Vienna University of Economics and Business
Lorrie Faith Cranor
Carnegie Mellon University - School of Computer Science and Carnegie Institute of Technology
IEEE Transactions on Software Engineering, Vol. 35, Nr. 1, 2009
In this paper we integrate insights from diverse islands of research on electronic privacy to offer a holistic view of privacy engineering and a systematic structure for the discipline's topics. First we discuss privacy requirements grounded in both historic and contemporary perspectives on privacy. We use a two-layer model of user privacy concerns to relate them to system operations (data transfer, storage and processing) and examine their effects on user behavior. In the second part of the paper we develop guidelines for building privacy-friendly systems. We distinguish two approaches: "privacy by policy" and "privacy by architecture." The privacy by policy approach focuses on the implementation of the notice and choice principles of fair information practices (FIPs), while the privacy by architecture approach minimizes the collection of identifiable personal data and emphasizes anonymization and client-side data storage and processing. We discuss both approaches with a view to their technical overlaps and boundaries as well as to economic feasibility. The paper aims to introduce engineers and computer scientists to the privacy research domain and provide concrete guidance on how to design privacy-friendly systems.
Number of Pages in PDF File: 16
Keywords: anonymity, privacy, privacy enhancing technologies, engineering
JEL Classification: O33, O38Accepted Paper Series
Date posted: September 5, 2008 ; Last revised: January 24, 2013
© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo8 in 0.328 seconds