Privacy Risk Assessment: From Art to Science, By Metrics

TL;DR

This paper advocates for a scientific, metric-based approach to privacy risk assessment, aiming to improve accuracy and reliability over traditional subjective methods.

Contribution

It introduces a framework for quantifying privacy risk using meaningful metrics, decomposing impact and likelihood, and considering various contexts and attacker models.

Findings

Proposes a metric-based privacy risk quantification method

Highlights importance of meaningful measurement units

Identifies key research questions for future development

Abstract

Privacy risk assessments aim to analyze and quantify the privacy risks associated with new systems. As such, they are critically important in ensuring that adequate privacy protections are built in. However, current methods to quantify privacy risk rely heavily on experienced analysts picking the "correct" risk level on e.g. a five-point scale. In this paper, we argue that a more scientific quantification of privacy risk increases accuracy and reliability and can thus make it easier to build privacy-friendly systems. We discuss how the impact and likelihood of privacy violations can be decomposed and quantified, and stress the importance of meaningful metrics and units of measurement. We suggest a method of quantifying and representing privacy risk that considers a collection of factors as well as a variety of contexts and attacker models. We conclude by identifying some of the major research questions to take this approach further in a variety of application scenarios.