Abstract
With digitisation, work environments are becoming more digitally integrated. As a result, work steps are digitally recorded and therefore can be analysed more easily. This is especially true for office workers that use centralised collaboration and communication software, such as cloud-based office suites and groupware. To protect employees against curious employers that mine their personal data for potentially discriminating business metrics, software designers should reduce the amount of gathered data to a necessary minimum. Finding more data-minimal designs for software is highly application-specific and requires a detailed understanding of the purposes for which a category of data is used. To the best of our knowledge, we are the first to investigate the usage of timestamps in application software regarding their potential for data minimisation. We conducted a source code analysis of Mattermost, a popular communication software for teams. We identified 47 user-related timestamps. About half of those are collected but never used and only 5 are visible to the user. For those timestamps that are used, we propose alternative design patterns that require significantly reduced timestamp resolutions or operate on simple enumerations. We found that more than half of the usage instances can be realised without any timestamps. Our analysis suggests that developers routinely integrate timestamps into data models without prior critical evaluation of their necessity, thereby negatively impacting user privacy. Therefore, we see the need to raise awareness and to promote more privacy-preserving design alternatives such as those presented in this paper.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bornstein, S.: Antidiscriminatory algorithms. Alabama Law Rev. 70(2), 519 (2018)
Claes, M. et al.: Do programmers work at night or during the weekend? In: ICSE, pp. 705–715. ACM (2018)
Colesky, M. et al.: privacypatterns.org, (2019). https://privacypatterns.org. Accessed on 29 Mar 2019
Danezis, G. et al.: Privacy and Data Protection by Design - from policy to engineering. CoRR abs/1501.03726 (2015)
Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_28
DiClaudio, M.: People analytics and the rise of HR: how data, analytics and emerging technology can transform human resources (HR) into a profit center. Strateg. HR Rev. 18(2), 42–46 (2019)
Eyolfson, J., Tan, L., Lam, P.: Do time of day and developer experience affect commit bugginess. In: Proceedings of the 8th International Working Conference on Mining Software Repositories, MSR 2011 (Co-located with ICSE), pp. 153–162. ACM (2011)
Fielding, R.T., Reschke, J.: Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests. RFC 7232 (2014)
Google Inc: Go testing package, (2019). https://golang.org/pkg/testing/. Accessed on 1 Mar 2019
Google Inc: Go Tools gorename command (2019). https://godoc.org/golang.org/x/tools/cmd/gorename. Accessed on 4 Mar 2019
Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38
Kamat, P., et al.: Temporal privacy in wireless sensor networks. In: 27th IEEE International Conference on Distributed Computing Systems (ICDCS 2007), June 25–29, 2007, Toronto, Ontario, Canada, p. 23. IEEE Computer Society (2007)
Karapiperis, D., Gkoulalas-Divanis, A., Verykios, V.S.: FEDERAL: a framework for distance-aware privacy-preserving record linkage. IEEE Trans. Knowl. Data Eng. 30(2), 292–304 (2018)
Kargl, F., et al.: privacypatterns.eu (2019). https://privacypatterns.eu. Accessed on 29 Mar 2019
Kerschbaum, F.: Distance-preserving pseudonymization for timestamps and spatial data. In: Proceedings of the 2007 ACM Workshop on Privacy in the Electronic Society, WPES 2007, Alexandria, VA, USA, October 29, 2007, pp. 68–71. ACM (2007)
Lenhard, J., Fritsch, L., Herold, S.: A literature study on privacy patterns research. In: 43rd Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2017, Vienna, Austria, August 30 – September 1, 2017, pp. 194–201. IEEE Computer Society (2017)
Mattermost Inc: Mattermost Server v4.8.0, (2018). https://github.com/mattermost/mattermost-server/releases/tag/v4.8.0
Mattermost Inc: Mattermost Webapp v5.5.1, (2018). https://github.com/mattermost/mattermost-webapp/releases/tag/v5.5.1
Mattermost Inc: Mattermost Website. https://www.mattermost.org. Accessed on 30 Mar 2019
McCulley, S., Roussev, V.: Latent typing biometrics in online collaboration services. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03–07, 2018, pp. 66–76. ACM (2018)
Microsoft: Workplace Analytics. https://products.office.com/en-us/business/workplace-analytics. Accessed on 30 Mar 2019
Ogriseg, C.: GDPR and personal data protection in the employment context. Labour Law Issues 3(2), 1–24 (2017)
Onoue, S., Hata, H., Matsumoto, K.: A study of the characteristics of developers’ activities in GitHub. In: 2013 20th Asia-Pacific Software Engineering Conference (APSEC), pp. 7–12 (2013)
Pandurangan, V.: On taxis and rainbows. lessons from NYC’s improperly anonymized taxi logs (2014). https://tech.vijayp.ca/of-taxis-and-rainbows-f6bc289679a1. Accessed on 30 Mar 2019
Paverd, A., Martin, A., Brown, I.: Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Technical report (2014)
Rastogi, A., Nagappan, N.: On the personality traits of GitHub contributors. In: 27th IEEE International Symposium on Software Reliability Engineering, ISSRE 2016, Ottawa, ON, Canada, October 23–27, 2016, pp. 77–86. IEEE Computer Society (2016)
Roig, A.: Safeguards for the right not to be subject to a decision based solely on automated processing (Article 22 GDPR). Eur. J. Law Technol. 8(3) (2017)
Slagell, A.J., Lakkaraju, K., Luo, K.: FLAIM: a multi-level anonymization framework for computer and network logs. In: Proceedings of the 20th Conference on Systems Administration (LISA 2006), Washington, DC, USA, December 3–8, 2006, pp. 63–77. USENIX (2006)
Sweeney, L.: k-Anonymity: a model for protecting privacy. Int. J. Uncertainty, Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)
Tursunbayeva, A., Lauro, S.D., Pagliari, C.: People analytics - a scoping review of conceptual boundaries and value propositions. Int. J. Inf. Manag. 43, 224–247 (2018)
Wang, N., Katsamakas, E.: A network data science approach to people analytics. Inf. Resour. Manag. J. 32(2), 28–51 (2019)
Wernke, M., et al.: A classification of location privacy attacks and approaches. Personal Ubiquit. Comput. 18(1), 163–175 (2014)
Yang, X., et al.: A novel temporal perturbation based privacy-preserving scheme for real-time monitoring systems. Comput. Netw. 88, 72–88 (2015)
Zhang, J., Borisov, N., Yurcik, W.: Outsourcing security analysis with anonymized logs. In: Second International Conference on Security and Privacy in Communication Networks and the Workshops, SecureComm 2006, Baltimore, MD, USA, August 2, 2006 - September 1, 2006, pp. 1–9. IEEE (2006)
Acknowledgements
The work is supported by the German Federal Ministry of Education and Research (BMBF) as part of the project Employee Privacy in Development and Operations (EMPRI-DEVOPS) under grant 16KIS0922K.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Burkert, C., Federrath, H. (2019). Towards Minimising Timestamp Usage In Application Software. In: Pérez-Solà, C., Navarro-Arribas, G., Biryukov, A., Garcia-Alfaro, J. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2019 2019. Lecture Notes in Computer Science(), vol 11737. Springer, Cham. https://doi.org/10.1007/978-3-030-31500-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-31500-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31499-6
Online ISBN: 978-3-030-31500-9
eBook Packages: Computer ScienceComputer Science (R0)