Requirements for private communications over public spheres
Information and Computer Security
ISSN: 2056-4961
Article publication date: 18 December 2019
Issue publication date: 3 April 2020
Abstract
Purpose
In the Web 2.0 era, users massively communicate through social networking services (SNS), often under false expectations that their communications and personal data are private. This paper aims to analyze privacy requirements of personal communications over a public medium.
Design/methodology/approach
This paper systematically analyzes SNS services as communication models and considers privacy as an attribute of users’ communication. A privacy threat analysis for each communication model is performed, based on misuse scenarios, to elicit privacy requirements per communication type.
Findings
This paper identifies all communication attributes and privacy threats and provides a comprehensive list of privacy requirements concerning all stakeholders: platform providers, users and third parties.
Originality/value
Elicitation of privacy requirements focuses on the protection of both the communication’s message and metadata and takes into account the public–private character of the medium (SNS platform). The paper proposes a model of SNS functionality as communication patterns, along with a method to analyze privacy threats. Moreover, a comprehensive set of privacy requirements for SNS designers, third parties and users involved in SNS is identified, including voluntary sharing of personal data, the role of the SNS platforms and the various types of communications instantiating in SNS.
Keywords
Citation
Vemou, K. and Karyda, M. (2020), "Requirements for private communications over public spheres", Information and Computer Security, Vol. 28 No. 1, pp. 68-96. https://doi.org/10.1108/ICS-01-2019-0002
Publisher
:Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited