Privacy in a Digital, Networked World

Over the last decade, we have witnessed a growing interest and increasing investments in technologies, applications, and system communications around the world. Almost every component in our entourage is being completely networked. With so much sensitive data being generated in the digital world, security and privacy continue to be seen as impediments refraining users from widely using these recent technologies and applications. While privacy is relatively easy to manage within simple client/server architecture, it becomes a significant challenge to ensure privacy in the era of Big Data, cloud computing, and smart applications.

Open data is a growing demand by data analysts, companies, and the general public. Yet, when databases to be publicly released contain information on individual respondents (e.g., responses to polls, census information, healthcare records, etc.), they must be released in a way that preserves the privacy of these respondents: it should be de facto impossible to relate the published data to specific individuals. To achieve this goal, the Statistical Disclosure Control (SDC) discipline has proposed a plethora of privacy protection methods, known under a variety of names such as SDC methods, anonymization methods, or sanitization methods. This chapter provides an overview of the issues in database privacy, a survey of the best-known SDC methods, a discussion on the related data privacy/utility trade-offs, and a description of privacy models proposed by the computer science community in recent years. Some relevant freeware packages are also identified.

Issues related to privacy and Big Data came to broader academic scrutiny and greater public attention with Edward Snowden’s revelations regarding NSA’s Big Data surveillance programs and methods. A large number of academic conferences, government summits and probing legal, social and engineering studies have now tackled the subject of Big Data surveillance and its impact on people’s private lives. This chapter provides an overview of the concepts of privacy and Big Data. It begins with a review of the benefits and limitations of Big Data analysis techniques including some of the purely mathematical challenges such as the curse of dimensionality. It next reviews the more modern understanding of the concept of privacy, discussing various legal and ethical issues including those particular to Big Data systems. A general overview follows regarding the current privacy protection techniques and the challenges we face. The analysis of the modern conceptual understanding of privacy proves that much of the ancient and classical conceptualization of privacy and the taboos against eavesdropping, as discussed in the introduction, have survived into the current age but at a much more complicated manner. While researchers have articulated conceptual details that pay due attention to the impact of privacy violation on freedom and human beings’ personality development across the board, the broader ethical understanding seems to be fading away as privacy policies become harder to track and understand. Furthermore, privacy protection techniques are still in their infancy. While they have some applications in enterprise and health care, the challenges posed to privacy by Big Data surveillance capabilities can only best be met by architectural shifts such as trusted cloud architectures which will have direct business and other implications. Proposals for privacy-protecting architectures of the future are currently in early development by various researchers and technologists who share an interest in protecting what gives us our personalities and differences—our privacy. Most of these techniques point towards attempts to turn the Big Data cloud into storage machines for encrypted data.

Emerging platforms, such as Amazon Mechanical Turk and Google Consumer Surveys, are increasingly being used by researchers and market analysts to crowdsource large-scale survey data from online populations at extremely low cost. However, by participating in successive surveys, workers risk being profiled and targeted, both by surveyors and by the platform itself. In this chapter we provide an overview of privacy in crowdsourcing platforms. We consider the state-of-the-art crowdsourcing platforms and the risks to worker privacy in such platforms, we survey the existing solutions, and later describe and evaluate the design of a privacy conscious crowdsourcing platform prototype, called Loki. We believe that many challenges in the area of privacy in crowdsourced platforms remain, and that this will be an active and important research area for many years to come.

In recent years, the field of healthcare has seen an increased prevalence of electronic healthcare systems. Some of these systems seek to help patients make more informed decisions about their own health, while others may assist users in receiving proper care no matter where they are. Despite these positive impacts, the systems bring with them new risks. In particular, electronic healthcare systems have a variety of privacy concerns surrounding their use due to the personal nature of the data collected. In this chapter, we introduce several electronic healthcare systems that are currently in use and explore the different privacy challenges surrounding some of these systems. Finally, we highlight a few methods to address these privacy concerns and, thereby, improve privacy protection in healthcare systems.

As in any other system, privacy is a concerning issue in peer-to-peer (P2P) networks. In this chapter, we analyze the existing privacy issues when using P2P networks and the available solutions that can be used to prevent them. After the state of the art on P2P networks, we describe the different privacy issues that arise when using these kind of systems. Also, we present a plethora of solutions and analyze which ones are the best suited for each issue. This chapter presents a survey of the privacy challenges which must be considered when using peer-to-peer applications and a revision of the existing mechanisms that can be used to solve them.

The rise of cloud computing has changed the way of using computing services and resources. Consciously or unconsciously, people are enjoying the services provided by the cloud when they access Gmail, Google Calendar, Dropbox, Microsoft Office Live, or run hundreds of Amazon Elastic Compute Cloud (EC2) instances for processing large-scale data. Due to the high demand for cloud-based services, cloud computing has emerged as the dominant computing paradigm in recent years. Besides that, the flexibility and cost savings made possible through migration to the cloud infrastructure, have encouraged many companies to use cloud computing for their critical applications. However, the advantages of clouds come with increased security and privacy risks. Today’s cloud computing platforms face important challenges for protecting the confidentiality and privacy of data and applications outsourced to cloud infrastructures. Multi-tenancy and other inherent properties of the cloud computing model have introduced novel attack surfaces and threats to users’ privacy. Unless the privacy issues are resolved, cloud computing cannot and should not be used for sensitive applications, such as financial transactions or medical records, where privacy and confidentiality of users are crucial. In this chapter, we present the privacy issues in cloud computing systems and discuss the state-of-the-art solutions and open problems.

Vehicular Ad hoc NETworks (VANETs) are an emerging technology which aims to improve road safety by preventing and reducing traffic accidents. While VANETs offer a great variety of promising applications, such as, safety-related and infotainment applications, they also raise a broad range of critical security and privacy challenges that must be addressed. A widely adopted approach to cope with the main security concerns capitalizes on the use of Public Key Infrastructures (PKIs). Despite the advantages of PKI-based approaches, sole use in a VANET environment cannot prevent certain privacy attacks, such as linking a vehicle with an identifier, tracking vehicles, and profiling user behavior. Additionally, since vehicles in VANETs will be able to store great amounts of sensitive, private information, unauthorized disclosure of such information should also be carefully considered. This chapter investigates several security and privacy issues in the context of VANETs. It introduces current state-of-the-art approaches, which address VANET’s privacy concerns in terms of anonymity, unlinkability, and minimal information disclosure.

The marked increase in the availability of personally identifiable information in the online environment has made privacy of paramount concern for consumers. Corporations and governments collect, store, and use this information for purposes ranging from the creation of targeted advertisements, to national security. But what rights do consumers have to protect themselves from the collection of their personal information, and how does the law conceptualize privacy in order to assist individuals in keeping their information private? This chapter considers the state of privacy law, from a Western perspective. First, it discusses the law in the United States, examining the constitutional, common law and statutory foundations of privacy in that country. The chapter then turns to privacy law in the European Union, offering a comparative analysis of the differences between EU protections for privacy with that of the US. Finally, the chapter considers the challenges and opportunities for the regulation of data collection and the protection of privacy in the digital environment, and offers suggestions for principles to be included in policies aimed at protecting privacy.

The mobile ecosystem is a collection of network operators, application developers, users, law makers, and associated technologies and policies. This collection provides the most prominent personal computing environment of the day. As application designers continue to innovate in this ecosystem, users are becoming more and more tempted to provide service providers access to their personal data. This chapter provides an overview of data collection, data leakage and data interception methods in mobile devices that make the user’s personal data susceptible to unwanted access. This brings forth the issue of privacy of the user whose private data is now open for analysis by unknown individuals, businesses with which the user has no trust relationship, and the prying eyes of monitoring agencies. It is hoped that awareness efforts and novel technologies will help eliminate the issue. We discuss how mobile application developers can follow best practices to control personal data collection, the options that users have to control how applications access their data, and novel privacy preserving architectures for mobile applications. Nonetheless, the challenges ahead of us are overwhelming, and call for another collective endeavor to prevent the mobile device from transforming into the tool that dissolved all notions of privacy in modern society.

Biometrics can be a very effective tool to keep us safe and secure, prevent individuals from applying for multiple passports or driving licenses, and keep the bad guys out or under control. However, the fact that we are surrounded by so many biometric sensors does limit our privacy in one way or another. The price we might have to pay for using many biometrics-reliant applications such as access control to a building, authorizing payments in supermarkets, and public transports is the loss of privacy as a result of being tracked in almost all of our daily life activities. This chapter explains the main privacy concerns surrounding the use of biometric systems and highlights few possible solutions.

Social networks such as Facebook and LinkedIn have gained a lot of popularity in recent years. These networks use a large amount of data that are highly valuable for different purposes. Hence, social networks become a potential vector for attackers to exploit. This chapter focuses on the security attacks and countermeasures used by social networks. Privacy issues and solutions in social networks are discussed and the chapter ends with an outline of some of the privacy challenges in the social networks.

This chapter aims to equip researchers, practitioners, and policymakers with the tools and the evidence to understand consumers’ privacy behaviors. It explains why experiments are needed and how to design and deploy them.

As the ease with which any data are collected and transmitted increases, more privacy concerns arise leading to an increasing need to protect and preserve it. Much of the recent high-profile coverage of data mishandling and public misleadings about various aspects of privacy exasperates the severity. The Smart Grid (SG) is no exception with its key characteristics aimed at supporting bi-directional information flow between the consumer of electricity and the utility provider. What makes the SG privacy even more challenging and intriguing is the fact that the very success of the initiative depends on the expanded data generation, sharing, and processing. In particular, the deployment of smart meters whereby energy consumption information can easily be collected leads to major public hesitations about the technology. Thus, to successfully transition from the traditional Power Grid to the SG of the future, public concerns about their privacy must be explicitly addressed and fears must be allayed. Along these lines, this chapter introduces some of the privacy issues and problems in the domain of the SG, develops a unique taxonomy of some of the recently proposed privacy protecting solutions as well as some if the future privacy challenges that must be addressed in the future.

This chapter will discuss the interrelated concepts of privacy and security with reference to location-based services, with a specific focus on the notion of location privacy protection. The latter can be defined as the extent and level of control an individual possesses over the gathering, use, and dissemination of personal information relevant to their location, whilst managing multiple interests. Location privacy in the context of wireless technologies is a significant and complex concept given the dual and opposing uses of a single LBS solution. That is, an application designed or intended for constructive uses can simultaneously be employed in contexts that violate the (location) privacy of an individual. For example, a child or employee monitoring LBS solution may offer safety and productivity gains (respectively) in one scenario, but when employed in secondary contexts may be regarded as a privacy-invasive solution. Regardless of the situation, it is valuable to initially define and examine the significance of “privacy” and “privacy protection,” prior to exploring the complexities involved.