A Citizen Privacy Protection Model
for E-Government Mashup Services
The Proceedings of the 9th Annual International Digital
Government Research Conference
Speaker:房欣漢
指導教授：陳志達
1
Abstract

As a primary source of citizen data, the
government has the obligation not only to
make public data available for citizen access
as stated in the Freedom of Information Act,
but also to protect the privacy of individual
citizen’s records as stated in the Privacy Act.
2
Abstract (cont.)

In this paper, we provide a Privacy Protection
Model for Mashup Applications, using a
mashup related multi-dimensional privacy
protection space which includes parameters
to specify mashup providers, mashupspecific operators, and mashup purposes.
3
Abstract (cont.)

A personal privacy policy network is a
distributed architecture where citizens can
publish their individual privacy policies that
can be applied to the use of their data and
consulted by data providers including
government agencies.
4
Introduction
Mashups are new content created by
blending or mashing of data from two or
more sources using Web services available
on the Internet.
 Mashups have extended the utility of data,
allowing enormous variations.

5
Introduction (cont.)
Most current mash-ups combine results from
one or more databases with a map
service.
 Mashups are easy to develop by the end
users without heavy duty programming.
 These mashups can, in turn, be used by
other content providing services through
APIs.

6
Introduction (cont.)
7
Introduction (cont.)


Our main concern is the right of individuals to
control information about themselves and how it is
used. Besides privacy, a government entity needs
to be concerned with integrity not only of their data
but also of other data sources.
This paper provides an approach for privacyprotecting e-government mashups based on finegrained access to government sourced data based
on what the content type is, who the recipient is,
and what the recipient’s intended use of the data is.
8
E-GOVERNMENT MASH-UP PRIVACY
PROTECTION MODEL

An E-government mashup service is defined
as a Web service or application that
combines data from multiple sources
including at least one government agency
data source to create a single integrated
content.
9
E-GOVERNMENT MASH-UP PRIVACY
PROTECTION MODEL (cont.)

Data content providers could choose not to
release data for use in mashup services
when the purpose is not acceptable to the
individuals whose privacy is being protected.
10
Mashup Privacy Protection Spaces
Individual privacy protection may be based
on five aspects of the data and mashup
service: Data Types (DT), Linking
Parameters (LP), Operations (OP), Provider
Type (PT) and Mashup Purpose (MP).
 A privacy protection space is formed by
combining specific values specified for these
five parameters.

11
Mashup Privacy Protection
Spaces(cont.)

When a parameter is specified with a “+”
sign, it means that only the values listed are
covered by the protection space. When a
parameter is specified with a “–” sign, it
means that all values other than those listed
are covered by the protection space.
12
Data Types
The data types, DT , describe the individual
personal data items that should be protected.
 A DT to be protected for privacy is specified
with a tuple (E, URI, Sign) where E
represents the protected element, URI
denotes the optional resource URIs where
the definition of E can be located, and Sign
to show the inclusion in the protection space.

13
Data Types (cont.)

For example, the protected information is the
name of the person specified in the RDF
schema
DT=(foaf:name [rdf:resource=“http://xmlns.
com/foaf/0.1/#term name”] sign=“+”).
14
Linking Parameters

The main purpose of including LP in the
protection space is to ensure the integrity of
the combination of data linked from different
sources.
15
Linking Parameters (cont.)



For example, if a person has a very common name
such as “Lee”, they might be concerned if their
name were used as the key to link data from
different sources. The results might include data
that is not really associated with them.
Therefore, they might want to prevent any mashups
created from data linked on the basis of a last
name.
Thus, they would set up a protection space where
LP=(foaf:name [rdf:resource=“http://xmlns.com/
foaf/0.1/#term surname”] sign=“-”).
16
Operations

Mashup operations, OP , are those that the
mashup providers may perform on a set of
data types linked from multiple sources.
17
Provider Type
Provider Type (PT) is a tricky aspect to
define for protection spaces.
 It is included as a proxy for “trust” in the
provider to use the data only for stated
purposes.

18
Personal Privacy Policy (PPP)
Network

The PPP network will serve as publish and
pull infrastructure for personal privacy
policies, that the government as a data
provider should use in releasing the citizens’
personal data based on the privacy
sensitivity level set by the citizens.
19
Personal Privacy Policy (PPP)
Network (cont.)

The PPP network will allow citizens to have
more control over their own private data,
through direct participation in protecting the
private data.
20
ARCHITECTURE AND IMPLEMENTATION
The secure mashup architecture as shown in
Fig. 2 implements the proposed privacy
model for mashup Web applications.
 The architecture needs to support two basic
functions.

21
ARCHITECTURE AND IMPLEMENTATION
(cont.)
The first is an interactive data access
process that ensures data is not released in
conflict with privacy policies of both the
government agency and the individual
associated with the data.
 The second is an off-line management
process that helps to ensure that data
access is provided as efficiently as possible.

22
23
CONCLUSIONS
Our model provides fine grained access to
anyone whose mashup purpose is of an
approved type.
 In addition, the content from data subjects is
considered through personal privacy policies
and the compliance with the government
agency’s regulatory privacy policies is
considered as well.

24