Privacy Governance for Institutional Trust (Or Are Privacy Violations Akin to Insider Trading?)

Currently, we frame individuals online as in a series of exchanges with specific firms, and privacy, accordingly, is governed to ensure trust within those relationships. However, the focus on the relationship between consumers and specific firms does not capture how the online environment behaves. The aggregation and secondary use of consumer data is performed by market actors behind the scenes without any relationship with consumers. Trusting a single firm is not enough; individuals must trust the online market in general. Such institutional trust has gone under-examined in regards to privacy online. Little has been done to measure how aggregating and using consumer data supports a larger online market and impacts institutional trust online. This paper explores how privacy governance should also be framed as protecting a larger market to ensure consumers trust being online. In a series of studies, I empirically examine (a) how typical secondary uses are judged along a generalized (for the good of the market) versus reciprocal (for the good of the consumer) exchange and impact institutional and consumer trust, and (b) whether governance mechanisms (limitations on the use of data such as adequate notice, auditing, non-identifiable information, limited storage, etc.) increase consumer trust in companies. I find: Respondents find secondary uses of consumer data more appropriate if judged more within a generalized exchange (academic research) or within a reciprocal exchange (product search results) or both (credit security). However, most secondary uses of data are deemed privacy violations and decrease institutional trust online. Using privacy notices is the least effective governance mechanism of those included here whereas being subject to an audit was as effective as using anonymized data in improving consumer trust. Institutional trust online impacts a consumer’s willingness to engage with a specific online partner in a trust game experiment. The findings have implications for public policy and practice. Secondary uses of information online need not only be justified in a simple quid-pro-quo exchange with the consumer but could also be justified as appropriate for the online context within a generalized exchange. However, the majority of secondary uses currently popular cannot be justified as within either a general exchange or a reciprocal exchange and are judged inappropriate, violations of privacy, and decrease both interpersonal and institutional trust. Second, if privacy violations hurt not only interpersonal consumer trust in a firm but also institutional trust online, then privacy would be governed similar to insider trading, fraud, or bribery—to protect the integrity of the market. Punishment for privacy violations would be set to ensure bad behavior is curtailed and institutional trust is maintained rather than to remediate a specific harm to an individual

Blockchain-based Privacy-preserving Fair Data Trading Protocol

Fair data trading online is a challenging task when there is mistrust between data providers and data collectors. The trust issue leads to an unsolvable situation where the data collector is unwilling to pay until she receives the data while the data provider will not send the data unless she receives the payment. The traditional solutions toward fair data trading rely on the trust-third party. After the emergence of the blockchain, many researchers use a smart contract on blockchain as a trust-less third party to address the mistrust deadlock. However, involving a smart contract in the protocol inevitably exposes some information to the public if the smart contract is on public blockchain cryptocurrency systems. We observe that the existing fair data trading protocols do not take privacy into account, which, for instance, is critical when trading the sensitive data or the players simply do not want to leak any information about the tradings on the public blockchain. In this paper, we construct a fair trading protocol based on a smart contract that provides better privacy to the participants. We introduce new security notions for privacy-preserving blockchain-based fair data trading protocol and prove our protocol is secure under our new notions. Furthermore, we give a prototype implementation on Ethereum smart contract

An Ethical Approach to Data Privacy Protection

Privacy, trust and security are closely intertwined, as are law and ethics. Privacy preservation and security provisions rely on trust (e.g., one will allow only those whom one trusts to enter one’s zone of inaccessibility; one will not feel secure unless one trusts the security provider). Violation of privacy constitutes a risk, thus, a threat to security. Law provides a resolution when ethics cannot (e.g., ethics knows that stealing is wrong; the law punishes thieves); ethics can provide context to law (e.g., law allows trading for the purpose of making a profit, but ethics provides input into ensuring trade is conducted fairly). Privacy breaches disturb trust and run the risk of diluting or losing security; it is a show of disrespect to the law and a violation of ethical principles. Data privacy (or information privacy or data protection) is about access, use and collection of data, and the data subject’s legal right to the data. This refers to: • Freedom from unauthorized access to private data • Inappropriate use of data• Accuracy and completeness when collecting data about a person or persons (corporations included) by technology • Availability of data content, and the data subject’s legal right to access; ownership • The rights to inspect, update or correct these data Data privacy is also concerned with the costs if data privacy is breached, and such costs include the socalled hard costs (e.g., financial penalties imposed by regulators, compensation payments in lawsuits such as noncompliance with contractual principles) and the soft costs (e.g., reputational damage, loss of client trust). Though different cultures put different values on privacy or make it impossible to define a stable, universal value, there is broad consensus that privacy does have an intrinsic, core and social value. Hence, a privacy approach that embraces the law, ethical principles, and societal and environmental concerns is possible despite the complexity of and difficulty in upholding data privacy

A vision for global privacy bridges: Technical and legal measures for international data markets

From the early days of the information economy, personal data has been its most valuable asset. Despite data protection laws and an acknowledged right to privacy, trading personal information has become a business equated with "trading oil". Most of this business is done without the knowledge and active informed consent of the people. But as data breaches and abuses are made public through the media, consumers react. They become irritated about companies' data handling practices, lose trust, exercise political pressure and start to protect their privacy with the help of technical tools. As a result, companies' Internet business models that are based on personal data are unsettled. An open conflict is arising between business demands for data and a desire for privacy. As of 2015 no true answer is in sight of how to resolve this conflict. Technologists, economists and regulators are struggling to develop technical solutions and policies that meet businesses' demand for more data while still maintaining privacy. Yet, most of the proposed solutions fail to account for market complexity and provide no pathway to technological and legal implementation. They lack a bigger vision for data use and privacy. To break this vicious cycle, we propose and test such a vision of a personal information market with privacy. We accumulate technical and legal measures that have been proposed by technical and legal scholars over the past two decades. And out of this existing knowledge, we compose something new: a four-space market model for personal data

Modeling and Analysis of Data Trading on Blockchain-based Market in IoT Networks

Mobile devices with embedded sensors for data collection and environmental sensing create a basis for a cost-effective approach for data trading. For example, these data can be related to pollution and gas emissions, which can be used to check the compliance with national and international regulations. The current approach for IoT data trading relies on a centralized third-party entity to negotiate between data consumers and data providers, which is inefficient and insecure on a large scale. In comparison, a decentralized approach based on distributed ledger technologies (DLT) enables data trading while ensuring trust, security, and privacy. However, due to the lack of understanding of the communication efficiency between sellers and buyers, there is still a significant gap in benchmarking the data trading protocols in IoT environments. Motivated by this knowledge gap, we introduce a model for DLT-based IoT data trading over the Narrowband Internet of Things (NB-IoT) system, intended to support massive environmental sensing. We characterize the communication efficiency of three basic DLT-based IoT data trading protocols via NB-IoT connectivity in terms of latency and energy consumption. The model and analyses of these protocols provide a benchmark for IoT data trading applications.Comment: 10 pages, 8 figures, Accepted at IEEE Internet of Things Journa

Trading Trust for Discount: Does Frugality Moderate the Impact of Privacy and Security Concerns?

The paper develops a framework (1) to distinguish between the unique and shared dimensions of privacy and security concerns, (2) to examine the impact of privacy and security concerns on the trust-discount tradeoff as moderated by frugality disposition, and (3) to investigate the impact of personality on online privacy and security concerns. We use Utility Theory and its extension, Prospect Theory, to argue that frugality modifies the perception of risk as depicted in privacy and security concerns and monetary gains from discount in the trust-discount tradeoff. We develop the conceptual model to show the role of privacy and security concerns and the moderating role of frugality in trust-discount tradeoff, as well as the role of personality as the antecedents of privacy and security concerns. Data collected from lab experiments are used to test the model using the structural equation modeling approach. The study is one of the first to study the role of frugality in trust-discount tradeoff. It is also an early attempt to analyze the similarities and dissimilarities between the dimensions of security and privacy concerns. Our findings suggest that frugality plays an important role in moderating the impact of security concerns in trust-discount tradeoff. On the theoretical side the paper adds to the trust-privacy literature and to the field of psychology by studying the role of frugality and personality in relation to privacy and security concerns. The tradeoff of trust-discount is an area that is not adequately studied. This paper adds insight about this tradeoff. The study has practical implications by showing that while offering discount may counter consumers’ privacy concern, it does not reduce the security concern of frugal consumers. Little known websites with low trust perception will not survive by just offering discounts. They need to invest in creating social capital in the form of increased trustworthiness

Peer-to-Peer EnergyTrade: A Distributed Private Energy Trading Platform

Blockchain is increasingly being used as a distributed, anonymous, trustless framework for energy trading in smart grids. However, most of the existing solutions suffer from reliance on Trusted Third Parties (TTP), lack of privacy, and traffic and processing overheads. In our previous work, we have proposed a Secure Private Blockchain-based framework (SPB) for energy trading to address the aforementioned challenges. In this paper, we present a proof-on-concept implementation of SPB on the Ethereum private network to demonstrates SPB's applicability for energy trading. We benchmark SPB's performance against the relevant state-of-the-art. The implementation results demonstrate that SPB incurs lower overheads and monetary cost for end users to trade energy compared to existing solutions