Abstract
In the fight against tax evaders and other cheats, governments seek to gather more information about their citizens. In this paper we claim that this increased transparency, combined with ineptitude, or corruption, can lead to widespread violations of privacy, ultimately harming law-abiding individuals while helping those engaged in criminal activities such as stalking, identity theft and so on.
In this paper we survey a number of data sources administrerd by the Greek state, offered as web services, to investigate whether they can lead to leakage of sensitive information. Our study shows that we were able to download significant portions of the data stored in some of these data sources (scraping). Moreover, for those datasources that were not ammenable to scraping we looked at ways of extracting information for specific individuals that we had identified by looking at other data sources. The vulnerabilities we have discovered enable the collection of personal data and, thus, open the way for a variety of impersonation attacks, identity theft, confidence trickster attacks and so on. We believe that the lack of a big picture which was caused by the piecemeal development of these datasources hides the true extent of the threat. Hence, by looking at all these data sources together, we outline a number of mitigation strategies that can alleviate some of the most obvious attack strategies. Finally, we look at measures that can be taken in the longer term to safeguard the privacy of the citizens.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
http://www.asep.gr/asep/site/home/Tabs/autepistasia/autepistasia-sub1.csp
11888.gr (Greek Phone Catalogue), http://11888.ote.gr/web/guest/home
AMKA Web Service, https://www.amka.gr/AMKAGR/
Charitable Work Programme, http://www.epanad.gov.gr/
Diavgeia Document Repository, http://diavgeia.gov.gr
Greek Elections 2012 - Ministry of Interior, http://ekloges.ypes.gr/v2012b/public/
Greek Electorate Web Service, http://www.ypes.gr/services/eea/eea.htm
Hellenic Statistical Authority, http://www.statistics.gr
UltraCl@rity - Search in the depths of the Cl@rity program, http://www.yperdiavgeia.gr
VAT Registration Numbers Web Service, http://www.gsis.gr/wsnp/wsnp.html
Aura, T., Kuhn, T.A., Roe, M.: Scanning Electronic Documents for Personally Identifiable Information. In: Proceedings of the 5th Annual ACM Workshop on Privacy in the Electronic Society. ACM (2006)
Berghel, H.: Identity Theft, Social Security Numbers, and the Web. Communications of the ACM 43(2), 17–21 (2000)
Bowen, B.M., Hershkop, S., Keromytis, A.D., Stolfo, S.J.: Baiting Inside Attackers Using Decoy Documents. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 51–70. Springer, Heidelberg (2009)
Byers, S.: Information Leakage Caused by Hidden Data in Published Documents. Security & Privacy 2(2), 23–27 (2004)
Garfinkel, S.: Risks of Social Security Numbers. Communications of the ACMÂ 38(10), 146 (1995)
Gessiou, E., Labrinidis, A., Ioannidis, S.: A Greek (privacy) Tragedy: The Introduction of Social Security Numbers in Greece. In: Proceedings of the 8th Annual ACM Workshop on Privacy in the Electronic Society. ACM (2009)
Gessiou, E., Volanis, S., Athanasopoulos, E., Markatos, E.P., Ioannidis, S.: Digging up Social Structures from Documents on the Web. In: Proceedings of the Global Communications Conference (GLOBECOM). IEEE (2012)
Glenn, S.: Marijuana bust shines light on utilities, http://www.postandcourier.com/article/20120129/PC1602/301299979 (January 29, 2012)
Keenan, T.P.: Are They Making Our Privates Public?–Emerging Risks of Governmental Open Data Initiatives. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IFIP AICT, vol. 375, pp. 1–13. Springer, Heidelberg (2012)
Krishnamurthy, B., Wills, C.E.: On the Leakage of Personally Identifiable Information via Online Social Networks. In: Proceedings of the 2nd ACM Workshop on Online Social Networks. ACM (2009)
Mao, H., Shuai, X., Kapadia, A.: Loose Tweets: An Analysis of Privacy leaks on Twitter. In: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society. ACM (2011)
Narayanan, A., Shmatikov, V.: Myths and Fallacies of Personally Identifiable Information. Communications of the ACM 53(6), 24–26 (2010)
Polakis, I., Kontaxis, G., Antonatos, S., Gessiou, E., Petsas, T., Markatos, E.P.: Using Social Networks to Harvest Email Addresses. In: Proceedings of the 9th Annual ACM Workshop on Privacy in the Electronic Society. ACM (2010)
Simpson, A.: On Privacy and Public Data: A study of data.gov.uk. Journal of Privacy and Confidentiality 3(1), 4 (2011)
Whang, S.E., Garcia-Molina, H.: A model for Quantifying Information Leakage. In: Jonker, W., Petković, M. (eds.) SDM 2012. LNCS, vol. 7482, pp. 25–44. Springer, Heidelberg (2012)
Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A Practical Attack to De-Anonymize Social Network Users. In: Proceedings of 2010 IEEE Symposium on Security and Privacy (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Tzermias, Z., Prevelakis, V., Ioannidis, S. (2014). Privacy Risks from Public Data Sources. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds) ICT Systems Security and Privacy Protection. SEC 2014. IFIP Advances in Information and Communication Technology, vol 428. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55415-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-55415-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-55414-8
Online ISBN: 978-3-642-55415-5
eBook Packages: Computer ScienceComputer Science (R0)