Cyber-security systems protect us from hackers and other online dangers, but they also access our most sensitive information. In the paper “The Privacy Implications of Cyber-Security Systems: a Technological Survey“, that was just accepted to the ACM Computing Surveys (CSUR), we analyze the privacy threats that various cyber-security technologies can raise. The paper was written with several collaborators: Erez Shmueli and Laura Radaelli from Tel Aviv University, Claudio Bettini and Andrea Lanzi from the University of Milan, Daniele Riboni from the University of Cagliari in Italy, and Bruno Lepri from Fondazione Bruno Kessler in Italy. It is the first paper that comes out of the project, “Privacy-Aware Cyber-Security“, funded by the Israeli-Italian Scientific and Technological Cooperation program, supported by the Ministry of Science, Technology and Space, Israel, and by the Ministry of Foreign Affairs and International Cooperation, Italy.
In the paper, We suggest a new methodology for privacy impact assessment focused on general technologies, rather than analyzing a specific product.
Abstract: Cyber-security systems, which protect networks and computers against cyber attacks, are becoming common due to increasing threats and government regulation. At the same time, the enormous amount of data gathered by cyber-security systems poses a serious threat to the privacy of the people protected by those systems. To ground this threat, we survey common and novel cyber-security technologies and analyze them according to the potential for privacy invasion. We suggest a taxonomy for privacy risks assessment of information security technologies, based on the level of data exposure, the level of identification of individual users, the data sensitivity and the user control over the monitoring, collection and analysis of the data. We discuss our results in light of the recent technological trends and suggest several new directions for making these mechanisms more privacy-aware.