Skip to main content
SpringerLink
Log in

Towards Minimising Timestamp Usage In Application Software

A Case Study of the Mattermost Application

  • Conference paper
  • First Online:
Data Privacy Management, Cryptocurrencies and Blockchain Technology (DPM 2019, CBT 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11737))

Abstract

With digitisation, work environments are becoming more digitally integrated. As a result, work steps are digitally recorded and therefore can be analysed more easily. This is especially true for office workers that use centralised collaboration and communication software, such as cloud-based office suites and groupware. To protect employees against curious employers that mine their personal data for potentially discriminating business metrics, software designers should reduce the amount of gathered data to a necessary minimum. Finding more data-minimal designs for software is highly application-specific and requires a detailed understanding of the purposes for which a category of data is used. To the best of our knowledge, we are the first to investigate the usage of timestamps in application software regarding their potential for data minimisation. We conducted a source code analysis of Mattermost, a popular communication software for teams. We identified 47 user-related timestamps. About half of those are collected but never used and only 5 are visible to the user. For those timestamps that are used, we propose alternative design patterns that require significantly reduced timestamp resolutions or operate on simple enumerations. We found that more than half of the usage instances can be realised without any timestamps. Our analysis suggests that developers routinely integrate timestamps into data models without prior critical evaluation of their necessity, thereby negatively impacting user privacy. Therefore, we see the need to raise awareness and to promote more privacy-preserving design alternatives such as those presented in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bornstein, S.: Antidiscriminatory algorithms. Alabama Law Rev. 70(2), 519 (2018)

    Google Scholar 

  2. Claes, M. et al.: Do programmers work at night or during the weekend? In: ICSE, pp. 705–715. ACM (2018)

    Google Scholar 

  3. Colesky, M. et al.: privacypatterns.org, (2019). https://privacypatterns.org. Accessed on 29 Mar 2019

  4. Danezis, G. et al.: Privacy and Data Protection by Design - from policy to engineering. CoRR abs/1501.03726 (2015)

    Google Scholar 

  5. Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_28

    Chapter  Google Scholar 

  6. DiClaudio, M.: People analytics and the rise of HR: how data, analytics and emerging technology can transform human resources (HR) into a profit center. Strateg. HR Rev. 18(2), 42–46 (2019)

    Article  Google Scholar 

  7. Eyolfson, J., Tan, L., Lam, P.: Do time of day and developer experience affect commit bugginess. In: Proceedings of the 8th International Working Conference on Mining Software Repositories, MSR 2011 (Co-located with ICSE), pp. 153–162. ACM (2011)

    Google Scholar 

  8. Fielding, R.T., Reschke, J.: Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests. RFC 7232 (2014)

    Google Scholar 

  9. Google Inc: Go testing package, (2019). https://golang.org/pkg/testing/. Accessed on 1 Mar 2019

  10. Google Inc: Go Tools gorename command (2019). https://godoc.org/golang.org/x/tools/cmd/gorename. Accessed on 4 Mar 2019

  11. Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38

    Chapter  Google Scholar 

  12. Kamat, P., et al.: Temporal privacy in wireless sensor networks. In: 27th IEEE International Conference on Distributed Computing Systems (ICDCS 2007), June 25–29, 2007, Toronto, Ontario, Canada, p. 23. IEEE Computer Society (2007)

    Google Scholar 

  13. Karapiperis, D., Gkoulalas-Divanis, A., Verykios, V.S.: FEDERAL: a framework for distance-aware privacy-preserving record linkage. IEEE Trans. Knowl. Data Eng. 30(2), 292–304 (2018)

    Article  Google Scholar 

  14. Kargl, F., et al.: privacypatterns.eu (2019). https://privacypatterns.eu. Accessed on 29 Mar 2019

  15. Kerschbaum, F.: Distance-preserving pseudonymization for timestamps and spatial data. In: Proceedings of the 2007 ACM Workshop on Privacy in the Electronic Society, WPES 2007, Alexandria, VA, USA, October 29, 2007, pp. 68–71. ACM (2007)

    Google Scholar 

  16. Lenhard, J., Fritsch, L., Herold, S.: A literature study on privacy patterns research. In: 43rd Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2017, Vienna, Austria, August 30 – September 1, 2017, pp. 194–201. IEEE Computer Society (2017)

    Google Scholar 

  17. Mattermost Inc: Mattermost Server v4.8.0, (2018). https://github.com/mattermost/mattermost-server/releases/tag/v4.8.0

  18. Mattermost Inc: Mattermost Webapp v5.5.1, (2018). https://github.com/mattermost/mattermost-webapp/releases/tag/v5.5.1

  19. Mattermost Inc: Mattermost Website. https://www.mattermost.org. Accessed on 30 Mar 2019

  20. McCulley, S., Roussev, V.: Latent typing biometrics in online collaboration services. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03–07, 2018, pp. 66–76. ACM (2018)

    Google Scholar 

  21. Microsoft: Workplace Analytics. https://products.office.com/en-us/business/workplace-analytics. Accessed on 30 Mar 2019

  22. Ogriseg, C.: GDPR and personal data protection in the employment context. Labour Law Issues 3(2), 1–24 (2017)

    Google Scholar 

  23. Onoue, S., Hata, H., Matsumoto, K.: A study of the characteristics of developers’ activities in GitHub. In: 2013 20th Asia-Pacific Software Engineering Conference (APSEC), pp. 7–12 (2013)

    Google Scholar 

  24. Pandurangan, V.: On taxis and rainbows. lessons from NYC’s improperly anonymized taxi logs (2014). https://tech.vijayp.ca/of-taxis-and-rainbows-f6bc289679a1. Accessed on 30 Mar 2019

  25. Paverd, A., Martin, A., Brown, I.: Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Technical report (2014)

    Google Scholar 

  26. Rastogi, A., Nagappan, N.: On the personality traits of GitHub contributors. In: 27th IEEE International Symposium on Software Reliability Engineering, ISSRE 2016, Ottawa, ON, Canada, October 23–27, 2016, pp. 77–86. IEEE Computer Society (2016)

    Google Scholar 

  27. Roig, A.: Safeguards for the right not to be subject to a decision based solely on automated processing (Article 22 GDPR). Eur. J. Law Technol. 8(3) (2017)

    Google Scholar 

  28. Slagell, A.J., Lakkaraju, K., Luo, K.: FLAIM: a multi-level anonymization framework for computer and network logs. In: Proceedings of the 20th Conference on Systems Administration (LISA 2006), Washington, DC, USA, December 3–8, 2006, pp. 63–77. USENIX (2006)

    Google Scholar 

  29. Sweeney, L.: k-Anonymity: a model for protecting privacy. Int. J. Uncertainty, Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)

    Article  MathSciNet  Google Scholar 

  30. Tursunbayeva, A., Lauro, S.D., Pagliari, C.: People analytics - a scoping review of conceptual boundaries and value propositions. Int. J. Inf. Manag. 43, 224–247 (2018)

    Article  Google Scholar 

  31. Wang, N., Katsamakas, E.: A network data science approach to people analytics. Inf. Resour. Manag. J. 32(2), 28–51 (2019)

    Article  Google Scholar 

  32. Wernke, M., et al.: A classification of location privacy attacks and approaches. Personal Ubiquit. Comput. 18(1), 163–175 (2014)

    Article  Google Scholar 

  33. Yang, X., et al.: A novel temporal perturbation based privacy-preserving scheme for real-time monitoring systems. Comput. Netw. 88, 72–88 (2015)

    Article  Google Scholar 

  34. Zhang, J., Borisov, N., Yurcik, W.: Outsourcing security analysis with anonymized logs. In: Second International Conference on Security and Privacy in Communication Networks and the Workshops, SecureComm 2006, Baltimore, MD, USA, August 2, 2006 - September 1, 2006, pp. 1–9. IEEE (2006)

    Google Scholar 

Download references

Acknowledgements

The work is supported by the German Federal Ministry of Education and Research (BMBF) as part of the project Employee Privacy in Development and Operations (EMPRI-DEVOPS) under grant 16KIS0922K.

Author information

Authors and Affiliations

  1. University of Hamburg, Hamburg, Germany

    Christian Burkert & Hannes Federrath

Authors
  1. Christian Burkert
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hannes Federrath
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Burkert .

Editor information

Editors and Affiliations

  1. Universitat Oberta de Catalunya, Barcelona, Spain

    Cristina Pérez-Solà

  2. Universitat Autonoma de Barcelona, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Alex Biryukov

  4. Institut Mines-Télécom, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Burkert, C., Federrath, H. (2019). Towards Minimising Timestamp Usage In Application Software. In: Pérez-Solà, C., Navarro-Arribas, G., Biryukov, A., Garcia-Alfaro, J. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2019 2019. Lecture Notes in Computer Science(), vol 11737. Springer, Cham. https://doi.org/10.1007/978-3-030-31500-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-31500-9_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-31499-6

  • Online ISBN: 978-3-030-31500-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation