• News
• People
• Research
• The Norwegian Biometrics Laboratory
• Forensic Laboratory
• Publications
• Teaching
• Resources
• Partners
• Jobs
• Contact
• History

PhD Grant - Privacy Risk Analysis

According to Westin, privacy can be interpreted as

the claim of individuals...to determine for themselves when, how and to what extent information about them is communicated to others.

Privacy is under pressure from both commercial and government organizations. E.g. it might be of interest to taxation authorities to have access to electronic traces made by tax subjects in order to verify consistency between income returns and travel patterns.

In the commercial sector, consumer behaviour and preferences represent valuable information assets. On the other hand, most individuals desire to have some form of privacy. From a political perspective, one needs to find an appropriate balance between the requirements of these parties.

The significance of privacy has been documented through several privacy related incidents and the funding of many privacy research projects (e.g. PRIME, PISA, EUROSOCAP, PRIVIREAL, RAPID). Often, the need of risk analysis is motivated by a concern for undesirable and unpredictable events giving rise to potentially large losses. In a privacy context, there are risks both to the individual and the society as a whole. Examples include smear campaigns targeting individuals and loss of trust in e.g. the health services.

In risk analysis, a ‘risk value’ is typically obtained from an estimate of the product of likelihood and potential loss. However, it is not at all obvious how this likelihood can be reliably estimated. For example, it does not seem reasonable to model an intelligent threat actor as a simple stochastic process. In many cases, the attack agent will be a composite entity comprising both technology, people, future legislation and other aspects of the environment. Similarly, the individual being the target of the potential perceived privacy violations may adjust his actions and judgements depending on how he judges the various threats. Consequently, actual privacy related decisions and actions by both attacker and target may depend both on deductions and available information.

The objective of this research is to better understand risks to privacy both from attacker and target perspectives. In particular, the intention is to investigate the dynamic nature of privacy risks through the application of game theory.

It is expected that the project will result in one or more game theoretic models of privacy risks and contributing risk factors.

For further information, please contact Professor Einar Snekkenes, einar.snekkenes@hig.no

References

[1] A. Westin. Privacy and Freedom. Atheneum, New York, 1967.

[2] Fudenberg, Drew & Tirole, Jean. Game theory, MIT Press. 1991

[3] Landoll, D. J. The Security Risk Assessment Handbook. CRC. 2005.

[4] Kjell Hausken (2002), "Probabilistic Risk Analysis and Game Theory", Risk Analysis, Vol.22, No. 1.

[5] Hong, J. I. et. al.. Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In Proceedings of the 5th Conference on Designing interactive Systems: Processes, Practices, Methods, and Techniques (Cambridge, MA, USA, August 01 - 04, 2004). DIS '04. ACM, New York, NY, 91-100.

[6] Iachello, G. and Abowd, G. D. From privacy methods to a privacy toolbox: Evaluation shows that heuristics are complementary. ACM Trans. Comput.-Hum. Interact. 15, 2 (Jul. 2008), 1-30.

© Gjøvik University College,
PO Box 191, Teknologivn. 22, N-2802 Gjøvik, Phone. (+47) 61135100, Fax (+47) 61135170, E-mail: postmottak@hig.no