Abstract
Privacy of PII(Personally Identifiable Information) on the Internet is a major concern of a netizen. On the Internet different service providers are supposed to publish their own privacy policies but understanding of these policies is a major problem. Standards like Platform for Privacy Preferences(P3P), provide a computer readable format and a protocol for allowing web browsers to retrieve and process privacy policies. In this paper we studied the various privacy mechanisms in place and compared them on the basis of their architecture and third party intervention. We also proposed an alternative privacy mechanism that introduces the concept of a third party whose role is to verify the privacy policy and keep a proactive check on the use of specified PII’s. In case of a violation the third party, informs the users of the breach. The implementation of the proactive check on the PII has been done through software agents. The requirement of granting legal status to transactions of the PII by the use of Digital Signatures and PKI has also been proposed,thereby legally binding the web entity to use the PII as per the agreed terms.
Chapter PDF
Similar content being viewed by others
Keywords
References
Awad, N.F., Krishnan, M.S.: The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to be Profiled Online for Personalization. MIS Quarterly 1(30), 13–28 (2006)
Federal Trade Commission. Privacy online: A report to congress, http://www.ftc.gov/reports/privacy3/.1998
Privacy Leadership Initiative. Privacy Notices Research Final Results. Conducted by Harris Interactive (December 2001), http://www.ftc.gov/bcp/workshops/glb/supporting/harris%20
Antón, A.I., Earp, J.B., Bolchini, D., He, Q., Jensen, C., Stufflebeam, W.: The Lack of Clarity in Financial Privacy Policies and the Need for Standardization. IEEE Security & Privacy (2004), ieeexplore.ieee.org
W3C: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (2002)
Cranor, L.F., Arjula, M., Guduru, P.: Use of a P3P User Agent by Early Adopters Workshop on Privacy In The Electronic Society. In: Proceedings of the 2002 ACM workshop on Privacy (2002)
Web privacy with P3P LF Cranor (2002) ISBN 81-7366-521-4
An Assessment of P3P and Internet Privacy, EPIC (Electronic Privacy Information Center) (June 2000)
Cranor, L.F., Egelman, S., Sheng, S., McDonald, A.M., Chowdhury, A.: P3P deployment on websites. In: Electronic Commerce Research and Applications. Elsevier, Amsterdam (2008)
Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
(EPAL1.1) Specification. IBM Research Report, http://www.zurich.ibm.com/security/enterprise-privacy/epal
EPAL to P3P converter, http://sourceforge.net/projects/policyconverter
Sharma, V.: Information Technology Law and Practice Law of emerging Technology. Cyber Law and E-commerce (2007) ISBN-978-81-7534-619-2
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Singh, G., Singh, S. (2009). A Comparative Study of Privacy Mechanisms and a Novel Privacy Mechanism [Short Paper]. In: Qing, S., Mitchell, C.J., Wang, G. (eds) Information and Communications Security. ICICS 2009. Lecture Notes in Computer Science, vol 5927. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11145-7_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-11145-7_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11144-0
Online ISBN: 978-3-642-11145-7
eBook Packages: Computer ScienceComputer Science (R0)