Post-release information privacy protection: A framework and next-generation privacy-enhanced operating system

Abstract

In today's digital world, privacy issues have received widespread public attention. Current research on information privacy protection focuses on release control and subject identity obscurity. Little work has been done, however, to prevent a piece of private information from being misused after that information has been released to external entities. This paper focuses on information privacy protection in a post-release phase. Without entirely depending on the information collector, an information owner is provided with powerful means to control and audit how his/her released information will be used, by whom, and when. The goal is to minimize the asymmetry of information flow between an information owner and an information collector. A set of innovative owner-controlled privacy protection and violation detection techniques has been proposed: Self-destroying File, Mutation Engine System, Automatic Receipt Collection, and Honey Token-based Privacy Violation Detection. Next generation privacy-enhanced operating system, which supports the proposed mechanisms, is introduced. Such a privacy-enhanced operating system stands for a technical breakthrough, which offers new features to existing operating systems. We discuss the functionalities of such an operating system and the design guidelines. To our best knowledge, no similar technical work has been found to provide post-release information privacy protection.