Privacy and contextual integrity: Framework and applications

Adam Barth, Anupam Datta, John C. Mitchell, Helen Nissenbaum

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Contextual integrity is a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information. In comparison with access control and privacy policy frameworks such as RBAC, EPAL, and P3P, these norms focus on who personal information is about, how it is transmitted, and past and future actions by both the subject and the users of the information. Norms can be positive or negative depending on whether they refer to actions that are allowed or disallowed. Our model is expressive enough to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. A number of important problems regarding compliance with privacy norms, future requirements associated with specific actions, and relations between policies and legal standards reduce to standard decision procedures for temporal logic.

Original languageEnglish (US)
Title of host publicationProceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006
Pages184-198
Number of pages15
Volume2006
DOIs
StatePublished - 2006
Event2006 IEEE Symposium on Security and Privacy, S and P 2006 - Berkeley, United States
Duration: May 21 2006May 24 2006

Other

Other2006 IEEE Symposium on Security and Privacy, S and P 2006
CountryUnited States
CityBerkeley
Period5/21/065/24/06

Fingerprint

Temporal logic
Access control
Compliance

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Barth, A., Datta, A., Mitchell, J. C., & Nissenbaum, H. (2006). Privacy and contextual integrity: Framework and applications. In Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006 (Vol. 2006, pp. 184-198). [1624011] https://doi.org/10.1109/SP.2006.32

Privacy and contextual integrity : Framework and applications. / Barth, Adam; Datta, Anupam; Mitchell, John C.; Nissenbaum, Helen.

Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006. Vol. 2006 2006. p. 184-198 1624011.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Barth, A, Datta, A, Mitchell, JC & Nissenbaum, H 2006, Privacy and contextual integrity: Framework and applications. in Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006. vol. 2006, 1624011, pp. 184-198, 2006 IEEE Symposium on Security and Privacy, S and P 2006, Berkeley, United States, 5/21/06. https://doi.org/10.1109/SP.2006.32
Barth A, Datta A, Mitchell JC, Nissenbaum H. Privacy and contextual integrity: Framework and applications. In Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006. Vol. 2006. 2006. p. 184-198. 1624011 https://doi.org/10.1109/SP.2006.32
Barth, Adam ; Datta, Anupam ; Mitchell, John C. ; Nissenbaum, Helen. / Privacy and contextual integrity : Framework and applications. Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006. Vol. 2006 2006. pp. 184-198
@inproceedings{feea54148d50410a9d69f4dca3f14f9f,
title = "Privacy and contextual integrity: Framework and applications",
abstract = "Contextual integrity is a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information. In comparison with access control and privacy policy frameworks such as RBAC, EPAL, and P3P, these norms focus on who personal information is about, how it is transmitted, and past and future actions by both the subject and the users of the information. Norms can be positive or negative depending on whether they refer to actions that are allowed or disallowed. Our model is expressive enough to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. A number of important problems regarding compliance with privacy norms, future requirements associated with specific actions, and relations between policies and legal standards reduce to standard decision procedures for temporal logic.",
author = "Adam Barth and Anupam Datta and Mitchell, {John C.} and Helen Nissenbaum",
year = "2006",
doi = "10.1109/SP.2006.32",
language = "English (US)",
isbn = "0769525741",
volume = "2006",
pages = "184--198",
booktitle = "Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006",

}

TY - GEN

T1 - Privacy and contextual integrity

T2 - Framework and applications

AU - Barth, Adam

AU - Datta, Anupam

AU - Mitchell, John C.

AU - Nissenbaum, Helen

PY - 2006

Y1 - 2006

N2 - Contextual integrity is a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information. In comparison with access control and privacy policy frameworks such as RBAC, EPAL, and P3P, these norms focus on who personal information is about, how it is transmitted, and past and future actions by both the subject and the users of the information. Norms can be positive or negative depending on whether they refer to actions that are allowed or disallowed. Our model is expressive enough to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. A number of important problems regarding compliance with privacy norms, future requirements associated with specific actions, and relations between policies and legal standards reduce to standard decision procedures for temporal logic.

AB - Contextual integrity is a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information. In comparison with access control and privacy policy frameworks such as RBAC, EPAL, and P3P, these norms focus on who personal information is about, how it is transmitted, and past and future actions by both the subject and the users of the information. Norms can be positive or negative depending on whether they refer to actions that are allowed or disallowed. Our model is expressive enough to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. A number of important problems regarding compliance with privacy norms, future requirements associated with specific actions, and relations between policies and legal standards reduce to standard decision procedures for temporal logic.

UR - http://www.scopus.com/inward/record.url?scp=33751063543&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33751063543&partnerID=8YFLogxK

U2 - 10.1109/SP.2006.32

DO - 10.1109/SP.2006.32

M3 - Conference contribution

AN - SCOPUS:33751063543

SN - 0769525741

SN - 9780769525747

VL - 2006

SP - 184

EP - 198

BT - Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006

ER -