{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T20:29:49Z","timestamp":1764880189351,"version":"3.41.2"},"reference-count":62,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2019,11,11]],"date-time":"2019-11-11T00:00:00Z","timestamp":1573430400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2019,11,11]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>In the Web 2.0 era, users massively communicate through social networking services (SNS), often under false expectations that their communications and personal data are private. This paper aims to analyze privacy requirements of personal communications over a public medium.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>This paper systematically analyzes SNS services as communication models and considers privacy as an attribute of users\u2019 communication. A privacy threat analysis for each communication model is performed, based on misuse scenarios, to elicit privacy requirements per communication type.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>This paper identifies all communication attributes and privacy threats and provides a comprehensive list of privacy requirements concerning all stakeholders: platform providers, users and third parties.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>Elicitation of privacy requirements focuses on the protection of both the communication\u2019s message and metadata and takes into account the public\u2013private character of the medium (SNS platform). The paper proposes a model of SNS functionality as communication patterns, along with a method to analyze privacy threats. Moreover, a comprehensive set of privacy requirements for SNS designers, third parties and users involved in SNS is identified, including voluntary sharing of personal data, the role of the SNS platforms and the various types of communications instantiating in SNS.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2019-0002","type":"journal-article","created":{"date-parts":[[2019,12,18]],"date-time":"2019-12-18T08:35:25Z","timestamp":1576658125000},"page":"68-96","source":"Crossref","is-referenced-by-count":2,"title":["Requirements for private communications over public spheres"],"prefix":"10.1108","volume":"28","author":[{"given":"Konstantina","family":"Vemou","sequence":"first","affiliation":[]},{"given":"Maria","family":"Karyda","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020040311054021900_ref001","first-page":"542","article-title":"Integrating privacy requirements into security requirements engineering","volume-title":"Proceedings of the 21st International Conference on Software Engineering and Knowledge Engineering","year":"2009"},{"first-page":"1","article-title":"Privacy-enabling social networking over untrusted networks","year":"2009","key":"key2020040311054021900_ref002"},{"issue":"6","key":"key2020040311054021900_ref003","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1109\/MC.2012.326","article-title":"Social networking privacy: understanding the disconnect from policy to controls","volume":"46","year":"2013","journal-title":"Computer"},{"volume-title":"A Taxonomy for Web Site Privacy Requirements","year":"2001","key":"key2020040311054021900_ref004"},{"issue":"6","key":"key2020040311054021900_ref005","doi-asserted-by":"crossref","first-page":"885","DOI":"10.1177\/0163443716679033","article-title":"Being publicly intimate: teenagers managing online privacy","volume":"39","year":"2017","journal-title":"Media, Culture and Society"},{"first-page":"1","article-title":"The post anachronism: the temporal dimension of facebook privacy","year":"2013","key":"key2020040311054021900_ref006"},{"key":"key2020040311054021900_ref007","first-page":"21","article-title":"A process for data protection impact assessment under the European general data protection regulation","volume-title":"Proceedings of the Annual Privacy Forum 2016, Privacy Technologies and Policy. Lecture Notes in Computer Science","year":"2016"},{"issue":"2","key":"key2020040311054021900_ref008","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1007\/s12394-010-0062-y","article-title":"Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D","volume":"3","year":"2010","journal-title":"Identity in the Information Society"},{"issue":"4","key":"key2020040311054021900_ref009","doi-asserted-by":"crossref","first-page":"421","DOI":"10.1177\/089443939901700402","article-title":"Privacy issues in internet surveys","volume":"17","year":"1999","journal-title":"Social Science Computer Review"},{"issue":"2","key":"key2020040311054021900_ref010","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1145\/293411.293475","article-title":"Internet privacy concerns confirm the case for intervention","volume":"42","year":"1999","journal-title":"Communications of the Acm"},{"key":"key2020040311054021900_ref011","unstructured":"Commission Nationale de l\u2019Informatique et des Libertes (CNIL) (2018), \u201cPrivacy impact assessment (PIA) methodology\u201d, available at: www.cnil.fr\/en\/PIA-privacy-impact-assessment-en (accessed 13 July 2019)."},{"key":"key2020040311054021900_ref012","first-page":"221","article-title":"PRIAM: a privacy risk analysis methodology","volume-title":"In Data Privacy Management and Security Assurance","year":"2016"},{"issue":"1","key":"key2020040311054021900_ref013","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","article-title":"A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements","volume":"16","year":"2011","journal-title":"Requirements Engineering"},{"key":"key2020040311054021900_ref014","unstructured":"Eurobarometer (2015), \u201cSpecial eurobarometer 431: data protection. Report by TNS opinion and social at the request of Directorate-General for justice and consumers\u201d, available at: http:\/\/ec.europa.eu\/public_opinion\/archives\/ebs\/ebs_431_en.pdf (accessed 9 December 2018)."},{"key":"key2020040311054021900_ref016","unstructured":"European Union Agency for Network and Information Security (ENISA) (2007), \u201cSecurity issues and recommendations for online social networks\u201d, available at: www.enisa.europa.eu\/publications\/archive\/security-issues-and-recommendations-for-online-social-networks (accessed 9 December 2018)."},{"key":"key2020040311054021900_ref015","unstructured":"European Union Agency for Network and Information Security (ENISA) (2015), \u201cPrivacy and data protection by design - from policy to engineering\u201d, available at: www.enisa.europa.eu\/publications\/privacy-and-data-protection-by-design (accessed 09 December 2018)."},{"key":"key2020040311054021900_ref017","first-page":"1137","article-title":"Saving facebook","volume":"94","year":"2009","journal-title":"Iowa Law Rev"},{"first-page":"71","article-title":"Information revelation and privacy in online social networks","year":"2005","key":"key2020040311054021900_ref018"},{"issue":"3","key":"key2020040311054021900_ref019","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1109\/MSP.2013.47","article-title":"Two tales of privacy in online social networks","volume":"11","year":"2013","journal-title":"Ieee Security and Privacy"},{"key":"key2020040311054021900_ref020","first-page":"90","article-title":"Privacy design in online social networks: learning from privacy breaches and community feedback","volume-title":"International Conference on Information Systems (ICIS) 2008 Proceedings","year":"2008"},{"year":"2006","key":"key2020040311054021900_ref021","article-title":"A collection of privacy design patterns"},{"issue":"1","key":"key2020040311054021900_ref022","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1109\/TSE.2007.70754","article-title":"Security requirements engineering: a framework for representation and analysis","volume":"34","year":"2008","journal-title":"IEEE Transactions on Software Engineering"},{"first-page":"137","article-title":"A framework for modeling privacy requirements in role engineering","year":"2003","key":"key2020040311054021900_ref023"},{"key":"key2020040311054021900_ref024","first-page":"446","article-title":"Privacy design strategies","volume-title":"ICT Systems Security and Privacy Protection","year":"2014"},{"first-page":"143","article-title":"Appinspect: large-scale evaluation of social networking apps","year":"2013","key":"key2020040311054021900_ref025"},{"key":"key2020040311054021900_ref026","first-page":"255","article-title":"Towards a framework to elicit and manage security and privacy requirements from laws and regulations","volume-title":"International Working Conference on Requirements Engineering: Foundation for Software Quality","year":"2010"},{"key":"key2020040311054021900_ref027","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.jisa.2017.01.004","article-title":"A greater understanding of social networks privacy requirements: the user perspective","volume":"33","year":"2017","journal-title":"Journal of Information Security and Applications"},{"issue":"3","key":"key2020040311054021900_ref028","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1007\/s00766-008-0067-3","article-title":"Addressing privacy requirements in system design: the PriS method","volume":"13","year":"2008","journal-title":"Requirements Engineering"},{"key":"key2020040311054021900_ref029","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/j.cose.2013.04.003","article-title":"Mutual-friend based attacks in social network systems","volume":"37","year":"2013","journal-title":"Computers and Security"},{"issue":"1","key":"key2020040311054021900_ref030","article-title":"The imagined audience on social network sites","volume":"2","year":"2016","journal-title":"Social Media + Society"},{"key":"key2020040311054021900_ref031","first-page":"151","article-title":"Security and privacy requirements analysis within a social setting","volume-title":"Proceedings of 11th IEEE International Requirements Engineering Conference","year":"2003"},{"issue":"3","key":"key2020040311054021900_ref033","first-page":"239","article-title":"EPIC: a methodology for evaluating privacy violation risk in cybersecurity systems","volume":"11","year":"2018","journal-title":"Transactions on Data Privacy"},{"issue":"4","key":"key2020040311054021900_ref032","doi-asserted-by":"crossref","first-page":"541","DOI":"10.1007\/s00778-010-0213-7","article-title":"Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies","volume":"20","year":"2011","journal-title":"The VLDB Journal"},{"issue":"4","key":"key2020040311054021900_ref034","first-page":"1","article-title":"Security quality requirements engineering (SQUARE) methodology","volume":"30","year":"2005","journal-title":"ACM SIGSOFT Software Engineering Notes"},{"key":"key2020040311054021900_ref035","first-page":"79","article-title":"Supporting privacy impact assessments using problem-based privacy analysis","volume-title":"International Conference on Software Technologies","year":"2015"},{"issue":"2","key":"key2020040311054021900_ref036","doi-asserted-by":"crossref","first-page":"244","DOI":"10.1016\/j.csi.2006.04.002","article-title":"A common criteria based security requirements engineering process for the development of secure information systems","volume":"29","year":"2007","journal-title":"Computer Standards and Interfaces"},{"key":"key2020040311054021900_ref037","doi-asserted-by":"crossref","first-page":"484","DOI":"10.1016\/j.chb.2017.05.035","article-title":"Whoever will read it\u2013the overload heuristic in collective privacy expectations","volume":"75","year":"2017","journal-title":"Computers in Human Behavior"},{"key":"key2020040311054021900_ref038","first-page":"258","article-title":"A conceptual model for privacy policies with consent and revocation requirements","volume-title":"Privacy and Identity Management for Life","year":"2011"},{"issue":"2","key":"key2020040311054021900_ref039","first-page":"126","article-title":"A systematic methodology for privacy impact assessments: a design science approach","volume":"23","year":"2013","journal-title":"European Journal of Information Systems"},{"first-page":"145","article-title":"Security and privacy requirements engineering methods for traditional and cloud-based systems: a review","year":"2017","key":"key2020040311054021900_ref040"},{"issue":"4","key":"key2020040311054021900_ref041","doi-asserted-by":"crossref","first-page":"977","DOI":"10.2307\/41409969","article-title":"State of the information privacy literature: where are we now and where should we go","volume":"35","year":"2011","journal-title":"MIS Quarterly"},{"key":"key2020040311054021900_ref042","unstructured":"Pew Research Center (2018), \u201cAmericans\u2019 complicated feelings about social media in an era of privacy concerns\u201d, available at: www.pewresearch.org\/fact-tank\/2018\/03\/27\/americans-complicated-feelings-about-social-media-in-an-era-of-privacy-concerns\/ (accessed 22 August 2019)."},{"volume-title":"Designing for the Social Web","year":"2008","key":"key2020040311054021900_ref043"},{"issue":"1","key":"key2020040311054021900_ref044","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1109\/TMC.2012.247","article-title":"Preserving location privacy in geosocial applications","volume":"13","year":"2014","journal-title":"IEEE Transactions on Mobile Computing"},{"issue":"1","key":"key2020040311054021900_ref045","first-page":"1","article-title":"Taxonomy of social network data types","year":"2014","journal-title":"EURASIP Journal on Information Security"},{"year":"2006","key":"key2020040311054021900_ref046","article-title":"Privacy patterns for online interactions"},{"key":"key2020040311054021900_ref047","first-page":"341","article-title":"Model oriented security requirements engineering (MOSRE) framework for web applications","volume-title":"Advances in Computing and Information Technology","year":"2013"},{"first-page":"139","article-title":"Privacy requirements in vehicular communication systems","year":"2009","key":"key2020040311054021900_ref054a"},{"year":"2002","key":"key2020040311054021900_ref048","article-title":"Security patterns and security standards - with selected security patterns for anonymity and privacy"},{"issue":"7","key":"key2020040311054021900_ref049","doi-asserted-by":"crossref","first-page":"805","DOI":"10.1016\/j.im.2006.07.003","article-title":"Compliance to the fair information practices: how are the fortune 500 handling online privacy disclosures?","volume":"43","year":"2006","journal-title":"Information and Management"},{"first-page":"17","article-title":"Privacy risk analysis based on system control structures: adapting system-theoretic process analysis for privacy engineering","year":"2016","key":"key2020040311054021900_ref050"},{"first-page":"2018","article-title":"Interaction-based privacy threat elicitation","year":"2018","key":"key2020040311054021900_ref051"},{"issue":"3","key":"key2020040311054021900_ref052","article-title":"A taxonomy of privacy","volume":"154","year":"2006","journal-title":"University of Pennsylvania Law Review"},{"issue":"2","key":"key2020040311054021900_ref054","first-page":"16","article-title":"Guidelines and tools for incorporating privacy in social networking platforms","volume":"12","year":"2014","journal-title":"IADIS International Journal on http:\/\/WWW.Internet"},{"year":"2014","key":"key2020040311054021900_ref053","article-title":"Directions for raising privacy awareness in SNS platforms"},{"issue":"3","key":"key2020040311054021900_ref055","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1145\/272287.272299","article-title":"Consumer privacy concerns about internet marketing","volume":"41","year":"1998","journal-title":"Communications of the Acm"},{"year":"2011","key":"key2020040311054021900_ref056","article-title":"Third-party apps on facebook: privacy and the illusion of control"},{"key":"key2020040311054021900_ref057","first-page":"1","article-title":"pISRA: privacy considered information security risk assessment model","year":"2018","journal-title":"The Journal of Supercomputing"},{"issue":"1","key":"key2020040311054021900_ref058","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1007\/s00779-012-0633-z","article-title":"A classification of location privacy attacks and approaches","volume":"18","year":"2014","journal-title":"Personal and Ubiquitous Computing"},{"issue":"4","key":"key2020040311054021900_ref059","doi-asserted-by":"crossref","first-page":"479","DOI":"10.1080\/1369118X.2013.777757","article-title":"Privacy protection strategies on facebook: the internet privacy paradox revisited","volume":"16","year":"2013","journal-title":"Information, Communication and Society"},{"year":"2002","key":"key2020040311054021900_ref060","article-title":"Designing for privacy and other competing requirements"},{"issue":"4","key":"key2020040311054021900_ref061","first-page":"13","article-title":"Privacy and security for online social networks: challenges and opportunities","volume":"24","year":"2010","journal-title":"Network"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2019-0002\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2019-0002\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:35Z","timestamp":1753406555000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/28\/1\/68-96\/108415"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,11]]},"references-count":62,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,11,11]]}},"alternative-id":["10.1108\/ICS-01-2019-0002"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2019-0002","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"},{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2019,11,11]]}}}