RISK REDUCTION THROUGH TECHNOLOGICAL CONTROL OF PERSONAL INFORMATION

Abstract

Abuse and harm to individuals, through harassment and bullying, coexist with Identity Theft as criminal behaviours supported by the ready availability of personal information. Incorporating privacy protection measures into software design requires a thorough understanding about how an individual's privacy is affected by Internet technologies. This research set out to incorporate such an understanding by examining privacy risks for two groups of individuals, for whom privacy was an important issue, domestic abuse survivors and teenagers. The purpose was to examine the reality of the privacy risks for these two groups. This research combined a number of approaches underpinned by a selection of foundation theories from four separate domains: software engineering; information systems; social science; and criminal behaviour. Semi-structured interviews, focus groups, workshops and questionnaires gathered information from managers of refuges and outreach workers from Women's Aid; representatives from probation and police domestic violence units; and teenagers. The findings from these first interactions provided specific examples of risks posed to the two groups. These findings demonstrated that there was a need for a selection of protection mechanisms that promoted awareness of the potential risk among vulnerable individuals. Emerging from these findings were a set of concepts that formed the basis of a novel taxonomy of threat framework designed to assist in risk assessment. To demonstrate the crossover between understanding the social environment and the use of technology, the taxonomy of threat was incorporated into a novel Vulnerability Assessment Framework, which in turn provided a basis for an extension to standard browser technology. A proof-of-concept prototype was implemented by creating an Internet Explorer 7.0 browser helper object. The prototype also made use of the Semantic Web protocols of Resource Description Framework and the Web Ontology Language for simple data storage and reasoning. The purpose of this combination was to demonstrate how the environment in which the individual primarily interacted with the Internet could be adapted to provide awareness of the potential risk, and to enable the individual to take steps to reduce that risk. Representatives of the user-groups were consulted for evaluation of the acceptability of the prototype approach. The favourable ratings given by the respondents demonstrated the acceptability of such an approach to monitoring personal information, with the provision that control remained with the individual. The evaluation exercise also demonstrated how the prototype would serve as a useful tool to make individuals aware of the dangers. The novel contribution of this research contains four facets: it advances understanding of privacy protection for the individual; illustrates an effective combination of methodology frameworks to address the complex issue of privacy; provides a framework for risk assessment through the taxonomy of threat; and demonstrates the novel vulnerability assessment framework through a proof-of-concept prototype.