Abstract
Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users’ needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Warren, S.D., Brandeis, L.D.: The Right to Privacy. Harvard Law Review IV(5), 193–220 (1890)
The European Opinion Research Group: European Union citizens’ views about privacy, Special Eurobarometer 196 (December 2003)
Directive 2002/58/EC of the European Parliament and of the Council: On Privacy and Electronic Communications, Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector. Official J. European Union, July 12 (2002)
The Hellenic Authority for Communications Privacy (ADAE), http://www.adae.gr/adae/index.html?langid=en
Zugenmaier, A., Claessens, J.: Privacy in Electronic Communications. In: Douligeris, C., Serpanos, D.N. (eds.) Network Security: Current Status and Future Directions, pp. 419–440. IEEE-Wiley (2007)
ISO/IEC 27001:2005 Information technology – Security techniques – Specification for an Information Security Management System (2005)
ISO/IEC 27011 Information technology – Security techniques – Information security management guidelines for telecommunications (draft), will be published jointly as ITU-T X.1051 and ISO/IEC 27011
Stathopoulos, V., Kotzanikolaou, P., Magkos, E.: A Framework for Secure and Verifiable Logging in Public Communication Networks. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 273–284. Springer, Heidelberg (2006)
Stathopoulos, V., Kotzanikolaou, P., Magkos, E.: Secure Log Management for Privacy Assurance in Electronic Communications. Elsevier Computers & Security 27(7-8), 298–308 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kotzanikolaou, P., Maniatis, S., Nikolouzou, E., Stathopoulos, V. (2010). Evaluating Common Privacy Vulnerabilities in Internet Service Providers. In: Sideridis, A.B., Patrikakis, C.Z. (eds) Next Generation Society. Technological and Legal Issues. e-Democracy 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 26. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11631-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-11631-5_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11629-2
Online ISBN: 978-3-642-11631-5
eBook Packages: Computer ScienceComputer Science (R0)