Exploring Privacy Risks in Information Networks

University dissertation from Karlskrona : Blekinge Institute of Technology

Abstract: Exploring privacy risks in information networks is analysing the dangers and hazards that are related to personal information about users of a network. It is about investigating the dynamics and complexities of a setting where humans are served by technology in order to exploit the network for their own good. In the information network, malicious activities are motivated by commercial factors in that the attacks to privacy are happening, not in the name of national security, but in the name of the free market together with technological advancements. Based on the assumption of Machiavellian Intelligence, we have modelled our analyses by way of concepts such as Arms Race, Tragedy of the Commons, and the Red Queen effect. In a number of experiments on spam, adware, and spyware, we have found that they match the characteristics of privacy-invasive software, i.e., software that ignores users’ right to decide what, how and when information about themselves is disseminated by others. Spam messages and adware programs suggest a hazard in that they exploit the lives of millions and millions of users with unsolicited commercial and/or political content. Although, in reality spam and adware are rather benign forms of a privacy risks, since they, e.g., do not collect and/or transmit user data to third parties. Spyware programs are more serious forms of privacy risks. These programs are usually bundled with, e.g., file-sharing tools that allow a spyware to secretly infiltrate computers in order to collect and distribute, e.g., personal information and data about the computer to profit-driven third parties on the Internet. In return, adware and spam displaying customised advertisements and offers may be distributed to vast amounts of users. Spyware programs also have the capability of retrieving malicious code, which can make the spyware act like a virus when the file-sharing tools are distributed in-between the users of a network. In conclusion, spam, spyware and virulent programs invade user privacy. However, our experiments also indicate that privacy-invasive software inflicts the security, stability and capacity of computerised systems and networks. Furthermore, we propose a description of the risk environment in information networks, where network contaminants (such as spam, spyware and virulent programs) are put in a context (information ecosystem) and dynamically modelled by their characteristics both individually and as a group. We show that network contamination may be a serious threat to the future prosperity of an information ecosystem. It is therefore strongly recommended to network owners and designers to respect the privacy rights of individuals. Privacy risks have the potential to overthrow the positive aspects of belonging to an information network. In a sound information network the flow of personal information is balanced with the advantages of belonging to the network. With an understanding of the privacy risk environment, there is a good starting-point for recognising and preventing intrusions into matters of a personal nature. In reflect, mitigating privacy risks contributes to a secure and efficient use of information networks.