Abstract
[Context and motivation] Concerns about data privacy and protection in companies from various fields and sizes are not only a reality, but a requirement at this day and age. The need to comply with governmental laws and other rules became a driving force in handling personal data. [Question/problem] For major IT companies, especially those in charge of a software ecosystem, such concerns grow tenfold: cases of privacy breach can extend over and affect their platforms, software solutions and relationships with partners and users. [Principal results] This research investigates data breach cases in GAFA (Google, Amazon, Facebook, Apple) ecosystems through the perspective of power, which is a lens of analysis of a network of multiple interdependent actors. We create power models to describe the power relationships among ecosystem players during a privacy issue. [Contribution] Our descriptive case study reveals the actors involved in a data breach scandal, the ecosystem elements that grant them privileges or lack thereof, and consequences that reverberate positively or negatively towards them. We contribute towards stakeholder analysis activities by presenting our power relationships framework, which can be integrated into the requirements process as a technique for security and privacy requirements definition.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We date back to 2016 since that year is the start of a time period encompassing multiple security breach scandals, such as the Facebook-Cambridge Analytica.
- 2.
Media Bias Ratings - https://www.allsides.com/media-bias/media-bias-ratings.
- 3.
Media Bias/Fact Check - https://mediabiasfactcheck.com.
- 4.
Analysis spreadsheet - https://bit.ly/3pHMx13.
- 5.
Detailed power capabilities of actors involved in the cases - https://bit.ly/35CEydA.
References
Ayala-Rivera, V., Pasquale, L.: The grace period has ended: an approach to operationalize GDPR requirements. In: 26th International RE Conference, pp. 136–146 (2018)
Benjamin, G.: Amazon echo’s privacy issues go way beyond voice recordings, January 2020. https://theconversation.com/amazon-echos-privacy-issues-go-way-beyond-voice-recordings-130016. Accessed 29 July 2020
Cruzes, D.S., Dyba, T.: Recommended steps for thematic synthesis in software engineering. In: 5th ESEM, pp. 275–284. IEEE (2011)
Emerson, R.M.: Power-dependence relations. Am. Sociol. Rev. 27(1), 31–41 (1962). http://www.jstor.org/stable/2089716
Fowler, G.: Alexa has been eavesdropping on you this whole time, May 2019. https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/. Accessed 02 Aug 2020
French, J., Raven, B.: The bases of social power, vol. 6, January 1959
Horkoff, J., Yu, E.: Interactive goal model analysis for early requirements engineering. Requirements Eng. 21(1), 29–61 (2014). https://doi.org/10.1007/s00766-014-0209-8
Hurni, T., Huber, T.: The interplay of power and trust in platform ecosystems of the enterprise application software industry (2014)
Kurtz, C., Wittner, F., Semmann, M., Schulz, W., Böhmann, T.: The unlikely siblings in the GDPR family: a techno-legal analysis of major platforms in the diffusion of personal data in service ecosystems, January 2019
Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th IEEE International Requirements Engineering Conference, pp. 151–161 (2003)
Lynskey, D.: Alexa, are you invading my privacy?, October 2019. https://www.theguardian.com/technology/2019/oct/09/alexa-are-you-invading-my-privacy-the-dark-side-of-our-voice-assistants. Accessed 29 July 2020
Lynskey, D.: Apple contractors regularly hear confidential details on Siri recordings, July 2019. https://www.theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings. Accessed 29 July 2020
Manikas, K., Hansen, K.M.: Software ecosystems – a systematic literature review. J. Syst. Softw. 86(5), 1294–1306 (2013)
Milne, A., Maiden, N.: Power and politics in requirements engineering: a proposed research agenda. In: 19th RE Conference, pp. 187–196. IEEE (2011)
Nambisan, S., Siegel, D., Kenney, M.: On open innovation, platforms, and entrepreneurship. Strateg. Entrep. J. 12(3), 354–368 (2018)
Price, R.: Instagram’s lax privacy practices let a trusted partner track millions of users’ physical locations, secretly save their stories, and flout its rules, August 2019. https://www.businessinsider.com/startup-hyp3r-saving-instagram-users-stories-tracking-locations-2019-8. Accessed 29 July 2020
Scacchi, W., Alspaugh, T.A.: Securing software ecosystem architectures: challenges and opportunities. IEEE Softw. 36(3), 33–38 (2018)
Singer, N., Conger, K.: Google is fined \$170 million for violating children’s privacy on youtube, September 2019. https://www.nytimes.com/2019/09/04/technology/google-youtube-fine-ftc.html. Accessed 10 Aug 2020
Su, J.: Apple apologizes for eavesdropping on customers, August 2019. https://www.forbes.com/sites/jeanbaptiste/2019/08/28/apple-apologizes-for-eavesdropping-on-customers-keeping-siri-recordings-without-permission/. Accessed 05 Aug 2020
Su, J.: Confirmed: apple caught in Siri privacy scandal, July 2019. https://www.forbes.com/sites/jeanbaptiste/2019/07/30/confirmed-apple-caught-in-siri-privacy-scandal-let-contractors-listen-to-private-voice-recordings/. Accessed 25 July 2020
Valença, G., Alves, C.: A theory of power in emerging software ecosystems formed by small-to-medium enterprises. J. Syst. Softw. 134, 76–104 (2017)
Valença, G., Alves, C., Jansen, S.: Strategies for managing power relationships in software ecosystems. J. Syst. Softw. 144, 478–500 (2018)
Valença, G., Kneuper, R., Rebelo, M.E.: Privacy in software ecosystems-an initial analysis of data protection roles and challenges. In: 46th Euromicro Conference on Software Engineering and Advanced Applications, pp. 120–123 (2020)
Vegendla, A., Duc, A.N., Gao, S., Sindre, G.: A systematic mapping study on requirements engineering in software ecosystems. J. IT Res. 11, 49–69 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Rebelo, M.E., Valença, G., Lins, F. (2021). Power and Privacy in Software Ecosystems: A Study on Data Breach Impact on Tech Giants. In: Dalpiaz, F., Spoletini, P. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2021. Lecture Notes in Computer Science(), vol 12685. Springer, Cham. https://doi.org/10.1007/978-3-030-73128-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-73128-1_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-73127-4
Online ISBN: 978-3-030-73128-1
eBook Packages: Computer ScienceComputer Science (R0)