Privacy Crisis Due to Crisis Response on the Web

In recent disasters, the web has served as a medium of communication among disaster response teams, survivors, local citizens, curious onlookers, and zealous people who are willing to assist victims affected by disasters. To encourage and speed up information dissemination, the availability and convenience of use are normally the top concerns in designing disaster response web services, where a design of free-formed inputs without access control is commonly adopted. However, such design may result in personal information disclosure and privacy leakage. In this paper, using a case study of a real-life disaster response service, the MKER (Morakot Event Reporting) forum, we show that the disclosure of personal information and the resulting privacy disclosure is indeed a serious problem that is currently happening. In our case, we have successfully mapped 1,438 unique cell phone numbers and 1,383 unique addresses to individuals using an automated method, not to mention the much greater invasion of privacy that could be effected by manual analysis of the messages posted on the forum. To resolve this issue, we propose several means to mitigate and prevent the mentioned privacy leakage on disaster response services from being happened.