- Sponsor:
- sigsac
These proceedings contain the papers selected for presentation at the Third ACM Workshop on Privacy in the Electronic Society, held in association with the 11th ACM Computer and Communications Security Conference, October 28, 2004, in Washington, DC (USA).
In response to the call for papers, 45 papers were submitted to the workshop. These papers were evaluated on the basis of their significance, novelty, and technical quality. Each paper was reviewed by at least three members of the program committee. The program committee meeting was held electronically. Because there was interest in many more of the papers than there was available time to present, 10 papers were selected for long presentation at the workshop, and 11 were selected for short presentation. Papers received correspondingly long or short space in the proceedings as well.
Proceeding Downloads
Soft blocking: flexible blocker tags on the cheap
A "blocker" tag is a privacy-enhancing radio-frequency identification (RFID) tag. It operates by interfering with the protocol in which a reader communicates individually with other RFID tags. While inexpensive to manufacture in quantity, blockers are ...
Privacy preserving route planning
The number of location-aware mobile devices has been rising for several years. As this trend continues, these devices may be able to use their location information to provide interesting applications for their owners. Possible applications for such ...
Privacy management for portable recording devices
The growing popularity of inexpensive, portable recording devices, such as cellular phone cameras and compact digital audio recorders, presents a significant new threat to privacy. We propose a set of technologies that can be integrated into recording ...
Modeling privacy values with experimental economics
The importance of personal privacy to Internet users has been extensively researched using a variety of survey techniques. The limitations of survey research are well-known and take place because there are no positive or negative consequences to the ...
Hidden access control policies with hidden credentials
In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is ...
A quantitative and qualitative ANALYSIS of blocking in association rule hiding
Data mining provides the opportunity to extract useful information from large databases. Various techniques have been proposed in this context in order to extract this information in the most efficient way. However, efficiency is not our only concern in ...
A generic approach for healthcare data anonymization
Nowadays, more and more applications use sensitive and personal information. Subsequently, respecting citizens' privacy is becoming extremely important. Dedicated to this issue, this paper suggests a rigorous approach to define anonymization ...
Privacy issues in an electronic voting machine
In this paper, we describe the Open Voting Consortium's voting system and discuss the privacy issues inherent in this system. By extension, many of the privacy issues in this paper also apply to other electronic voting machines, such as DREs(Direct ...
Specifying privacy policies with P3P and EPAL: lessons learned
As computing becomes more ubiquitous and Internet use continues to rise, it is increasingly important for organizations to construct accurate and effective privacy policies that document their information handling and usage practices. Most privacy ...
Will your digital butlers betray you?
The cost of data storage is now so low that there is little necessity ever to delete anything. The consequence is <i>denied oblivion</i>---digital systems that remember forever and can be data-mined retroactively, years after the event, ignoring any ...
Defending email communication against profiling attacks
We define message privacy against a <i>profiling</i> adversary, whose goal is to classify a population of users into categories according to the messages they exchange. This adversary models the most common privacy threat against email communication. We ...
An identifiability-based access control model for privacy protection in open systems
We argue that in open systems one's private information disclosure needs to be dynamically controlled based on both its sensitivity and the possibility that a user's identity is revealed. Then we propose an identifiability-based access control scheme, ...
Conflict and combination in privacy policy languages
Many modern enterprises require methods for guaranteeing compliance with privacy legislation and announced privacy policies. IBM has proposed a formal language, the Enterprise Privacy Authorization Language (EPAL), for describing privacy policies ...
How to achieve blocking resistance for existing systems enabling anonymous web surfing
We are developing a blocking resistant, practical and usable system for anonymous web surfing. This means, the system tries to provide as much reachability and availability as possible, even to users in countries where the free flow of information is ...
Minx: a simple and efficient anonymous packet format
<i>Minx</i> is a cryptographic message format for encoding anonymous messages, relayed through a network of Chaumian mixes. It provides security against a passive adversary by completely hiding correspondences between input and output messages. Possibly ...
Location diversity in anonymity networks
Anonymity networks have long relied on diversity of node location for protection against attacks---typically an adversary who can observe a larger fraction of the network can launch a more effective attack. We investigate the diversity of two deployed ...
Off-the-record communication, or, why not to use PGP
Quite often on the Internet, cryptography is used to protect private, personal communications. However, most commonly, systems such as PGP are used, which use long-lived encryption keys (subject to compromise) for confidentiality, and digital signatures ...
Assessing global disclosure risk in masked microdata
In this paper, we introduce a general framework for microdata and three disclosure risk measures (minimal, maximal and weighted). We classify the attributes from a given microdata in two different ways: based on their potential identification utility ...
Privacy-preserving data linkage protocols
We address the problem of data linkage and data extraction across database tables of sensitive information about individuals, in an environment of constraints on organisations' ability to share data and a need to protect individuals' privacy and ...
Private collaborative forecasting and benchmarking
Suppose a number of hospitals in a geographic area want to learn how their own heart-surgery unit is doing compared with the others in terms of mortality rates, subsequent complications, or any other quality metric. Similarly, a number of small ...
- Proceedings of the 2004 ACM workshop on Privacy in the electronic society