Riebe, Thea ; Biselli, Tom ; Kaufhold, Marc-André ; Reuter, Christian (2023)
Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey.
In: Proceedings on Privacy Enhancing Technologies, 2023, 2023 (1)
doi: 10.26083/tuprints-00023377
Article, Secondary publication, Publisher's Version
![[img]](https://tuprints.ulb.tu-darmstadt.de/style/images/fileicons/text.png) |
Text
popets-2023-0028.pdf Copyright Information: CC BY 4.0 International - Creative Commons, Attribution. Download (1MB) |
| Item Type: | Article |
|---|---|
| Type of entry: | Secondary publication |
| Title: | Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey |
| Language: | English |
| Date: | 2023 |
| Place of Publication: | Darmstadt |
| Year of primary publication: | 2023 |
| Publisher: | PET Symposium |
| Journal or Publication Title: | Proceedings on Privacy Enhancing Technologies |
| Volume of the journal: | 2023 |
| Issue Number: | 1 |
| DOI: | 10.26083/tuprints-00023377 |
| Corresponding Links: | |
| Origin: | Secondary publication service |
| Abstract: | The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather. |
| Uncontrolled Keywords: | cybersecurity, OSINT, online social networks, privacy, surveillance |
| Status: | Publisher's Version |
| URN: | urn:nbn:de:tuda-tuprints-233779 |
| Additional Information: | Zugl. Konferenzveröffentlichung: The 23rd Privacy Enhancing Technologies Symposium. July 10–15, 2023. Lausanne, Switzerland and Online |
| Classification DDC: | 000 Generalities, computers, information > 004 Computer science 300 Social sciences > 320 Political science 300 Social sciences > 380 Commerce, communications, transportation |
| Divisions: | 20 Department of Computer Science > Science and Technology for Peace and Security (PEASEC) |
| Date Deposited: | 15 Mar 2023 13:23 |
| Last Modified: | 12 Jul 2023 13:35 |
| URI: | https://tuprints.ulb.tu-darmstadt.de/id/eprint/23377 |
| PPN: | 509535496 |
| Export: |
 |
View Item |
Drucken
Impressum