The role of privacy assurance mechanisms in building trust and the moderating role of privacy concern

Privacy policy statements and privacy assurance cues are among the most important website features that online providers use to increase individuals’ trust and willingness to disclose private information online. The focus of this study is a comprehensive examination of the process by which privacy assurance mechanisms influence trust and the moderating role of privacy concern in this process. We use the lens of the Elaboration Likelihood Model to investigate the way different individuals perceive and process privacy assurance mechanisms. We argue that the trust-enhancing role of these mechanisms depends on the individual’s privacy concern. The results of this study articulate the process by which various privacy assurance mechanisms operate in enhancing an individual’s trust, and show that there are distinct behavioral differences between individuals with high- vs low-privacy concern when forming their trust to disclose private information. The paper sheds new light on the role of elaboration in the trust building process, and shows why privacy assurance mechanisms have different impacts depending on individuals’ privacy concerns.     

Dynamic mix zone: location data sanitizing in assisted environments

Pervasive technology has been widely used in assistive environments and aware homes. The issue of how to preserve the privacy of patients being monitored has been attracting more public concerns. In assistive environments, location data of patients are collected through sensors for behavior patterns analysis, and they can also be shared among researchers for further research for early disease diagnosis. However, location information, even though de-identified, also introduces the risk of privacy leakage. A series of consecutive location samples can be considered as a trajectory of a single person, and this may leak private information if obtained by malicious users. This paper discusses this problem and proposes a location randomization algorithm to protect users’ location privacy. Two privacy metrics according to location privacy are defined and used to evaluate the proposed approach. A method using dynamic mix zones is proposed to confound trajectories of two or more persons.     

Avoiding privacy violations caused by context-sensitive services

The increasing availability of information about people’s context makes it possible to deploy context-sensitive services, where access to resources provided or managed by a service is limited depending on a person’s context. For example, a location-based service can require Alice to be at a particular location in order to let her use a printer or learn her friends’ location. However, constraining access to a resource based on confidential information about a person’s context can result in privacy violations. For instance, if access is constrained based on Bob’s location, granting or rejecting access will provide information about Bob’s location and can violate Bob’s privacy. We introduce an access-control algorithm that avoids privacy violations caused by context-sensitive services. Our algorithm exploits the concept of access-rights graphs, which represent all the information that needs to be collected in order to make a context-sensitive access decision. Moreover, we introduce hidden constraints, which keep some of this information secret and thus allow for more flexible access control. We present a distributed, certificate-based access-control architecture for context-sensitive services that avoids privacy violations, two sample implementations, and a performance evaluation.     

Reflections on privacy,identity and consent in on-line services

The paper gives an overview of the evolution of the laws protecting personal data privacy in the UK over the last 30 years. Against this background, the author considers: the compromises to personal data privacy brought about by the electronic age; individual motivations for using e-services and the balance of risks and benefits; the place of identity management in e-transactions; and, the ways that data guardianship can be improved by an understanding of the roles and responsibilities of those responsible for personal data in organisations, data handlers and individual citizens. The conclusions reached are that once personal data has been recorded electronically it persists and the divide between public and private space is blurred. Citizens should retain rights to personal data including the right to be asked for their consent before it is shared or linked for commercial or administrative purposes. This puts a particular duty on government to behave (and be perceived to behave) responsibly and transparently with regard to the collection, use and disposal of personal data so as to create trust and support democracy.     

Investigating information sharing behavior: the mediating roles of the desire to share information in virtual communities

Social networking sites are built and designed to provide online services and a platform for people to social interacts and exchange information. This study used the social capital theory as a foundation to explore the social interaction factors and individual factors such as shared value, community identification, and information privacy concerns, and examine the mediating role of the desire to give information between trust on websites/members and information sharing behaviour in the proposed model. This research sample consists of seven hundred and twenty-seven members who have used the Facebook fan page for at least 6 months. This study adopted structural equation modeling to test the research hypotheses. The results of this study show that shared value, community identification, and information privacy concern directly influence trust on websites and members. Trust on websites and members directly influenced the desire to get/give information. Desire to give information directly influences information sharing behaviour. The desire to give information plays important mediating roles between trust on websites/members and information sharing behaviour. Finally, we provide conclusions and managerial implications of the findings.     

Towards Pseudonymous e-Commerce

The lack of privacy is one of the main reasons that limits trust in e-commerce. Current e-commerce practice enforces a customer to disclose her identity to the e-shop and the use of credit cards makes it straightforward for an e-shop to know the real identity of its customers. Although there are some payment systems based on untraceable tokens, they are not as widely used as credit cards. Furthermore, even without buying anything, a customer is already disclosing some information about who or where she may be by just connecting to the e-shop's web server and leaving behind an IP-address. In this paper, we present novel components that enable secure pseudonymous e-commerce. On the one hand, these components allow a customer to browse through an e-shop, select goods, and pay the goods with her credit card such that neither the e-shop operator nor the credit card issuer nor an eavesdropper is able to get any information about the customer's identity. On the other hand, it is guaranteed that none of the involved parties is able to act dishonestly during the credit card payment. Such a system could greatly enhance trust in e-commerce since it overcomes the customers' privacy concerns.     

A carpool matching model with both social and route networks

Carpooling is an effective solution for traffic congestion. However, social obstructions (lack of trust) and cost obstructions (high commute cost) are still two major challenges for promoting carpool activities. In this paper, a social-route-network carpooling model (SRNC model) is proposed. The model combines commuters' social networks and commute route networks to provide optimization on both trust and cost in different carpooling teams. The trust optimization improves the social comfort between commuters by introducing the concept of degrees-of-separation and the user preference. The cost optimization reduces the total commute distance with integer programming model. Finally, both trust and cost are balanced in a unified model—the SRNC model. By using the Twitter social network and the Washington, D.C. road network, the SRNC model is evaluated. Results demonstrate a significantly improvement of the trust (around decuple) with a small loss in route cost (around 6.3%) as compared to a route-network-only carpooling model.     

Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments

This paper tackles a privacy breach in current location-based services (LBS) where mobile users have to report their exact location information to an LBS provider in order to obtain their desired services. For example, a user who wants to issue a query asking about her nearest gas station has to report her exact location to an LBS provider. However, many recent research efforts have indicated that revealing private location information to potentially untrusted LBS providers may lead to major privacy breaches. To preserve user location privacy, spatial cloaking is the most commonly used privacy-enhancing technique in LBS. The basic idea of the spatial cloaking technique is to blur a user’s exact location into a cloaked area that satisfies the user specified privacy requirements. Unfortunately, existing spatial cloaking algorithms designed for LBS rely on fixed communication infrastructure, e.g., base stations, and centralized/distributed servers. Thus, these algorithms cannot be applied to a mobile peer-to-peer (P2P) environment where mobile users can only communicate with other peers through P2P multi-hop routing without any support of fixed communication infrastructure or servers. In this paper, we propose a spatial cloaking algorithm for mobile P2P environments. As mobile P2P environments have many unique limitations, e.g., user mobility, limited transmission range, multi-hop communication, scarce communication resources, and network partitions, we propose three key features to enhance our algorithm: (1) An information sharing scheme enables mobile users to share their gathered peer location information to reduce communication overhead; (2) A historical location scheme allows mobile users to utilize stale peer location information to overcome the network partition problem; and (3) A cloaked area adjustment scheme guarantees that our spatial cloaking algorithm is free from a “center-of-cloaked-area” privacy attack. Experimental results show that our P2P spatial cloaking algorithm is scalable while guaranteeing the user’s location privacy protection.     

The interpersonal privacy identity (IPI): development of a privacy as control model

The Internet and social computing technology have revolutionized our ability to gather information as well as enabled new modes of communication and forms of self-expression. As the popularity of social computing technologies has increased, our society has begun to witness modifications in socialization behaviors. Social psychology theory suggests that technological changes can influence an individual’s expectation of privacy, through adaptive behaviors resulting from use (Laufer and Wolfe in J Soc Issues 33(3): 22–42 (1977)). We adapt traditional privacy theory to explore the influence of developmental and environmental factors on the individual’s inner privacy identity, which is comprised of the individual’s belief in his or her right to control (1) personal information and (2) interactions with others, and is continuously shaped by privacy experiences. We then use the inner privacy identity to examine interpersonal behaviors in the online context. We find that individuals’ belief in their right to control their information impacts their information disclosure practices when consequences are implied and that their belief in their right to control the interaction impacts their online information sharing practices. We do not find support for a relationship between the interaction management component of the IPI and online interaction behavior, which considered in the presence of the relationship between interaction management and online information sharing, suggests that interaction behavior is more complicated in the online context. Insights from the model developed in this study can inform future studies of situational privacy behaviors.     

Achieving privacy in trust negotiations with an ontology-based approach

The increasing use of Internet in a variety of distributed multiparty interactions and transactions with strong real-time requirements has pushed the search for solutions to the problem of attribute-based digital interactions. A promising solution today is represented by automated trust negotiation systems. Trust negotiation systems allow subjects in different security domains to securely exchange protected resources and services. These trust negotiation systems, however, by their nature, may represent a threat to privacy in that credentials, exchanged during negotiations, often contain sensitive personal information that may need to be selectively released. In this paper, we address the problem of preserving privacy in trust negotiations. We introduce the notion of privacy preserving disclosure, that is, a set that does not include attributes or credentials, or combinations of these, that may compromise privacy. To obtain privacy preserving disclosure sets, we propose two techniques based on the notions of substitution and generalization. We argue that formulating the trust negotiation requirements in terms of disclosure policies is often restrictive. To solve this problem, we show how trust negotiation requirements can be expressed as property-based policies that list the properties needed to obtain a given resource. To better address this issue, we introduce the notion of reference ontology, and formalize the notion of trust requirement. Additionally, we develop an approach to derive disclosure policies from trust requirements and formally state some semantics relationships (i.e., equivalence, stronger than) that may hold between policies. These relationships can be used by a credential requestor to reason about which disclosure policies he/she should use in a trust negotiation.     

预约机制下的共乘路径规划策略

现有的共乘路径算法只专注优化路径总权值而很少考虑到达时间准确性,针对这一现状提出一种预约机制下的共乘路径最优算法。采集乘客的预约搭乘信息,引入分类的概念对乘客信息进行团体分类,对团体内使用Bellman-Ford算法,团体间使用到达时间路径算法,得出了预约机制下的共乘路径最优算法CPPAO,使得该算法兼顾到达时间的准确和行驶代价的消耗。     

Time-optimal and privacy preserving route planning for carpool policy

To alleviate the traffic congestion caused by the sharp increase in the number of private cars and save commuting costs, taxi carpooling service has become the choice of many people. Current research on taxi carpooling services has focused on shortening the detour distances. While with the development of intelligent cities, efficiently match passengers and vehicles and planning routes become urgent. And the privacy between passengers in the taxi carpooling service also needs to be considered. In this paper, we propose a time-optimal and privacy-preserving carpool route planning system via deep reinforcement learning. This system uses the traffic information around the carpooling vehicle to optimize passengers’ travel time, not only to efficiently match passengers and vehicles but also to generate detailed route planning for carpooling vehicles. We conducted experiments on an Internet of Vehicles simulator CARLA, and the results demonstrate that our method is better than other advanced methods and has better performance in complex environments.

     

Magentix2: A privacy-enhancing Agent Platform

Agent Platforms are the software that supports the development and execution of Multi-agent Systems. There are many Agent Platforms developed by the agent community, but they hardly consider privacy. This leads to agent-based applications that invade users’ privacy. Privacy can be threatened by two main information activities: information collection and information processing. Information collection can be prevented using traditional security mechanisms. Information processing can be prevented by minimizing data identifiability, i.e., the degree by which personal information can be directly attributed to a particular individual. However, minimizing data identifiability may directly affect other crucial issues in Multi-agent Systems, such as accountability, trust, and reputation. In this paper, we present the support that the Magentix2 Agent Platform provides for preserving privacy. Specifically, it provides mechanisms to avoid information collection and information processing when they are not desired. Moreover, Magentix2 provides these mechanisms without compromising accountability, trust, and reputation. We also provide in this paper an application built on top of Magentix2 that exploits its support for preserving privacy. Finally, we provide an extensive evaluation of the support that Magentix2 provides for preserving privacy based on that application. We specifically test whether or not privacy loss can be minimized by using the support that Magentix2 provides, whether or not this support introduces a bearable performance overhead, and whether or not existing trust and reputation models can be implemented on top of Magentix2.     

Beyond concern—a privacy-trust-behavioral intention model of electronic commerce

Despite the recent economic downturn in the Internet and telecommunication sectors, electronic commerce (EC) will continue to grow and corporate Web sites will remain an important communication channel. However, legitimate concerns regarding privacy and trust remain potential obstacles to growth and important issues to both individuals and organizations. This study proposed and tested a theoretical model that considers an individual’s perceptions of privacy and how it relates to his or her behavioral intention to make an online transaction. An experiment that included over 200 subjects was conducted using two EC sites that differed only by the privacy dimensions of their notice, access, choice, and security. The results of this study suggested strong support for the model.     

Beyond concern: a privacy–trust–behavioral intention model of electronic commerce

Despite the recent economic downturn in the Internet and telecommunication sectors, electronic commerce (EC) will continue to grow and corporate Web sites will remain an important communication channel. However, legitimate concerns regarding privacy and trust remain potential obstacles to growth and important issues to both individuals and organizations. This study proposed and tested a theoretical model that considers an individual’s perceptions of privacy and how it relates to his or her behavioral intention to make an online transaction. An experiment that included over 200 subjects was conducted using two EC sites that differed only by the privacy dimensions of their notice, access, choice, and security. The results of this study suggested strong support for the model.     

Beyond concern: a privacy–trust–behavioral intention model of electronic commerce

Despite the recent economic downturn in the Internet and telecommunication sectors, electronic commerce (EC) will continue to grow and corporate Web sites will remain an important communication channel. However, legitimate concerns regarding privacy and trust remain potential obstacles to growth and important issues to both individuals and organizations. This study proposed and tested a theoretical model that considers an individual’s perceptions of privacy and how it relates to his or her behavioral intention to make an online transaction. An experiment that included over 200 subjects was conducted using two EC sites that differed only by the privacy dimensions of their notice, access, choice, and security. The results of this study suggested strong support for the model.     

Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies

A major feature of the emerging geo-social networks is the ability to notify a user when any of his friends (also called buddies) happens to be geographically in proximity. This proximity service is usually offered by the network itself or by a third party service provider (SP) using location data acquired from the users. This paper provides a rigorous theoretical and experimental analysis of the existing solutions for the location privacy problem in proximity services. This is a serious problem for users who do not trust the SP to handle their location data and would only like to release their location information in a generalized form to participating buddies. The paper presents two new protocols providing complete privacy with respect to the SP and controllable privacy with respect to the buddies. The analytical and experimental analysis of the protocols takes into account privacy, service precision, and computation and communication costs, showing the superiority of the new protocols compared to those appeared in the literature to date. The proposed protocols have also been tested in a full system implementation of the proximity service.     

Personalization versus Privacy: An Empirical Examination of the Online Consumer’s Dilemma

Personalization refers to the tailoring of products and purchase experience to the tastes of individual consumers based upon their personal and preference information. Recent advances in information acquisition and processing technologies have allowed online vendors to offer varieties of web-based personalization that not only increases switching costs, but also serves as important means of acquiring valuable customer information. However, investments in online personalization may be severely undermined if consumers do not use these services due to privacy concerns. In the absence of any empirical evidence that seeks to understand this consumer dilemma, our research develops a parsimonious model to predict consumers usage of online personalization as a result of the tradeoff between their value for personalization and concern for privacy. In addition to this tradeoff, we find that a consumers intent to use personalization services is positively influenced by her trust in the vendor. Our findings suggest that: 1. online vendors can improve their abilities to acquire and use customer information through trust building activities; 2. it is of critical importance that vendors understand and evaluate the different values consumers may place in enjoying various types of personalization.     

Quantum symmetrically-private information retrieval

Private information retrieval systems (PIRs) allow a user to extract an item from a database that is replicated over k?1 servers, while satisfying various privacy constraints. We exhibit quantum k-server symmetrically-private information retrieval systems (QSPIRs) that use sublinear communication, do not use shared randomness among the servers, and preserve privacy against honest users and dishonest servers. Classically, SPIRs without shared randomness do not exist at all.     

Rationality-based beliefs affecting individual’s attitude and intention to use privacy controls on Facebook: An empirical investigation

Online social networking sites like Facebook provides a fast and easy way to connect with friends and family. Users need to post and share their personal information in order to get the best possible experiences on Facebook. However, the spreading of private information can also lead to serious and harmful issues. Therefore, privacy becomes an important component in the use of Facebook and it is the user’s responsibility to protect his or her profile. This study draws upon the theory of planned behavior and the rational choice theory to investigate the rationality-based beliefs affecting individual’s attitude and intention to use privacy controls on Facebook. The results show that individual’s attitude toward using privacy controls is influenced by benefit of using privacy controls, cost of using privacy controls, and cost of not using privacy controls. Further, benefits of using privacy controls is shaped by beliefs regarding intrinsic benefit and resource safety; cost of not using privacy controls is shaped by beliefs regarding resource vulnerability, threat severity, privacy risk and privacy intrusion; and cost of using privacy controls is shaped by beliefs about intrinsic cost and work impediment. Theoretical and practical implications of the findings are discussed in the paper.