nach oben

Information Systems Frontiers

Erschienen in:

25.04.2018

Breaking the Privacy Kill Chain: Protecting Individual and Group Privacy Online

verfasst von: Jongwoo Kim, Richard L. Baskerville, Yi Ding

Erschienen in: Information Systems Frontiers | Ausgabe 1/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Online social networks (OLSNs) are electronically-based social milieux where individuals gather virtually to socialize. The behavior and characteristics of these networks can provide evidence relevant for detecting and prosecuting policy violations, crimes, terrorist activities, subversive political movements, etc. Some existing methods and tools in the fields of business analytics and digital forensics are useful for such investigations. While the privacy rights of individuals are widely respected, the privacy rights of social groups are less well developed. In the current development of OLSNs and information technologies, the compromise of group privacy may lead to the violation of individual privacy. Adopting an explorative literature review, we examine the privacy kill chain that compromises group privacy as a means to compromise individual privacy. The latter is regulated, while the former is not. We show how the kill chain makes the need for protecting group privacy important and feasible from the perspectives of social, legal, ethical, commercial, and technical perspectives. We propose a research agenda to help societies and organizations strike the proper balance between the benefits and costs of both OLSNs and investigative technologies.

Vorheriger Artikel Examining the Role of Tie Strength in Users’ Continuance Intention of Second-Generation Mobile Instant Messaging Services

Nächster Artikel Interdependency Analysis in Security Investment against Strategic Attacks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Acar, A. S., & Polonsky, M. (2007). Online social networks and insights into marketing communications. Journal of Internet Commerce, 6(4), 55–72.CrossRef

Adams, B. L., Malone, F. L., & James Jr., W. (1994). Ethical reasoning in confidentiality decisions. The CPA Journal, 64(7), 56–57.

Alvarez, R. M. (2016). Computational social science. Cambridge: Cambridge University Press.CrossRef

Amiri, A. (2007). Dare to share: protecting sensitive knowledge with data sanitization. Decision Support Systems, 43(1), 181–191.CrossRef

Ashworth, L., & Free, C. (2006). Marketing dataveillance and digital privacy: using theories of justice to understand consumers’ online privacy concerns. Journal of Business Ethics, 67(2), 107–123.CrossRef

Audi, R. (2012). Virtue ethics as a resource in business. Business Ethics Quarterly, 22(2), 273–291.CrossRef

Baskerville, R., & Dulipovici, A. (2006). The ethics of knowledge transfers and conversions: Property or privacy rights? In R. H. Sprague (Ed.), Proceedings of the 39th Hawaii international conference on system sciences (HICSS-39) (pp. 144–CD-ROM 141-149). Los Alamitos: IEEE Computer Society.CrossRef

Baskerville, R., & Sainsbury, R. (2006). Distrusting online: Social deviance in virtual teamwork. In R. H. Sprague (Ed.), Proceedings of the 39th Hawaii international conference on system sciences (HICSS-39) (pp. 121–CD-ROM 121-129). Los Alamitos: IEEE Computer Society.

Baumer, D. L., Earp, J. B., & Poindexter, J. C. (2004). Internet privacy law: a comparison between the United States and the European Union. Computers & Security, 23(5), 400–412.CrossRef

Belanger, F., & Xu, H. (2015). The role of information systems research in shaping the future of information privacy. Information Systems Journal, 25(6), 573–578.CrossRef

Bloustein, E. (2002). Individual and group privacy. Pallone: Transaction Publishers.

Bonchi, F., Castillo, C., Gionis, A., & Jaimes, A. (2011). Social network analysis and mining for business applications. ACM Transactions on Intelligent Systems and Technology (TIST), 2(3), 22:21–22:37.

Borna, S., & Sharma, D. (2011). Considering privacy as a public good and its policy ramifications for business organizations. Business and Society Review, 116(3), 331–353.CrossRef

Boyd, D. (2004). Friendster and publicly articulated social networking. New York: Association for Computing Machinery.CrossRef

Boyd, D., & Ellison, N. (2007). Social network sites: definition, history, and scholarship. Journal of Computer-Mediated Communication, 13(1), 210–230.CrossRef

Boyd, D. M., & Ellison, N. B. (2010). Social network sites: definition, history, and scholarship. IEEE Engineering Management Review, 38(3), 16–31.CrossRef

Brooks, D. J., & Corkill, J. (2014). Corporate security and the stratum of security management. In Corporate security in the 21st century (pp. 216–234). Springer.

Brown, C. L. T. (2009). Computer evidence: Collection and preservation (2nd ed.). Newton: Charles River Media.

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Understanding emergence and outcomes of information privacy concerns: A case of Facebook. In Proceedings of the 31st international conference on information systems (ICIS 2010) (pp. 12–15). St. Louis.

Bygrave, L. A. (2014). A right to be forgotten? Communications of the ACM, 58(1), 35–37. https://doi.org/10.1145/2688491.CrossRef

Calluzzo, V. J., & Cante, C. J. (2004). Ethics in information technology and software use. Journal of Business Ethics, 51(3), 301–312.CrossRef

Chaudhuri, S., Dayal, U., & Narasayya, V. (2011). An overview of business intelligence technology. Communications of the ACM, 54(8), 88–98.CrossRef

Chen, H., Chiang, R. H., & Storey, V. C. (2012). Business intelligence and analytics: from big data to big impact. MIS Quarterly, 36(4), 1165–1188.CrossRef

Cheng, J., Hoffman, J., LaMarche, T., Tavil, A., Yavad, A., & Kim, S. (2009). Forensics tools for social network security solutions. In Proceedings of student-faculty research day, CSIS (pp. A4.1–A4.8). Pace University.

Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: an integrated model based on social control and deterrence theory. Computers & Security, 39, 447–459.CrossRef

Clemons, E. (2009). The complex problem of monetizing virtual electronic social networks. Decision Support Systems, 48(1), 46–56.CrossRef

Cockburn, A. (2015). Kill chain: The rise of the high-tech assassins. New York: Henry Holt & Co..

Cocking, D., van den Hoven, J., & Timmermans, J. (2012). Introduction: one thousand friends. Ethics and Information Technology, 14(3), 179–184.CrossRef

Court, D., Elzinga, D., Mulder, S., & Vetvik, O. J. (2009). The consumer decision journey. Seattle: McKinsey Quarterly.

Crisp, R. (2000). Aristotle: Nicomachean ethics. Cambridge: Cambridge University Press.

Culnan, M. J., & Williams, C. C. (2009). How ethics can enhance organizational privacy: lessons from the Choicepoint and TJX data breaches. MIS Quarterly, 33(4), 673–687.CrossRef

Dinev, T. (2014). Why would we care about privacy? European Journal of Information Systems, 23(2), 97–102.CrossRef

Dinev, T., & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17(1), 61–80.CrossRef

Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless Communications and Mobile Computing, 13(18), 1587–1611.CrossRef

Donaldson, T., & Werhane, P. (Eds.). (1999). Ethical issues in business: A philosophical approach. Upper Saddle River: Prentice Hall.

Dumsday, T. (2008). Group privacy and government surveillance of religious services. The Monist, 91(1), 170–186.CrossRef

Dunn, B. J. (2010). Best Buy’s CEO on learning to love social media. Harvard Business Review, 88, 43–48.

Edelman, D. C. (2010). Branding in the digital age. Harvard Business Review, 88(12), 14–18.

Emerson, R. M. (1976). Social exchange theory. Annual Review of Sociology, 2, 335–362.CrossRef

European Union (2000). The charter of fundamental rights of the European Union. http://www.europarl.eu.int/charter/default_en.htm. Accessed 12 June 2005.

Finke, R. A., Ward, T. B., & Smith, S. M. (1992). Creative cognition: Theory, research, and applications. Cambridge: MIT press.

Frijda, N. H. (1986). The emotions (Studies in emotion & social interaction). New York: Cambridge University Press.

Frijda, N. H., Kuipers, P., & ter Schure, E. (1989). Relations among emotion, appraisal, and emotional action readiness. Journal of Personality and Social Psychology, 57(2), 212–228.CrossRef

Garfinkel, S. L. (2010). Digital forensics research: the next 10 years. Digital Investigation, 7, S64–S73.CrossRef

Gerber, M., & Von Solms, R. (2008). Information security requirements–interpreting the legal aspects. Computers & Security, 27(5), 124–135.CrossRef

Ghinita, G., Karras, P., Kalnis, P., & Mamoulis, N. (2007). Fast data anonymization with low information loss. In Proceedings of the 33rd international conference on very large data bases (pp. 758–769). VLDB Endowment.

Granovetter, M. (1983). The strength of weak ties: a network theory revisited. Sociological Theory, 1, 201–233.CrossRef

Gross, R., Acquisti, A., & Heinz III, H. (2005). Information revelation and privacy in online social networks. In ACM workshop on privacy in the electronic society (pp. 71–80). New York: ACM.

Haggerty, J. (2009). Visual analytics of social networks for digital forensics. http://www.isaca.org.uk/northern/Docs/Manchester%20ISACA%20Jan%2009.ppt. Accessed 13 Dec 2009.

Haggerty, J., Taylor, M., & Gresty, D. (2008). Determining culpability in investigations of malicious e-mail dissemination within the organisation. Paper presented at the WDFIA '08 third international annual workshop on digital forensics and incident analysis, 9 October.

Himma, K. E., & Tavani, H. T. (Eds.). (2008). The handbook of information and computer ethics. Hoboken: Wiley.

Hofstede, G., & Hofstede, G. (1991). Cultures and organizations. New York: McGraw-Hill.

Hogan, B., & Quan-Haase, A. (2010). Persistence and change in social media. Bulletin of Science, Technology & Society, 30(5), 309–315.CrossRef

Howard, B. (2008). Analyzing online social networks. Association for Computing Machinery, Communications of the ACM, 51(11), 14–16.CrossRef

Hu, H., & Wang, X. (2009). Evolution of a large online social network. Physics Letters A, 373(12/13), 1105–1110.CrossRef

Huber, M., Mulazzani, M., Leithner, M., Schrittwieser, S., Wondracek, G., & Weippl, E. (2011). Social snapshots: Digital forensics for online social networks. In Proceedings of the 27th annual computer security applications conference (pp. 113–122). ACM.

Hull, G., Lipford, H. R., & Latulipe, C. (2011). Contextual gaps: privacy issues on Facebook. Ethics and Information Technology, 13(4), 289–302. https://doi.org/10.1007/s10676-010-9224-8.CrossRef

Hursthouse, R. (2007). Virtue theory (pp. 45–61). Oxford: Blackwell.

Hutchins, E., Cloppert, M., & Amin, R. (2011). Analysis of adversary campaigns and intrusion kill chains. In J. Ryan (Ed.), Leading issues in information warfare and security research (Vol. 1, pp. 80–106). Reading: Academic Publishing International.

Il-Horn, H., Kai-Lung, H. U. I., Sang-Yong Tom, L. E. E., & Png, I. P. L. (2007). Overcoming online information privacy concerns: an information-processing theory approach. Journal of Management Information Systems, 24(2), 13–42.CrossRef

Inness, J. C. (1996). Privacy, intimacy, and isolation. USA: Oxford University Press.CrossRef

Isik, O., Jones, M. C., & Sidorova, A. (2013). Business intelligence success: the roles of BI capabilities and decision environments. Information Management, 50(1), 13–23.CrossRef

Kenneth McBride, N. (2014). ACTIVE ethics: an information systems ethics for the internet age. Journal of Information, Communication and Ethics in Society, 12(1), 21–44.CrossRef

Kerr, J., & Teng, K. (2012). Cloud computing: legal and privacy issues. Journal of Legal Issues and Cases in Business, 1, 1–11.

Kleinberg, J. (2000). The small-world phenomenon: An algorithmic perspective. In Proceedings of the thirty-second annual ACM symposium on theory of computing (pp. 163–170). ACM.

Kleinberg, J., Papadimitriou, C., & Raghavan, P. (2003). Auditing boolean attributes. Journal of Computer and System Sciences, 66(1), 244–253.CrossRef

Kumar, V., & Mirchandani, R. (2012). Winning with data: social media-increasing the ROI of social media marketing. MIT Sloan Management Review, 54(1), 55.

Laudon, K. C., & Traver, C. G. (2009). E-commerce: Business, technology, society (5th ed.). Upper Saddle River: Prentice Hall.

Li, H., Sarathy, R., & Xu, H. (2011). The role of affect and cognition on online consumers' decision to disclose personal information to unfamiliar online vendors. Decision Support Systems, 51(3), 434–445. https://doi.org/10.1016/j.dss.2011.01.017.CrossRef

Li, Y., Chen, M., Li, Q., & Zhang, W. (2012). Enabling multilevel trust in privacy preserving data mining. IEEE Transactions on Knowledge and Data Engineering, 24(9), 1598–1612.CrossRef

Li, J., Yan, H., Liu, Z., Chen, X., Huang, X., & Wong, D. S. (2017). Location-sharing systems with enhanced privacy in mobile online social networks. IEEE Systems Journal, 11(2), 439–448.CrossRef

Lu, R., Zhu, H., Liu, X., Liu, J. K., & Shao, J. (2014). Toward efficient and privacy-preserving computing in big data era. IEEE Network, 28(4), 46–50.CrossRef

Lusoli, W., & Compañó, R. (2010). From security versus privacy to identity: an emerging concept for policy design? Digital Policy, Regulation and Governance, 12(6), 80–94. https://doi.org/10.1108/14636691011086062.CrossRef

Mason, R. O. (1986). Four ethical issues of the information age. MIS Quarterly, 10(1), 5–12.CrossRef

McAfee, A., & Brynjolfsson, E. (2012). Big data: the management revolution. Harvard Business Review, 90(10), 60–69.

McKnight, A. (2012). Privacy rights left behind at the border: the exhaustive, exploratory searches effectuated in United States v. Cotterman. Brigham Young University Law Review, 2012(2), 591–606.

Merriam-Webster (2010). Forensics. Merriam-Webster Online Dictionary.

Milberg, S., Smith, H., & Burke, S. (2000). Information privacy: corporate management and national regulation. Organization Science, 11(1), 35–57.CrossRef

Milgram, S. (1967). The small world problem. Psychology Today, 2(1), 60–67.

Mingers, J., & Walsham, G. (2010). Toward ethical information systems: the contribution of discourse ethics. MIS Quarterly, 34(4), 833–854.CrossRef

Mishra, A. N., Anderson, C., Angst, C. M., & Agarwal, R. (2012). Electronic health records assimilation and physician identity evolution: an identity theory perspective. Information Systems Research, 23(3), 738–760,844,846.CrossRef

Moor, J. H. (2005). Why we need better ethics for emerging technologies. Ethics and Information Technology, 7(3), 111–119.CrossRef

Myers, M. D., & Miller, L. (1996). Ethical dilemmas in the use of information technology: an Aristotelian perspective. Ethics & Behavior, 6(2), 153–160.CrossRef

Narayanan, A., & Shmatikov, V. (2009). De-anonymizing social networks. In 30th IEEE symposium on security and privacy (pp. 173–187). IEEE.

OECD (2013). OECD guidelines on the protection of privacy and transborder flows of personal data. http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm. Accessed 22 April 2018.

Park, C., Keil, M., & Kim, J. W. (2009). The effect of IT failure impact and personal morality on IT project reporting behavior. IEEE Transactions on Engineering Management, 56(1), 45–60.CrossRef

Pegna, D. L. (2015). Big data sends cybersecurity back to the future. http://www.computerworld.com/article/2893656/the-future-of-cybersecurity-big-data-and-data-science.html.

Peng, G., & Woodlock, P. (2009). The impact of network and recency effects on the adoption of e-collaboration technologies in online communities. Electronic Markets, 19(4), 201–210.CrossRef

Pojman, L. P., & Fieser, J. (2011). Ethics: Discovering right and wrong. CengageBrain.com.

Porter, M., & Kramer, M. R. (2006). Strategy and society: the link between competitive advantage and corporate social responsibility. Harvard Business Review, 84(12), 78–92.

Posey, C., Lowry, P. B., Roberts, T. L., & Ellis, T. S. (2010). Proposing the online community self-disclosure model: the case of working professionals in France and the U.K. who use online communities. European Journal of Information Systems, 19(2), 181–195. https://doi.org/10.1057/ejis.2010.15.CrossRef

Posner, R. (1981). The economics of privacy. The American Economic Review, 71(2), 405–409.

Post, R. C. (1989). The social foundations of privacy: community and self in the common law tort. California Law Review, 77(5), 957–1010.CrossRef

Rastogi, V., Hay, M., Miklau, G., & Suciu, D. (2009). Relationship privacy: Output perturbation for queries with joins. In Proceedings of the twenty-eighth ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems (pp. 107–116). ACM.

Regan, P. M. (1995). Legislating privacy: Technology, social values, and public policy. Chapel Hill: Univ of North Carolina Pr.

Rosenblum, D. (2007). What anyone can know: the privacy risks of social networking sites. IEEE Security and Privacy, 5(3), 40–49.CrossRef

Sarathy, R., & Robertson, C. J. (2003). Strategic and ethical considerations in managing digital privacy. Journal of Business Ethics, 46(2), 111–126.CrossRef

Shapiro, B., & Baker, C. R. (2001). Information technology and the social construction of information privacy. Journal of Accounting and Public Policy, 20(4,5), 295–322.CrossRef

Silenzio, V. M. B., Duberstein, P. R., Tang, W., Lu, N., Tu, X., & Homan, C. M. (2009). Connecting the invisible dots: reaching lesbian, gay, and bisexual adolescents and young adults at risk for suicide through online social networks. Social Science & Medicine, 69(3), 469–474.CrossRef

Smith, H. J. (1994). Managing privacy: Information technology and corporate america. Chapel Hill: University of North Carolina Press.

Stigler, G. (1980). An introduction to privacy in economics and politics. The Journal of Legal Studies, 9(4), 623–644.CrossRef

Suchman, M. C. (1995). Managing legitimacy: strategic and institutional approaches. Academy of Management Review, 20(3), 571–610.

Tavani, H. T. (2007). Ethics and technology: Ethical issues in an age of information and communication technology. Hoboken: Wiley.

Taylor, L. (2017). Safety in numbers? Group privacy and big data analytics in the developing world. In L. Taylor, L. Floridi, & B. van der Sloot (Eds.), Group privacy: New challenges of data technologies. Cham: Springer International.CrossRef

Thomson, J. J. (1975). The right to privacy. Philosophy & Public Affairs, 4(4), 295–314.CrossRef

Tow, W. N.-F. H., Dell, P., & Venable, J. (2010). Understanding information disclosure behaviour in Australian Facebook users. Journal of Information Technology, 25(2), 126–136. https://doi.org/10.1057/jit.2010.18.CrossRef

United Nations (1948). Universal declaration of human rights. http://www.un.org/Overview/rights.html. Accessed 12 June 2005.

Vallor, S. (2012). Flourishing on facebook: virtue friendship & new social media. Ethics and Information Technology, 14(3), 185–199. https://doi.org/10.1007/s10676-010-9262-2.CrossRef

van den Hoven, J., & Weckert, J. (Eds.). (2008). Information technology and moral philosophy. Cambridge: Cambridge University Press.

Volokh, E. (2000). Personalization and privacy. Association for Computing Machinery. Communications of the ACM, 43(8), 84–88.CrossRef

Walsham, G. (1993). Ethical issues in information systems development: The analyst as moral agent. In Proceedings of the IFIP WG8. 2 working group on information systems development: human, social, and organizational aspects: human, organizational, and social dimensions of information systems development (pp. 281–294). North-Holland Publishing Co.

Walsham, G. (2006). Doing interpretive research. European Journal of Information Systems, 15(3), 320–330.CrossRef

Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220.CrossRef

Xu, H., Dinev, T., Smith, H. J., & Hart, P. (2008). Examining the formation of individual’s privacy concerns: Toward an integrative view. Paper presented at the proceedings of international conference on information systems (ICIS), Paris.

Yang, T.-H., Ku, C.-Y., & Liu, M.-N. (2016). An integrated system for information security management with the unified framework. Journal of Risk Research, 19(1), 21–41.CrossRef

Young, K. (2009). Online social networking: an Australian perspective. International Journal of Emerging Technologies & Society, 7(1), 39–57.

Young, S., Dutta, D., & Dommety, G. (2009). Extrapolating psychological insights from Facebook profiles: a study of religion and relationship status. Cyberpsychology & Behavior, 12(3), 347–350.CrossRef

Zainudin, N. M., Merabti, M., & Llewellyn-Jones, D. (2011). A digital forensic investigation model and tool for online social networks. In 12th annual postgraduate symposium on convergence of telecommunications, networking and broadcasting (PGNet 2011) (pp. 27–28). Liverpool.

Zimmer, M. (2010). “But the data is already public”: on the ethics of research in Facebook. Ethics and Information Technology, 12(4), 313–325. https://doi.org/10.1007/s10676-010-9227-5.CrossRef

Titel: Breaking the Privacy Kill Chain: Protecting Individual and Group Privacy Online
verfasst von: Jongwoo Kim
Richard L. Baskerville
Yi Ding
Publikationsdatum: 25.04.2018
Verlag: Springer US
Erschienen in: Information Systems Frontiers / Ausgabe 1/2020
Print ISSN: 1387-3326
Elektronische ISSN: 1572-9419
DOI: https://doi.org/10.1007/s10796-018-9856-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2020

Determinants of Intention to Participate in Corporate BYOD-Programs: The Case of Digital Natives

Is Self-Citation Biased? An Investigation via the Lens of Citation Polarity, Density, and Location

Emerging Frontiers in Smart Environment and Healthcare – A Vision

Ubiquitous Computing Capabilities and User-System Interaction Readiness: An Activity Perspective

Making Open Data more Personal Through a Social Value Perspective: a Methodological Approach

Benchmarking Methodology for Information Security Policy (BMISP): Artifact Development and Evaluation

Premium Partner