Information privacy

About: Information privacy is a research topic. Over the lifetime, 25412 publications have been published within this topic receiving 579611 citations. The topic is also known as: data privacy & data protection.

L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing

Abstract: With the advent of cloud computing, individuals and organizations have become interested in moving their databases from local to remote cloud servers However, data owners and cloud service providers are not in the same trusted domain in practice For the protection of data privacy, sensitive data usually have to be encrypted before outsourcing, which makes effective database utilization a very challenging task To address this challenge, in this paper, we propose L-EncDB, a novel lightweight encryption mechanism for database, which (i) keeps the database structure and (ii) supports efficient SQL-based queries To achieve this goal, a new format-preserving encryption (FPE) scheme is constructed in this paper, which can be used to encrypt all types of character strings stored in database Extensive analysis demonstrates that the proposed L-EncDB scheme is highly efficient and provably secure under existing security model

Inference Controls for Statistical Databases

Abstract: The goal of statistical databases is to provide frequencies, averages, and other statistics about groups of persons (or organizations), while protecting the privacy of the individuals represented in the database. This objective is difficult to achieve, since seemingly innocuous statistics contain small vestiges of the data used to compute them. By correlating enough statistics, sensitive data about an individual can be inferred. As a simple example, suppose there is only one female professor in an electrical engineering department. If statistics are released for the total salary of all professors in the department and the total salary of all male professors, the female professor's salary is easily obtained by subtraction. The problem of protecting against such indirect disclosures of sensitive data is called the inference problem. Over the last several decades, census agencies have developed many techniques for controlling inferences in population surveys. These techniques are applied before data are released so that the distributed data are free from disclosure problems. The data are typically released either in the form of microstatistics, which are files of \"sanitized\" records, or in the form of macrostatistics, which are tables of counts, sums, and higher order statistics. Starting with a study by Hoffman and Miller,' computer scientists began to look at the inference problem in on-line, general-purpose database systems allowing both statistical and nonstatistical access. A hospital database, for example, can give doctors direct access to a patient's medical records, while hospital administrators are permitted access only to statistical summaries of the records. Up until the late 1970's, most studies of the inference problem in these systems led to negative results; every conceivable control seemed to be easy to circumvent, to severely restrict the free flow of information, or to be intractable to implement. Recently, the results have become more positive, since we are now discovering controls that can potentially keep security and information loss at acceptable levels for a reasonable cost. This article surveys some of the controls that have been studied, comparing them with respect to their security, information loss, and cost. The controls are divided into two categories: those that place restrictions on the set of allowable queries and those that add \"noise\" to the data or to the released statistics. The controls are described and further classified within the context of a lattice model.

Online information disclosure: Motivators and measurements

Abstract: To increase their revenue from electronic commerce, more and more Internet businesses are soliciting personal information from consumers in order to target products and services at the right consumers. But when deciding whether to disclose their personal information to Internet businesses, consumers may weigh the concerns of giving up information privacy against the benefits of information disclosure. This article examines how Internet businesses can motivate consumers to disclose their personal information. Based on a synthesis of the literature, the article identifies seven types of extrinsic or intrinsic benefits that Internet businesses can provide when soliciting personal information from consumers. Through comprehensive conceptual and empirical validation processes, the article develops an instrument that allows Internet businesses to gauge the preference of consumers for the various types of benefits. By testing a set of nomological networks, some ideas are presented to Internet businesses about what types of benefits may be more effective given the personality traits of particular consumer populations. Besides providing a foundation for efforts aimed at developing theories on information, privacy and information disclosure, the results of this research provide useful suggestions to Internet businesses on how best to solicit personal information from consumers. Implications for research and practical application are discussed.

Privacy, property rights and efficiency: The economics of privacy as secrecy

Abstract: There is a long history of governmental efforts to protect personal privacy and strong debates about the merits of such policies. A central element of privacy is the ability to control the dissemination of personally identifiable data to private parties. Posner, Stigler, and others have argued that privacy comes at the expense of allocative efficiency. Others have argued that privacy issues are readily resolved by proper allocation of property rights to control information. Our principal findings challenge both views. We find: (a) privacy can be efficient even when there is no “taste” for privacy per se, and (b) to be effective, a privacy policy may need to ban information transmission or use rather than simply assign individuals control rights to their personally identifiable data.