Privacy Risks from Public Data Sources - ICT Systems Security and Privacy Protection (SEC 2014)
Conference Papers Year : 2014

Privacy Risks from Public Data Sources

Abstract

In the fight against tax evaders and other cheats, governments seek to gather more information about their citizens. In this paper we claim that this increased transparency, combined with ineptitude, or corruption, can lead to widespread violations of privacy, ultimately harming law-abiding individuals while helping those engaged in criminal activities such as stalking, identity theft and so on.In this paper we survey a number of data sources administrerd by the Greek state, offered as web services, to investigate whether they can lead to leakage of sensitive information. Our study shows that we were able to download significant portions of the data stored in some of these data sources (scraping). Moreover, for those datasources that were not ammenable to scraping we looked at ways of extracting information for specific individuals that we had identified by looking at other data sources. The vulnerabilities we have discovered enable the collection of personal data and, thus, open the way for a variety of impersonation attacks, identity theft, confidence trickster attacks and so on. We believe that the lack of a big picture which was caused by the piecemeal development of these datasources hides the true extent of the threat. Hence, by looking at all these data sources together, we outline a number of mitigation strategies that can alleviate some of the most obvious attack strategies. Finally, we look at measures that can be taken in the longer term to safeguard the privacy of the citizens.
Fichier principal
Vignette du fichier
978-3-642-55415-5_13_Chapter.pdf (159.01 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01370362 , version 1 (22-09-2016)

Licence

Identifiers

Cite

Zacharias Tzermias, Vassilis Prevelakis, Sotiris Ioannidis. Privacy Risks from Public Data Sources. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakech, Morocco. pp.156-168, ⟨10.1007/978-3-642-55415-5_13⟩. ⟨hal-01370362⟩
109 View
155 Download

Altmetric

Share

More