August 30, 2011

Privacy as a concept- Confidentiality threats

As we discussed previously, privacy is a relative affair.  However, despite the possible differences between what you and I consider private, we can logically group privacy threats into a few definitive categories.

At a parent level, we can separate privacy threats into two categories. In this part of our privacy series, we will cover confidentiality threats as the first parent category of threats. In the next part of the series, we will discuss integrity threats.

Furthermore, each of these parents breaks down into more refined or detailed child categories. In the end, the purpose of categorization is to foster understanding of the concept building blocks so that future practical (implementation) decisions are well informed.

Let’s jump right into then, shall we?

Confidentiality Threats

Remember, dear readers, that confidentiality is the information security concept concerned with access. The first way in which confidentiality works is that only those authorized to access an asset are able to do so. The second way confidentiality works is the opposite of the first: unauthorized or unapproved access is restricted. With respect to privacy threats, what does this mean then?

Recall our discussion last time about the relative privacy of my shoe size as compared to my credit card number. I might consider my credit card number to be more private or more sensitive than my shoe size. I would expect that you do as well. However, the question I would ask with respect to confidentiality threats is this: is the expected confidentiality of private information likewise relative?

Meaning, am I less concerned about the confidentiality of my shoe size as compared to my credit card number?

I would argue that the answer is a blanket, “no”.

Confidentiality is exclusive from the level of privacy. That is, irrespective of which entities access something, access to that something is restricted. One list (e.g., shoe size) of authorized entities very well may be longer than another (e.g., credit card number) but nonetheless there is a list in both cases. Therefore, confidentiality is in effect in both cases. Would you agree?

Disclosure, Anonymity, and Data Mining

Now, with respect to confidentiality and privacy, there are some specific threats.

Foremost, we have the concept of disclosure as a specific threat to privacy. I think this is what most people think about when privacy is the topic of conversation. That is, we do not want our private or sensitive information disclosed to unauthorized entities. We want our private information to remain private, right? In this context, the accidental or malicious disclosure of private information is a real threat. Keep in mind that even when we choose to disclose to a trusted source there is always a level of risk associated with the trusted source having a disclosure incident.

Related to disclosure as a threat is anonymity. Since there are occasions when we do not want to disclose our identity at all (i.e., no entity is authorized), we can attempt to present an anonymous digital persona. When we do this, the chief threat is de-anonymity of that persona. Perhaps we are surreptitiously unmasked or maybe our anonymous persona leaks non-anonymous information.

Finally, data mining is a threat to privacy. As an example to illustrate the power of data mining as a threat, consider a scenario where- separately- I have chosen to share my name, my home address, and a phone number. In this scenario, the three items are shared with company A, company B, and company C, all of which are not related and have no data sharing agreement in place. Now, imagine what would happen if you were able to access each company’s database and join the name, address, and phone number fields.

We could also imagine a scenario whereby information perceived to be anonymous by choice (e.g. internet forums, web mail registration, etc.) is data mined and a more complete view of real identity is constructed. Here, in this example, all threat children threats are combined to some degree.

Integrity Threats – Next Time


In the next part of our privacy series, we will look at a lesser consider parent category of threats that is related to the integrity of information (both private information and shared information). For now, we have a complete picture of the conceptual categories around privacy threats related to the confidentiality of our information.