1

A Citizen Privacy Protection Model for E-Government Mashup Services

The Proceedings of the 9th Annual International Digital Government Research Conference

Speaker: 房欣漢 指導教授：陳志達

2

Abstract

As a primary source of citizen data, the government has the obligation not only to make public data available for citizen access as stated in the Freedom of Information Act, but also to protect the privacy of individual citizen’s records as stated in the Privacy Act.

3

Abstract (cont.)

In this paper, we provide a Privacy Protection Model for Mashup Applications, using a mashup related multi-dimensional privacy protection space which includes parameters to specify mashup providers, mashup-specific operators, and mashup purposes.

4

Abstract (cont.)

A personal privacy policy network is a distributed architecture where citizens can publish their individual privacy policies that can be applied to the use of their data and consulted by data providers including government agencies.

5

Introduction

Mashups are new content created by blending or mashing of data from two or more sources using Web services available on the Internet.

Mashups have extended the utility of data, allowing enormous variations.

6

Introduction (cont.)

Most current mash-ups combine results from one or more databases with a map service.

Mashups are easy to develop by the end users without heavy duty programming.

These mashups can, in turn, be used by other content providing services through APIs.

7

Introduction (cont.)

8

Introduction (cont.)

Our main concern is the right of individuals to control information about themselves and how it is used. Besides privacy, a government entity needs to be concerned with integrity not only of their data but also of other data sources.

This paper provides an approach for privacy-protecting e-government mashups based on fine-grained access to government sourced data based on what the content type is, who the recipient is, and what the recipient’s intended use of the data is.

9

E-GOVERNMENT MASH-UP PRIVACYPROTECTION MODEL

An E-government mashup service is defined as a Web service or application that combines data from multiple sources including at least one government agency data source to create a single integrated content.

10

E-GOVERNMENT MASH-UP PRIVACYPROTECTION MODEL (cont.)

Data content providers could choose not to release data for use in mashup services when the purpose is not acceptable to the individuals whose privacy is being protected.

11

Mashup Privacy Protection Spaces

Individual privacy protection may be based on five aspects of the data and mashup service: Data Types (DT), Linking Parameters (LP), Operations (OP), Provider Type (PT) and Mashup Purpose (MP).

A privacy protection space is formed by combining specific values specified for these five parameters.

12

Mashup Privacy Protection Spaces(cont.)

When a parameter is specified with a “+” sign, it means that only the values listed are covered by the protection space. When a parameter is specified with a “–” sign, it means that all values other than those listed are covered by the protection space.

13

Data Types

The data types, DT , describe the individual personal data items that should be protected.

A DT to be protected for privacy is specified with a tuple (E, URI, Sign) where E represents the protected element, URI denotes the optional resource URIs where the definition of E can be located, and Sign to show the inclusion in the protection space.

14

Data Types (cont.)

For example, the protected information is the name of the person specified in the RDF schema

DT=(foaf:name [rdf:resource=“http://xmlns.

com/foaf/0.1/#term name”] sign=“+”).

15

Linking Parameters

The main purpose of including LP in the protection space is to ensure the integrity of the combination of data linked from different sources.

16

Linking Parameters (cont.)

For example, if a person has a very common name such as “Lee”, they might be concerned if their name were used as the key to link data from different sources. The results might include data that is not really associated with them.

Therefore, they might want to prevent any mashups created from data linked on the basis of a last name.

Thus, they would set up a protection space where LP=(foaf:name [rdf:resource=“http://xmlns.com/ foaf/0.1/#term surname”] sign=“-”).

17

Operations

Mashup operations, OP , are those that the mashup providers may perform on a set of data types linked from multiple sources.

18

Provider Type

Provider Type (PT) is a tricky aspect to define for protection spaces.

It is included as a proxy for “trust” in the provider to use the data only for stated purposes.

19

Personal Privacy Policy (PPP) Network

The PPP network will serve as publish and pull infrastructure for personal privacy policies, that the government as a data provider should use in releasing the citizens’ personal data based on the privacy sensitivity level set by the citizens.

20

Personal Privacy Policy (PPP) Network (cont.)

The PPP network will allow citizens to have more control over their own private data, through direct participation in protecting the private data.

21

ARCHITECTURE AND IMPLEMENTATION

The secure mashup architecture as shown in Fig. 2 implements the proposed privacy model for mashup Web applications.

The architecture needs to support two basic functions.

22

ARCHITECTURE AND IMPLEMENTATION (cont.)

The first is an interactive data access process that ensures data is not released in conflict with privacy policies of both the government agency and the individual associated with the data.

The second is an off-line management process that helps to ensure that data access is provided as efficiently as possible.

23

24

CONCLUSIONS

Our model provides fine grained access to anyone whose mashup purpose is of an approved type.

In addition, the content from data subjects is considered through personal privacy policies and the compliance with the government agency’s regulatory privacy policies is considered as well.