Enforcing privacy in e-commerce by balancing anonymity and trust

Privacy is a major concern in e-commerce. There exist two main paradigms to protect the customer's privacy: one relies on the customer's trust that the network will conform to his privacy policy, the other one insists on the customer's anonymity. A new paradigm is advanced here as a natural balance between these two. It sees the customer act using his real identity but only circulate cover data that conceal the resources he requires. Privacy enforcement is thus shifted from the customer's identity to his purchase preferences. The new paradigm is suitable for scenarios such as eBay purchases where trust that a network sticks to a privacy policy is problematic, while anonymity is either forbidden or impossible. The computation of cover data is done by a node other than the customer in order to minimize impact on the customer. That node will therefore see the customer's private data that are used to compute the cover. This demands some technology to prevent the node from exposing private data. An existing protocol developed for self-enforcing privacy in the area of e-polls is thoroughly analysed and found somewhat weak in terms of fairness among its participants. A stronger version is designed and adopted, together with an innovative differential-privacy preserving function, in the new privacy paradigm. The strengthened e-poll protocol and the new differential-privacy preserving function, which strictly speaking only are side contributions of this paper, each appear as important as the new e-commerce privacy paradigm. (C) 2011 Elsevier Ltd. All rights reserved.