Riebe, Thea ; Biselli, Tom ; Kaufhold, Marc-André ; Reuter, Christian (2023):
Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey. (Publisher's Version)
In: Proceedings on Privacy Enhancing Technologies, 2023 (1), pp. 477-493. PET Symposium, ISSN 2299-0984,
DOI: 10.26083/tuprints-00023377,
[Article]
![[img]](https://tuprints.ulb.tu-darmstadt.de/style/images/fileicons/text.png) |
Text
popets-2023-0028.pdf Copyright Information: CC BY 4.0 International - Creative Commons, Attribution. Download (1MB) |
| Item Type: | Article |
|---|---|
| Origin: | Secondary publication service |
| Status: | Publisher's Version |
| Title: | Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey |
| Language: | English |
| Abstract: | The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather. |
| Journal or Publication Title: | Proceedings on Privacy Enhancing Technologies |
| Volume of the journal: | 2023 |
| Issue Number: | 1 |
| Place of Publication: | Darmstadt |
| Publisher: | PET Symposium |
| Uncontrolled Keywords: | cybersecurity, OSINT, online social networks, privacy, surveillance |
| Classification DDC: | 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik 300 Sozialwissenschaften > 320 Politik 300 Sozialwissenschaften > 380 Handel, Kommunikation, Verkehr |
| Divisions: | 20 Department of Computer Science > Science and Technology for Peace and Security (PEASEC) |
| Date Deposited: | 15 Mar 2023 13:23 |
| Last Modified: | 15 Mar 2023 13:23 |
| DOI: | 10.26083/tuprints-00023377 |
| Corresponding Links: | |
| URN: | urn:nbn:de:tuda-tuprints-233779 |
| Additional Information: | Zugl. Konferenzveröffentlichung: The 23rd Privacy Enhancing Technologies Symposium. July 10–15, 2023. Lausanne, Switzerland and Online |
| URI: | https://tuprints.ulb.tu-darmstadt.de/id/eprint/23377 |
| PPN: | |
| Export: |
 |
View Item |
Drucken
Impressum