Balancing freedom of the press and the right to privacy : lessons for China

Sun, Zhendong, 1978-

January 2006

No description available.

Freedom of the press -- Canada.

Privacy, Right of -- United States.

Privacy, Right of -- China.

Freedom of the press -- China.

Freedom of the press -- United States.

Privacy, Right of -- Canada.

Or Best Offer: A Privacy Policy Negotiation Protocol

Walker, Daniel David

12 July 2007

Users today are concerned about how their information is collected, stored and used by Internet sites. Privacy policy languages, such as the Platform for Privacy Preferences (P3P), allow websites to publish their privacy practices and policies in machine readable form. Currently, software agents designed to protect users' privacy follow a "take it or leave it" approach when evaluating these privacy policies. This approach is inflexible and gives the server ultimate control over the privacy of web transactions. Privacy policy negotiation is one approach to leveling the playing field by allowing a client to negotiate with a server to determine how that server collects and uses the client's data. We present a privacy policy negotiation protocol, "Or Best Offer", that includes a formal model for specifying privacy preferences and reasoning about privacy policies. The protocol is guaranteed to terminate within three rounds of negotiation while producing policies that are Pareto-optimal, and thus fair to both parties. That is, it remains fair to both the client and the server.

privacy

p3p

privacy policies

privacy policy negotiation

utility

Pareto-optimality

Pareto-efficiency

policy

negotiation

protocol

Computer Sciences

Research trends in RFID technology

Mutigwe, C., Aghdasi, F.

January 2007

Published Article / While the adoption rate of Radio Frequency Identification (RFID) technology is increasing, mass-market adoption will not be achieved until a few major challenges are addressed. These challenges are: privacy, security and costs from the end-user's view point and limited power supply to the tag from the engineering perspective. We discuss the research efforts aimed at addressing these challenges. We focus our attention on research in: RFID privacy and security, antennas, polymer electronics-based RFID devices, power management circuits and techniques, and efficient RF spectrum utilization. We conclude by drawing attention to three additional areas that we believe are in need of more research.

RFID Research Trends

Privacy

Security

Tracking

Framework for the adoption of online banking

Alsulimani, Tagreed

January 2013

Information technology represents the most important tool for any business to grow and increase pro_ts in this century. Online banking represents one type of business change due to revolutionary changes in technology. There are limited studies for adoption of online banking in Saudi Arabia which is one of the largest economies in the world. For that reason my study focused on the adoption of online banking by countries in general and particularly in Saudi society. In many situations there is a gap between business and information technology. In particular there is a crimson between online bank users and technology. It is necessary to bridge this gap In order to achieve online banking targets. My study investigated the different reasons for the gap its formation (between online banking and information technology) and how to bridge it. This research is focused on the diferent factors that enhance the adoption of online banking services through general users. This framework was established by drawing from several theoretical studies. The proposed research framework contains the most important factors for online banking. These include the following hypotheses; (H1) personal information, (H2) personal experience, (H3) disposition to trust, (H4) reputation, (H5) trusting Belief, (H6)structural assur- ance and (H7) perceived site quality. These hypotheses were tested experimentally through a questionnaire which was analyzed using SPSS Version 14 program. The results showed that (H1) personal information, (H2) personal experience, (H3) dis- position to trust, (H4) reputation, (H5) trusting belief, (H6) structural assurance and (H7) perceived site quality are positive factors affecting customer adoption of online banking. There was a significant correlation between the different online banking adoption factors or hypotheses and the personal information (age, gender and education) with P values of <0.005 in most of cases.

005.1

Security and Privacy of Sensitive Data in Cloud Computing

Gholami, Ali

January 2016

Cloud computing offers the prospect of on-demand, elastic computing, provided as a utility service, and it is revolutionizing many domains of computing. Compared with earlier methods of processing data, cloud computing environments provide significant benefits, such as the availability of automated tools to assemble, connect, configure and reconfigure virtualized resources on demand. These make it much easier to meet organizational goals as organizations can easily deploy cloud services. However, the shift in paradigm that accompanies the adoption of cloud computing is increasingly giving rise to security and privacy considerations relating to facets of cloud computing such as multi-tenancy, trust, loss of control and accountability. Consequently, cloud platforms that handle sensitive information are required to deploy technical measures and organizational safeguards to avoid data protection breakdowns that might result in enormous and costly damages. Sensitive information in the context of cloud computing encompasses data from a wide range of different areas and domains. Data concerning health is a typical example of the type of sensitive information handled in cloud computing environments, and it is obvious that most individuals will want information related to their health to be secure. Hence, with the growth of cloud computing in recent times, privacy and data protection requirements have been evolving to protect individuals against surveillance and data disclosure. Some examples of such protective legislation are the EU Data Protection Directive (DPD) and the US Health Insurance Portability and Accountability Act (HIPAA), both of which demand privacy preservation for handling personally identifiable information. There have been great efforts to employ a wide range of mechanisms to enhance the privacy of data and to make cloud platforms more secure. Techniques that have been used include: encryption, trusted platform module, secure multi-party computing, homomorphic encryption, anonymization, container and sandboxing technologies. However, it is still an open problem about how to correctly build usable privacy-preserving cloud systems to handle sensitive data securely due to two research challenges. First, existing privacy and data protection legislation demand strong security, transparency and audibility of data usage. Second, lack of familiarity with a broad range of emerging or existing security solutions to build efficient cloud systems. This dissertation focuses on the design and development of several systems and methodologies for handling sensitive data appropriately in cloud computing environments. The key idea behind the proposed solutions is enforcing the privacy requirements mandated by existing legislation that aims to protect the privacy of individuals in cloud-computing platforms. We begin with an overview of the main concepts from cloud computing, followed by identifying the problems that need to be solved for secure data management in cloud environments. It then continues with a description of background material in addition to reviewing existing security and privacy solutions that are being used in the area of cloud computing. Our first main contribution is a new method for modeling threats to privacy in cloud environments which can be used to identify privacy requirements in accordance with data protection legislation. This method is then used to propose a framework that meets the privacy requirements for handling data in the area of genomics. That is, health data concerning the genome (DNA) of individuals. Our second contribution is a system for preserving privacy when publishing sample availability data. This system is noteworthy because it is capable of cross-linking over multiple datasets. The thesis continues by proposing a system called ScaBIA for privacy-preserving brain image analysis in the cloud. The final section of the dissertation describes a new approach for quantifying and minimizing the risk of operating system kernel exploitation, in addition to the development of a system call interposition reference monitor for Lind - a dual sandbox. / “Cloud computing”, eller “molntjänster” som blivit den vanligaste svenska översättningen, har stor potential. Molntjänster kan tillhandahålla exaktden datakraft som efterfrågas, nästan oavsett hur stor den är; dvs. molntjäns-ter möjliggör vad som brukar kallas för “elastic computing”. Effekterna avmolntjänster är revolutionerande inom många områden av datoranvändning.Jämfört med tidigare metoder för databehandling ger molntjänster mångafördelar; exempelvis tillgänglighet av automatiserade verktyg för att monte-ra, ansluta, konfigurera och re-konfigurera virtuella resurser “allt efter behov”(“on-demand”). Molntjänster gör det med andra ord mycket lättare för or-ganisationer att uppfylla sina målsättningar. Men det paradigmskifte, sominförandet av molntjänster innebär, skapar även säkerhetsproblem och förutsätter noggranna integritetsbedömningar. Hur bevaras det ömsesidiga förtro-endet, hur hanteras ansvarsutkrävandet, vid minskade kontrollmöjligheter tillföljd av delad information? Följaktligen behövs molnplattformar som är såkonstruerade att de kan hantera känslig information. Det krävs tekniska ochorganisatoriska hinder för att minimera risken för dataintrång, dataintrångsom kan resultera i enormt kostsamma skador såväl ekonomiskt som policymässigt. Molntjänster kan innehålla känslig information från många olikaområden och domäner. Hälsodata är ett typiskt exempel på sådan information. Det är uppenbart att de flesta människor vill att data relaterade tillderas hälsa ska vara skyddad. Så den ökade användningen av molntjänster påsenare år har medfört att kraven på integritets- och dataskydd har skärptsför att skydda individer mot övervakning och dataintrång. Exempel på skyd-dande lagstiftning är “EU Data Protection Directive” (DPD) och “US HealthInsurance Portability and Accountability Act” (HIPAA), vilka båda kräverskydd av privatlivet och bevarandet av integritet vid hantering av informa-tion som kan identifiera individer. Det har gjorts stora insatser för att utvecklafler mekanismer för att öka dataintegriteten och därmed göra molntjänsternasäkrare. Exempel på detta är; kryptering, “trusted platform modules”, säker“multi-party computing”, homomorfisk kryptering, anonymisering, container-och “sandlåde”-tekniker.Men hur man korrekt ska skapa användbara, integritetsbevarande moln-tjänster för helt säker behandling av känsliga data är fortfarande i väsentligaavseenden ett olöst problem på grund av två stora forskningsutmaningar. Fördet första: Existerande integritets- och dataskydds-lagar kräver transparensoch noggrann granskning av dataanvändningen. För det andra: Bristande kän-nedom om en rad kommande och redan existerande säkerhetslösningar för att skapa effektiva molntjänster.Denna avhandling fokuserar på utformning och utveckling av system ochmetoder för att hantera känsliga data i molntjänster på lämpligaste sätt.Målet med de framlagda lösningarna är att svara de integritetskrav som ställsi redan gällande lagstiftning, som har som uttalad målsättning att skyddaindividers integritet vid användning av molntjänster.Vi börjar med att ge en överblick av de viktigaste begreppen i molntjäns-ter, för att därefter identifiera problem som behöver lösas för säker databe-handling vid användning av molntjänster. Avhandlingen fortsätter sedan med en beskrivning av bakgrundsmaterial och en sammanfattning av befintligasäkerhets- och integritets-lösningar inom molntjänster.Vårt främsta bidrag är en ny metod för att simulera integritetshot vidanvändning av molntjänster, en metod som kan användas till att identifierade integritetskrav som överensstämmer med gällande dataskyddslagar. Vårmetod används sedan för att föreslå ett ramverk som möter de integritetskravsom ställs för att hantera data inom området “genomik”. Genomik handlari korthet om hälsodata avseende arvsmassan (DNA) hos enskilda individer.Vårt andra större bidrag är ett system för att bevara integriteten vid publice-ring av biologiska provdata. Systemet har fördelen att kunna sammankopplaflera olika uppsättningar med data. Avhandlingen fortsätter med att före-slå och beskriva ett system kallat ScaBIA, ett integritetsbevarande systemför hjärnbildsanalyser processade via molntjänster. Avhandlingens avslutan-de kapitel beskriver ett nytt sätt för kvantifiering och minimering av risk vid“kernel exploitation” (“utnyttjande av kärnan”). Denna nya ansats är ävenett bidrag till utvecklingen av ett nytt system för (Call interposition referencemonitor for Lind - the dual layer sandbox). / <p>QC 20160516</p>

Cloud Computing

Security

Privacy

Trust

Opertaing System

Empirical investigation of the role of privacy and data protection in the implementation of electronic government in Ghana

Agyei-Bekoe, Eric

January 2013

This study investigates the role of privacy and data protection in the implementation of e-government in developing countries. It examines the privacy and data protection issues which arise when e-government is introduced in Ghana. E-government is a way that governments liaise with their various departments and agencies through the use of information and communication technologies (ICTs). Through e-government, governments are able to provide better, effective and efficient services to their citizens. This new form of governments’ delivering services electronically to their citizens, businesses and various departments potentially offers benefits (for example, economic development, low costs and improved services) to society. However the implementation of e-government carries potential risks to users. The potential for online identity theft and fraud raises privacy concerns. From a theoretical foundation, fieldwork in Ghana, through interviews and focus groups, is used to investigate the issue of privacy and data protection in e-government implementation in an empirical setting. Interviewees included senior civil servants, political leaders, members of the Select Committee on Communication, academics, university students as well as stakeholders from private and public organisations. The research borrowed from the Straussian grounded theory approach as a technique to analyse the fieldwork data. The results of the study indicate that privacy and data protection does not currently play a significant role in e-government implementation in a developing country such as Ghana. Other factors such as access to information and communication technologies (Internet accessibility) and e-skills were found to be challenges which significantly impact individuals’ use of e-government. The study found that there is a low privacy concern among Ghanaian citizens. This was found to be significantly related to a lack of awareness of privacy issues; and also the national cultural dimensions of Ghanaian society. The study concludes by emphasising the importance of government investing in ICT infrastructure and public education to raise awareness of e-government services, as well as privacy and data protection issues. Implications for research and policy makers are discussed. The study suggests future research to investigate the further impact of privacy awareness on individuals’ adoption of e-government in a collectivist society such as Ghana.

004

The formulation and validation of a framework for the implementation of data protection measures

Wong, Eva Brenda Yee-Wah

January 1998

No description available.

658

Data audit; Privacy; Action research

Internal security in a democratic state

Rockett, Jan P.

January 1991

No description available.

320

Human rights; Civil liberties; Privacy

Trust-Based User Profiling

Dokoohaki, Nima

January 2013

We have introduced the notion of user profiling with trust, as a solution to theproblem of uncertainty and unmanageable exposure of personal data duringaccess, retrieval and consumption by web applications. Our solution sug-gests explicit modeling of trust and embedding trust metrics and mechanismswithin very fabric of user profiles. This has in turn allowed information sys-tems to consume and understand this extra knowledge in order to improveinteraction and collaboration among individuals and system. When formaliz-ing such profiles, another challenge is to realize increasingly important notionof privacy preferences of users. Thus, the profiles are designed in a way toincorporate preferences of users allowing target systems to understand pri-vacy concerns of users during their interaction. A majority of contributionsof this work had impact on profiling and recommendation in digital librariescontext, and was implemented in the framework of EU FP7 Smartmuseumproject. Highlighted results start from modeling of adaptive user profilesincorporating users taste, trust and privacy preferences. This in turn led toproposal of several ontologies for user and content characteristics modeling forimproving indexing and retrieval of user content and profiles across the plat-form. Sparsity and uncertainty of profiles were studied through frameworksof data mining and machine learning of profile data taken from on-line so-cial networks. Results of mining and population of data from social networksalong with profile data increased the accuracy of intelligent suggestions madeby system to improving navigation of users in on-line and off-line museum in-terfaces. We also introduced several trust-based recommendation techniquesand frameworks capable of mining implicit and explicit trust across ratingsnetworks taken from social and opinion web. Resulting recommendation al-gorithms have shown to increase accuracy of profiles, through incorporationof knowledge of items and users and diffusing them along the trust networks.At the same time focusing on automated distributed management of profiles,we showed that coverage of system can be increased effectively, surpassingcomparable state of art techniques. We have clearly shown that trust clearlyelevates accuracy of suggestions predicted by system. To assure overall pri-vacy of such value-laden systems, privacy was given a direct focus when archi-tectures and metrics were proposed and shown that a joint optimal setting foraccuracy and perturbation techniques can maintain accurate output. Finally,focusing on hybrid models of web data and recommendations motivated usto study impact of trust in the context of topic-driven recommendation insocial and opinion media, which in turn helped us to show that leveragingcontent-driven and tie-strength networks can improve systems accuracy forseveral important web computing tasks. / <p>QC 20130219</p>

trust

userprofiling

userprofiles

privacy

interest

socialnetwork

recommendersystems

Right of publicity in Scots law

Black, Gillian

January 2009

This thesis examines publicity exploitation in practice and the possible legal response of Scots law to that exploitation. It argues that the common law in Scotland is not capable of providing a coherent and principled right of publicity for individuals, and that a statutory right is instead required. By examining the nature of publicity exploitation and the activities that constitute publicity, it becomes clear that there are a number of different methods by which an individual’s “persona” – name, image, identity and reputation – can be used to enhance the goods and services of others, and that this enhancement is something for which other parties are willing to pay. The first part of this thesis explores publicity in practice, in order to derive a framework and vocabulary on which to build the subsequent legal analysis. One conclusion reached here is that, whereas much case law and academic commentary focuses on the unauthorised use of persona, authorised exploitation is more common and more lucrative for the individual. Both authorised and unauthorised use therefore need to be represented in a publicity right. The second part explores justifications for establishing a legal right to regulate the exploitation of publicity and to enable the control of such exploitation by the individual in question. These justifications reflect the dual interests at stake in publicity rights, being dignitarian interests in the use and control of one’s persona, and economic interests in the financial value of such use. The third part of the thesis draws upon the findings of the first two parts in order to assess the most appropriate legal classification of a right of publicity. The conclusion reached is that publicity cannot be sufficiently protected through established real rights or personal rights. Instead, the hybrid nature of publicity, comprising dignitarian and economic interests, should most appropriately be protected through a right in the nature of exclusive privilege (a concept already known in Scots law). This right is capable of enabling the necessary control of persona for the individual, subject to appropriate limitations to recognise the competing interests of other parties. These limits include freedom of expression and cultural communication. The final conclusion is that such a statutory right of exclusive privilege would be best placed to give principled and coherent effect to a right of publicity in Scots law.

340