Abuse and harm to individuals, through harassment and bullying, coexist with Identity
Theft as criminal behaviours supported by the ready availability of personal information.
Incorporating privacy protection measures into software design requires a thorough
understanding about how an individual's privacy is affected by Internet technologies. This
research set out to incorporate such an understanding by examining privacy risks for two
groups of individuals, for whom privacy was an important issue, domestic abuse survivors
and teenagers. The purpose was to examine the reality of the privacy risks for these two
groups.
This research combined a number of approaches underpinned by a selection of foundation
theories from four separate domains: software engineering; information systems; social
science; and criminal behaviour. Semi-structured interviews, focus groups, workshops
and questionnaires gathered information from managers of refuges and outreach workers
from Women's Aid; representatives from probation and police domestic violence units; and
teenagers.
The findings from these first interactions provided specific examples of risks posed to the
two groups. These findings demonstrated that there was a need for a selection of
protection mechanisms that promoted awareness of the potential risk among vulnerable
individuals. Emerging from these findings were a set of concepts that formed the basis of
a novel taxonomy of threat framework designed to assist in risk assessment.
To demonstrate the crossover between understanding the social environment and the use
of technology, the taxonomy of threat was incorporated into a novel Vulnerability
Assessment Framework, which in turn provided a basis for an extension to standard
browser technology. A proof-of-concept prototype was implemented by creating an
Internet Explorer 7.0 browser helper object. The prototype also made use of the Semantic
Web protocols of Resource Description Framework and the Web Ontology Language for
simple data storage and reasoning. The purpose of this combination was to demonstrate
how the environment in which the individual primarily interacted with the Internet could be
adapted to provide awareness of the potential risk, and to enable the individual to take
steps to reduce that risk. Representatives of the user-groups were consulted for evaluation
of the acceptability of the prototype approach. The favourable ratings given by the
respondents demonstrated the acceptability of such an approach to monitoring personal
information, with the provision that control remained with the individual. The evaluation
exercise also demonstrated how the prototype would serve as a useful tool to make
individuals aware of the dangers.
The novel contribution of this research contains four facets: it advances understanding of
privacy protection for the individual; illustrates an effective combination of methodology
frameworks to address the complex issue of privacy; provides a framework for risk
assessment through the taxonomy of threat; and demonstrates the novel vulnerability
assessment framework through a proof-of-concept prototype.
Date of Award | 2007 |
---|
Original language | English |
---|
Awarding Institution | |
---|
RISK REDUCTION THROUGH TECHNOLOGICAL CONTROL OF PERSONAL INFORMATION
Atkinson, S. (Author). 2007
Student thesis: PhD