J. C. (2004). Internet privacy law: a comparison between the United States and the European Union. Computers & Security, 23(5), 400–412.
Belanger, F., & Xu, H. (2015). The role of information systems research in shaping the future of information privacy. Information Systems Journal, 25(6), 573–578.
Bloustein, E. (2002). Individual and group privacy. Pallone: Transaction Publishers.
Bonchi, F., Castillo, C., Gionis, A., & Jaimes, A. (2011). Social network analysis and mining for business applications. ACM Transactions on Intelligent Systems and Technology (TIST), 2(3), 22:21–22:37.
Borna, S., & Sharma, D. (2011). Considering privacy as a public good and its policy ramifications for business organizations. Business and Society Review, 116(3), 331–353.
Boyd, D. (2004). Friendster and publicly articulated social networking. New York: Association for Computing Machinery.
Boyd, D., & Ellison, N. (2007). Social network sites: definition, history, and scholarship. Journal of Computer-Mediated Communication, 13(1), 210–230.
Boyd, D. M., & Ellison, N. B. (2010). Social network sites: definition, history, and scholarship. IEEE Engineering Management Review, 38(3), 16–31.
Brooks, D. J., & Corkill, J. (2014). Corporate security and the stratum of security management. In Corporate security in the 21st century (pp. 216–234). Springer.
Brown, C. L. T. (2009). Computer evidence: Collection and preservation (2nd ed.). Newton: Charles River Media.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Understanding emergence and outcomes of information privacy concerns: A case of Facebook. In Proceedings of the 31st international conference on information systems (ICIS 2010) (pp. 12–15). St. Louis.
Bygrave, L. A. (2014). A right to be forgotten? Communications of the ACM, 58(1), 35–37. https://doi.org/10.1145/2688491.
Calluzzo, V. J., & Cante, C. J. (2004). Ethics in information technology and software use. Journal of Business Ethics, 51(3), 301–312.
Chaudhuri, S., Dayal, U., & Narasayya, V. (2011). An overview of business intelligence technology. Communications of the ACM, 54(8), 88–98.
Chen, H., Chiang, R. H., & Storey, V. C. (2012). Business intelligence and analytics: from big data to big impact. MIS Quarterly, 36(4), 1165–1188.
Cheng, J., Hoffman, J., LaMarche, T., Tavil, A., Yavad, A., & Kim, S. (2009). Forensics tools for social network security solutions. In Proceedings of student-faculty research day, CSIS (pp. A4.1–A4.8). Pace University.
Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: an integrated model based on social control and deterrence theory. Computers & Security, 39, 447–459.
Clemons, E. (2009). The complex problem of monetizing virtual electronic social networks. Decision Support Systems, 48(1), 46–56.
Cockburn, A. (2015). Kill chain: The rise of the high-tech assassins. New York: Henry Holt & Co..
Cocking, D., van den Hoven, J., & Timmermans, J. (2012). Introduction: one thousand friends. Ethics and Information Technology, 14(3), 179–184.
Court, D., Elzinga, D., Mulder, S., & Vetvik, O. J. (2009). The consumer decision journey. Seattle: McKinsey Quarterly.
Crisp, R. (2000). Aristotle: Nicomachean ethics. Cambridge: Cambridge University Press.
Culnan, M. J., & Williams, C. C. (2009). How ethics can enhance organizational privacy: lessons from the Choicepoint and TJX data breaches. MIS Quarterly, 33(4), 673–687.
Dinev, T. (2014). Why would we care about privacy? European Journal of Information Systems, 23(2), 97–102.
Dinev, T., & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17(1), 61–80.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless Communications and Mobile Computing, 13(18), 1587–1611.
Donaldson, T., & Werhane, P. (Eds.). (1999). Ethical issues in business: A philosophical approach. Upper Saddle River: Prentice Hall.
Dumsday, T. (2008). Group privacy and government surveillance of religious services. The Monist, 91(1), 170–186.
Dunn, B. J. (2010). Best Buy’s CEO on learning to love social media. Harvard Business Review, 88, 43–48.
Edelman, D. C. (2010). Branding in the digital age. Harvard Business Review, 88(12), 14–18.
Emerson, R. M. (1976). Social exchange theory. Annual Review of Sociology, 2, 335–362.
European Union (2000). The charter of fundamental rights of the European Union. http://www.europarl.eu.int/charter/default_en.htm. Accessed 12 June 2005.
Finke, R. A., Ward, T. B., & Smith, S. M. (1992). Creative cognition: Theory, research, and applications. Cambridge: MIT press.
Frijda, N. H. (1986). The emotions (Studies in emotion & social interaction). New York: Cambridge University Press.
Frijda, N. H., Kuipers, P., & ter Schure, E. (1989). Relations among emotion, appraisal, and emotional action readiness. Journal of Personality and Social Psychology, 57(2), 212–228.
Garfinkel, S. L. (2010). Digital forensics research: the next 10 years. Digital Investigation, 7, S64–S73.
Gerber, M., & Von Solms, R. (2008). Information security requirements–interpreting the legal aspects. Computers & Security, 27(5), 124–135.
Ghinita, G., Karras, P., Kalnis, P., & Mamoulis, N. (2007). Fast data anonymization with low information loss. In Proceedings of the 33rd international conference on very large data bases (pp. 758–769). VLDB Endowment.
Granovetter, M. (1983). The strength of weak ties: a network theory revisited. Sociological Theory, 1, 201–233.
Gross, R., Acquisti, A., & Heinz III, H. (2005). Information revelation and privacy in online social networks. In ACM workshop on privacy in the electronic society (pp. 71–80). New York: ACM.
Haggerty, J. (2009). Visual analytics of social networks for digital forensics. http://www.isaca.org.uk/northern/Docs/Manchester%20ISACA%20Jan%2009.ppt. Accessed 13 Dec 2009.
Haggerty, J., Taylor, M., & Gresty, D. (2008). Determining culpability in investigations of malicious e-mail dissemination within the organisation. Paper presented at the WDFIA '08 third international annual workshop on digital forensics and incident analysis, 9 October.
Himma, K. E., & Tavani, H. T. (Eds.). (2008). The handbook of information and computer ethics. Hoboken: Wiley.
Hofstede, G., & Hofstede, G. (1991). Cultures and organizations. New York: McGraw-Hill.
Hogan, B., & Quan-Haase, A. (2010). Persistence and change in social media. Bulletin of Science, Technology & Society, 30(5), 309–315.
Howard, B. (2008). Analyzing online social networks. Association for Computing Machinery, Communications of the ACM, 51(11), 14–16.
Hu, H., & Wang, X. (2009). Evolution of a large online social network. Physics Letters A, 373(12/13), 1105–1110.
Huber, M., Mulazzani, M., Leithner, M., Schrittwieser, S., Wondracek, G., & Weippl, E. (2011). Social snapshots: Digital forensics for online social networks. In Proceedings of the 27th annual computer security applications conference (pp. 113–122). ACM.
Hull, G., Lipford, H. R., & Latulipe, C. (2011). Contextual gaps: privacy issues on Facebook. Ethics and Information Technology, 13(4), 289–302. https://doi.org/10.1007/s10676-010-9224-8.
Hursthouse, R. (2007). Virtue theory (pp. 45–61). Oxford: Blackwell.
Hutchins, E., Cloppert, M., & Amin, R. (2011). Analysis of adversary campaigns and intrusion kill chains. In J. Ryan (Ed.), Leading issues in information warfare and security research (Vol. 1, pp. 80–106). Reading: Academic Publishing International.
Il-Horn, H., Kai-Lung, H. U. I., Sang-Yong Tom, L. E. E., & Png, I. P. L. (2007). Overcoming online information privacy concerns: an information-processing theory approach. Journal of Management Information Systems, 24(2), 13–42.
Inness, J. C. (1996). Privacy, intimacy, and isolation. USA: Oxford University Press.
Isik, O., Jones, M. C., & Sidorova, A. (2013). Business intelligence success: the roles of BI capabilities and decision environments. Information Management, 50(1), 13–23.
Kenneth McBride, N. (2014). ACTIVE ethics: an information systems ethics for the internet age. Journal of Information, Communication and Ethics in Society, 12(1), 21–44.
Kerr, J., & Teng, K. (2012). Cloud computing: legal and privacy issues. Journal of Legal Issues and Cases in Business, 1, 1–11.
Kleinberg, J. (2000). The small-world phenomenon: An algorithmic perspective. In Proceedings of the thirty-second annual ACM symposium on theory of computing (pp. 163–170). ACM.
Kleinberg, J., Papadimitriou, C., & Raghavan, P. (2003). Auditing boolean attributes. Journal of Computer and System Sciences, 66(1), 244–253.
Kumar, V., & Mirchandani, R. (2012). Winning with data: social media-increasing the ROI of social media marketing. MIT Sloan Management Review, 54(1), 55.
Laudon, K. C., & Traver, C. G. (2009). E-commerce: Business, technology, society (5th ed.). Upper Saddle River: Prentice Hall.
Li, H., Sarathy, R., & Xu, H. (2011). The role of affect and cognition on online consumers' decision to disclose personal information to unfamiliar online vendors. Decision Support Systems, 51(3), 434–445. https://doi.org/10.1016/j.dss.2011.01.017.
Li, Y., Chen, M., Li, Q., & Zhang, W. (2012). Enabling multilevel trust in privacy preserving data mining. IEEE Transactions on Knowledge and Data Engineering, 24(9), 1598–1612.
Li, J., Yan, H., Liu, Z., Chen, X., Huang, X., & Wong, D. S. (2017). Location-sharing systems with enhanced privacy in mobile online social networks. IEEE Systems Journal, 11(2), 439–448.
Lu, R., Zhu, H., Liu, X., Liu, J. K., & Shao, J. (2014). Toward efficient and privacy-preserving computing in big data era. IEEE Network, 28(4), 46–50.
Lusoli, W., & Compañó, R. (2010). From security versus privacy to identity: an emerging concept for policy design? Digital Policy, Regulation and Governance, 12(6), 80–94. https://doi.org/10.1108/14636691011086062.
Mason, R. O. (1986). Four ethical issues of the information age. MIS Quarterly, 10(1), 5–12.
McAfee, A., & Brynjolfsson, E. (2012). Big data: the management revolution. Harvard Business Review, 90(10), 60–69.
McKnight, A. (2012). Privacy rights left behind at the border: the exhaustive, exploratory searches effectuated in United States v. Cotterman. Brigham Young University Law Review, 2012(2), 591–606.
Merriam-Webster (2010). Forensics. Merriam-Webster Online Dictionary.
Milberg, S., Smith, H., & Burke, S. (2000). Information privacy: corporate management and national regulation. Organization Science, 11(1), 35–57.
Milgram, S. (1967). The small world problem. Psychology Today, 2(1), 60–67.
Mingers, J., & Walsham, G. (2010). Toward ethical information systems: the contribution of discourse ethics. MIS Quarterly, 34(4), 833–854.
Mishra, A. N., Anderson, C., Angst, C. M., & Agarwal, R. (2012). Electronic health records assimilation and physician identity evolution: an identity theory perspective. Information Systems Research, 23(3), 738–760,844,846.
Moor, J. H. (2005). Why we need better ethics for emerging technologies. Ethics and Information Technology, 7(3), 111–119.
Myers, M. D., & Miller, L. (1996). Ethical dilemmas in the use of information technology: an Aristotelian perspective. Ethics & Behavior, 6(2), 153–160.
Narayanan, A., & Shmatikov, V. (2009). De-anonymizing social networks. In 30th IEEE symposium on security and privacy (pp. 173–187). IEEE.
OECD (2013). OECD guidelines on the protection of privacy and transborder flows of personal data. http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm. Accessed 22 April 2018.
Park, C., Keil, M., & Kim, J. W. (2009). The effect of IT failure impact and personal morality on IT project reporting behavior. IEEE Transactions on Engineering Management, 56(1), 45–60.
Pegna, D. L. (2015). Big data sends cybersecurity back to the future. http://www.computerworld.com/article/2893656/the-future-of-cybersecurity-big-data-and-data-science.html.
Peng, G., & Woodlock, P. (2009). The impact of network and recency effects on the adoption of e-collaboration technologies in online communities. Electronic Markets, 19(4), 201–210.
Pojman, L. P., & Fieser, J. (2011). Ethics: Discovering right and wrong. CengageBrain.com.
Porter, M., & Kramer, M. R. (2006). Strategy and society: the link between competitive advantage and corporate social responsibility. Harvard Business Review, 84(12), 78–92.
Posey, C., Lowry, P. B., Roberts, T. L., & Ellis, T. S. (2010). Proposing the online community self-disclosure model: the case of working professionals in France and the U.K. who use online communities. European Journal of Information Systems, 19(2), 181–195. https://doi.org/10.1057/ejis.2010.15.
Posner, R. (1981). The economics of privacy. The American Economic Review, 71(2), 405–409.
Post, R. C. (1989). The social foundations of privacy: community and self in the common law tort. California Law Review, 77(5), 957–1010.
Rastogi, V., Hay, M., Miklau, G., & Suciu, D. (2009). Relationship privacy: Output perturbation for queries with joins. In Proceedings of the twenty-eighth ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems (pp. 107–116). ACM.
Regan, P. M. (1995). Legislating privacy: Technology, social values, and public policy. Chapel Hill: Univ of North Carolina Pr.
Rosenblum, D. (2007). What anyone can know: the privacy risks of social networking sites. IEEE Security and Privacy, 5(3), 40–49.
Sarathy, R., & Robertson, C. J. (2003). Strategic and ethical considerations in managing digital privacy. Journal of Business Ethics, 46(2), 111–126.
Shapiro, B., & Baker, C. R. (2001). Information technology and the social construction of information privacy. Journal of Accounting and Public Policy, 20(4,5), 295–322.
Silenzio, V. M. B., Duberstein, P. R., Tang, W., Lu, N., Tu, X., & Homan, C. M. (2009). Connecting the invisible dots: reaching lesbian, gay, and bisexual adolescents and young adults at risk for suicide through online social networks. Social Science & Medicine, 69(3), 469–474.
Smith, H. J. (1994). Managing privacy: Information technology and corporate america. Chapel Hill: University of North Carolina Press.
Stigler, G. (1980). An introduction to privacy in economics and politics. The Journal of Legal Studies, 9(4), 623–644.
Suchman, M. C. (1995). Managing legitimacy: strategic and institutional approaches. Academy of Management Review, 20(3), 571–610.
Tavani, H. T. (2007). Ethics and technology: Ethical issues in an age of information and communication technology. Hoboken: Wiley.
Taylor, L. (2017). Safety in numbers? Group privacy and big data analytics in the developing world. In L. Taylor, L. Floridi, & B. van der Sloot (Eds.), Group privacy: New challenges of data technologies. Cham: Springer International.
Thomson, J. J. (1975). The right to privacy. Philosophy & Public Affairs, 4(4), 295–314.
Tow, W. N.-F. H., Dell, P., & Venable, J. (2010). Understanding information disclosure behaviour in Australian Facebook users. Journal of Information Technology, 25(2), 126–136. https://doi.org/10.1057/jit.2010.18.
United Nations (1948). Universal declaration of human rights. http://www.un.org/Overview/rights.html. Accessed 12 June 2005.
Vallor, S. (2012). Flourishing on facebook: virtue friendship & new social media. Ethics and Information Technology, 14(3), 185–199. https://doi.org/10.1007/s10676-010-9262-2.
van den Hoven, J., & Weckert, J. (Eds.). (2008). Information technology and moral philosophy. Cambridge: Cambridge University Press.
Volokh, E. (2000). Personalization and privacy. Association for Computing Machinery. Communications of the ACM, 43(8), 84–88.
Walsham, G. (1993). Ethical issues in information systems development: The analyst as moral agent. In Proceedings of the IFIP WG8. 2 working group on information systems development: human, social, and organizational aspects: human, organizational, and social dimensions of information systems development (pp. 281–294). North-Holland Publishing Co.
Walsham, G. (2006). Doing interpretive research. European Journal of Information Systems, 15(3), 320–330.
Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220.
Xu, H., Dinev, T., Smith, H. J., & Hart, P. (2008). Examining the formation of individual’s privacy concerns: Toward an integrative view. Paper presented at the proceedings of international conference on information systems (ICIS), Paris.
Yang, T.-H., Ku, C.-Y., & Liu, M.-N. (2016). An integrated system for information security management with the unified framework. Journal of Risk Research, 19(1), 21–41.
Young, K. (2009). Online social networking: an Australian perspective. International Journal of Emerging Technologies & Society, 7(1), 39–57.
Young, S., Dutta, D., & Dommety, G. (2009). Extrapolating psychological insights from Facebook profiles: a study of religion and relationship status. Cyberpsychology & Behavior, 12(3), 347–350.
Zainudin, N. M., Merabti, M., & Llewellyn-Jones, D. (2011). A digital forensic investigation model and tool for online social networks. In 12th annual postgraduate symposium on convergence of telecommunications, networking and broadcasting (PGNet 2011) (pp. 27–28). Liverpool.
Zimmer, M. (2010). “But the data is already public”: on the ethics of research in Facebook. Ethics and Information Technology, 12(4), 313–325. https://doi.org/10.1007/s10676-010-9227-5.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kim, J., Baskerville, R.L. & Ding, Y. Breaking the Privacy Kill Chain: Protecting Individual and Group Privacy Online. Inf Syst Front 22, 171–185 (2020). https://doi.org/10.1007/s10796-018-9856-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-018-9856-5