Browse Prior Art Database

Description, Enforcement and Presentation of Privacy Policies based on Contextual Integrity

IP.com Disclosure Number: IPCOM000126489D
Original Publication Date: 2005-Jul-21
Included in the Prior Art Database: 2005-Jul-21
Document File: 8 page(s) / 216K

Publishing Venue

IBM

Abstract

One of the difficulties of privacy debates is the word privacy itself, which is too broad and does not lead directly to any tangible understanding of what "privacy" really encompasses and what reasonable expectations of privacy are. In ICT applications, privacy is therefore confined to data protection. Data protection focuses on limiting the access, use and diffusion of data. While "privacy" is too broad and leads to confusion, the term "data protection" is too narrow and it doesn't consider concerns that are naturally understood as privacy issues like privacy in the public and representation determination that are just as vital as data protection to prevent encroachment on moral autonomy, informational inequality and informational injustice. Using the concept of contextual integrity instead of privacy helps clarify the discussion. This text illustrates that contextual integrity is not only useful when discussing privacy issues. It can also be used to enforce privacy in information systems and computer programs. To this end, a simple formalism is introduced on which the meaning of contextual integrity is bestowed. Using this formalism has a number of advantages that are presented in section 4 and are difficult to achieve using other existing formalisms based on other conceptualizations of privacy.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 16% of the total text.

Page 1 of 8

Description, Enforcement and Presentation of Privacy Policies based on Contextual Integrity

1 Introduction

The need for specifying and verifying privacy policies for programs has long been recognized. Existing approaches frame privacy as an access control issue and propose dynamic check-and-access style methods to enforce this access control. They are not based on a clear conception of privacy and are either too broad (i.e., they choose abstractions not specific to privacy) or too narrow (i.e., they cannot appropriately model frequent privacy problems on an enterprise level). What is more, the level of privacy enforcement these methods employ is too coarse and unrelated to the actual business process.

  Applied ethicists and legal philosophers have come up with the concept of contextual integrity [ 14 , 24 , 26 ] to describe situations in which privacy is at stake and to delineate privacy violations from the legitimate use of personal data. This document describes how the concept of contextual integrity can be used to encode privacy policies, to explain policies described that way to the user and how they can be used for automatic privacy enforcement in computer systems, e.g., enterprise privacy enforcement. More specifically, it presents a model and a formalism for privacy specifications (called contextual privacy policies), an idea for a programming construct/annotation for enforcing such policies in programs. It also outlines how user interfaces (e.g., in web applications) could be enhanced and interactively explain to the user what can happen to his data based on contextual privacy policies.

2 Background

Corporations collect large amounts of data from their customers and store them for various puproses such as CRM, data mining, etc. [ 11 ] With the widespread adoption of electronic transactions and mobile devices, the amount and variety of data is getting uncontrollable. At the same time, technology changes the perception and problems of privacy itself [ 18 , 10 , 27 , 12 , 13 , 11 ]. It is a legal requirement that corporations disclose and enforce the usage of this data which is sometimes - but by no means always - referential or personally identifiable information (PII). Privacy policies are often conceived ex-post and it is difficult and potentially expensive to check existing business processes for conformance once the necessity to impose fine-grained privacy checks has become clear. It is more important to reassure the end user giving away precious private information and creating valuable business. He or she has to be kept fully aware what can happen to his or her data.

2.1 Contributions

These problems can be solved within the framework of contextual integrity presented here in a light-weight, intuitive and non-obtrusive manner. The contributions of this document are thus:

ยท To recognize that contextual integrity is suitable for the codification, description and enforcement of privacy in a way that makes privacy policies...