multilateral privacy requirements analysis in online ...sguerses/slides/s... · xss attacks...
TRANSCRIPT
![Page 1: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/1.jpg)
Multilateral Privacy Requirements Analysis in Online Social Networks
Seda GürsesCOSIC, K.U. Leuven18. February, 2011
CRIDUniversity of Namur, Belgium
1
![Page 2: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/2.jpg)
2
SPIONsecurity and privacy in online social networks
K.U. Leuven (COSIC, DistriNet, ICRI, HMDB), Vrije Universiteit Brussel (SMIT), University of Ghent (Onderwijskunde), Carnegie Melon
University (Heinz College)responsibilizationaccountability
x close this advertisement
2
![Page 3: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/3.jpg)
3
SPIONsecurity and privacy in online social networks
trust, reputation and access controlidentity management
legal frameworksanonymous communication
feedback and awareness systemsbehavioral aspects
x close this advertisement
http://www.cosic.esat.kuleuven.be/spion
3
![Page 4: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/4.jpg)
outline
- introduction to privacy requirements
- stakeholder analysis: service provider
- SNS access control design
- feedback and awareness systems
4
4
![Page 5: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/5.jpg)
privacy?
- what is privacy?
- what are privacy requirements?
- in security engineering: confidentiality
5
5
![Page 6: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/6.jpg)
online social networks (SNS)
6
6
![Page 7: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/7.jpg)
online social networks
7
7
![Page 8: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/8.jpg)
8
2004
Facebook created
1m
8
![Page 9: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/9.jpg)
9
2004 2005
Facebook in
HighschoolsFacebook
friends
friends of friends
all facebook users
the entire Internet
1m 5m
9
![Page 10: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/10.jpg)
10
2004 2006
Highschools
2005
Facebook available to the
PUBLIC(pg13)
1m 5m 12m
10
![Page 11: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/11.jpg)
11
2004 2006
Highschools
2005
Facebook available to the
PUBLIC(pg13)
xss attacks
1m 5m 12m
11
![Page 12: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/12.jpg)
12
2004 2006
Highschools
2005
Facebook available to the
PUBLIC(pg13)
xss attacks
newsfeed
1m 5m 12m
12
![Page 13: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/13.jpg)
13
2004 2006
Highschools
2005
Facebook available to the
PUBLIC(pg13)
newsfeedprotests740.000
xss attacks
1m 5m 12m
13
![Page 14: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/14.jpg)
14
2004
20072005
PUBLIC
2006
Facebook API
Highschoolsxss attacks
protests740.000newsfeed
1m 5m 12m50m
14
![Page 15: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/15.jpg)
15
2004
20072005
PUBLIC
2006
Facebook APIMobile
Highschoolsxss attacks
protests740.000newsfeed
1m 5m 12m50m
15
![Page 16: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/16.jpg)
16
2004
20072005
PUBLIC
2006
Facebook APIMobileBEACON
Highschoolsxss attacks
protests740.000newsfeed
1m 5m 12m50m
16
![Page 17: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/17.jpg)
17
2004
20072005
PUBLIC
2006
Facebook APIMobileBEACON
protests50.000 in
3 days
Highschoolsxss attacks
protests740.000newsfeed
1m 5m 12m50m
17
![Page 18: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/18.jpg)
18
2004
20072005
PUBLIC
2006
Facebook APIMobileBEACON
protests50.000 in
3 days
bans
Highschoolsxss attacks
protests740.000newsfeed
1m 5m 12m50m
18
![Page 19: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/19.jpg)
19
2004
20072005
PUBLIC
2006
Facebook APIMobileBEACON
protests50.000 in
3 days
bansbreastfeeding
Highschoolsxss attacks
protests740.000newsfeed
1m 5m 12m50m
19
![Page 20: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/20.jpg)
20
2004
20072005
PUBLIC
2006
Facebook APIMobileBEACON
protests50.000 in
3 days
memorilization
bans
Highschoolsxss attacks
protests740.000newsfeed
1m 5m 12m50m
breastfeeding
20
![Page 21: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/21.jpg)
21
2004
20082005
PUBLIC
2006
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2007
Canadian Privacy Commissioner
Highschoolsxss attacks
protests740.000newsfeed
1m 5m 12m50m
100m
21
![Page 22: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/22.jpg)
22
2004
20082005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEEDpopularity algorithm
Highschoolsxss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
1m 5m 12m50m
100m
22
![Page 23: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/23.jpg)
23
2004
20082005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEEDpopularity algorithmprotests
1.600.000
Highschoolsxss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
1m 5m 12m50m
100m
23
![Page 24: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/24.jpg)
24
2004
20092005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullyingunlimited license to user content
1m 5m 12m50m
100m 350m
24
![Page 25: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/25.jpg)
25
2004
20092005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullyingunlimited license to user content
protests
1m 5m 12m50m
100m 350m
25
![Page 26: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/26.jpg)
26
2004
20092005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullyingunlimited license to user content
user votingprotests
1m 5m 12m50m
100m 350m
26
![Page 27: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/27.jpg)
27
2004
20092005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullyingunlimited license to user content
user votingprotests
friends lists
1m 5m 12m50m
100m 350m
27
![Page 28: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/28.jpg)
28
2004
20092005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullyingunlimited license to user content
user votingprotests
friends lists
Canadian Privacy
Commissioner
1m 5m 12m50m
100m 350m
28
![Page 29: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/29.jpg)
29
2004
20092005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullyingunlimited license to user content
user votingprotests
friends listsCanadian Privacy
Commissioner
1m 5m 12m50m
100m 350m
29
![Page 30: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/30.jpg)
30
2004
20102005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullying
unlimited license to
user content
user voting
protests
friends lists
2009
facebookgoogle
1m 5m 12m50m
100m 350m 400m
30
![Page 31: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/31.jpg)
31
2004
2005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullying
unlimited license to
user content
user voting
protests
friends lists
2009
facebookgoogle
CONNECTIONS
1m 5m 12m50m
100m 350m
2010
400m
31
![Page 32: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/32.jpg)
32
2004
2005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullying
unlimited license to
user content
user voting
protests
friends lists
2009
facebookgoogle
CONNECTIONSchat leak
1m 5m 12m50m
100m
2010
400m
32
![Page 33: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/33.jpg)
33
2004
2005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullying
unlimited license to
user content
user voting
protests
friends lists
2009
facebookgoogle
CONNECTIONS
chat leak
NOYB
FACECLOAK
SCRAMBLE
1m 5m 12m50m
100m
2010
400m
33
![Page 34: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/34.jpg)
34
2004
2005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullying
unlimited license to
user content
user voting
protests
friends lists
2009
facebookgoogle
CONNECTIONS
chat leak
NOYBFACECLOAK
SCRAMBLE
1m 5m 12m50m
100m
2010
400m
34
![Page 35: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/35.jpg)
35
2004
2005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullying
unlimited license to
user content
user voting
protests
friends lists
2009
facebookgoogle
CONNECTIONS
chat leak
NOYBFACECLOAK
SCRAMBLE
1m 5m 12m50m
100m
2010
400m
35
![Page 36: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/36.jpg)
36
2004
2005
PUBLIC
2006 2007
Canadian Privacy Commissioner
LIVE FEED
protests1.600.000Highschools
xss attacks
protests740.000newsfeed
Facebook APIMobile
BEACON
protests50.000 in 3 days
bans
2008
cyberbullying
unlimited license to
user content
user voting
protests
friends lists
2009
facebookgoogle
CONNECTIONS
chat leak
NOYBFACECLOAK
SCRAMBLE
1m 5m 12m50m
100m
2010
500m
NHSreveals data to
Discriminatory Behavioral Profiling
User IDs revealed to
Third Parties
Homeland Security friends Aliens
36
![Page 37: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/37.jpg)
- all of these are (somehow) about privacy and the design of the system
- how do we deal with these issues when developing systems?
- specifically: during requirements engineering
37
37
![Page 38: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/38.jpg)
multilateral privacy requirements engineering
- reconcile:
- privacy notions (legal & surveillance studies)
- privacy solutions (computer science)
- in a social context (online SNS)
- multilaterally
- during requirements engineering
38
38
![Page 39: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/39.jpg)
privacy requirements definition
39
lack of universality
lack of satisfiability
subjectivity
legal compliance
contrivability
environmental factors
counter - factuality
temporality
agonism
negotiability
39
![Page 40: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/40.jpg)
multilateral privacy requirements engineering
- reconcile:
- privacy notions (legal & surveillance studies)
- privacy solutions (computer science)
- in a social context (online SNS)
- multilaterally
- during requirements engineering
40
40
![Page 41: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/41.jpg)
solutions from privacy research
41
data confidentiality anonymous
communications
PPDM/PPDP
IDMS
Differential Privacy
Privacy Policy Languages
Feedback and Awareness
Systems
41
![Page 42: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/42.jpg)
privacy research paradigms
42
privacy as
confidentiality
the right to be let alone. Warren & Brandeis (1890)
hiding information and identity
42
![Page 43: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/43.jpg)
privacy research paradigms
43
privacy as
confidentiality
the right to be let alone. Warren & Brandeis (1890)
hiding information and identity
privacy as control
separation of identities, data protection principles
right of the individual to decide what information about himself should be communicated to others and under what circumstances. (Westin 1970)
43
![Page 44: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/44.jpg)
privacy research paradigms
44
privacy as
confidentiality
the right to be let alone. Warren & Brandeis (1890)
hiding information and identity
privacy as control
separation of identities, data protection principles
right of the individual to decide what information about himself should be communicated to others and under what circumstances. (Westin 1970)
privacy as practice
the freedom from unreasonable constraints on the construction of
one’s own identity (Agre, 1999)transparency and feedback
44
![Page 45: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/45.jpg)
privacy research paradigms
45
privacy as
confidentiality
hiding information and identity
privacy as control
separation of identities, data protection principlesprivacy
as practice
transparency and feedback
45
![Page 46: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/46.jpg)
multilateral privacy requirements engineering
- reconcile:
- privacy notions (legal & surveillance studies)
- privacy solutions (computer science)
- in a social context (online SNS)
- multilaterally
- during requirements engineering
46
46
![Page 47: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/47.jpg)
case study
47
Social Network Services
web-based systems
communication oriented
wide audience
many stakeholders
short development
cycles
global privacy concernsproprietary
systems47
![Page 48: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/48.jpg)
multilateral privacy requirements engineering
- reconcile:
- privacy notions (legal & surveillance studies)
- privacy solutions (computer science)
- in a social context (online SNS)
- multilaterally
- during requirements engineering
48
48
![Page 49: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/49.jpg)
49
multilaterality
users
SNS providers
DP authorities
user groups
49
![Page 50: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/50.jpg)
SNS providers
50
stakeholder artifacts
privacy policy
legally binding
socially constructed
defining roles & responsibilities
actively and collectively produced
exchanged & consumed
govern usage
50
![Page 51: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/51.jpg)
method
51
template analysisanalyze textual data
codes to construct template
relationships between themes
51
![Page 52: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/52.jpg)
SNS and TPA providers of interest
52
orkut myspace
playfish
zynga
52
![Page 53: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/53.jpg)
overview of findings
- two coders
- total 68 codes in SNS PP, 43 in TPA PP
- 5 main themes (privacy concerns)
- personal information, data protection and policy definition
- user control of information
- user interactions and information
- advertisement and third parties
- internet safety, minors and underage users53
53
![Page 54: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/54.jpg)
overview of findings
- two coders
- total 68 codes in SNS PP, 43 in TPA PP
- 5 main themes (privacy concerns)
- personal information, data protection and policy definition
- user control of information
- user interactions and information
- advertisement and third parties
- internet safety, minors and underage users54
54
![Page 55: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/55.jpg)
55
privacy data protection
non-absolute
relational
contextual
opacity of the individual
procedural safeguards
accountability
transparency
55
![Page 56: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/56.jpg)
privacy policy definition
56
PP
SNS Provideruser
data(user)
56
![Page 57: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/57.jpg)
privacy policy definition
57
PP
SNS Provideruser
data(user)
TP1
TP2
TP3
TP4data(user)
data(user)
57
![Page 58: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/58.jpg)
privacy policy definition
58
PP
SNS ProviderUser1
data(user1)
TP1
TP2
TP3
TP4
User2
User3 data(user1)
data(user1)
data(user1)
data(user1)
58
![Page 59: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/59.jpg)
privacy policy definition
59
PP
SNS ProviderUser1
data(user1)
TP1
TP2
TP3
TP4
User2
User3 data(user1)
data(user1)
data(user1)
data(user1)
59
![Page 60: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/60.jpg)
privacy policy definition
60
PP
SNS ProviderUser1
data(user1)
TP1
TP2
TP3
TP4
User2
User3 data(user1)
data(user1)
data(user1)
data(user1)
TP5
TP6
TP7
60
![Page 61: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/61.jpg)
privacy policy definition
61
PP
SNS ProviderUser1
data(user1)
TP1
TP2
TP3
TP4
User2
User3 data(user1)
data(user1)
data(user1)
data(user1)
TP5
TP6
TP7
t0 t∞61
![Page 62: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/62.jpg)
privacy is control over your personal information
62
personal informationin SNS
PII (USA)
personal information
(EU)(information theoretical/statistical)anonymity
62
![Page 63: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/63.jpg)
privacy as control
63
PP
SNS ProviderUser1
data(user1)
TP1
TP2
TP3
TP4
User2
User3 data(user1)
data(user1)
data(user1)
data(user1)
TP5
TP6
TP7
63
![Page 64: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/64.jpg)
privacy as control
64
PP
SNS ProviderUser1
data(user1)
TP1
TP2
TP3
TP4
User2
User3 data(user1)
data(user1)
data(user1)
data(user1)
64
![Page 65: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/65.jpg)
privacy as control
65
PP
SNS ProviderUser1
data(user1)
TP1
TP2
TP3
TP4
data(user1)
data(user1)
65
![Page 66: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/66.jpg)
privacy as control
66
PP
SNS ProviderUser1
data(user1)
66
![Page 67: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/67.jpg)
privacy as control
67
PP
SNS ProviderUser1
content uploaded by
user
traffic data
67
![Page 68: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/68.jpg)
SNS design
68
Relational Information
(RI)
Transitive Access Control
(TAC)
68
![Page 69: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/69.jpg)
69
Relational Information
(RI)
information on SNS that is controlled by or related to many
69
![Page 70: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/70.jpg)
70
P Rel Q
R
Controllers = {P,Q,R}
Relational Information
70
![Page 71: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/71.jpg)
71
Transitive Access Control
(TAC)
topology based access control where profiles in vicinity co-determine access
71
![Page 72: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/72.jpg)
72
alice’s friends of friends can access her information
Transitive Access Control
72
![Page 73: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/73.jpg)
73
alice’s friends of friends can access her information
Transitive Access Control
73
![Page 74: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/74.jpg)
74
alice’s friends of friends can access her information
Transitive Access Control
74
![Page 75: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/75.jpg)
privacy policy definition
75
PP
SNS ProviderUser1
content uploaded by
user
traffic data
RI
TAC
user attributes
75
![Page 76: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/76.jpg)
user control?
76
PP
SNS ProviderUser1
data(user1)
TP1
TP2
TP3
TP4
User2
User3 data(user1)
data(user1)
data(user1)
data(user1)
TP5
TP6
TP7
u
76
![Page 77: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/77.jpg)
conclusions
- privacy concerns of SP:
- data protection compliance
- frame privacy as control (min. set of data)
- increase trust in providers
- paradox:
- sharing = collaborative (design supported) practice
- privacy = individual responsibility and control of information
77
77
![Page 78: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/78.jpg)
compliance?
- DP success: (semi) transparency of data collection, processing and distribution practices
- DP fail: interpreted to the advantage of the service providers
- responsibilize the users
- false perception of control
- minimize accountability and transparency
- push responsibility to third parties (vice versa)78
78
![Page 79: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/79.jpg)
personal data?- Definition of Personal Data does not address
- collaborative/relational information
- does not fit a matrix of personal data
- statistical inference
- surveillance: control populations by categorizing individuals and practicing social sorting (identification not necessary)
- no protection of anonymous data
- anonymous communications
- anonymized datasets
- consent -> identification -> increased surveillance -> endanger anonymity
79
79
![Page 80: Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days](https://reader034.vdocument.in/reader034/viewer/2022050305/5f6dd9325c41fe7a6d208960/html5/thumbnails/80.jpg)
future improvements- expand definition of personal information on SNS
- beware of relational information
- increase scope of “control”
- include traffic data, data from third parties, cookie use
- enable sharing of data that bypasses the SP
- beware: facebook has censored proponents of this vision
- avoid privacy policy jungle
- accountability and transparency
- better security and (transparent) access control
- demand collaborative privacy control
80
80