Data degradation to enhance privacy for the Ambient Intelligence

Increasing research in ubiquitous computing techniques towards the development of an Ambient Intelligence raises issues regarding privacy. To gain the required data needed to enable application in this Ambient Intelligence to offer smart services to users, sensors will monitor users' behavior to fill personal context histories. Those context histories will be stored on database/information systems which we consider as honest: they can be trusted now, but might be subject to attacks in the future. Making this assumption implies that protecting context histories by means of access control might be not enough. To reduce the impact of possible attacks, we propose to use limited retention techniques. In our approach, we present applications a degraded set of data with a retention delay attached to it which matches both application requirements and users privacy wishes. Data degradation can be twofold: the accuracy of context data can be lowered such that the less privacy sensitive parts are retained, and context data can be transformed such that only particular abilities for application remain available. Retention periods can be specified to trigger irreversible removal of the context data from the system

Does one trust judgement fit all? Linking theory and empirics

Copyright @ 2010 The Authors. This is the accepted version of the following article: Fisher, J., Van Heerde, J. and Tucker, A. (2010), Does One Trust Judgement Fit All? Linking Theory and Empirics. The British Journal of Politics & International Relations, 12: 161–188, which has been published in final form at http://onlinelibrary.wiley.com/doi/10.1111/j.1467-856X.2009.00401.x/abstract.Few questions in political science have received more attention in recent times than the role of trust in democracy, democratic government and political participation. In Britain this has become a particular concern as levels of democratic engagement in traditional politics have declined, exacerbated by media reports of politicians' untrustworthy behaviour. A common feature of previous empirical work on political trust is that trust is treated as a single theoretical concept. Scholars have assumed that trust operates in a similar fashion across different political institutions—that citizens' trust mechanisms are the same for trusting parliament, the prime minister or the European Union. As a consequence, the operationalisation of trust has generally been through a single measure. In this article we draw on recent research from political theory, where different forms of judgements whether to trust—strategic, moral and deliberative—have been conceptualised, to argue that trust judgements may vary in application and significance depending upon the institution under examination. Using specially designed data sets generated from YouGov's weekly omnibus and the British Election Study's Continuous Monitoring Panel, we operationalise these three forms of trust judgements to examine trust in two British institutions—political parties and politicians. We find, as hypothesised, that different forms of trust judgements are of differing significance depending upon the institution under consideration

Exploring personalized life cycle policies

Ambient Intelligence imposes many challenges in protecting people's privacy. Storing privacy-sensitive data permanently will inevitably result in privacy violations. Limited retention techniques might prove useful in order to limit the risks of unwanted and irreversible disclosure of privacy-sensitive data. To overcome the rigidness of simple limited retention policies, Life-Cycle policies more precisely describe when and how data could be first degraded and finally be destroyed. This allows users themselves to determine an adequate compromise between privacy and data retention. However, implementing and enforcing these policies is a difficult problem. Traditional databases are not designed or optimized for deleting data. In this report, we recall the formerly introduced life cycle policy model and the already developed techniques for handling a single collective policy for all data in a relational database management system. We identify the problems raised by loosening this single policy constraint and propose preliminary techniques for concurrently handling multiple policies in one data store. The main technical consequence for the storage structure is, that when allowing multiple policies, the degradation order of tuples will not always be equal to the insert order anymore. Apart from the technical aspects, we show that personalizing the policies introduces some inference breaches which have to be further investigated. To make such an investigation possible, we introduce a metric for privacy, which enables the possibility to compare the provided amount of privacy with the amount of privacy required by the policy

Implanting Life-Cycle Privacy Policies in a Context Database

Ambient intelligence (AmI) environments continuously monitor surrounding individuals' context (e.g., location, activity, etc.) to make existing applications smarter, i.e., make decision without requiring user interaction. Such AmI smartness ability is tightly coupled to quantity and quality of the available (past and present) context. However, context is often linked to an individual (e.g., location of a given person) and as such falls under privacy directives. The goal of this paper is to enable the difficult wedding of privacy (automatically fulfilling users' privacy whishes) and smartness in the AmI. interestingly, privacy requirements in the AmI are different from traditional environments, where systems usually manage durable data (e.g., medical or banking information), collected and updated trustfully either by the donor herself, her doctor, or an employee of her bank. Therefore, proper information disclosure to third parties constitutes a major privacy concern in the traditional studies

Balancing smartness and privacy for the Ambient Intelligence

Ambient Intelligence (AmI) will introduce large privacy risks. Stored context histories are vulnerable for unauthorized disclosure, thus unlimited storing of privacy-sensitive context data is not desirable from the privacy viewpoint. However, high quality and quantity of data enable smartness for the AmI, while less and coarse data benefit privacy. This raises a very important problem to the AmI, that is, how to balance the smartness and privacy requirements in an ambient world. In this article, we propose to give to donors the control over the life cycle of their context data, so that users themselves can balance their needs and wishes in terms of smartness and privacy

Do Loyalty Programs Really Enhance Behavioral Loyalty? An Empirical Analysis Accounting for Self-Selecting Members

One of the pressing issues in marketing is whether loyalty programs really enhance behavioral loyalty. Loyalty program members may have a much higher share-of-wallet at the firm with the loyalty program than non-members have, but this does not necessarily imply that loyalty programs are effective. Loyal customers may select themselves to become members in order to benefit from the program. Since this implies that program membership is endogenous, we estimate models for both the membership decision (using instrumental variables) and for the effect of membership on share-of-wallet, our measure of behavioral loyalty. We use panel data from a representative sample of Dutch households who report their loyalty program memberships for all seven loyalty programs in grocery retailing as well as their expenditures at each of the 20 major supermarket chains. We find a small positive yet significant effect of loyalty program membership on share-of-wallet. This effect is seven times smaller than is suggested by a naïve model that ignores the endogeneity of program membership. The predictive validity of the proposed model is much better than for the naïve model. Our results show that creating loyalty program membership is a crucial step to enhance share-of-wallet, and we provide guidelines how to achieve this.Attraction models;Endogeneity;Grocery retailing;Loyalty programs;Tobit-II model

Do Loyalty Programs Enhance Behavioral Loyalty: An Empirical Analysis Accounting for Program Design and Competitive Effects

This paper studies the effects of loyalty programs on share-of-wallet using market-wide household panel data on supermarket purchases.We find that loyalty programs relate positively to share-of-wallet, but the programs differ in effectiveness and some are ineffective.Both a saving component and a multi-vendor structure enhance the effectiveness of a loyalty program, but high discounts do not lead to higher share-of-wallets.Further, if households have multiple loyalty cards, the effectiveness of a specific loyalty program is much smaller.The positive loyalty program effects on share-of-wallet entail substantial additional customer revenues.However, given the high number of loyalty programs already available in the market, our model predicts that a new loyalty program introduction will only lead to small effects on share-of-wallet.loyalty;marketing;retailing

Semiparametric analysis to estimate the deal effect curve

The marketing literature suggests several phenomena that may contribute to the shape of the relationship between sales and price discounts. These phenomena can produce severe nonlinearities and interactions in the curves, and we argue that those are best captured with a flexible approach. Since a fully nonparametric regression model suffers from the curse of dimensionality, we propose a semiparametric regression model. Store-level sales over time is modeled as a nonparametric function of own-and cross-item price discounts, and a parametric function of other predictors (all indicator variables). We compare the predictive validity of the semiparametric model with that of two parametric benchmark models and obtain better performance on average. The results for three product categories indicate a.o. threshold- and saturation effects for both own- and cross-item temporary price cuts. We also show how the own-item curve depends on other items’ price discounts (flexible interaction effects). In a separate analysis, we show how the shape of the deal effect curve depends on own-item promotion signals. Our results indicate that prevailing methods for the estimation of deal effects on sales are inadequate.

Data Degradation: Making Private Data Less Sensitive Over Time

Trail disclosure is the leakage of privacy sensitive data, resulting from negligence, attack or abusive scrutinization or usage of personal digital trails. To prevent trail disclosure, data degradation is proposed as an alternative to the limited retention principle. Data degradation is based on the assumption that long lasting purposes can often be satisfied with a less accurate, and therefore less sensitive, version of the data. Data will be progressively degraded such that it still serves application purposes, while decreasing accuracy and thus privacy sensitivity