Designing privacy into systems at the beginning of the development process necessitates the effective translation of privacy principles, models, and mechanisms into system requirements.
Terms and Conditions of Use provides, in part, that unless you have obtained prior permission, you may not download an entire issue of a journal or multiple copies of articles, and you may use content in the JSTOR archive only for your personal, non-commercial use. Each copy of any part of a JSTOR transmission must contain the same copyright notice that… (More)
"Privacy by design" (PbD) represents a distinct philosophical movement and a shift away from the dominant legal-oriented approach to privacy and toward an approach that is more proactive, technical, and embedded. However, it suffers from the general absence of organized systematic techniques for carrying it out. In part, this gap reflects a failure to… (More)
Cyber security and threat information sharing efforts involve a variety of groups of practicioners and stakeholders. This paper presents a methodology for analyzing information sharing efforts, to determine whether and how well the efforts will succeed. An effort to share information between two groups is represented by a directed graph. Each edge is… (More)
Anonymization — the process of removing or otherwise transforming information so as to reduce the ability to associate it with an identifiable individual — has been much criticized of late, yet interest in it remains high in many quarters. Potential use cases, including those found in the homeland security domain, vary much more widely than… (More)
To date, top-down efforts to evolve and structure privacy engineering knowledge have tended to reflect common systems engineering/development life cycle activities. A different approach suggests a particular need for technical analytical methods. To help address this need, this paper proposes to adapt for privacy engineering an existing technique,… (More)
—Privacy risk analysis of complex socio-technical systems suffers from an inadequate risk model that focuses primarily on some form of Fair Information Practice Principles (FIPPs). Anonymization as a privacy risk control suffers from an emphasis on risk of failure, neglecting the circumstances surrounding its selection as a risk control in the first place.… (More)