TU Darmstadt / ULB / TUbiblio

Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey

Riebe, Thea ; Biselli, Tom ; Kaufhold, Marc-André ; Reuter, Christian (2023)
Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey.
In: Proceedings on Privacy Enhancing Technologies, 2023, 2023 (1)
doi: 10.26083/tuprints-00023377
Article, Secondary publication, Publisher's Version

Abstract

The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.

Item Type: Article
Erschienen: 2023
Creators: Riebe, Thea ; Biselli, Tom ; Kaufhold, Marc-André ; Reuter, Christian
Type of entry: Secondary publication
Title: Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey
Language: English
Date: 2023
Place of Publication: Darmstadt
Year of primary publication: 2023
Publisher: PET Symposium
Journal or Publication Title: Proceedings on Privacy Enhancing Technologies
Volume of the journal: 2023
Issue Number: 1
DOI: 10.26083/tuprints-00023377
URL / URN: https://tuprints.ulb.tu-darmstadt.de/23377
Corresponding Links:
Origin: Secondary publication service
Abstract:

The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.

Uncontrolled Keywords: cybersecurity, OSINT, online social networks, privacy, surveillance
Status: Publisher's Version
URN: urn:nbn:de:tuda-tuprints-233779
Additional Information:

Zugl. Konferenzveröffentlichung: The 23rd Privacy Enhancing Technologies Symposium. July 10–15, 2023. Lausanne, Switzerland and Online

Classification DDC: 000 Generalities, computers, information > 004 Computer science
300 Social sciences > 320 Political science
300 Social sciences > 380 Commerce, communications, transportation
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Science and Technology for Peace and Security (PEASEC)
Date Deposited: 15 Mar 2023 13:23
Last Modified: 20 Mar 2023 11:07
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details