Balansgången mellan skydd av personlig integritet och skydd för företagshemligheter : Med särskilt fokus på forskning om AI-teknik inom sjukvård

Yücel, Aysun

January 2019

Sammanfattning Vi lever i en alltmer digitaliserad värld där utvecklad teknik kan bidra till att lösa flertalet samhällsproblem. Till exempel är intresset av avancerad AI-teknik inom sjukvård alltmer efterfrågat. AI-teknik har stor potential att stödja sjukvårdspersonal och individer, förkorta köer och förbättra vården. Tekniken bygger på insamlandet av stora mängder data som ska programmeras till att härma intelligent beteende. Åtskilliga känsliga personuppgifter behandlas i och med insamlandet av denna data. Inom ramen för den pågående debatten om personlig integritet skapas samtidigt en potentiell konfliktyta där företagshemligheter riskerar att avslöjas när information lämnas ut vid utövandet av enskildas dataskyddsrättigheter.  Konfliktytan aktualiseras till exempel om registerutdraget inkluderar delar av företags affärsplaner, arbetsmetodik och teknikens uppbyggnad. Ett annat exempel rör systematiskt utlämnande av personuppgifter efter begäran från en mängd registrerade, där sammanställningen i sig kan betraktas som företagshemligheter. Hur ser gränsdragningen ut för dessa motstående intressen? Hur förhåller man sig till balansgången mellan skydd av personlig integritet och skydd för företagshemligheter?  En adekvat intresseavvägning möjliggör för företag att skydda företagshemligheter samtidigt som enskildas personliga integritet inte äventyras. Hur denna intresseavvägning ska se ut är dock fortfarande oklart, vilket ligger till grund för denna uppsats. / Abstract We live in an increasingly digitized world where technology can help solve many societal challenges. For example, the interest in advanced AI technology in healthcare is increasingly in demand. AI technology has great potential to support healthcare professionals as well as individuals, shorten queues and improve healthcare. The technology is based on the collection of large amounts of data to be programmed to mimic intelligent behaviour. A great number of sensitive personal data are processed when such data is collected. Within the framework of the ongoing debate on personal integrity, a potential conflict area arises at the same time, where trade secrets risk being disclosed while information is provided as individual data protection rights are exercised.  The conflict area is raised, for instance, in cases where the register extract includes parts of the company’s business plans, work methodology and the structure of the technology. Another example concerns systematic disclosure of personal data upon request from a great number of registered persons, where the compilation itself can be regarded as trade secrets. What will the boundaries of these opposing interests be like? How does one relate to the balance between the protection of privacy and the protection of trade secrets?  An adequate balance of interests enables companies to protect trade secrets while not compromising individual privacy. However, how this balance of interests should be framed is still unclear, which has given rise to this thesis.

IT-rätt

EU-rätt

dataskydd

Data Protection

personlig integritet

känsliga personuppgifter

sjukvård

healthcare

dataskyddsförordningen

GDPR

företagshemligheter

Trade Secrets

Artificial Intelligence

artificiell intelligens

AI

anonymisering

pseudonymisering

enskildas rättigheter

Law

Juridik

Data Protection in Transit and at Rest with Leakage Detection

Denis A Ulybyshev (6620474)

15 May 2019

<p>In service-oriented architecture, services can communicate and share data among themselves. This thesis presents a solution that allows detecting several types of data leakages made by authorized insiders to unauthorized services. My solution provides role-based and attribute-based access control for data so that each service can access only those data subsets for which the service is authorized, considering a context and service’s attributes such as security level of the web browser and trust level of service. My approach provides data protection in transit and at rest for both centralized and peer-to-peer service architectures. The methodology ensures confidentiality and integrity of data, including data stored in untrusted cloud. In addition to protecting data against malicious or curious cloud or database administrators, the capability of running a search through encrypted data, using SQL queries, and building analytics over encrypted data is supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to Encrypted Data Processing in Untrusted Environments) project, funded by Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is illustrated in this thesis for two use cases, including a Hospital Information System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything communication system with secure exchange of vehicle’s and drivers’ data, as well as data on road events and road hazards. </p><p>To help with investigating data leakage incidents in service-oriented architecture, integrity of provenance data needs to be guaranteed. For that purpose, I integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every data access, transfer or update is recorded in a public blockchain ledger, is non-repudiatable and can be verified at any time in the future. The work on this project, called “Blockhub,” is in progress.</p>

Computer System Security

Database Management

Data Privacy

data protection mechanism

role-based access control

attribute-based encryption scheme

Leakage Detection

encrypted search queries

identity management

authentication scheme

blockchain technology application

La protection des libertés individuelles sur le réseau internet / The protection of Individuals rights on the internet

Criqui-Barthalais, Géraldine

07 December 2018

Cette étude envisage le réseau internet comme un nouvel espace invitant à réinterpréter les libertés de la personne physique. Au titre de celles-ci, sont protégées la liberté individuelle, entendue comme le fait de ne pouvoir être arbitrairement détenu et la liberté d’aller et venir. Il doit en aller de même sur le réseau. Etablissant une analogie avec ces libertés, la première partie de la thèse consacre deux libertés : la liberté d’accès au réseau et la liberté de naviguer sur le web. La première implique de définir le contenu d’un service public de l’accès. De plus, il faut affirmer que la coupure d’accès au réseau doit être envisagée comme une mesure privative de liberté ; elle ne peut donc être décidée que par le juge judiciaire. L’affirmation de la liberté de naviguer sur le web conduit à envisager le régime du blocage des sites, une mesure qui ne peut intervenir que dans le cadre d’une police administrative spéciale. Dans la seconde partie il apparaît que ces deux libertés n’ont toutefois de sens que si l’individu a accès au réseau anonymement et n’est pas surveillé arbitrairement quand il navigue sur le web. Cette étude cherche ainsi à préciser le régime devant encadrer le mécanisme d’adressage du réseau. Sont définies les conditions du contrôle de l’identité de l’internaute à partir de son adresse IP. Enfin, il est soutenu qu’un principe général d’effacement des données révélant les sites visités doit être affirmé, principe qui s’applique aux différents acteurs du réseau, notamment les moteurs de recherche. L’interception de ces données ne peut procéder que d’un pouvoir sécuritaire ou hiérarchique sur l’internaute. / This study considers the internet as a new territory where rights guaranteed to each individual in physical space can be promoted; not only free speech and privacy, but also the Habeas Corpus prerogative writ, which protects against unlawful imprisonment, and the right to freedom of movement. Thus, processing by analogy, the dissertation intends to promote two specific digital rights: the freedom to connect to the internet and the freedom to surf on the web. The freedom to connect should be part of a public service which promotes this access through public policies. Moreover, barring someone from using the internet can only be decided by a judge. The freedom to surf should protect the web users against unreasonable restrictions. Thus, measures blocking illegal websites should not come through self-regulation but through a legal framework which defines how administrative authorities are entitled to decide such restrictions. The protection of these two rights entails further obligations. Individuals must access the internet anonymously and they must be aware of how the government monitors their actions on the web. This study tries to outline the content of measures aiming to frame network addressing mechanisms. Identity checks based on the IP address should be subject to a strict legal regime. The study concludes that individuals have to be protected from surveillance when data reveal their choices among websites while they are connected. Internet access providers, but also search engines and browsers, must delete this data. Only special measures taken by a public entity or someone entitled to control the web users may lead to this kind of data retention.

Libertés publiques

Informatique et libertés

Surveillance

Données personnelles

Adresse IP

Anonymat sur le réseau

Accès au réseau

Communications électroniques

Numérique

Internet

Individuals rights

Data protection

Surveillance

IP address

Anonymity on the Internet

Freedom to connect

Electronic communications

Internet

Digital rights

La protection des données à caractère personnel dans le domaine de la recherche scientifique. / The protection of personal data in scientific research

Coulibaly, Ibrahim

25 November 2011

Comment devrait être assurée, de façon efficiente, la protection des données à caractère personnel dans le domaine de la recherche scientifique ? Telle est la problématique de cette thèse. Question cruciale à l'heure où les traitements de données sont appelés à multiplier à l'avenir dans tous les domaines de recherche, et dont les finalités ne sont pas toujours clairement définies ni perçues. A cette question, l'application de la loi Informatique et Libertés, loi à vocation généraliste pour l'encadrement des traitements de données à caractère personnel, a laissé apparaître, dès son adoption, de nombreuses difficultés dans le domaine de la recherche scientifique. Diverses modifications et adaptations sont intervenues – 1986, 1994, 2004 – à l'aune desquelles, il fallait déterminer l'encadrement des traitements de données personnelles à des fins de recherche scientifique. De cette investigation, il résulte que la loi Informatique et Libertés pose les principes de base de la protection des données traitées dans le domaine de la recherche scientifique en prévoyant un encadrement a priori de la collecte des données et un suivi et un contrôle a posteriori de la mise en œuvre du traitement. L'encadrement a priori vise principalement à la garantie de la qualité scientifique des projets de recherches. Inhérent à la finalité scientifique du traitement des données, le suivi a posteriori tend, quant à lui, à garantir le respect de certaines règles comme la compatibilité des réutilisations des données, la présentation et l'utilisation des résultats de la recherche dans des conditions ne devant pas porter atteinte aux personnes. Parce que ne pouvant pas relever de la seule intervention du responsable du traitement, le suivi a posteriori se complète d'un contrôle a posteriori opéré autant par la personne concernée, la CNIL, les juridictions. Dans le domaine de la recherche scientifique, ces différents contrôles pourraient opportunément se compléter par une intervention de la communauté des chercheurs en question. Il s'agit de l'autorégulation. En définitive, une protection efficiente des données à caractère personnel résultera d'un système de régulation à plusieurs niveaux et acteurs dont chacun doit effectivement utiliser les moyens d'action qui lui sont reconnus. / How should the protection of personal data in scientific research be efficiently ensured ? This is the main question of this dissertation. Important issue at a time personal data processing are to be increased in the future in all scientific research fields, but whose aims are neither clearly defined nor always clearly perceived. To this question, the enforcement of data protection act which is a general law for the management of personal data processing has shown, since its adoption, many problems in scientific research. Many changes and adaptations have been made in 1986, 1994 and 2004, on the basis of which it was necessary to determine the management of personal data processing to scientific research purposes. This investigation reveals that data protection act lays the basic principles of the protection of personal data processed in scientific research by forecasting an a priori data gathering, a follow-up and an a posteriori control of the data processing implementation. The a priori management mainly aims at guaranteeing the scientific quality of research projects. As for the a posteriori follow-up which is inherent in scientific aim of data processing, its objective is to guarantee the enforcement of some rules such as the accountancy of data reuse, the presentation and the use of the research results in conditions that should not be harmful to people. As it cannot depend on the sole intervention of the responsible for the processing, the a posteriori follow-up is completed by an a posteriori control carried out by the affected person as well as the CNIL and the courts. In scientific research, these different controls could opportunely complement one another by an intervention of the community of researchers in question. This is self regulation. At the end, an efficient protection of personal data will result from a multiple step regulation system in which participants and everyone must actually use the means of actions which are acknowledged to them.

Recherche scientifique

Ethique et déontologie de la recherche

Loi Informatique et libertés

Protection des personnes

Recherche dans le domaine de la santé

Scientific research

Ethics and deontology of research

Data protection act

Protection of persons

Research related to social science

Research related to health

Les échanges de données personnelles entre l’union européenne et les tiers dans le domaine de la sécurité

Larbre, David

12 December 2014

L’intérêt d’une réflexion sur les échanges de données personnelles de sécurité entre l’Union européenne et les tiers est né d’une interrogation sur le cadre juridique auquel ces échanges se rattachent, et l’existence de garanties en matière de protection des données. En partant du constat que les États sont à l’origine de la création de réseaux de coopération policière et judiciaire, l’irruption de l’Union européenne et de ses Agences dans des sphères régaliennes a de quoi déconcerter. L’intervention de l’UE et de ses Agences doit également attirer l’attention sur le respect des conditions de ces échanges qui sont soumis à l’exigence de garanties adéquates de la part des États tiers et Cet avènement nécessite de déterminer au préalable comment les échanges de données avec les tiers sont devenues progressivement un instrument au service de l’espace de liberté de sécurité et de justice (ELSJ). En cela, la sécurité telle qu’elle est ici appréhendée, concerne la lutte contre le terrorisme, la criminalité organisée et l’immigration clandestine. Ainsi cette thèse vise, à travers un examen des accords conclus par l’UE et ses Agences avec les tiers, à déceler, analyser, et mettre en évidence les règles qui régissent ces échanges de données personnelles ainsi que la protection qui s’y rattache. Elle doit permettre de mieux cerner la fonction de l’Union européenne et le rôle des États membres dans ces échanges, d’évaluer les garanties apportées par l’UE et ses partenaires, et d’aboutir à l’émergence d’un régime d’ensemble hétérogène mais dont l’unité réside dans le souci d’assurer une protection adéquate. / Enabling security between the European Union and third party personal data exchange leads one to reflect on the related legal framework and safeguards regarding data protection. As states are at the origin of police networks and judicial cooperation, the emergence of the EU and its agencies in sovereign spheres has been astonishing. For the EU,respecting the conditions of such exchanges requires adequate guarantees from third states. To better understand this, one should first analyze to which extent these exchanges have gradually become an instrument servicing the areas of freedom, security and justice (AFSJ, "security" here implies the fight against terrorism, organized crime and illegal immigration). This thesis aims to detect, analyze and highlight the rules governing the exchanges of personal data and the protection attached to them. Its goal is to understand the function of the EU and the role of member states in these exchanges, to assess the guarantees provided by the EU or its partners and to lead to the emergence of a system which could provide adequate protection. The first part will determine the modalities of cooperation between the EU and third parties in the field of personal data security exchanges; identifying the existence of safety data exchange networks before looking into the fight against terrorism and organized crime’s international dimension. A focus on external standards in the EU will lead the reader to grasp how safety within third party data exchange networks may be structured and to understand the role of international organizations such as the UN (or extraterritorial jurisdiction from third countries such as the USA). The EU having developed its cooperation regarding safety data exchanges, its foreign policy in terms of AFSJ gives one an overview of safety data exchange networks and their diversity, but it also shows the limits of their extension. These different forms of cooperation are the foundations of constituent EU treaties, yet they face legal and democratic issues as far as EU legitimacy is concerned. The EU integration process, on which safety with third party data exchanges is based, will also be studied; if this integration is a success overall, sovereignty issues have also brought their share of safety data protection alterations. This thesis’ second part focuses on the guarantees related to safety data exchanges, fundamental rights protection regarding this personal data and the need for adequate protection when transferring data to third parties. The adequacy of "normative" protection must be analyzed in global terms, that is to say within an international framework. The study of normative protection will be followed by a thorough examination of their effective protection. The reader will see how data exchange security transparency enables people to exercise their right to both access data and challenge decisions taken on the basis of data exchange safety. Effective protection leads to the identification of responsibilities related to safety data exchanges, the mechanisms of which may highlight that the EU or third parties have breaches in their obligations.

Droit de l’Union européenne

Relations extérieures

Protection des données personnelles

Lutte contre le terrorisme

Lutte contre la criminalité organisée

European Union law

Area of freedom, security and justice

External Relations

Data protection

Fight against terrorism

Fight against organised crime

340

Der Schutz der Privatsphäre bei der Anfragebearbeitung in Datenbanksystemen

Dölle, Lukas

13 June 2016

In den letzten Jahren wurden viele Methoden entwickelt, um den Schutz der Privatsphäre bei der Veröffentlichung von Daten zu gewährleisten. Die meisten Verfahren anonymisieren eine gesamte Datentabelle, sodass sensible Werte einzelnen Individuen nicht mehr eindeutig zugeordnet werden können. Deren Privatsphäre gilt als ausreichend geschützt, wenn eine Menge von mindestens k sensiblen Werten existiert, aus der potentielle Angreifer den tatsächlichen Wert nicht herausfinden können. Ausgangspunkt für die vorliegende Arbeit ist eine Sequenz von Anfragen auf personenbezogene Daten, die durch ein Datenbankmanagementsystem mit der Rückgabe einer Menge von Tupeln beantwortet werden. Das Ziel besteht darin herauszufinden, ob Angreifer durch die Kenntnis aller Ergebnisse in der Lage sind, Individuen eindeutig ihre sensiblen Werte zuzuordnen, selbst wenn alle Ergebnismengen anonymisiert sind. Bisher sind Verfahren nur für aggregierte Anfragen wie Summen- oder Durchschnittsbildung bekannt. Daher werden in dieser Arbeit Ansätze entwickelt, die den Schutz auch für beliebige Anfragen gewährleisten. Es wird gezeigt, dass die Lösungsansätze auf Matchingprobleme in speziellen Graphen zurückgeführt werden können. Allerdings ist das Bestimmen größter Matchings in diesen Graphen NP-vollständig. Aus diesem Grund werden Approximationsalgorithmen vorgestellt, die in Polynomialzeit eine Teilmenge aller Matchings konstruieren, ohne die Privatsphäre zu kompromittieren. / Over the last ten years many techniques for privacy-preserving data publishing have been proposed. Most of them anonymize a complete data table such that sensitive values cannot clearly be assigned to individuals. Their privacy is considered to be adequately protected, if an adversary cannot discover the actual value from a given set of at least k values. For this thesis we assume that users interact with a data base by issuing a sequence of queries against one table. The system returns a sequence of results that contains sensitive values. The goal of this thesis is to check if adversaries are able to link uniquely sensitive values to individuals despite anonymized result sets. So far, there exist algorithms to prevent deanonymization for aggregate queries. Our novel approach prevents deanonymization for arbitrary queries. We show that our approach can be transformed to matching problems in special graphs. However, finding maximum matchings in these graphs is NP-complete. Therefore, we develop several approximation algorithms, which compute specific matchings in polynomial time, that still maintaining privacy.

Datenbanken

Datenschutz

Anfragebearbeitung

Schutz der Privatsphäre

Anonymisierung

privacy

databases

data protection

query processing

anonymization

004 Informatik

28 Informatik, Datenverarbeitung

ST 277

RW 60447

RW 60501

ST 270

ddc:004

Transferring Big Data to the United States in the Post Snowden Era : Can the Fundamental Rights of EU citizens laid down in Articles 7,8 and 47 of the Charter be guaranteed?

Tenhovaara, Taru

January 2018

No description available.

data transfers

personal data

standard contractual clauses

privacy shield

binding corporate rules

fundamental rights

Snowden

big data

data mining

mass surveillance

general data protection regulation

GDPR

privacy

Social Sciences

Samhällsvetenskap

Law

Juridik

A Privacy-Preserving, Context-Aware, Insider Threat prevention and prediction model (PPCAITPP)

Tekle, Solomon Mekonnen

07 1900

The insider threat problem is extremely challenging to address, as it is committed by insiders who are trusted and authorized to access the information resources of the organization. The problem is further complicated by the multifaceted nature of insiders, as human beings have various motivations and fluctuating behaviours. Additionally, typical monitoring systems may violate the privacy of insiders. Consequently, there is a need to consider a comprehensive approach to mitigate insider threats. This research presents a novel insider threat prevention and prediction model, combining several approaches, techniques and tools from the fields of computer science and criminology. The model is a Privacy- Preserving, Context-Aware, Insider Threat Prevention and Prediction model (PPCAITPP). The model is predicated on the Fraud Diamond (a theory from Criminology) which assumes there must be four elements present in order for a criminal to commit maleficence. The basic elements are pressure (i.e. motive), opportunity, ability (i.e. capability) and rationalization. According to the Fraud Diamond, malicious employees need to have a motive, opportunity and the capability to commit fraud. Additionally, criminals tend to rationalize their malicious actions in order for them to ease their cognitive dissonance towards maleficence. In order to mitigate the insider threat comprehensively, there is a need to consider all the elements of the Fraud Diamond because insider threat crime is also related to elements of the Fraud Diamond similar to crimes committed within the physical landscape. The model intends to act within context, which implies that when the model offers predictions about threats, it also reacts to prevent the threat from becoming a future threat instantaneously. To collect information about insiders for the purposes of prediction, there is a need to collect current information, as the motives and behaviours of humans are transient. Context-aware systems are used in the model to collect current information about insiders related to motive and ability as well as to determine whether insiders exploit any opportunity to commit a crime (i.e. entrapment). Furthermore, they are used to neutralize any rationalizations the insider may have via neutralization mitigation, thus preventing the insider from committing a future crime. However, the model collects private information and involves entrapment that will be deemed unethical. A model that does not preserve the privacy of insiders may cause them to feel they are not trusted, which in turn may affect their productivity in the workplace negatively. Hence, this thesis argues that an insider prediction model must be privacy-preserving in order to prevent further cybercrime. The model is not intended to be punitive but rather a strategy to prevent current insiders from being tempted to commit a crime in future. The model involves four major components: context awareness, opportunity facilitation, neutralization mitigation and privacy preservation. The model implements a context analyser to collect information related to an insider who may be motivated to commit a crime and his or her ability to implement an attack plan. The context analyser only collects meta-data such as search behaviour, file access, logins, use of keystrokes and linguistic features, excluding the content to preserve the privacy of insiders. The model also employs keystroke and linguistic features based on typing patterns to collect information about any change in an insider’s emotional and stress levels. This is indirectly related to the motivation to commit a cybercrime. Research demonstrates that most of the insiders who have committed a crime have experienced a negative emotion/pressure resulting from dissatisfaction with employment measures such as terminations, transfers without their consent or denial of a wage increase. However, there may also be personal problems such as a divorce. The typing pattern analyser and other resource usage behaviours aid in identifying an insider who may be motivated to commit a cybercrime based on his or her stress levels and emotions as well as the change in resource usage behaviour. The model does not identify the motive itself, but rather identifies those individuals who may be motivated to commit a crime by reviewing their computer-based actions. The model also assesses the capability of insiders to commit a planned attack based on their usage of computer applications and measuring their sophistication in terms of the range of knowledge, depth of knowledge and skill as well as assessing the number of systems errors and warnings generated while using the applications. The model will facilitate an opportunity to commit a crime by using honeypots to determine whether a motivated and capable insider will exploit any opportunity in the organization involving a criminal act. Based on the insider’s reaction to the opportunity presented via a honeypot, the model will deploy an implementation strategy based on neutralization mitigation. Neutralization mitigation is the process of nullifying the rationalizations that the insider may have had for committing the crime. All information about insiders will be anonymized to remove any identifiers for the purpose of preserving the privacy of insiders. The model also intends to identify any new behaviour that may result during the course of implementation. This research contributes to existing scientific knowledge in the insider threat domain and can be used as a point of departure for future researchers in the area. Organizations could use the model as a framework to design and develop a comprehensive security solution for insider threat problems. The model concept can also be integrated into existing information security systems that address the insider threat problem / Information Science / D. Phil. (Information Systems)

Insider threat

Fraud diamond

Context-aware system

Information security

Privacy preservation

005.8

Computer networks -- Security measures

Computer networks -- Access control

Data protection

Penetration testing (Computer security)

Computer crimes

Hackers

Computer security

Towards Usable Transparency via Individualisation

Murmann, Patrick

January 2019

The General Data Protection Regulation grants data subjects the legal rights of transparency and intervenability. Ex post transparency provides users of data services with insight into how their personal data have been processed, and potentially clarifies what consequences will or may arise due to the processing of their data. Technological artefacts, ex post transparency-enhancing tools (TETs) convey such information to data subjects, provided the TETs are designed to suit the predisposition of their audience. Despite being a prerequisite for transparency, however, many of the TETs available to date lack usability in that their capabilities do not reflect the needs of their final users. The objective of this thesis is therefore to systematically apply the concept of human-centred design to ascertain design principles that demonstrably lead to the implementation of a TET that facilitates ex post transparency and supports intervenability. To this end, we classify the state of the art of usable ex post TETs published in the literature and discuss the gaps therein. Contextualising our findings in the domain of fitness tracking, we investigate to what extent individualisation can help accommodate the needs of users of online mobile health services. We introduce the notion of privacy notifications as a means to inform data subjects about incidences worthy of their attention and examine how far privacy personas reflect the preferences of distinctive groups of recipients. We suggest a catalogue of design guidelines that can serve as a basis for specifying context-sensitive requirements for the implementation of a TET that leverages privacy notifications to facilitate ex post transparency, and which also serve as criteria for the evaluation of a future prototype. / <p>Paper 2 ingick som manuskript i avhandlingen, nu publicerad.</p>

Data transparency

Human-centred design

Human-computer interaction (HCI)

Information privacy

Intervenability

Mobile health (mhealth)

Transparency-enhancing tool (TET)

Usability

Human Computer Interaction

Interaction Technologies

Interaktionsteknik

Media and Communication Technology

Medieteknik

我國與美國聯邦對身分竊用法律之比較研究 / A comparative study on the identity theft related laws and practices of Taiwan (R.O.C.) and U.S.A

徐子文, Hsu, Tzu Wen Daniel

Unknown Date

因為資通訊科技之普及發達，提升經濟、社會活動的便捷性並豐富人們的生活品質，但一面兩刃，它同時也蘊藏了新興犯罪的機會，對經濟、社會活動之正常運作帶來威脅。其中，身分資料偷竊及身分冒用（以下簡稱「身分竊用」），已然成為資訊社會時代嚴重的新興犯罪之一。「身分竊用」一般俗稱為「身分竊盜」，其係由英文原文identity theft直譯而來。其實身分無從竊盜起，英文原文的identity theft其實也是簡稱，完整的意義是identity theft and assumption，係指行為人未經授權擅用他人用已表彰其身分的證明或資訊，從而冒用他人之身分，遂行各式活動。本研究為求接近其實際文意內涵，在本研究中將其譯為「身分竊用」。 同為自由開放和高度科技化之社會，美國法律制度和社會機制環境雖與我多有不同，但其面對相同問題時的所受之影響和相對處理方式，或可為我國在處理同類問題時之參考。美國在身分竊用之相關法律，自從1970年代以降，至少制定20件以上的相關法律。先是從個人金融隱私權的保護著手，如在1970年制定《公平信用報告法》(FCRA)、1974年所制定的《隱私權法》(Privacy Act)。1998年則進一步制定通過《身分竊用嚇阻法》(Identity Theft and Assumption Deterrence Act)，明文規範「身分竊用」為刑事犯罪行為。《身分竊用嚇阻法》最重要價值是確認了身分被竊用的人也是犯罪被害者，相較於之前只有因犯罪者使用身分竊用手法而被詐騙失去財務的人才被認為是受害者 ，有了很大的進步。而之後的法律制定和實務處理即朝向個人資料保護、身分竊用預防和損害抑制，以及執法訴追等方向前進。 本研究以身分識別理論為起點，探討身分竊用在現代資訊社會中之角色和因身分識別資料被竊取冒用所發生之行為對個人社會和經濟的影響，蒐集美國聯邦自1970代迄今所制定和處理身分竊用相關之法律並予以摘錄分類，最後比較兩國對身分竊用問題處理之異同，並嘗試提出借鏡調和應用的建議。本研究蒐集整理，並將其群組為四種類型。分別是：（一）身分竊用罪法群；（二）個人身分證之相關法群；（三）消費者信用報告法群，以及（四）個人資料保護法群。 本研究發現，我國和美國雖然均面臨到身分竊用的問題，但因為國情和制度的不同，所受到的影響程度和所採取對應問題的方式也因此不同。例如：我國和美國在對個人識別號碼的態度和處理不同，美國是盡量打破個人利用單一獨特(unique)號碼進行識別的機制，而我國則是大量的使用。在個人身分證明文件上，我國較為統一，美國則較為分散，迄今尚未有全國統一性的身分識別證。在個人識別資料庫的建置和運用上，我國相對集中，美國重分散。我國對個人資料的保護是遵循歐盟模式，採取從上而下立法的方式。相反的，美國在個人資料保護作為上比較傾向建置一個結合法規、命令和自我管理的架構，而非由政府制訂的單一法規，係採由下而上模式。我國現在使用的國民身分證和身分證號在實體世界所建構的通用身分識別體系，因為個人資料庫雖分散但可集中連線查詢管理的特性，其在身分竊用防制機制的優勢因此建立。美國在對抗身分竊用問題所採取的方式雖因為國情和歷史的不同而和我國有相當程度的差異，但其在犯罪嚇阻控制上特別注意建立執法機關的查緝能力、訴追工具和司法機關量刑裁判的嚇阻效益，仍值得我國學習。本研究對於「美國聯邦量刑委員會」在其《量刑基準》上針對身分竊用罪的量刑考量及該委員會如此設計之源由稍有描述，或可為後續研究或實務參考之用。 / Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The first victim of identity theft is the person whose identity has been assumed by the identity thief and this person can suffer adverse consequences if they are held accountable for the perpetrator's actions. The other victims are those who were defrauded by identity theft tactics. Along with the prevalence of information and communication technology, identity theft is becoming a great threat to common people and even to national security. This study has collected more than 20 pieces of U.S.A. federal acts and statutes that related to combating identity theft problems. This study then categorizes then into 4 groups, namely 1) identity theft criminalization; 2) national personal identification system; 3) consumer credit report; and 4) personal data protection. In the mean time, this study also collected related laws and Taiwan (R.O.C.) for comparison. The government organization structures and legal systems between U.S.A. and Taiwan (R.O.C.) are very different, though the common goal of fighting identity theft is the same; the measures are quite different as well. In short, in terms of laws and personal identification system, the U.S.A. is more decentralized while in Taiwan (R.O.C.) it is more centralized. Taiwan (R.O.C.) has a national-wide and unified personal identification system that put it in a better position to respond and mitigate to identity theft impacts. On the other hand, from the law enforceability aspect, the study finds the U.S.A. provides better tools to law enforcement agencies and prosecutors to bring the offenders to justice in court and the judges have relatively more clear guidelines for case consideration and sentence.

身分竊用

身分竊盜

身分詐欺

冒用身分

個人資料保護

電腦犯罪

Identity Theft

Identity Fraud

Privacy

Personal Data Protection

Cyber Crime