Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Secure eWorking Environments

Can We Productise Secure eWorking Environments?

Rough Draft of 17 July 2016
(plus Resources to 30 Jul 2016, and slide-set to 3 Aug 2016)

Workshop for 11th IFIP Summer School on Privacy and Identity Management
21-26 August 2016, Karlstad, Sweden

Roger Clarke **

© Xamax Consultancy Pty Ltd, 2016

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at http://www.rogerclarke.com/DV/SeWE16.html

The slide-set is at http://www.rogerclarke.com/DV/SeWE16.pdf


Abstract

Consumer computing devices are insecure by design, and, to use the words of Web founder Tim Berners-Lee (TBL), the Internet has been subverted into the 'world's largest surveillance network'. TBL and other Internet pioneers, such as Brewster Kahle (famous for the Internet Archive) and Vint Cerf (famous for TCP/IP), are promoting the 're-decentralisation of the Web', in order to deny both governments and dominant corporations the population control that they crave. The Internet Architecture Board (IAB) and Internet Engineering Task Force (IETF) have raised expectations about security within Internet protocols (e.g. through RFCs 6973 and 7624).

At the consumer level, computer scientists produce Privacy Enhancing Technologies (PETs), but the use of PETs is very limited, even by the people who need them most. So a yawning gap exists between the need and the reality. In order to bridge this chasm, IT facilities must be re-conceived, with security and privacy inherent in devices, software, protocols and interfaces. What are the key characteristics of an IT ecology that is secure (as well as effective, efficient and adaptable), and what has to be done to overcome the barriers to such an ecology emerging?


Contents


[NOTE: For each section in the body of the paper,
a systematic review of the PETS literature needs to be undertaken.]

1. Introduction

Electronic devices and networks have conrtibuted greatly to people's effectiveness and efficiency, but they have brought with them many security vulnerabilities. The purpose of this Workshop is to make progress in overcoming the gap between the large menagerie of privacy-enhancing technologies (PETs) on the one hand, and, on the other, the unfulfilled need for products and services that embody security and privacy protections. Specifically, the intention is to articulate the needs, and delineate measures needed to move from a scatter of very partial tools to one or more secure tool-sets that people actually install and use.

The format of the Workshop comprises:

The next section outlines the contemporary, insecure context. That is followed by consideration of the various aspects of the need for Secure eWorking Environments. The array of existing tools is surveyed, and deficiencies noted. This leads to suggestions for generic requirements and architectural principles. The final section discusses how comprehensive and integrated working environments can come into being.


2. The Context

We live in a world of insecure devices (Clarke & Maurushat 2007, Clarke 2011, Clarke 2013, Quinn 2014), and insecure networks (Hardy 2016). This has arisen from and been exacerbated by productisation processes that primarily serve the interests of corporations not individuals. Current examples include the replacement of general-purpose computing by limited 'appliances' whose use is controlled by the supplier, the replacement of local storage and processing by 'cloud-based' services, and the conception of 'the Internet of Things' as tools not to serve individuals but to monitor them.

Individuals are subject to threate from government agencies, from corporations and from other individuals. Parliaments grant government agencies warrantless access to data and exemptions against 'computer crimes' legislation. Once-ephemeral communications that are now processed in digital form are subjected to 'data retention' requirements. Corporations impose onerous conditions on consumers, acquire vast amounts of personal data, exploit it, and traffic in it. Individuals are subjected to location-detection, tracking, stalking, pursuit, interdiction, inference of intentions on the basis of location, and inference of associations on the basis of co-location (Clarke & Wigan 2011, Michael & Clarke 2013).

Despite attempts to achieve international harmonisation (e.g. CoE 2001), jurisdictions vary considerably in the particular forms of intrusiveness that government agencies are authorised to impose. Carrying devices across borders creates particular challenges EFF (2014).


3. The Needs

This section considers the elements of a desirable state of protection for individuals against the context of insecurity noted above.

3.1 Generic Functional Requirements

Among security professionals, a longstanding checklist of attributes of a (relatively) secure state is Confidentiality, Integrity and Availability (CIA). This list is subject to many criticisms. The following set of security features is suggested as being that necessary to provide safety for individuals, and for their family, associates and informants (after Clarke 2016b):

Another approach that can be taken is to identify features that represent the absolute minimum set of safeguards that a person or organisation needs to take. One example is EFF's 'security starter pack' (EFF 2014). Another is the 'baseline security' defined in Table 1 and Appendix 2 of Clarke (2015), complemented by lists of additional security features in Appendices 3 and 4.

In order to satisfy these generic needs, it is likely to be necessary to obfuscate and to falsify. The term 'obfuscation' encompasses means for hiding, obscuring, making vague, or aggregating with others of a similar kind into a composite; whereas 'falsification' covers various forms of active misrepesentation in order to avoid, deter or even prevent exposure to an adversary, or to mitigate the harm arising from an attack. Sometimes it is data or messages that need to be hidden or obscured. In other circumstances, the risks may involve exposure of the person's identity, or their location, or their social network (Clarke 2016a).

3.2 'Non-Functional' Requirements

In the terms used in the computing science literature, 'functional requirements' are those that deliver particular services to a system's users. Effective systems have other characteristics as well, however, and the highly inelegant term 'non-functional requirements' is conventionally applied.

Building on Clarke (2014b), the following characteristics are suggested as being critical to the adoption of Secure eWorking Environments:

3.3 Diversity

Anaysis of generic needs alone falls short of what is needed, because people's circumstances vary a great deal. One dimension of diversity is the source of threats, which may include one or more government agencies, corporations, and categories of individuals, such as criminal and business associates, political opponents, ex-friends, and estranged family-members. Another dimension is the resources and technical capabilities available to a person's adversaries.

It is also important to consider the nature of the individual's activities that are likely to be of interest to adversaries, and hence subject to attack. Distinctions that can be usefully drawn include:

It would be impossibly resource-intensive to consider the specific circumstances of each individual. A conventional approach to such problems is to conduct user segmentation. Relevant user segments include whistleblowers, human rights advocates in countries with unfriendly regimes, victims of domestic violence, protected witnesses, undercover operatives, and corporate executives working on mergers and acquisitions (GFW 2011, Clarke 2014a) .

3.4 Risk Assessment and Management Processes

Understanding is necessary of the needs of particular user segments. An appropriate and well-established technique exists to do this, variously referred to as (Threat) Risk Assessment (TRA or RA), which lays the foundation for Risk Management. This applies the language of the conventional security model in order to structure a readily-explained process, of the kind presented in Table 1.

Table 1: The Risk Assessment and Risk Management Process

From Clarke (2016b). See also EFF (2014)

Analyse

(1) Define the Objectives and Constraints

(2) Identify the relevant Stakeholders, Assets, Values and categories of Harm

(3) Analyse Threats and Vulnerabilities

(4) Identify existing Safeguards

(5) Identify and Prioritise the Residual Risks

Design

(1) Identify alternative Backup and Recovery Designs

(2) Evaluate the alternatives against the Objectives and Constraints

(3) Select a Design (or adapt / refine the alternatives to achieve an acceptable Design)

Do

(1) Plan the implementation

(2) Implement

(3) Review the implementation

The paper from which the table is sourced applies the technique to the practice of backup and recovery. An indicative risk assessment for a whistleblower is provided in Clarke (2014a).


4. Existing Tools

The insight that computer users are at risk is anything but new. Particularly since the mid-1990s, considerable activity has occurred within the discpline and profession of computer science aimed at mitigating those risks. Table 2 provides a catalogue of relevant tools (drawing on EPIC, EFF, PRISM-Break, Clarke 2014a, and other sources).

Table 2: Categories of PETs

Given that many exist, the question arises as to why users haven't adopted them to a far greater extent than they have done. A considerable number of impediments to the adoption of PETs are discussed in (Clarke 2014a). Key aspects are:


5. Architecture for Secure eWorking Environments

The previous sections have been concerned with the functionality that needs to be delivered, and the means whereby users can invoke that functionality. In order for Secure eWorking Environments to come about, however, it is necessary for collaborative development to be facilitated. This section considers architectural features that can underpin the emergence of satisfactory offerings and discusses possible test-applications.

5.1 Architectural Features

Architecture refers to the manner in which elements inter-relate. An effective architecture establishes a framework within which existing tools can be applied, and new tools can be envisaged, developed and integrated.

The following are suggested as key features of such an architecture (Clarke 1990, 2014):

5.2 Test Applications

In order to perform even a simplistic evaluation of the ideas being proposed, a test needs to be devised which is small enough to be workable, but complex enough to provide insights into the process and its practicability.

One useful test is to recognise the web-browser as being an important element in every eWorking Environment, because it supports not only display of content, and search for content, but also communications and transactions. To what extent is consumer-friendly browser-choice and -configuration feasible? An outline for such a project is in Clarke (2013). Mainstream browsers such as IE, Firefox and Chrome are highly insecure and/or privacy-invasive, but alternatives exist, and can be evaluated and/or enhanced to address the needs identified above.

Another test is to consider whether social media services can be implemented in a consumer-friendly manner. (Clarke 2014c) examined that question, identified key features that appropriate services need to contain, and evaluated the prospects of such services emerging.


6. Implementation Considerations

This section is concerned with how Secure eWorking Environments can come into being. This is a question of economic incentives and political processes.

6.1 Supply-Side

Alternative business models were considered in Clarke (2014c), and alternative approaches to addressing market failure were identified in Clarke (2015).

It is possible that enough businesses may perceive the scope for profit or enhanced market share through the development of such products. There has been only limited success in this area to date, but increased awareness of the need among consumers and citizens may herald a change.

6.2 Demand Side

Given suitable products, what needs to be done to attract individuals in the relevant target-markets to adopt them?

The following elements of strategy are suggested:


7. Conclusions

'Are we there yet?'. Clearly we are not. This Workshop involves consideration of the reasons why PETs remain merely promising and have not delivered sufficient value, and what can be done to generate momentum towards Secure eWorking Environments that have more comprehensive functionality, are internally cohesive, integrate adequately with users' devices and software, and are understandable and usable.


References

BestVPN (2014) 'The Ultimate Privacy Guide' BestVPN, 2014, at https://www.bestvpn.com/the-ultimate-privacy-guide/

Carlo S. & Kamphuis A. (2012) 'Information Security for Journalists' The Centre for Investigate Journalism, 2012, at http://www.tcij.org/resources/handbooks/infosec

Clarke R. (1990) 'Open Applications Architecture: A User-Oriented Reference Model for Standardization of the Application Platform' Computer Standards & Interfaces 11 (1990) 15-27, PrePrint at http://www.rogerclarke.com/SOS/OAA-1990.html

Clarke R. (2001a) 'Introducing PITs and PETs: Technologies Affecting Privacy' Privacy Law & Policy Reporter 7, 9 (March 2001), PrePrint at http://www.rogerclarke.com/DV/PITsPETs.html

Clarke R. (2008) 'Dissidentity' Identity in the Information Society 1, 1 (December, 2008) 221-228, at http://www.rogerclarke.com/DV/Dissidentity.html

Clarke R. (2011) 'The Cloudy Future of Consumer Computing' Proc. 24th Bled eConference, June 2011, PrePrint at http://www.rogerclarke.com/EC/CCC.html

Clarke R. (2013) 'A Relatively-Secure, Privacy-Friendly Browser' Specification for a Student Project, Xamax Consultancy Pty Ltd, January 2013, at https://cs.anu.edu.au/research/student-research-projects/relatively-secure-privacy-friendly-browser

Clarke R. (2014a) 'Key Factors in the Limited Adoption of End-User PETs' Xamax Consultancy Pty Ltd, April 2014, at http://www.rogerclarke.com/DV/UPETs-1405.html#PU

Clarke R. (2014b) 'How to Promote PET Usage' Notes for a Panel, The Politics of Surveillance Workshop, University of Ottawa, May 2014, at http://www.rogerclarke.com/DV/PETPromo-1405.html

Clarke R. (2014c) 'The Prospects for Consumer-Oriented Social Media' Proc. Bled eConf., June 2014, PrePrint at http://www.rogerclarke.com/II/COSM-1402.html

Clarke R. (2015) 'The Prospects of Easier Security for SMEs and Consumers ' Computer Law & Security Review 31, 4 (August 2015) 538-552, PrePrint at http://www.rogerclarke.com/EC/SSACS.html
incl. minimum set: http://www.rogerclarke.com/EC/SSACS.html#Tab1
and baseline: http://www.rogerclarke.com/EC/SSACS.html#App2

Clarke R. (2016a) 'A Framework for Analysing Technology's Negative and Positive Impacts on Freedom and Privacy' Datenschutz und Datensicherheit 40, 1 (January 2016) 79-83, PrePrint at http://www.rogerclarke.com/DV/Biel15-DuD.html

Clarke R. (2016b) 'Practicable Backup Arrangements for Small Organisations and Individuals' Xamax Consultancy Pty Ltd, March 2016, at http://www.rogerclarke.com/EC/PBAR.html

Clarke R. & Maurushat A. (2007) 'The Feasibility of Consumer Device Security' J. of Law, Information and Science 18 (2007), PrePrint at http://www.rogerclarke.com/II/ConsDevSecy.html

Clarke R. & Wigan M.R. (2011) 'You Are Where You've Been: The Privacy Implications of Location and Tracking Technologies' Journal of Location Based Services 5, 3-4 (December 2011) 138-155, at http://www.rogerclarke.com/DV/YAWYB-CWP.html

CoE (2001) 'Convention on Cybercrime' Council of Europe, 2001, at https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185

CPJ (2012) 'Journalist Security Guide' Committee to Protect Journalists, April 2012, at https://cpj.org/reports/2012/04/technology-security.php

EFF (2014) 'Surveillance Self-Defense' Electronic Frontier Foundation, October 2014, at https://ssd.eff.org/en/

EFF (2014) 'Human rights defender? Recipes for organizations who need to keep safe from government eavesdroppers' Electronic Frontier Foundation', November 2014, at https://ssd.eff.org/en/playlist/human-rights-defender

GFW (2011) 'Who is harmed by a "Real Names" policy?' Geek Feminism Wiki, undated, apparently of 2011, at http://geekfeminism.wikia.com/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F

Goldberg I. (2007) 'Privacy Enhancing Technologies for the Internet III: Ten Years Later' Chapter 1 of Acquisti A. et al. (eds.) 'Digital Privacy: Theory, Technologies, and Practices' Auerbach, 2007, at https://cs.uwaterloo.ca/~iang/pubs/pet3.pdf

Hardy Q. (2016) 'The Web's Creator Looks to Reinvent It' The New York Times, 7 June 2016, at http://www.nytimes.com/2016/06/08/technology/the-webs-creator-looks-to-reinvent-it.html

Kissell J. (2014) 'Take Control of Your Online Privacy' AgileBits, March 2014, at http://email.agilebits.com/t/r-l-ckltdlt-kjiuxtlh-t/

Michael K. & Clarke R. (2013) 'Location and Tracking of Mobile Devices: Überveillance Stalks the Streets' Computer Law & Security Review 29, 3 (June 2013) 216-228, PrePrint at http://www.rogerclarke.com/DV/LTMD.html

Norton Q. (2014) 'Everything is Broken' The Message, 20 May 2014, at https://medium.com/message/everything-is-broken-81e5f33a24e1


Resources

Anderson R. (2001) 'Why Information Security is Hard - An Economic Perspective' Proc. ASAC, 2001, at http://www.academia.edu/download/26008094/10.1.1.28.4054.pdf

Anderson R. (2008) 'Security Engineering' John Wiley & Sons, 2nd ed., 2008

Anderson R. & Moore T. (2006) 'The economics of information security' Science 314 (October 2006) 610-613, at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.477.2090&rep=rep1&type=pdf

EFF Surveillance Self-Defense, November 2014, at https://ssd.eff.org/en/index

EPIC Online Guide to Practical Privacy Tools, Electronic Privacy Information Center, Washington DC, various versions since 1997, at http://www.epic.org/privacy/tools.html

Jaferian P., Botta D., Hawkey K. & Beznosov K. (2008) 'Design guidelines for IT security management tools' Proc. SOUPS Workshop, 2008, at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.223.185&rep=rep1&type=pdf

Privacy Enhancing Technologies (PETs) Symposium, http://petsymposium.org/

Symposium On Usable Privacy and Security (SOUPS), http://cups.cs.cmu.edu/soups/

Privacy in Software Agents (PISA, 2000-02), http://www.cbpweb.nl/downloads_artikelen/art_jbo_2001_pisa.pdf
http://link.springer.com/chapter/10.1007/3-540-44702-4_8

Privacy and Identity Management for Europe (PRIME, 2006-08)
https://www.prime-project.eu/

PrimeLife (2009-11)
http://primelife.ercim.eu/

Primelife (2009) 'Requirements and concepts for privacy-enhancing access control in social networks and collaborative workspaces' Privacy and Identity Management in Europe for Life, July 2009, at http://primelife.ercim.eu/images/stories/deliverables/h1.2.5-requirements_selective_access_control-public.pdf

Primelife (2009) 'Requirements and concepts for identity management throughout life' Privacy and Identity Management in Europe for Life, November 2009, at http://primelife.ercim.eu/images/stories/deliverables/h1.3.5-requirements_and_concepts_for_idm_throughout_life-public.pdf

PRISM-Break (2014) 'Opt out of global data surveillance programs', PRISM-Break, 2014, at http://prism-break.org/en/protocols/

APF (2013) 'Protect Yourself Against Data Retention' Media Release,
Australian Privacy Foundation, 13 October 2015, at
http://www.privacy.org.au/Media/MR-StaySmart-151013.html


Resources on PET Adoption, Impediments and Architecture

Those references are listed below, in order of date of publication, that were identified using Google Scholar searches on:
<PETs privacy {architecture, integrated, comprehensive, requirements, specifications, productisation/z, market segments, threat models, whistleblower, domestic violence, undercover operative, protected witness, design, innovation, adoption, impediments}>
The searches were conducted on 30 Jul 2016, and were in most cases limited to the first 100 hits.

(For resources on PET usability factors, see http://www.rogerclarke.com/DV/UPETs-1405.html#PU).

Further searches were performed in the corpus of PETWorkshops and PETSymposia 2006-2014 and 2015-16. This found 3 more papers, bringing the total in that venue to a startlingly small 5. A possible reason for this can be found in the current Call for Papers for the 17th event in 2017, which presumably reflects Calls across the last two decades. This includes "Building and deploying privacy-enhancing systems" and "Human factors, usability and user-centered design for PETs", and in the text, "design, analysis, experimentation, or fielding of privacy-enhancing technologies". But the notion of architecture for PETs is nowhere to be seen. And neither are innovation (as distinct from invention), articulation, integration with other PETs, integration with systems software and applications software, relevance to people, feedforward into practice, adoption, impediments to adoption, and measures to overcome impediments to adoption.


IPCR (1995) 'Privacy-Enhancing Technologies: The Path to Anonymity' Information and Privacy Commissioner (Ontario, Canada) and Registratiekamer (The Netherlands), 2 vols., August 1995, Vol. II at http://www.ipc.on.ca/images/Resources/anoni-v2.pdf

Goldberg I., Wagner D. & Brewer E. (1997) 'Privacy-enhancing Technologies for the Internet' Proc. 42nd IEEE Spring COMPCON, February 1997, at http://www.dtic.mil/dtic/tr/fulltext/u2/a391508.pdf

Burkert H. (1997) 'Privacy-Enhancing Technologies: Typology, Critique, Vision' in Agre P.E. & Rotenberg M. (eds.) 'Privacy: The New Landscape' MIT Press, 1997

Goldberg I. (2002) 'Privacy-enhancing technologies for the Internet, II: Five years later', Proc. Workshop on Privacy Enhancing Technologies 2002, Lecture Notes in Computer Science 2482, Spinger-Verlag, 2002, pp. 1-12, at http://web.cs.dal.ca/~abrodsky/7301/readings/Go02.pdf

G.W. van Blarkom G.W., Borking J.J. & Olk J.G.E. (eds.) (2003) 'Handbook of Privacy and Privacy-Enhancing Technologies - The case of Intelligent Software Agents ' College bescherming persoonsgegevens, The Hague, 2003, at http://www.andrewpatrick.ca/pisa/handbook/Handbook_Privacy_and_PET_final.pdf

Toth G. (2003) 'General-purpose Secure Anonymity Architecture' Siemens, 2003, at http://www.mit.bme.hu/~tgm/phd/palyazatok/2003/siemens_dokt/siemens-2003-eng-final.pdf

Olivier M.S. (2003) 'A layered architecture for privacy-enhancing technologies' South African Computer Journal 31 (2003) 53-61, at http://mo.co.za/open/privarch2.pdf

Hansen M., Berlich P., Camenisch J., Clauß S., Pfitzmann A. & Waidner M. (2004) 'Privacy-enhancing identity management' Information Security Technical Report 9, 1 (January-March 2004) 35-44

Clarke R. (2004) 'Identity Management: The Technologies, Their Business Value, Their Problems, Their Prospects' Xamax Consultancy Pty Ltd, March 2004, at http://www.rogerclarke.com/EC/IdMngt-Public.pdf

Hong J.I. & Landay J.A. (2004) 'An Architecture for Privacy-Sensitive Ubiquitous Computing' Proc. Second Int'l Conf. Mobile Systems, Applications, and Services, pp. 177-189, June 2004, at https://www.cs.cmu.edu/~jasonh/publications/mobisys2004-confab-final.pdf

Mont M.C. & Thyne R. (2006) 'A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises' Proc. Pet Workshop. 2006, at https://www.petsymposium.org/2006/preproc/preproc_07.pdf

Goldberg I. (2007) 'Privacy Enhancing Technologies for the Internet III: Ten Years Later' Chapter 1 of Acquisti A. et al. (eds.) 'Digital Privacy: Theory, Technologies, and Practices' Auerbach, 2007, at https://cs.uwaterloo.ca/~iang/pubs/pet3.pdf

Fritsch L. (2007) 'State of the art of Privacy-enhancing Technology (PET)' Report no 1013 , Norsk Regnesentrall, November 2007, at http://publications.nr.no/directdownload/publications.nr.no/4589/Fritsch_-_State_of_the_Art_of_Privacy-enhancing_Technology.pdf

Kosta E., Dumortier J., Ribbers P., Fairchild A., Tseng J., Liesbach K., Franz R., Leenes R., Hoogwout M., Priem B., Kölsch T., Zibuschka J., Kramer G. & Schumacher G. (2008) 'Requirements for Privacy Enhancing Tools' PRIME Project Report, March 2008, at https://www.prime-project.eu/prime_products/reports/reqs/pub_del_D1.1.d_final.pdf, esp. pp. 105-120

Spiekermann S. & Cranor L.F. (2009) 'Engineering Privacy' IEEE Trans. on Software Engineering 35, 1 (Jan-Feb 2009) 67-82, at http://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID1330103_code421272.pdf?abstractid=1085333&mirid=1

Mowbray M. & Pearson S. (2009) 'A Client-Based Privacy Manager for Cloud Computing' Proc. Fourth Int'l ICST Conf. Communication System Software and Middleware, 2009, pp. 1-8, at http://www.academia.edu/download/38692503/a_client-based_privacy_manager_for_cloud_computing.pdf

Cutillo L.A., Molva R. & Strufe T. (2009) 'Privacy Preserving Social Networking Through Decentralization' Proc. WONS, 2009, at http://www.academia.edu/download/33461165/Privacy_Preserving_Social_Networking_Through_Decentralization.pdf

Wilton R. (2009) 'What's happened to PETs?' Information Security Technical Report 14, 2009, 146-153, at http://library.uncw.edu/uploads/pdfs/4.pdf

Roßnagel H., Zibuschka J., Pimenides L. & Deselaers T. (2009) 'Facilitating the adoption of Tor by focusing on a promising target group' Proc. Nordic Conf. on ..., 2009, at https://www.researchgate.net/profile/Thomas_Deselaers/publication/221426436_Facilitating_the_Adoption_of_Tor_by_Focusing_on_a_Promising_Target_Group/links/0c96051c8841650293000000.pdf

Shokri R., Freudiger J. & Hubaux J.-P. (2010) 'A Unified Framework for Location Privacy," in Proceedings of the 9th International Symposium on Privacy Enhancing Technologies, 2010, pp. 203-214 , at http://orca.cf.ac.uk/37912/1/Quantifying_Location_Privacy.pdf

Hafiz M. (2010) 'A Pattern Language for Developing Privacy Enhancing Technologies' Softw. Pract. Exper. 2010; 00:1-18 , at http://munawarhafiz.com/research/patterns/H12-PrivacyPatterns.pdf

Wang Y. (2010) 'A Framework for Privacy-Enhanced Personalization' PhD Dissertation, University of California at Irvine, 2010, at http://www.ics.uci.edu/~kobsa/phds/wang.pdf

Fischer-Hübner S., Hoofnagle C., Krontiris I., Rannenberg K. & Waidner M. (2011) 'Online Privacy: Towards Informational Self-Determination on the Internet' Manifesto from Dagstuhl Perspectives Workshop, February 2011, at http://drops.dagstuhl.de/opus/volltexte/2011/3205/pdf/dagman_v001_i001_p001_11061.pdf

PrimeLife (2011) 'Towards Usable Privacy Enhancing Technologies: Lessons Learned from the PrimeLife Project' Privacy and Identity Management in Europe for Life, June 2011, at http://primelife.ercim.eu/images/stories/deliverables/d4.1.6-towards_usable_pets-public.pdf

Borking J. (2011) 'Why Adopting Privacy Enhancing Technologies (PETs) Takes So Much Time' in S. Gutwirth, Y. Poullet, P. Hert, R. Leenes (Eds.), Proc. Comput. Priv. Data Prot., CPD, Springer-Verlag, 2011, pp. 309-341, at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.193.9657&rep=rep1&type=pdf

Shen Y. & Pearson S. (2011) 'Privacy enhancing technologies: a review' HP Laboratories, 2011, at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.377.2136&rep=rep1&type=pdf

Deng M., Wuyts L., Scandariato R., Preneel B. & Joosen W. (2011) 'A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements' Requirements Engineering Journal 16, 1 (2011) 3-32, at https://securewww.esat.kuleuven.be/cosic/publications/article-1412.pdf

ISO/IEC 29100 (2011) 'Information technology -- Security techniques -- Privacy framework' ISO/IEC, December 2011, at http://standards.iso.org/ittf/PubliclyAvailableStandards/c045123_ISO_IEC_29100_2011.zip

Xu H., Crossler R.E. & Bélanger F. (2012) 'A Value-Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers' Decision Support Systems 54 (2012) 424-433, at https://faculty.ist.psu.edu/xu/papers/Xu_etal_DSS_2012.pdf

Vemou k. & Karyda M. (2013) 'A Classification of Factors Influencing Low Adoption of PETs Among SNS Users' Proc.Conf. Trust, Privacy and Security in Digital Business, 2013, at http://www.academia.edu/download/40781617/factors_influencing_PETs_adoption_SNS_draft.docx

Hoepman J.-H. (2014) 'Privacy Design Strategies' Proc. IFIP International Information Security Conference, 2014, at http://arxiv.org/pdf/1210.6621
Hoepman identifies 8 privacy strategies:
Minimise, Hide, Separate, Aggregate, Inform, Control, Enforce, Demonstrate

Kung A. (2014) 'PEARs: privacy enhancing architectures' 2nd Annual Privacy Forum, Ch. 3, pp. 18-29 , Springer, 2014

Antignac T. & Le Métayer D. (2014) 'Privacy by Design: From Technologies to Architectures' 2nd Annual Privacy Forum, Springer, 2014, at http://arxiv.org/pdf/1410.0030

Martin Y.S., del Alamo J.M. & Yelmo J.C. (2014) 'Engineering Privacy Requirements: Valuable Lessons from Another Realm' Proc. Conf. Evolving Security and Privacy Requirements Engineering, 2014, pp. 19-24, at http://oa.upm.es/36594/1/INVE_MEM_2014_194255.pdf

Danezis G., Domingo-Ferrer J., Hansen M., Hoepman J.-H., Le Métayer D., Tirtea R. & Schiffner S. (2014) 'Privacy and Data Protection by Design - from policy to engineering' ENISA, December 2014 , at http://arxiv.org/pdf/1501.03726

Bodo B. (2014) 'Hacktivism 1-2-3: how privacy enhancing technologies change the face of anonymous hacktivism' Internet Policy Review 3, 4 (November 2014) 1-13, at http://dare.uva.nl/document/2/155992

Rannenberg K. (2015) 'Privacy Protection' Lecture Slide-Set, Goethe-University Frankfurt a. M. , 2015, at http://m-chair.eu/images/documents/lectures/2014WS/InKo/8-Privacy_Protection.pdf

Funke S., Daubert J., Wiesmaier A., Kikiras P. & Mühlhäuser M. (2015) 'End-2-End privacy architecture for IoT' Proc. IEEE Conf. on Communications and Network Security, Florence, September 2015

Hansen M., Hoepman J.-H. & Jensen M. (2015) 'Towards Measuring Maturity of Privacy-Enhancing Technologies' Annual Privacy Forum 2015, Luxembourg, October 2015, at http://2015.privacyforum.eu/programme/presentation-jensen/download/en/1/Jensen%20Technology%20Readiness.pdf

D' Acquisto G., Domingo-Ferrer J., Kikiras P., Torra V., de Montjoye Y.-A. & Bourka A. (2015) 'Privacy by design in big data' ENISA, December 2015, at http://arxiv.org/pdf/1512.06000

Pu Y. & Grossklags J. (2016) 'Towards a Model on the Factors Influencing Social App Users' Valuation of Interdependent Privacy' Proceedings on Privacy Enhancing Technologies, 2016 (2) 61-81 , at http://www.degruyter.com/downloadpdf/j/popets.2015.2016.issue-2/popets-2016-0005/popets-2016-0005.xml

Bösch C., Erb B., Kargl F., Kopp H. & Pfattheicher S. (2016) 'Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns' Proceedings on Privacy Enhancing Technologies ; 2016 (4):237-254, at http://www.degruyter.com/downloadpdf/j/popets.2016.2016.issue-4/popets-2016-0038/popets-2016-0038.xml
In response to Hoepman (2014)'s 8 privacy strategies:
Minimise, Hide, Separate, Aggregate, Inform, Control, Enforce, Demonstrate
Bösch et al. propose 8 'dark strategies':
Maximise, Publish, Centralise, Preserve, Obscure, Deny, Violate, Fake


Acknowledgements

This work leverages heavily on the work of the PETs community/ies over the last two decades. The project is being conducted in collaboration with Philip Chung, Executive Director of the Australasian Legal Information Institute (AustLII) and the World Legal Information Institute (WorldLII), and of UNSW Law. A pilot run of the Workshop was run on 4 August 2016 at UNSW, and valuable contributions were made by Philip Chung and Arash Shaghaghi.


Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in Cyberspace Law & Policy at the University of N.S.W., and a Visiting Professor in the Computer Science at the Australian National University.



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 18 February 2016 - Last Amended: 6 August 2016 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/SeWE16.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy