Understanding and protecting privacy: Formal semantics and principled audit mechanisms

Author

Anupam DATTA
Jeremiah BLOCKI
Nicolas CHRISTIN
Henry DeYOUNG
Deepak GARG
Limin JIA
Dilsun KAYNAR
Arunesh SINHA, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

12-2011

Abstract

Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. Certain information handling practices of organizations that monitor individuals’ activities on the Web, data aggregation companies that compile massive databases of personal information, cell phone companies that collect and use location data about individuals, online social networks and search engines—while enabling useful services—have aroused much indignation and protest in the name of privacy. Similarly, as healthcare organizations are embracing electronic health record systems and patient portals to enable patients, employees, and business affiliates more efficient access to personal health information, there is trepidation that the privacy of patients may not be adequately protected if information handling practices are not carefully designed and enforced. Given this state of affairs, it is very important to arrive at a general understanding of (a) why certain information handling practices arouse moral indignation, what practices or policies are appropriate in a given setting, and (b) how to represent and enforce such policies using information processing systems. This article summarizes progress on a research program driven by goal (b). We describe a semantic model and logic of privacy that formalizes privacy as a right to appropriate flows of personal information—a position taken by contextual integrity, a philosphical theory of privacy for answering questions of the form identified in (a). The logic is designed with the goal of enabling specification and enforcement

Discipline

Databases and Information Systems | Information Security

Research Areas

Intelligent Systems and Optimization

Publication

Information Systems Security: ICISS 2011: Proceedings of the 7th International Conference: Kolkata, India, December 15-19

Volume

7093

First Page

1

Last Page

27

ISBN

9783642255595

Identifier

10.1007/978-3-642-25560-1_1

Publisher

Springer

City or Country

Berlin

Citation

1

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1007/978-3-642-25560-1_1