Table Of ContentDIGITAL
PRIVACY
OTHER INFORMATION SECURITY BOOKS FROM AUERBACH
802.1X Port-Based Authentication Information Security Cost Management
Edwin Lyle Brown Ioana V. Bazavan and Ian Lim
ISBN: 1-4200-4464-8 ISBN: 0-8493-9275-6
Audit and Trace Log Management: Information Security Fundamentals
Consolidation and Analysis Thomas R. Peltier, Justin Peltier, and John A. Blackley
Phillip Q. Maier ISBN: 0-8493-1957-9
ISBN: 0-8493-2725-3
Information Security Management Handbook,
The CISO Handbook: A Practical Guide to Sixth Edition
Securing Your Company Harold F. Tipton and Micki Krause
Michael Gentile, Ron Collette and Thomas D. August ISBN: 0-8493-7495-2
ISBN: 0-8493-1952-8
Information Security Risk Analysis,
Complete Guide to Security and Privacy Second Edition
Metrics: Measuring Regulatory Compliance, Thomas R. Peltier
Operational Resilience, and ROI ISBN: 0-8493-3346-6
Debra S. Herrmann
ISBN: 0-8493-5402-1 Investigations in the Workplace
Eugene F. Ferraro
Crisis Management Planning and Execution ISBN: 0-8493-1648-0
Edward S. Devlin
ISBN: 0-8493-2244-8 IT Security Governance Guidebook with
Security Program Metrics on CD-ROM
Computer Forensics: Evidence Collection Fred Cohen
and Management ISBN: 0-8493-8435-4
Robert C. Newman
ISBN: 0-8493-0561-6 Managing an Information Security and Privacy
Awareness and Training Program
Curing the Patch Management Headache Rebecca Herold
Felicia M Nicastro ISBN: 0-8493-2963-9
ISBN: 0-8493-2854-3
Mechanics of User Identification and
Cyber Crime Investigator's Field Guide, Authentication: Fundamentals of Identity
Second Edition Management
Bruce Middleton Dobromir Todorov
ISBN: 0-8493-2768-7 ISBN: 1-4200-5219-5
Database and Applications Security: Integrating Practical Hacking Techniques and
Information Security and Data Management Countermeasures
Bhavani Thuraisingham Mark D. Spivey
ISBN: 0-8493-2224-3 ISBN: 0-8493-7057-4
Guide to Optimal Operational Risk and BASEL II Securing Converged IP Networks
Ioannis S. Akkizidis and Vivianne Bouchereau Tyson Macaulay
ISBN: 0-8493-3813-1 ISBN: 0-8493-7580-0
How to Achieve 27001 Certification: An The Security Risk Assessment Handbook:
Example of Applied Compliance Management A Complete Guide for Performing Security
Sigurjon Thor Arnason and Keith D. Willett Risk Assessments
ISBN: 0-8493-3648-1 Douglas J. Landoll
ISBN: 0-8493-2998-1
Information Security: Design, Implementation,
Measurement, and Compliance Testing Code Security
Timothy P. Layton Maura A. van der Linden
ISBN: 0-8493-7087-6 ISBN: 0-8493-9251-9
Information Security Architecture: An Wireless Crime and Forensic Investigation
Integrated Approach to Security in the Gregory Kipper
Organization, Second Edition ISBN: 0-8493-3188-9
Jan Killmeyer
ISBN: 0-8493-1549-2
AUERBACH PUBLICATIONS
www.auerbach-publications.com
To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401
E-mail: orders@crcpress.com
DIGITAL
PRIVACY
Theory, Technologies, and Practices
Edited by
(cid:33)(cid:76)(cid:69)(cid:83)(cid:83)(cid:65)(cid:78)(cid:68)(cid:82)(cid:79)(cid:0)(cid:33)(cid:67)(cid:81)(cid:85)(cid:73)(cid:83)(cid:84)(cid:73)(cid:0)(cid:115)(cid:0)(cid:51)(cid:84)(cid:69)(cid:70)(cid:65)(cid:78)(cid:79)(cid:83)(cid:0)(cid:39)(cid:82)(cid:73)(cid:84)(cid:90)(cid:65)(cid:76)(cid:73)(cid:83)
(cid:35)(cid:79)(cid:83)(cid:84)(cid:65)(cid:83)(cid:0)(cid:44)(cid:65)(cid:77)(cid:66)(cid:82)(cid:73)(cid:78)(cid:79)(cid:85)(cid:68)(cid:65)(cid:75)(cid:73)(cid:83)(cid:0)(cid:0)(cid:115)(cid:0)(cid:51)(cid:65)(cid:66)(cid:82)(cid:73)(cid:78)(cid:65)(cid:0)(cid:36)(cid:69)(cid:0)(cid:35)(cid:65)(cid:80)(cid:73)(cid:84)(cid:65)(cid:78)(cid:73)(cid:0)(cid:68)(cid:73)(cid:0)(cid:54)(cid:73)(cid:77)(cid:69)(cid:82)(cid:67)(cid:65)(cid:84)(cid:73)
New York London
Auerbach Publications
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742
© 2008 by Taylor & Francis Group, LLC
Auerbach is an imprint of Taylor & Francis Group, an Informa business
No claim to original U.S. Government works
Printed in the United States of America on acid-free paper
10 9 8 7 6 5 4 3 2 1
International Standard Book Number-13: 978-1-4200-5217-6 (Hardcover)
This book contains information obtained from authentic and highly regarded sources. Reprinted
material is quoted with permission, and sources are indicated. A wide variety of references are
listed. Reasonable efforts have been made to publish reliable data and information, but the author
and the publisher cannot assume responsibility for the validity of all materials or for the conse-
quences of their use.
Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced,
transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or
hereafter invented, including photocopying, microfilming, and recording, or in any information
storage or retrieval system, without written permission from the publishers.
For permission to photocopy or use material electronically from this work, please access www.
copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC)
222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that
provides licenses and registration for a variety of users. For organizations that have been granted a
photocopy license by the CCC, a separate system of payment has been arranged.
Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and
are used only for identification and explanation without intent to infringe.
Visit the Taylor & Francis Web site at
http://www.taylorandfrancis.com
and the Auerbach Web site at
http://www.auerbach-publications.com
P1:Binod
November17,2007 10:15 AU5217 AU5217˙C000
Contents
Preface............................................................ix
Acknowledgments..............................................xiii
AbouttheEditors................................................xv
Contributors....................................................xix
PART I: THE PRIVACY SPACE
1 Privacy-EnhancingTechnologiesfortheInternetIII:
TenYearsLater.................................................3
IanGoldberg
2 CommunicationPrivacy......................................19
AndreasPfitzmann,AndreasJuschka,Anne-KatrinStange,
SandraSteinbrecher,andStefanKo¨psell
3 Privacy-PreservingCryptographicProtocols.................47
MikhailJ.AtallahandKeithB.Frikken
PART II: PRIVACY ATTACKS
4 ByzantineAttacksonAnonymitySystems....................73
NikitaBorisov,GeorgeDanezis,andParisaTabriz
5 IntroducingTrafficAnalysis..................................95
GeorgeDanezisandRichardClayton
v
P1:Binod
November17,2007 10:15 AU5217 AU5217˙C000
vi (cid:1) Contents
6 Privacy,Profiling,TargetedMarketing,andDataMining...117
JaideepVaidyaandVijayAtluri
PART III: PRIVACY-ENHANCING TECHNOLOGIES
7 EnterprisePrivacyPoliciesandLanguages..................135
MichaelBackesandMarkusDu¨rmuth
8 UncircumventableEnforcementofPrivacyPolicies
viaCryptographicObfuscation..............................155
ArvindNarayananandVitalyShmatikov
9 PrivacyProtectionwithUncertainty
andIndistinguishability......................................173
X.SeanWangandSushilJajodia
10 Privacy-PreservationTechniquesinDataMining...........187
ChunhuaSu,JianyingZhou,FengBao,GuilinWang,
andKouichiSakurai
PART IV: USER PRIVACY
11 HCIDesignsforPrivacy-EnhancingIdentity
Management ................................................. 229
SimoneFischer-Hu¨bner,JohnSo¨renPettersson,
MikeBergmann,MaritHansen,SianiPearson,
andMarcoCasassaMont
12 PrivacyPerceptionsamongMembers
ofOnlineCommunities......................................253
MariaKarydaandSpyrosKokolakis
13 PerceivedControl:ScalesforPrivacy
inUbiquitousComputing....................................267
SarahSpiekermann
PART V: PRIVACY IN UBIQUITOUS COMPUTING
14 RFID:TechnologicalIssuesandPrivacyConcerns..........285
PabloNajeraandJavierLopez
15 Privacy-EnhancedLocationServicesInformation...........307
ClaudioA.Ardagna,MarcoCremonini,
ErnestoDamiani,SabrinaDeCapitanidiVimercati,
andPierangelaSamarati
P1:Binod
November17,2007 10:15 AU5217 AU5217˙C000
Contents (cid:1) vii
16 BeyondConsent:PrivacyinUbiquitous
Computing(Ubicomp).......................................327
JeanCampandKayConnelly
PART VI: THE ECONOMICS OF PRIVACY
17 ARiskModelforPrivacyInsurance.........................347
AthanassiosN.Yannacopoulos,SokratisKatsikas,
CostasLambrinoudakis,StefanosGritzalis,
andSteliosZ.Xanthopoulos
18 WhatCanBehavioralEconomicsTeach
UsaboutPrivacy?............................................363
AlessandroAcquistiandJensGrossklags
PART VII: PRIVACY AND POLICY
19 PrivacyofOutsourcedData..................................381
SabrinaDeCapitanidiVimercati,SaraForesti,
StefanoParaboschi,andPierangelaSamarati
20 CommunicationsDataRetention:APandora’sBox
forRightsandLiberties?.....................................409
LilianMitrou
21 SurveillanceofEmergentAssociations:Freedom
ofAssociationinaNetworkSociety.........................435
KatherineJ.Strandburg
Index..............................................................459
P1:Binod
November17,2007 10:15 AU5217 AU5217˙C000
P1:Binod
November17,2007 10:15 AU5217 AU5217˙C000
Preface
Privacy Issues in the Digital Era
Privacy as a social and legal issue has been a concern of social scientists,
philosophers, and lawyers for a long time. Back in 1890, two American
lawyers, S. Warren and L. Brandeis, defined privacy as the right of an in-
dividual to be alone, and it has been recognized as a fundamental human
right by the United Nations Declaration of Human Rights, the International
Convenant on Civil and Political Rights, the Charter of Fundamental Rights
of the European Union, and many other international treaties. Therefore,
in democratic societies the protection of privacy is a crucial issue.
Meanwhile, the intensive development of information and communi-
cation technologies has resulted in numerous new electronic services that
aim to improve people’s lives by allowing them to communicate and ex-
change data through the Internet, advertise their ideas through the World
Wide Web, and purchase goods and services. To a large extent, the raw
material for most of these electronic services is the personal data of indi-
viduals. Alongside the benefits for the people, these developments have
introduced new risks such as identity theft, discriminatory profiling, con-
tinuous surveillance, and fraud. According to recent surveys, privacy and
(especially) anonymity, are the fundamental issues of concern for most In-
ternet users, ranked higher than issues like ease-of-use, spam-mail, cost,
and security. In view of the above, the OECD Declaration on the Protec-
tion of Privacy on Global Networks (for developing a culture of privacy in
the Global Village) is especially well timed.
In this volume, privacy is considered as the indefeasible right of an
individual to control the ways in which personal information is obtained,
processed, distributed, shared, and used by any other entity.
ix
