Skip to main content
SpringerLink
Log in

A requirements taxonomy for reducing Web site privacy vulnerabilities

  • Original Article
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

The increasing use of personal information on Web-based applications can result in unexpected disclosures. Consumers often have only the stated Web site policies as a guide to how their information is used, and thus on which to base their browsing and transaction decisions. However, each policy is different, and it is difficult—if not impossible—for the average user to compare and comprehend these policies. This paper presents a taxonomy of privacy requirements for Web sites. Using goal-mining, the extraction of pre-requirements goals from post-requirements text artefacts, we analysed an initial set of Internet privacy policies to develop the taxonomy. This taxonomy was then validated during a second goal extraction exercise, involving privacy policies from a range of health care related Web sites. This validation effort enabled further refinement to the taxonomy, culminating in two classes of privacy requirements: protection goals and vulnerabilities. Protection goals express the desired protection of consumer privacy rights, whereas vulnerabilities describe requirements that potentially threaten consumer privacy. The identified taxonomy categories are useful for analysing implicit internal conflicts within privacy policies, the corresponding Web sites, and their manner of operation. These categories can be used by Web site designers to reduce Web site privacy vulnerabilities and ensure that their stated and actual policies are consistent with each other. The same categories can be used by customers to evaluate and understand policies and their limitations. Additionally, the policies have potential use by third-party evaluators of site policies and conflicts.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 5 USC 552a (1994)

  2. Health Insurance Portability and Accountability Act of 1996, 42 USCA. 1320d to d-8 (West Supp. 1998).

  3. Federal Register 59918 et seq., Department of Health and Human Services, Office of the Secretary, 45 CFR Parts 160 through 164, Standards for Privacy of Individually Identifiable Health Information, (28 December 2000).

  4. http://www.w3.org/P3P/

  5. http://www.w3.org/P3P/compliant_sites

  6. http://www.truste.com/

  7. http://www.bbbonline.com/

  8. http://www.cpawebtrust.org/

  9. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (). Articles 6,10 and 11 address notice/awareness; Article 7 addresses choice/consent; Article 12 addresses access/participation; Articles 16 and 17 address integrity/security; Articles 22, 23 and 23 address enforcement/redress.

  10. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (). Articles 25 and 26 address information transfer

References

  1. Cranor LF, Reagle J, Ackerman MS (1999) Beyond concern: understanding net users’ attitudes about online privacy. AT&T Labs-Research Technical Report TR 99.4.3.http://www.research.att.com/library/trs/TRs/99/99.4/99.43/report.htm

  2. Earp JB, Baumer D (2003) Innovative Web use to learn about consumer behavior and online privacy. Commun ACM 46(4):81–83

    Article  Google Scholar 

  3. Goldman J, Hudson Z, Smith RM (2000) Privacy report on the privacy policies and practices of health Websites, Sponsored by the California HealthCare Foundation

  4. Federal Trade Commission (1998) Privacy online: a report to congress.http://www.ftc.gov/reports/privacy3/

  5. Federal Trade Commission (2000) Privacy online: fair information practices in the electronic marketplace. A report to congress

    Google Scholar 

  6. Antón AI, Earp JB, Potts C, Alspaugh TA (2001) The role of policy and privacy values in requirements engineering. IEEE 5th International Symposium on Requirements Engineering (RE’01), Toronto, Canada, pp 138–145, 27–31 August 2001

  7. Antón AI, Earp JB (2001) Strategies for developing policies and requirements for secure electronic commerce systems. In: Anup K (ed) E-commerce security and privacy. Kluwer, Glosh, pp 29–46 CHECK STYLE

  8. Antón AI (1997) Goal identification and refinement in the specification of software-based information systems. Dissertation, Georgia Institute of Technology, Atlanta, GA

  9. Antón AI, Potts C (1998) The use of goals to surface requirements for evolving systems. International Conference on Software Engineering (ICSE ‘98). Kyoto, Japan, pp 157–166, 19–25 April 1998

  10. van Lamsweerde A (2001) Goal-oriented requirements engineering: a guided tour. IEEE 5th International Symposium on Requirements Engineering (RE’01). Toronto, Canada, pp 249–261, 27–31 August 2001

  11. Mylopoulos J, Chung L, Liao S, Wang H, Yu E (2001) Exploring alternatives during requirements analysis. IEEE Softw 18(1):92 –96

    Article  Google Scholar 

  12. Glaser BC, Strauss AL (1967) The discovery of grounded theory. Aldine, Chicago

  13. Antón AI, Earp JB Reese A (2002) Analyzing Web site privacy requirements using a privacy goal taxonomy. 10th Anniversary IEEE Joint Requirements Engineering Conference (RE’02). Essen, Germany, pp 23–31, 9–13 September 2002

  14. The code of fair information practices (1973) U.S. Department of Health, Education and Welfare, Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens, viii.http://www.epic.org/privacy/consumer/code_fair_info.html

  15. Culnan MJ (1999) Georgetown Internet privacy policy survey: report to the federal trade commission. The McDonough School of Business , Georgetown University, Washington, DC,http://www.msb.edu/faculty/culnanm/gippshome.html

  16. Electronic Privacy Information Center (1999) Surfer beware III: privacy policies without privacy protection.http://www.epic.org/reports/surfer-beware3.html

  17. Baumer D, Earp JB and Payton FC (2000) Privacy of medical records: IT implications of HIPAA. ACM Comput Soc 30(4):40–47

    Google Scholar 

  18. Reagle J, Cranor LF (1999) The platform for privacy preferences. Commun ACM 42(2):48–55

    Article  Google Scholar 

  19. Benessi P (1999) TRUSTe: An online privacy seal program. Commun ACM 42(2):56 – 59

    Article  Google Scholar 

  20. P3P Public Overview. http://www.w3.org/P3P/, cited 24 June 2002

  21. Cranor L, Langheinrich M, and Marchiori M (2002) A P3P preference exchange language 1.0 (APPEL1.0): W3C working draft.http://www.w3.org/TR/P3P-preferences/, cited 15 April 2002

  22. Electronic Privacy Information Center (2000) Pretty poor privacy: an assessment of P3P and Internet privacy.http://www.epic.org/reports/prettypoorprivacy.html

  23. Mulligan D, Schwartz A, Cavoukian A, Gurski M (2000) P3P and privacy: an update for the privacy community.http://www.cdt.org/privacy/pet/p3pprivacy.shtml, cited 28 March 2000

  24. Cohen D, Feather MS, Narayanaswamy K, Fickas SS (1997) Automatic monitoring of software requirements. International Conference on Software Engineering, pp 602 –603

  25. Fickas S, Feather MS (1995) Requirements monitoring in dynamic environments. Second IEEE International Symposium on Requirements Engineering, pp 140 –147

  26. Feather MS, Fickas S, van Lamsweerde A, Ponsard C (1998) Reconciling system requirements and runtime behaviour. Ninth International Workshop on Software Specification and Design, pp 50 –59

  27. FTC sues failed Website, Toysmart.com, for deceptively offering for sale personal information of Website visitors. FTC File No. 002–3274. 10 July 2000

  28. Antón AI, Carter RA, Dagnino A, Dempster JH, Siege DH (2001) Deriving goals from a use-case based requirements specification. Req Eng (6):63–73

    Google Scholar 

  29. Robinson WN (1997) Electronic brokering for assisted contracting of software applets. Proceedings of the Thirtieth Hawaii International Conference on System Sciences, vol. 4, pp 449–458

  30. Antón AI, McCracken WM, Potts C (1994) Goal decomposition and scenario analysis in business process reengineering. Advanced Information System Engineering: 6th International Conference, CAiSE ‘94 Proceedings, Utrecht, The Netherlands, pp 94–104, 6–10 June 1994

    Google Scholar 

  31. Jarke M, Bui XT, Carroll JM (1998) Scenario management: an interdisciplinary approach. Req Eng 3(3/4):154–173

    Google Scholar 

  32. Potts C (1999) ScenIC: A strategy for inquiry-driven requirements determination. Proceedings IEEE 4th International Symposium on Requirements Engineering (RE’99), Limerick, Ireland, 7–11 June 1999

  33. Rolland C, Souveyet C, Achour CB (1998) Guiding goal modeling using scenarios. IEEE Trans Softw Eng 24(12):1055–1071

    Article  Google Scholar 

  34. Antón AI (1996) Goal-based requirements analysis. Second IEEE International Conference on Requirements Engineering (ICRE ‘96), Colorado Springs, Colorado, pp 136–144, 15–18 April 1996

  35. Krippendorff K (1980) Content analysis: an introduction to its methodology, vol. 5. Sage, Newbury Park, CA

    Google Scholar 

  36. Policy framework for interpreting risk in eCommerce security. CERIAS Technical Report (1999), Purdue University,http://www.cerias.purdue.edu/techreports/public/PFIRES.pdf

  37. Abbot RJ (1983) Program design by informal english descriptions. Commun ACM 26(11):882–894

    Article  Google Scholar 

  38. Booch G (1991) Object-oriented design with applications. Benjamin Cummings, Redwood City, CA

  39. Rumbaugh J, Blaha M, Premerlani W, Eddy F, Lorensen W (1991) Object-modeling and design. Prentice Hall, New York

  40. Potts C, Takahashi K, Antón AI (1994) Inquiry-based requirements analysis. IEEE Softw 11(2):21–32

    Article  Google Scholar 

  41. Jarvinen O, Earp J, Antón AI (2002) A visibility classification scheme for privacy management requirements. 2nd Symposium on Requirements Engineering for Information Security, Raleigh, NC, 17–18 October 2002

  42. Antón AI, Earp JB, Carter RA (2003) Precluding incongruous behavior by aligning software requirements with security and privacy policies. Inf Softw Technol 45(14):967–977

    Article  Google Scholar 

  43. Alspaugh T, Antón AI, Barnes T, Mott B (1999) An integrated scenario management strategy. IEEE Fourth International Symposium on Requirements Engineering (RE’99), University of Limerick, Ireland, pp 142–149, 7–11 June 1999

  44. CDT (2000) CDT’s guide to online privacy: privacy basics: the OECD guidelines.http://www.cdt.org/privacy/guide/basic/oecdguidelines.html, cited 6 August 2002 

Download references

Acknowledgments

This work was supported by NSF ITR Grant #0113792 and the CRA’s Distributed Mentor Project. The authors wish to thank Shane Smith, Kevin Farmer, Angela Reese, Hema Srikanth and Ha To. Additionally, we thank Thomas Alspaugh, Colin Potts, Richard Smith and Gene Spafford for discussions leading to our classification of privacy protection goals and vulnerabilities.

Author information

Authors and Affiliations

  1. College of Engineering, North Carolina State University, Raleigh, NC , 27695-8207, USA

    Annie I. Antón

  2. College of Management, North Carolina State University, Raleigh, NC , 27695, USA

    Julia B. Earp

Authors
  1. Annie I. Antón
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julia B. Earp
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Annie I. Antón.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Antón, A.I., Earp, J.B. A requirements taxonomy for reducing Web site privacy vulnerabilities. Requirements Eng 9, 169–185 (2004). https://doi.org/10.1007/s00766-003-0183-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-003-0183-z

Keywords

Search

Navigation