The perceived impact of location privacy: A web-based survey of public health perspectives and requirements in the UK and Canada

Directory of Open Access Journals (Sweden)

Boulos Maged

2008-05-01

Full Text Available Abstract Background The "place-consciousness" of public health professionals is on the rise as spatial analyses and Geographic Information Systems (GIS are rapidly becoming key components of their toolbox. However, "place" is most useful at its most precise, granular scale – which increases identification risks, thereby clashing with privacy issues. This paper describes the views and requirements of public health professionals in Canada and the UK on privacy issues and spatial data, as collected through a web-based survey. Methods Perceptions on the impact of privacy were collected through a web-based survey administered between November 2006 and January 2007. The survey targeted government, non-government and academic GIS labs and research groups involved in public health, as well as public health units (Canada, ministries, and observatories (UK. Potential participants were invited to participate through personally addressed, standardised emails. Results Of 112 invitees in Canada and 75 in the UK, 66 and 28 participated in the survey, respectively. The completion proportion for Canada was 91%, and 86% for the UK. No response differences were observed between the two countries. Ninety three percent of participants indicated a requirement for personally identifiable data (PID in their public health activities, including geographic information. Privacy was identified as an obstacle to public health practice by 71% of respondents. The overall self-rated median score for knowledge of privacy legislation and policies was 7 out of 10. Those who rated their knowledge of privacy as high (at the median or above also rated it significantly more severe as an obstacle to research (P Conclusion The clash between PID requirements – including granular geography – and limitations imposed by privacy and its associated bureaucracy require immediate attention and solutions, particularly given the increasing utilisation of GIS in public health. Solutions

Security, privacy, and confidentiality issues on the Internet

Science.gov (United States)

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

Privacy-awareness in blockchain-based PKI

OpenAIRE

2015-01-01

Conventional public key infrastructure (PKI) designs are not optimal and contain security flaws; there is much work underway in improving PKI. The properties given by the Bitcoin blockchain and its derivatives are a natural solution to some of the problems with PKI - in particular, certificate transparency and elimination of single points of failure. Recently-proposed blockchain PKI designs are built as public ledgers linking identity with public key, giving no provision of privacy. We consid...

The Privacy Attitude Questionnaire (PAQ): Initial Development and Validation

OpenAIRE

Chignell, Mark H.; Quan-Haase, Anabel; Gwizdka, Jacek

2003-01-01

Privacy has been identified as a key issue in a variety of domains, including electronic commerce and public policy. While there are many discussions of privacy issues from a legal and policy perspective, there is little information on the structure of privacy as a psychometric construct. Our goal is to develop a method for measuring attitudes towards privacy that can guide the design and personalization of services. This paper reports on the development of an initial version of the PAQ. Four...

Assessing privacy risks in population health publications using a checklist-based approach.

Science.gov (United States)

O'Keefe, Christine M; Ickowicz, Adrien; Churches, Tim; Westcott, Mark; O'Sullivan, Maree; Khan, Atikur

2017-11-10

Recent growth in the number of population health researchers accessing detailed datasets, either on their own computers or through virtual data centers, has the potential to increase privacy risks. In response, a checklist for identifying and reducing privacy risks in population health analysis outputs has been proposed for use by researchers themselves. In this study we explore the usability and reliability of such an approach by investigating whether different users identify the same privacy risks on applying the checklist to a sample of publications. The checklist was applied to a sample of 100 academic population health publications distributed among 5 readers. Cohen's κ was used to measure interrater agreement. Of the 566 instances of statistical output types found in the 100 publications, the most frequently occurring were counts, summary statistics, plots, and model outputs. Application of the checklist identified 128 outputs (22.6%) with potential privacy concerns. Most of these were associated with the reporting of small counts. Among these identified outputs, the readers found no substantial actual privacy concerns when context was taken into account. Interrater agreement for identifying potential privacy concerns was generally good. This study has demonstrated that a checklist can be a reliable tool to assist researchers with anonymizing analysis outputs in population health research. This further suggests that such an approach may have the potential to be developed into a broadly applicable standard providing consistent confidentiality protection across multiple analyses of the same data. © The Author 2017. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com

Documenting death: public access to government death records and attendant privacy concerns.

Science.gov (United States)

Boles, Jeffrey R

2012-01-01

This Article examines the contentious relationship between public rights to access government-held death records and privacy rights concerning the deceased, whose personal information is contained in those same records. This right of access dispute implicates core democratic principles and public policy interests. Open access to death records, such as death certificates and autopsy reports, serves the public interest by shedding light on government agency performance, uncovering potential government wrongdoing, providing data on public health trends, and aiding those investigating family history, for instance. Families of the deceased have challenged the release of these records on privacy grounds, as the records may contain sensitive and embarrassing information about the deceased. Legislatures and the courts addressing this dispute have collectively struggled to reconcile the competing open access and privacy principles. The Article demonstrates how a substantial portion of the resulting law in this area is haphazardly formed, significantly overbroad, and loaded with unintended consequences. The Article offers legal reforms to bring consistency and coherence to this currently disordered area of jurisprudence.

Privacy After Snowden: Theoretical Developments and Public Opinion Perceptions of Privacy in Slovenia (Zasebnost po Snowdnu: novejša pojmovanja zasebnosti in odnos javnosti do le-te v Sloveniji

Directory of Open Access Journals (Sweden)

Aleš Završnik

2014-10-01

Full Text Available The article analyses recent theorizing of privacy arising from new technologies that allow constant and ubiquitous monitoring of our communication and movement. The theoretical part analyses Helen Nissenbaum’s theory of contextual integrity of privacy and pluralistic understanding of privacy by Daniel Solove. The empirical part presents the results of an online survey on the Slovenian public perceptions of privacy that includes questions on types and frequency of victimizations relating to the right to privacy; self-reported privacy violations; concern for the protection of one’s own privacy; perception of primary privacy offenders; the value of privacy; attitude towards data retention in public telecommunication networks; and acquaintance with the Information Commissioner of RS. Despite growing distrust of large internet corporations and – after Edward Snowden’s revelations – Intelligence agencies, the findings indicate a low degree of awareness and care for the protection of personal data.

Key handling in wireless sensor networks

International Nuclear Information System (INIS)

Li, Y; Newe, T

2007-01-01

With the rapid growth of Wireless Sensor Networks (WSNs), many advanced application areas have received significant attention. However, security will be an important factor for their full adoption. Wireless sensor nodes pose unique challenges and as such traditional security protocols, used in traditional networks cannot be applied directly. Some new protocols have been published recently with the goal of providing both privacy of data and authentication of sensor nodes for WSNs. Such protocols can employ private-key and/or public key cryptographic algorithms. Public key algorithms hold the promise of simplifying the network infrastructure required to provide security services such as: privacy, authentication and non-repudiation, while symmetric algorithms require less processing power on the lower power wireless node. In this paper a selection of key establishment/agreement protocols are reviewed and they are broadly divided into two categories: group key agreement protocols and pair-wise key establishment protocols. A summary of the capabilities and security related services provided by each protocol is provided

Key handling in wireless sensor networks

Energy Technology Data Exchange (ETDEWEB)

Li, Y; Newe, T [Optical Fibre Sensors Research Centre, Department of Electronic and Computer Engineering, University of Limerick, Limerick (Ireland)

2007-07-15

With the rapid growth of Wireless Sensor Networks (WSNs), many advanced application areas have received significant attention. However, security will be an important factor for their full adoption. Wireless sensor nodes pose unique challenges and as such traditional security protocols, used in traditional networks cannot be applied directly. Some new protocols have been published recently with the goal of providing both privacy of data and authentication of sensor nodes for WSNs. Such protocols can employ private-key and/or public key cryptographic algorithms. Public key algorithms hold the promise of simplifying the network infrastructure required to provide security services such as: privacy, authentication and non-repudiation, while symmetric algorithms require less processing power on the lower power wireless node. In this paper a selection of key establishment/agreement protocols are reviewed and they are broadly divided into two categories: group key agreement protocols and pair-wise key establishment protocols. A summary of the capabilities and security related services provided by each protocol is provided.

EPA's Public Access Website Children’s Privacy and Copyright Issues

Science.gov (United States)

This document establishes the policy for protecting the privacy of children on EPA’s Public Access Web site. It concerns the collection, both online and off, of information from ages 13 and under, and the display of Personally Identifying Information (PII)

Physician privacy concerns when disclosing patient data for public health purposes during a pandemic influenza outbreak.

Science.gov (United States)

El Emam, Khaled; Mercer, Jay; Moreau, Katherine; Grava-Gubins, Inese; Buckeridge, David; Jonker, Elizabeth

2011-06-09

Privacy concerns by providers have been a barrier to disclosing patient information for public health purposes. This is the case even for mandated notifiable disease reporting. In the context of a pandemic it has been argued that the public good should supersede an individual's right to privacy. The precise nature of these provider privacy concerns, and whether they are diluted in the context of a pandemic are not known. Our objective was to understand the privacy barriers which could potentially influence family physicians' reporting of patient-level surveillance data to public health agencies during the Fall 2009 pandemic H1N1 influenza outbreak. Thirty seven family doctors participated in a series of five focus groups between October 29-31 2009. They also completed a survey about the data they were willing to disclose to public health units. Descriptive statistics were used to summarize the amount of patient detail the participants were willing to disclose, factors that would facilitate data disclosure, and the consensus on those factors. The analysis of the qualitative data was based on grounded theory. The family doctors were reluctant to disclose patient data to public health units. This was due to concerns about the extent to which public health agencies are dependable to protect health information (trusting beliefs), and the possibility of loss due to disclosing health information (risk beliefs). We identified six specific actions that public health units can take which would affect these beliefs, and potentially increase the willingness to disclose patient information for public health purposes. The uncertainty surrounding a pandemic of a new strain of influenza has not changed the privacy concerns of physicians about disclosing patient data. It is important to address these concerns to ensure reliable reporting during future outbreaks.

Privacy, confidentiality and abortion statistics: a question of public interest?

Science.gov (United States)

McHale, Jean V; Jones, June

2012-01-01

The precise nature and scope of healthcare confidentiality has long been the subject of debate. While the obligation of confidentiality is integral to professional ethical codes and is also safeguarded under English law through the equitable remedy of breach of confidence, underpinned by the right to privacy enshrined in Article 8 of the Human Rights Act 1998, it has never been regarded as absolute. But when can and should personal information be made available for statistical and research purposes and what if the information in question is highly sensitive information, such as that relating to the termination of pregnancy after 24 weeks? This article explores the case of In the Matter of an Appeal to the Information Tribunal under section 57 of the Freedom of Information Act 2000, concerning the decision of the Department of Health to withhold some statistical data from the publication of its annual abortion statistics. The specific data being withheld concerned the termination for serious fetal handicap under section 1(1)d of the Abortion Act 1967. The paper explores the implications of this case, which relate both to the nature and scope of personal privacy. It suggests that lessons can be drawn from this case about public interest and use of statistical information and also about general policy issues concerning the legal regulation of confidentiality and privacy in the future.

Public Key Infrastructure Study

National Research Council Canada - National Science Library

Berkovits, Shimshon

1994-01-01

The National Institute of Standards and Technology (NIST) has tasked The MITRE Corporation to study the alternatives for automated management of public keys and of the associated public key certificates for the Federal Government...

Using routinely collected health data for surveillance, quality improvement and research: Framework and key questions to assess ethics, privacy and data access

Directory of Open Access Journals (Sweden)

Simon de Lusignan

2016-01-01

Full Text Available Background The use of health data for public health, surveillance, quality improvement and research is crucial to improve health systems and health care. However, bodies responsible for privacy and ethics often limit access to routinely collected health data. Ethical approvals, issues around protecting privacy and data access are often dealt with by different layers of regulations, making approval processes appear disjointed.Objective To create a comprehensive framework for defining the ethical and privacy status of a project and for providing guidance on data access.Method The framework comprises principles and related questions. The core of the framework will be built using standard terminology definitions such as ethics-related controlled vocabularies and regional directives. It is built in this way to reduce ambiguity between different definitions. The framework is extensible: principles can be retired or added to, as can their related questions. Responses to these questions should allow data processors to define ethical issues, privacy risk and other unintended consequences.Results The framework contains three steps: (1 identifying possible ethical and privacy principles relevant to the project; (2 providing ethics and privacy guidance questions that inform the type of approval needed; and (3 assessing case-specific ethics and privacy issues. The outputs from this process should inform whether the balance between public interests and privacy breach and any ethical considerations are tipped in favour of societal benefits. If they are then this should be the basis on which data access is permitted. Tightly linking ethical principles to governance and data access may help maintain public trust.

Using routinely collected health data for surveillance, quality improvement and research: Framework and key questions to assess ethics, privacy and data access.

Science.gov (United States)

De Lusignan, Simon; Liyanage, Harshana; Di Iorio, Concetta Tania; Chan, Tom; Liaw, Siaw-Teng

2016-01-19

The use of health data for public health, surveillance, quality improvement and research is crucial to improve health systems and health care. However, bodies responsible for privacy and ethics often limit access to routinely collected health data. Ethical approvals, issues around protecting privacy and data access are often dealt with by different layers of regulations, making approval processes appear disjointed. To create a comprehensive framework for defining the ethical and privacy status of a project and for providing guidance on data access. The framework comprises principles and related questions. The core of the framework will be built using standard terminology definitions such as ethics-related controlled vocabularies and regional directives. It is built in this way to reduce ambiguity between different definitions. The framework is extensible: principles can be retired or added to, as can their related questions. Responses to these questions should allow data processors to define ethical issues, privacy risk and other unintended consequences. The framework contains three steps: (1) identifying possible ethical and privacy principles relevant to the project; (2) providing ethics and privacy guidance questions that inform the type of approval needed; and (3) assessing case-specific ethics and privacy issues. The outputs from this process should inform whether the balance between public interests and privacy breach and any ethical considerations are tipped in favour of societal benefits. If they are then this should be the basis on which data access is permitted. Tightly linking ethical principles to governance and data access may help maintain public trust.

78 FR 77503 - Privacy Act of 1974; Privacy Act System of Records

Science.gov (United States)

2013-12-23

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice 13-149] Privacy Act of 1974; Privacy Act... proposed revisions to existing Privacy Act systems of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...

76 FR 67763 - Privacy Act of 1974; Privacy Act System of Records

Science.gov (United States)

2011-11-02

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-109)] Privacy Act of 1974; Privacy Act... proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...

76 FR 64114 - Privacy Act of 1974; Privacy Act System of Records

Science.gov (United States)

2011-10-17

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-093)] Privacy Act of 1974; Privacy Act... proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...

77 FR 69898 - Privacy Act of 1974; Privacy Act System of Records

Science.gov (United States)

2012-11-21

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice 12-100] Privacy Act of 1974; Privacy Act... proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...

Cancer surveillance and information: balancing public health with privacy and confidentiality concerns (United States).

Science.gov (United States)

Deapen, Dennis

2006-06-01

Rapid advances in informatics and communication technologies are greatly expanding the capacity for information capture and transportation. While these tools can be used for great good, they also offer new opportunities for those who seek to obtain and use information for improper purposes. While issues related to identity theft for financial gain garner the most attention, protection of privacy in public health endeavors such as cancer surveillance is also a significant concern. Some efforts to protect health-related information have had unintended consequences detrimental to health research and public health practice. Achieving a proper balance between measures to protect privacy and the ability to guard and improve public health requires careful consideration and development of appropriate policies, regulations and use of technology.

Public Key Cryptography.

Science.gov (United States)

Tapson, Frank

1996-01-01

Describes public key cryptography, also known as RSA, which is a system using two keys, one used to put a message into cipher and another used to decipher the message. Presents examples using small prime numbers. (MKR)

Privacy impact assessment in the design of transnational public health information systems: the BIRO project.

Science.gov (United States)

Di Iorio, C T; Carinci, F; Azzopardi, J; Baglioni, V; Beck, P; Cunningham, S; Evripidou, A; Leese, G; Loevaas, K F; Olympios, G; Federici, M Orsini; Pruna, S; Palladino, P; Skeie, S; Taverner, P; Traynor, V; Benedetti, M Massi

2009-12-01

To foster the development of a privacy-protective, sustainable cross-border information system in the framework of a European public health project. A targeted privacy impact assessment was implemented to identify the best architecture for a European information system for diabetes directly tapping into clinical registries. Four steps were used to provide input to software designers and developers: a structured literature search, analysis of data flow scenarios or options, creation of an ad hoc questionnaire and conduction of a Delphi procedure. The literature search identified a core set of relevant papers on privacy (n = 11). Technicians envisaged three candidate system architectures, with associated data flows, to source an information flow questionnaire that was submitted to the Delphi panel for the selection of the best architecture. A detailed scheme envisaging an "aggregation by group of patients" was finally chosen, based upon the exchange of finely tuned summary tables. Public health information systems should be carefully engineered only after a clear strategy for privacy protection has been planned, to avoid breaching current regulations and future concerns and to optimise the development of statistical routines. The BIRO (Best Information Through Regional Outcomes) project delivers a specific method of privacy impact assessment that can be conveniently used in similar situations across Europe.

Attack on Privacy-Preserving Public Auditing Schemes for Cloud Storage

Directory of Open Access Journals (Sweden)

Baoyuan Kang

2017-01-01

Full Text Available With the development of Internet, cloud computing has emerged to provide service to data users. But, it is necessary for an auditor on behalf of users to check the integrity of the data stored in the cloud. The cloud server also must ensure the privacy of the data. In a usual public integrity check scheme, the linear combination of data blocks is needed for verification. But, after times of auditing on the same data blocks, based on collected linear combinations, the auditor might derive these blocks. Recently, a number of public auditing schemes with privacy-preserving are proposed. With blinded linear combinations of data blocks, the authors of these schemes believed that the auditor cannot derive any information about the data blocks and claimed that their schemes are provably secure in the random oracle model. In this paper, with detailed security analysis of these schemes, we show that these schemes are vulnerable to an attack from the malicious cloud server who modifies the data blocks and succeeds in forging proof information for data integrity check.

Privacy encounters in Teledialogue

DEFF Research Database (Denmark)

Andersen, Lars Bo; Bøge, Ask Risom; Danholt, Peter

2017-01-01

Privacy is a major concern when new technologies are introduced between public authorities and private citizens. What is meant by privacy, however, is often unclear and contested. Accordingly, this article utilises grounded theory to study privacy empirically in the research and design project...... Teledialogue aimed at introducing new ways for public case managers and placed children to communicate through IT. The resulting argument is that privacy can be understood as an encounter, that is, as something that arises between implicated actors and entails some degree of friction and negotiation....... An argument which is further qualified through the philosophy of Gilles Deleuze. The article opens with a review of privacy literature before continuing to present privacy as an encounter with five different foci: what technologies bring into the encounter; who is related to privacy by implication; what...

Privacy protection schemes for fingerprint recognition systems

Science.gov (United States)

Marasco, Emanuela; Cukic, Bojan

2015-05-01

The deployment of fingerprint recognition systems has always raised concerns related to personal privacy. A fingerprint is permanently associated with an individual and, generally, it cannot be reset if compromised in one application. Given that fingerprints are not a secret, potential misuses besides personal recognition represent privacy threats and may lead to public distrust. Privacy mechanisms control access to personal information and limit the likelihood of intrusions. In this paper, image- and feature-level schemes for privacy protection in fingerprint recognition systems are reviewed. Storing only key features of a biometric signature can reduce the likelihood of biometric data being used for unintended purposes. In biometric cryptosystems and biometric-based key release, the biometric component verifies the identity of the user, while the cryptographic key protects the communication channel. Transformation-based approaches only a transformed version of the original biometric signature is stored. Different applications can use different transforms. Matching is performed in the transformed domain which enable the preservation of low error rates. Since such templates do not reveal information about individuals, they are referred to as cancelable templates. A compromised template can be re-issued using a different transform. At image-level, de-identification schemes can remove identifiers disclosed for objectives unrelated to the original purpose, while permitting other authorized uses of personal information. Fingerprint images can be de-identified by, for example, mixing fingerprints or removing gender signature. In both cases, degradation of matching performance is minimized.

Genetic privacy.

Science.gov (United States)

Sankar, Pamela

2003-01-01

During the past 10 years, the number of genetic tests performed more than tripled, and public concern about genetic privacy emerged. The majority of states and the U.S. government have passed regulations protecting genetic information. However, research has shown that concerns about genetic privacy are disproportionate to known instances of information misuse. Beliefs in genetic determinacy explain some of the heightened concern about genetic privacy. Discussion of the debate over genetic testing within families illustrates the most recent response to genetic privacy concerns.

Privacy and Innovation

OpenAIRE

Avi Goldfarb; Catherine Tucker

2011-01-01

Information and communication technology now enables firms to collect detailed and potentially intrusive data about their customers both easily and cheaply. This means that privacy concerns are no longer limited to government surveillance and public figures' private lives. The empirical literature on privacy regulation shows that privacy regulation may affect the extent and direction of data-based innovation. We also show that the impact of privacy regulation can be extremely heterogeneous. T...

Ethics in public health research: privacy and public health at risk: public health confidentiality in the digital age.

Science.gov (United States)

Myers, Julie; Frieden, Thomas R; Bherwani, Kamal M; Henning, Kelly J

2008-05-01

Public health agencies increasingly use electronic means to acquire, use, maintain, and store personal health information. Electronic data formats can improve performance of core public health functions, but potentially threaten privacy because they can be easily duplicated and transmitted to unauthorized people. Although such security breaches do occur, electronic data can be better secured than paper records, because authentication, authorization, auditing, and accountability can be facilitated. Public health professionals should collaborate with law and information technology colleagues to assess possible threats, implement updated policies, train staff, and develop preventive engineering measures to protect information. Tightened physical and electronic controls can prevent misuse of data, minimize the risk of security breaches, and help maintain the reputation and integrity of public health agencies.

Cryptanalysis of Compact-LWE and Related Lightweight Public Key Encryption

Directory of Open Access Journals (Sweden)

Dianyan Xiao

2018-01-01

Full Text Available In the emerging Internet of Things (IoT, lightweight public key cryptography plays an essential role in security and privacy protection. With the approach of quantum computing era, it is important to design and evaluate lightweight quantum-resistant cryptographic algorithms applicable to IoT. LWE-based cryptography is a widely used and well-studied family of postquantum cryptographic constructions whose hardness is based on worst-case lattice problems. To make LWE friendly to resource-constrained IoT devices, a variant of LWE, named Compact-LWE, was proposed and used to design lightweight cryptographic schemes. In this paper, we study the so-called Compact-LWE problem and clarify that under certain parameter settings it can be solved in polynomial time. As a consequence, our result leads to a practical attack against an instantiated scheme based on Compact-LWE proposed by Liu et al. in 2017.

Lattice Based Mix Network for Location Privacy in Mobile System

Directory of Open Access Journals (Sweden)

Kunwar Singh

2015-01-01

Full Text Available In 1981, David Chaum proposed a cryptographic primitive for privacy called mix network (Mixnet. A mixnet is cryptographic construction that establishes anonymous communication channel through a set of servers. In 2004, Golle et al. proposed a new cryptographic primitive called universal reencryption which takes the input as encrypted messages under the public key of the recipients not the public key of the universal mixnet. In Eurocrypt 2010, Gentry, Halevi, and Vaikunthanathan presented a cryptosystem which is an additive homomorphic and a multiplicative homomorphic for only one multiplication. In MIST 2013, Singh et al. presented a lattice based universal reencryption scheme under learning with error (LWE assumption. In this paper, we have improved Singh et al.’s scheme using Fairbrother’s idea. LWE is a lattice hard problem for which till now there is no polynomial time quantum algorithm. Wiangsripanawan et al. proposed a protocol for location privacy in mobile system using universal reencryption whose security is reducible to Decision Diffie-Hellman assumption. Once quantum computer becomes a reality, universal reencryption can be broken in polynomial time by Shor’s algorithm. In postquantum cryptography, our scheme can replace universal reencryption scheme used in Wiangsripanawan et al. scheme for location privacy in mobile system.

A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems

Directory of Open Access Journals (Sweden)

Mohammed Ramadan

2016-08-01

Full Text Available Mobile communication security techniques are employed to guard the communication between the network entities. Mobile communication cellular systems have become one of the most important communication systems in recent times and are used by millions of people around the world. Since the 1990s, considerable efforts have been taken to improve both the communication and security features of the mobile communications systems. However, these improvements divide the mobile communications field into different generations according to the communication and security techniques such as A3, A5 and A8 algorithms for 2G-GSM cellular system, 3G-authentication and key agreement (AKA, evolved packet system-authentication and key agreement (EPS-AKA, and long term evolution-authentication and key agreement (LTE-AKA algorithms for 3rd generation partnership project (3GPP systems. Furthermore, these generations have many vulnerabilities, and huge security work is involved to solve such problems. Some of them are in the field of the public key cryptography (PKC which requires a high computational cost and more network flexibility to be achieved. As such, the public key infrastructure (PKI is more compatible with the modern generations due to the superior communications features. This paper surveys the latest proposed works on the security of GSM, CDMA, and LTE cellular systems using PKI. Firstly, we present the security issues for each generation of mobile communication systems, then we study and analyze the latest proposed schemes and give some comparisons. Finally, we introduce some new directions for the future scope. This paper classifies the mobile communication security schemes according to the techniques used for each cellular system and covers some of the PKI-based security techniques such as authentication, key agreement, and privacy preserving.

Robust Public Key Cryptography — A New Cryptosystem Surviving Private Key Compromise

Science.gov (United States)

Shaik, Cheman

A weakness of the present-day public key cryptosystems is that these cryptosystems do not survive private-key compromise attacks resulting from an internal breach of trust. In a competitive business environment, private key compromise is a common incident that voids the strength of public key cryptosystems such as RSA and ECC. Bribing corporate employees to disclose their secret keys and inadvertently disclosing secret information are among a plethora of practical attacks that occur at the implementation level. Once a breach of trust takes place and subsequently the private key is revealed, any public key cryptosystem fails to secure electronic data in Internet communications. The revealed key may be used by an attacker to decipher the intercepted data at an intermediary router. This weakness of public key cryptography calls for an additional security measure that enables encryptions to survive private key compromise attacks.

Policymaking to preserve privacy in disclosure of public health data: a suggested framework.

Science.gov (United States)

Mizani, Mehrdad A; Baykal, Nazife

2015-03-01

Health organisations in Turkey gather a vast amount of valuable individual data that can be used for public health purposes. The organisations use rigid methods to remove some useful details from the data while publishing the rest of the data in a highly aggregated form, mostly because of privacy concerns and lack of standardised policies. This action leads to information loss and bias affecting public health research. Hence, organisations need dynamic policies and well-defined procedures rather than a specific algorithm to protect the privacy of individual data. To address this need, we developed a framework for the systematic application of anonymity methods while reducing and objectively reporting the information loss without leaking confidentiality. This framework acts as a roadmap for policymaking by providing high-level pseudo-policies with semitechnical guidelines in addition to some sample scenarios suitable for policymakers, public health programme managers and legislators. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Information privacy fundamentals for librarians and information professionals

CERN Document Server

Givens, Cherie L

2014-01-01

This book introduces library and information professionals to information privacy, provides an overview of information privacy in the library and information science context, U.S. privacy laws by sector, information privacy policy, and key considerations when planning and creating a privacy program.

Sharing Privacy Protected and Statistically Sound Clinical Research Data Using Outsourced Data Storage

Directory of Open Access Journals (Sweden)

Geontae Noh

2014-01-01

Full Text Available It is critical to scientific progress to share clinical research data stored in outsourced generally available cloud computing services. Researchers are able to obtain valuable information that they would not otherwise be able to access; however, privacy concerns arise when sharing clinical data in these outsourced publicly available data storage services. HIPAA requires researchers to deidentify private information when disclosing clinical data for research purposes and describes two available methods for doing so. Unfortunately, both techniques degrade statistical accuracy. Therefore, the need to protect privacy presents a significant problem for data sharing between hospitals and researchers. In this paper, we propose a controlled secure aggregation protocol to secure both privacy and accuracy when researchers outsource their clinical research data for sharing. Since clinical data must remain private beyond a patient’s lifetime, we take advantage of lattice-based homomorphic encryption to guarantee long-term security against quantum computing attacks. Using lattice-based homomorphic encryption, we design an aggregation protocol that aggregates outsourced ciphertexts under distinct public keys. It enables researchers to get aggregated results from outsourced ciphertexts of distinct researchers. To the best of our knowledge, our protocol is the first aggregation protocol which can aggregate ciphertexts which are encrypted with distinct public keys.

A novel authentication scheme using self-certified public keys for telecare medical information systems.

Science.gov (United States)

Guo, Dianli; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2015-06-01

Telecare medical information systems (TMIS), with the explosive growth of communication technology and physiological monitoring devices, are applied increasingly to enable and support healthcare delivery services. In order to safeguard patients' privacy and tackle the illegal access, authentication schemes for TMIS have been investigated and designed by many researchers. Many of them are promising for adoption in practice, nevertheless, they still have security flaws. In this paper, we propose a novel remote authentication scheme for TMIS using self-certified public keys, which is formally secure in the ID-mBJM model. Besides, the proposed scheme has better computational efficiency. Compared to the related schemes, our protocol is more practical for telemedicine system.

76 FR 12398 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Science.gov (United States)

2011-03-07

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0034] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1304 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection...

Adding query privacy to robust DHTs

DEFF Research Database (Denmark)

Backes, Michael; Goldberg, Ian; Kate, Aniket

2012-01-01

intermediate peers that (help to) route the queries towards their destinations. In this paper, we satisfy this requirement by presenting an approach for providing privacy for the keys in DHT queries. We use the concept of oblivious transfer (OT) in communication over DHTs to preserve query privacy without...... privacy over robust DHTs. Finally, we compare the performance of our privacy-preserving protocols with their more privacy-invasive counterparts. We observe that there is no increase in the message complexity...

Privacy Expectations in Online Contexts

Science.gov (United States)

Pure, Rebekah Abigail

2013-01-01

Advances in digital networked communication technology over the last two decades have brought the issue of personal privacy into sharper focus within contemporary public discourse. In this dissertation, I explain the Fourth Amendment and the role that privacy expectations play in the constitutional protection of personal privacy generally, and…

Efficient KDM-CCA Secure Public-Key Encryption via Auxiliary-Input Authenticated Encryption

Directory of Open Access Journals (Sweden)

Shuai Han

2017-01-01

Full Text Available KDM[F]-CCA security of public-key encryption (PKE ensures the privacy of key-dependent messages f(sk which are closely related to the secret key sk, where f∈F, even if the adversary is allowed to make decryption queries. In this paper, we study the design of KDM-CCA secure PKE. To this end, we develop a new primitive named Auxiliary-Input Authenticated Encryption (AIAE. For AIAE, we introduce two related-key attack (RKA security notions, including IND-RKA and weak-INT-RKA. We present a generic construction of AIAE from tag-based hash proof system (HPS and one-time secure authenticated encryption (AE and give an instantiation of AIAE under the Decisional Diffie-Hellman (DDH assumption. Using AIAE as an essential building block, we give two constructions of efficient KDM-CCA secure PKE based on the DDH and the Decisional Composite Residuosity (DCR assumptions. Specifically, (i our first PKE construction is the first one achieving KDM[Faff]-CCA security for the set of affine functions and compactness of ciphertexts simultaneously. (ii Our second PKE construction is the first one achieving KDM[Fpolyd]-CCA security for the set of polynomial functions and almost compactness of ciphertexts simultaneously. Our PKE constructions are very efficient; in particular, they are pairing-free and NIZK-free.

Privacy Protection: Mandating New Arrangements to Implement and Assess Federal Privacy Policy and Practice

National Research Council Canada - National Science Library

Relyea, Harold C

2004-01-01

When Congress enacted the Privacy Act of 1974, it established a temporary national study commission to conduct a comprehensive assessment of privacy policy and practice in both the public and private...

Online Tracking Technologies and Web Privacy:Technologieën voor Online volgen en Web Privacy

OpenAIRE

Acar, Mustafa Gunes Can

2017-01-01

In my PhD thesis, I would like to study the problem of online privacy with a focus on Web and mobile applications. Key research questions to be addressed by my study are the following: How can we formalize and quantify web tracking? What are the threats presented against privacy by different tracking techniques such as browser fingerprinting and cookie based tracking? What kind of privacy enhancing technologies (PET) can be used to ensure privacy without degrading service quality? The stud...

43 CFR 2.47 - Records subject to Privacy Act.

Science.gov (United States)

2010-10-01

... 43 Public Lands: Interior 1 2010-10-01 2010-10-01 false Records subject to Privacy Act. 2.47 Section 2.47 Public Lands: Interior Office of the Secretary of the Interior RECORDS AND TESTIMONY; FREEDOM OF INFORMATION ACT Privacy Act § 2.47 Records subject to Privacy Act. The Privacy Act applies to all...

User Privacy in RFID Networks

Science.gov (United States)

Singelée, Dave; Seys, Stefaan

Wireless RFID networks are getting deployed at a rapid pace and have already entered the public space on a massive scale: public transport cards, the biometric passport, office ID tokens, customer loyalty cards, etc. Although RFID technology offers interesting services to customers and retailers, it could also endanger the privacy of the end-users. The lack of protection mechanisms being deployed could potentially result in a privacy leakage of personal data. Furthermore, there is the emerging threat of location privacy. In this paper, we will show some practical attack scenarios and illustrates some of them with cases that have received press coverage. We will present the main challenges of enhancing privacy in RFID networks and evaluate some solutions proposed in literature. The main advantages and shortcomings will be briefly discussed. Finally, we will give an overview of some academic and industrial research initiatives on RFID privacy.

Privacy and Data-Based Research

OpenAIRE

Ori Heffetz; Katrina Ligett

2013-01-01

What can we, as users of microdata, formally guarantee to the individuals (or firms) in our dataset, regarding their privacy? We retell a few stories, well-known in data-privacy circles, of failed anonymization attempts in publicly released datasets. We then provide a mostly informal introduction to several ideas from the literature on differential privacy, an active literature in computer science that studies formal approaches to preserving the privacy of individuals in statistical databases...

Customer privacy on UK healthcare websites.

Science.gov (United States)

Mundy, Darren P

2006-09-01

Privacy has been and continues to be one of the key challenges of an age devoted to the accumulation, processing, and mining of electronic information. In particular, privacy of healthcare-related information is seen as a key issue as health organizations move towards the electronic provision of services. The aim of the research detailed in this paper has been to analyse privacy policies on popular UK healthcare-related websites to determine the extent to which consumer privacy is protected. The author has combined approaches (such as approaches focused on usability, policy content, and policy quality) used in studies by other researchers on e-commerce and US healthcare websites to provide a comprehensive analysis of UK healthcare privacy policies. The author identifies a wide range of issues related to the protection of consumer privacy through his research analysis using quantitative results. The main outcomes from the author's research are that only 61% of healthcare-related websites in their sample group posted privacy policies. In addition, most of the posted privacy policies had poor readability standards and included a variety of privacy vulnerability statements. Overall, the author's findings represent significant current issues in relation to healthcare information protection on the Internet. The hope is that raising awareness of these results will drive forward changes in the industry, similar to those experienced with information quality.

Privacy Attitudes among Early Adopters of Emerging Health Technologies.

Directory of Open Access Journals (Sweden)

Cynthia Cheung

Full Text Available Advances in health technology such as genome sequencing and wearable sensors now allow for the collection of highly granular personal health data from individuals. It is unclear how people think about privacy in the context of these emerging health technologies. An open question is whether early adopters of these advances conceptualize privacy in different ways than non-early adopters.This study sought to understand privacy attitudes of early adopters of emerging health technologies.Transcripts from in-depth, semi-structured interviews with early adopters of genome sequencing and health devices and apps were analyzed with a focus on participant attitudes and perceptions of privacy. Themes were extracted using inductive content analysis.Although interviewees were willing to share personal data to support scientific advancements, they still expressed concerns, as well as uncertainty about who has access to their data, and for what purpose. In short, they were not dismissive of privacy risks. Key privacy-related findings are organized into four themes as follows: first, personal data privacy; second, control over personal information; third, concerns about discrimination; and fourth, contributing personal data to science.Early adopters of emerging health technologies appear to have more complex and nuanced conceptions of privacy than might be expected based on their adoption of personal health technologies and participation in open science. Early adopters also voiced uncertainty about the privacy implications of their decisions to use new technologies and share their data for research. Though not representative of the general public, studies of early adopters can provide important insights into evolving attitudes toward privacy in the context of emerging health technologies and personal health data research.

Privacy Attitudes among Early Adopters of Emerging Health Technologies.

Science.gov (United States)

Cheung, Cynthia; Bietz, Matthew J; Patrick, Kevin; Bloss, Cinnamon S

2016-01-01

Advances in health technology such as genome sequencing and wearable sensors now allow for the collection of highly granular personal health data from individuals. It is unclear how people think about privacy in the context of these emerging health technologies. An open question is whether early adopters of these advances conceptualize privacy in different ways than non-early adopters. This study sought to understand privacy attitudes of early adopters of emerging health technologies. Transcripts from in-depth, semi-structured interviews with early adopters of genome sequencing and health devices and apps were analyzed with a focus on participant attitudes and perceptions of privacy. Themes were extracted using inductive content analysis. Although interviewees were willing to share personal data to support scientific advancements, they still expressed concerns, as well as uncertainty about who has access to their data, and for what purpose. In short, they were not dismissive of privacy risks. Key privacy-related findings are organized into four themes as follows: first, personal data privacy; second, control over personal information; third, concerns about discrimination; and fourth, contributing personal data to science. Early adopters of emerging health technologies appear to have more complex and nuanced conceptions of privacy than might be expected based on their adoption of personal health technologies and participation in open science. Early adopters also voiced uncertainty about the privacy implications of their decisions to use new technologies and share their data for research. Though not representative of the general public, studies of early adopters can provide important insights into evolving attitudes toward privacy in the context of emerging health technologies and personal health data research.

Adding Query Privacy to Robust DHTs

DEFF Research Database (Denmark)

Backes, Michael; Goldberg, Ian; Kate, Aniket

2011-01-01

intermediate peers that (help to) route the queries towards their destinations. In this paper, we satisfy this requirement by presenting an approach for providing privacy for the keys in DHT queries. We use the concept of oblivious transfer (OT) in communication over DHTs to preserve query privacy without...... of obtaining query privacy over robust DHTs. Finally, we compare the performance of our privacy-preserving protocols with their more privacy-invasive counterparts. We observe that there is no increase in the message complexity and only a small overhead in the computational complexity....

Advertising and Invasion of Privacy.

Science.gov (United States)

Rohrer, Daniel Morgan

The right of privacy as it relates to advertising and the use of a person's name or likeness is discussed in this paper. After an introduction that traces some of the history of invasion of privacy in court decisions, the paper examines cases involving issues such as public figures and newsworthy items, right of privacy waived, right of privacy…

The Right of Privacy of Public School Employees.

Science.gov (United States)

Bullock, Angela; Faber, Charles F.

A nationwide controversy over the right of privacy has arisen as a result of companies probing into their workers' habits and health through such means as mandatory drug tests, electronic databases, and lie detector tests. The legal claims arising from these civil suits against employers for invasion of privacy have established precedents that are…

Key management of the double random-phase-encoding method using public-key encryption

Science.gov (United States)

Saini, Nirmala; Sinha, Aloka

2010-03-01

Public-key encryption has been used to encode the key of the encryption process. In the proposed technique, an input image has been encrypted by using the double random-phase-encoding method using extended fractional Fourier transform. The key of the encryption process have been encoded by using the Rivest-Shamir-Adelman (RSA) public-key encryption algorithm. The encoded key has then been transmitted to the receiver side along with the encrypted image. In the decryption process, first the encoded key has been decrypted using the secret key and then the encrypted image has been decrypted by using the retrieved key parameters. The proposed technique has advantage over double random-phase-encoding method because the problem associated with the transmission of the key has been eliminated by using public-key encryption. Computer simulation has been carried out to validate the proposed technique.

Privacy and Open Government

Directory of Open Access Journals (Sweden)

Teresa Scassa

2014-06-01

Full Text Available The public-oriented goals of the open government movement promise increased transparency and accountability of governments, enhanced citizen engagement and participation, improved service delivery, economic development and the stimulation of innovation. In part, these goals are to be achieved by making more and more government information public in reusable formats and under open licences. This paper identifies three broad privacy challenges raised by open government. The first is how to balance privacy with transparency and accountability in the context of “public” personal information. The second challenge flows from the disruption of traditional approaches to privacy based on a collapse of the distinctions between public and private sector actors. The third challenge is that of the potential for open government data—even if anonymized—to contribute to the big data environment in which citizens and their activities are increasingly monitored and profiled.

45 CFR 503.1 - Definitions-Privacy Act.

Science.gov (United States)

2010-10-01

... 45 Public Welfare 3 2010-10-01 2010-10-01 false Definitions-Privacy Act. 503.1 Section 503.1... THE UNITED STATES, DEPARTMENT OF JUSTICE RULES OF PRACTICE PRIVACY ACT AND GOVERNMENT IN THE SUNSHINE REGULATIONS Privacy Act Regulations § 503.1 Definitions—Privacy Act. For the purpose of this part: Agency...

Protecting privacy in a clinical data warehouse.

Science.gov (United States)

Kong, Guilan; Xiao, Zhichun

2015-06-01

Peking University has several prestigious teaching hospitals in China. To make secondary use of massive medical data for research purposes, construction of a clinical data warehouse is imperative in Peking University. However, a big concern for clinical data warehouse construction is how to protect patient privacy. In this project, we propose to use a combination of symmetric block ciphers, asymmetric ciphers, and cryptographic hashing algorithms to protect patient privacy information. The novelty of our privacy protection approach lies in message-level data encryption, the key caching system, and the cryptographic key management system. The proposed privacy protection approach is scalable to clinical data warehouse construction with any size of medical data. With the composite privacy protection approach, the clinical data warehouse can be secure enough to keep the confidential data from leaking to the outside world. © The Author(s) 2014.

Conceptualising space and place : Lessons from geography for the debate on privacy in public

NARCIS (Netherlands)

Koops, Bert-Jaap; Galic, Masa; Timan, Tjerk; Newell, Bryce; Koops, Bert-Jaap

2017-01-01

This contribution aims to open up the rich literature on the conceptualisation of space and place, primarily from the field of geography, for scholars in other disciplines, in particular legal and governance scholars engaged in the debate on (the right to) privacy in public spaces. Although there is

Privacy and policy for genetic research.

Science.gov (United States)

DeCew, Judith Wagner

2004-01-01

I begin with a discussion of the value of privacy and what we lose without it. I then turn to the difficulties of preserving privacy for genetic information and other medical records in the face of advanced information technology. I suggest three alternative public policy approaches to the problem of protecting individual privacy and also preserving databases for genetic research: (1) governmental guidelines and centralized databases, (2) corporate self-regulation, and (3) my hybrid approach. None of these are unproblematic; I discuss strengths and drawbacks of each, emphasizing the importance of protecting the privacy of sensitive medical and genetic information as well as letting information technology flourish to aid patient care, public health and scientific research.

Efficient secure-channel free public key encryption with keyword search for EMRs in cloud storage.

Science.gov (United States)

Guo, Lifeng; Yau, Wei-Chuen

2015-02-01

Searchable encryption is an important cryptographic primitive that enables privacy-preserving keyword search on encrypted electronic medical records (EMRs) in cloud storage. Efficiency of such searchable encryption in a medical cloud storage system is very crucial as it involves client platforms such as smartphones or tablets that only have constrained computing power and resources. In this paper, we propose an efficient secure-channel free public key encryption with keyword search (SCF-PEKS) scheme that is proven secure in the standard model. We show that our SCF-PEKS scheme is not only secure against chosen keyword and ciphertext attacks (IND-SCF-CKCA), but also secure against keyword guessing attacks (IND-KGA). Furthermore, our proposed scheme is more efficient than other recent SCF-PEKS schemes in the literature.

Public Opinion about the Importance of Privacy in Biobank Research

Science.gov (United States)

Kaufman, David J.; Murphy-Bollinger, Juli; Scott, Joan; Hudson, Kathy L.

2009-01-01

Concerns about privacy may deter people from participating in genetic research. Recruitment and retention of biobank participants requires understanding the nature and magnitude of these concerns. Potential participants in a proposed biobank were asked about their willingness to participate, their privacy concerns, informed consent, and data sharing. A representative survey of 4659 U.S. adults was conducted. Ninety percent of respondents would be concerned about privacy, 56% would be concerned about researchers having their information, and 37% would worry that study data could be used against them. However, 60% would participate in the biobank if asked. Nearly half (48%) would prefer to provide consent once for all research approved by an oversight panel, whereas 42% would prefer to provide consent for each project separately. Although 92% would allow academic researchers to use study data, 80% and 75%, respectively, would grant access to government and industry researchers. Concern about privacy was related to lower willingness to participate only when respondents were told that they would receive $50 for participation and would not receive individual research results back. Among respondents who were told that they would receive $200 or individual research results, privacy concerns were not related to willingness. Survey respondents valued both privacy and participation in biomedical research. Despite pervasive privacy concerns, 60% would participate in a biobank. Assuring research participants that their privacy will be protected to the best of researchers' abilities may increase participants' acceptance of consent for broad research uses of biobank data by a wide range of researchers. PMID:19878915

Protecting patron privacy

CERN Document Server

Beckstrom, Matthew

2015-01-01

In a world where almost anyone with computer savvy can hack, track, and record the online activities of others, your library can serve as a protected haven for your visitors who rely on the Internet to conduct research-if you take the necessary steps to safeguard their privacy. This book shows you how to protect patrons' privacy while using the technology that your library provides, including public computers, Internet access, wireless networks, and other devices. Logically organized into two major sections, the first part of the book discusses why the privacy of your users is of paramount

Evaluating privacy-preserving record linkage using cryptographic long-term keys and multibit trees on large medical datasets.

Science.gov (United States)

Brown, Adrian P; Borgs, Christian; Randall, Sean M; Schnell, Rainer

2017-06-08

Integrating medical data using databases from different sources by record linkage is a powerful technique increasingly used in medical research. Under many jurisdictions, unique personal identifiers needed for linking the records are unavailable. Since sensitive attributes, such as names, have to be used instead, privacy regulations usually demand encrypting these identifiers. The corresponding set of techniques for privacy-preserving record linkage (PPRL) has received widespread attention. One recent method is based on Bloom filters. Due to superior resilience against cryptographic attacks, composite Bloom filters (cryptographic long-term keys, CLKs) are considered best practice for privacy in PPRL. Real-world performance of these techniques using large-scale data is unknown up to now. Using a large subset of Australian hospital admission data, we tested the performance of an innovative PPRL technique (CLKs using multibit trees) against a gold-standard derived from clear-text probabilistic record linkage. Linkage time and linkage quality (recall, precision and F-measure) were evaluated. Clear text probabilistic linkage resulted in marginally higher precision and recall than CLKs. PPRL required more computing time but 5 million records could still be de-duplicated within one day. However, the PPRL approach required fine tuning of parameters. We argue that increased privacy of PPRL comes with the price of small losses in precision and recall and a large increase in computational burden and setup time. These costs seem to be acceptable in most applied settings, but they have to be considered in the decision to apply PPRL. Further research on the optimal automatic choice of parameters is needed.

Quantum Hash function and its application to privacy amplification in quantum key distribution, pseudo-random number generation and image encryption

Science.gov (United States)

Yang, Yu-Guang; Xu, Peng; Yang, Rui; Zhou, Yi-Hua; Shi, Wei-Min

2016-01-01

Quantum information and quantum computation have achieved a huge success during the last years. In this paper, we investigate the capability of quantum Hash function, which can be constructed by subtly modifying quantum walks, a famous quantum computation model. It is found that quantum Hash function can act as a hash function for the privacy amplification process of quantum key distribution systems with higher security. As a byproduct, quantum Hash function can also be used for pseudo-random number generation due to its inherent chaotic dynamics. Further we discuss the application of quantum Hash function to image encryption and propose a novel image encryption algorithm. Numerical simulations and performance comparisons show that quantum Hash function is eligible for privacy amplification in quantum key distribution, pseudo-random number generation and image encryption in terms of various hash tests and randomness tests. It extends the scope of application of quantum computation and quantum information.

Quantum Hash function and its application to privacy amplification in quantum key distribution, pseudo-random number generation and image encryption

Science.gov (United States)

Yang, Yu-Guang; Xu, Peng; Yang, Rui; Zhou, Yi-Hua; Shi, Wei-Min

2016-01-01

Quantum information and quantum computation have achieved a huge success during the last years. In this paper, we investigate the capability of quantum Hash function, which can be constructed by subtly modifying quantum walks, a famous quantum computation model. It is found that quantum Hash function can act as a hash function for the privacy amplification process of quantum key distribution systems with higher security. As a byproduct, quantum Hash function can also be used for pseudo-random number generation due to its inherent chaotic dynamics. Further we discuss the application of quantum Hash function to image encryption and propose a novel image encryption algorithm. Numerical simulations and performance comparisons show that quantum Hash function is eligible for privacy amplification in quantum key distribution, pseudo-random number generation and image encryption in terms of various hash tests and randomness tests. It extends the scope of application of quantum computation and quantum information. PMID:26823196

Privacy, security, and the public health researcher in the era of electronic health record research.

Science.gov (United States)

Goldstein, Neal D; Sarwate, Anand D

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools.

Key Distribution and Changing Key Cryptosystem Based on Phase Retrieval Algorithm and RSA Public-Key Algorithm

Directory of Open Access Journals (Sweden)

Tieyu Zhao

2015-01-01

Full Text Available The optical image encryption has attracted more and more researchers’ attention, and the various encryption schemes have been proposed. In existing optical cryptosystem, the phase functions or images are usually used as the encryption keys, and it is difficult that the traditional public-key algorithm (such as RSA, ECC, etc. is used to complete large numerical key transfer. In this paper, we propose a key distribution scheme based on the phase retrieval algorithm and the RSA public-key algorithm, which solves the problem for the key distribution in optical image encryption system. Furthermore, we also propose a novel image encryption system based on the key distribution principle. In the system, the different keys can be used in every encryption process, which greatly improves the security of the system.

Internet privacy options for adequate realisation

CERN Document Server

2013-01-01

A thorough multidisciplinary analysis of various perspectives on internet privacy was published as the first volume of a study, revealing the results of the achatech project "Internet Privacy - A Culture of Privacy and Trust on the Internet." The second publication from this project presents integrated, interdisciplinary options for improving privacy on the Internet utilising a normative, value-oriented approach. The ways in which privacy promotes and preconditions fundamental societal values and how privacy violations endanger the flourishing of said values are exemplified. The conditions which must be fulfilled in order to achieve a culture of privacy and trust on the internet are illuminated. This volume presents options for policy-makers, educators, businesses and technology experts how to facilitate solutions for more privacy on the Internet and identifies further research requirements in this area.

What was privacy?

Science.gov (United States)

McCreary, Lew

2008-10-01

Why is that question in the past tense? Because individuals can no longer feel confident that the details of their lives--from identifying numbers to cultural preferences--will be treated with discretion rather than exploited. Even as Facebook users happily share the names of their favorite books, movies, songs, and brands, they often regard marketers' use of that information as an invasion of privacy. In this wide-ranging essay, McCreary, a senior editor at HBR, examines numerous facets of the privacy issue, from Google searches, public shaming on the internet, and cell phone etiquette to passenger screening devices, public surveillance cameras, and corporate chief privacy officers. He notes that IBM has been a leader on privacy; its policy forswearing the use of employees' genetic information in hiring and benefits decisions predated the federal Genetic Information Nondiscrimination Act by three years. Now IBM is involved in an open-source project known as Higgins to provide users with transportable, potentially anonymous online presences. Craigslist, whose CEO calls it "as close to 100% user driven as you can get," has taken an extremely conservative position on privacy--perhaps easier for a company with a declared lack of interest in maximizing revenue. But TJX and other corporate victims of security breaches have discovered that retaining consumers' transaction information can be both costly and risky. Companies that underestimate the importance of privacy to their customers or fail to protect it may eventually face harsh regulation, reputational damage, or both. The best thing they can do, says the author, is negotiate directly with those customers over where to draw the line.

32 CFR 701.101 - Privacy program terms and definitions.

Science.gov (United States)

2010-07-01

... from a project on privacy issues, identifying and resolving the privacy risks, and approval by a... 32 National Defense 5 2010-07-01 2010-07-01 false Privacy program terms and definitions. 701.101... DEPARTMENT OF THE NAVY DOCUMENTS AFFECTING THE PUBLIC DON Privacy Program § 701.101 Privacy program terms and...

45 CFR 503.2 - General policies-Privacy Act.

Science.gov (United States)

2010-10-01

... 45 Public Welfare 3 2010-10-01 2010-10-01 false General policies-Privacy Act. 503.2 Section 503.2... THE UNITED STATES, DEPARTMENT OF JUSTICE RULES OF PRACTICE PRIVACY ACT AND GOVERNMENT IN THE SUNSHINE REGULATIONS Privacy Act Regulations § 503.2 General policies—Privacy Act. The Commission will protect the...

76 FR 11435 - Privacy Act of 1974; Computer Matching Program

Science.gov (United States)

2011-03-02

... Security Administration. SUMMARY: Pursuant to the Computer Matching and Privacy Protection Act of 1988, Public Law 100-503, the Computer Matching and Privacy Protections Amendments of 1990, Pub. L. 101-508... Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988...

Security and privacy for implantable medical devices

CERN Document Server

Carrara, Sandro

2014-01-01

 This book presents a systematic approach to analyzing the challenging engineering problems posed by the need for security and privacy in implantable medical devices (IMD).  It describes in detail new issues termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. Coverage includes vulnerabilities and defense across multiple levels, with basic abstractions of cryptographic services and primitives such as public key cryptography, block ciphers and digital signatures. Experts from engineering introduce to some IMD systems that have  recently been proposed and developed. Experts from Computer Security and Cryptography present new research, which shows vulnerabilities in existing IMDs and proposes solutions. Experts from Privacy Technology and Policy will discuss the societal, legal and ethical challenges surrounding IMD security as well as technological solutions that build on the latest in C...

Mathematical Background of Public Key Cryptography

DEFF Research Database (Denmark)

Frey, Gerhard; Lange, Tanja

2005-01-01

The two main systems used for public key cryptography are RSA and protocols based on the discrete logarithm problem in some cyclic group. We focus on the latter problem and state cryptographic protocols and mathematical background material.......The two main systems used for public key cryptography are RSA and protocols based on the discrete logarithm problem in some cyclic group. We focus on the latter problem and state cryptographic protocols and mathematical background material....

Location Privacy in RFID Applications

Science.gov (United States)

Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

Privacy Law and Print Photojournalism.

Science.gov (United States)

Dykhouse, Caroline Dow

Reviews of publications about privacy law, of recent court actions, and of interviews with newspaper photographers and attorneys indicate that torts of privacy often conflict with the freedoms to publish and to gather news. Although some guidelines have already been established (about running distorted pictures, "stealing" pictures, taking…

Privacy information management for video surveillance

Science.gov (United States)

Luo, Ying; Cheung, Sen-ching S.

2013-05-01

The widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been proposed to automatically redact images of trusted individuals in the surveillance video. To identify these individuals for protection, the most reliable approach is to use biometric signals such as iris patterns as they are immutable and highly discriminative. In this paper, we propose a privacy data management system to be used in a privacy-aware video surveillance system. The privacy status of a subject is anonymously determined based on her iris pattern. For a trusted subject, the surveillance video is redacted and the original imagery is considered to be the privacy information. Our proposed system allows a subject to access her privacy information via the same biometric signal for privacy status determination. Two secure protocols, one for privacy information encryption and the other for privacy information retrieval are proposed. Error control coding is used to cope with the variability in iris patterns and efficient implementation is achieved using surrogate data records. Experimental results on a public iris biometric database demonstrate the validity of our framework.

An Alternative View of Privacy on Facebook

Directory of Open Access Journals (Sweden)

Christian Fuchs

2011-02-01

Full Text Available The predominant analysis of privacy on Facebook focuses on personal information revelation. This paper is critical of this kind of research and introduces an alternative analytical framework for studying privacy on Facebook, social networking sites and web 2.0. This framework is connecting the phenomenon of online privacy to the political economy of capitalism—a focus that has thus far been rather neglected in research literature about Internet and web 2.0 privacy. Liberal privacy philosophy tends to ignore the political economy of privacy in capitalism that can mask socio-economic inequality and protect capital and the rich from public accountability. Facebook is in this paper analyzed with the help of an approach, in which privacy for dominant groups, in regard to the ability of keeping wealth and power secret from the public, is seen as problematic, whereas privacy at the bottom of the power pyramid for consumers and normal citizens is seen as a protection from dominant interests. Facebook’s privacy concept is based on an understanding that stresses self-regulation and on an individualistic understanding of privacy. The theoretical analysis of the political economy of privacy on Facebook in this paper is based on the political theories of Karl Marx, Hannah Arendt and Jürgen Habermas. Based on the political economist Dallas Smythe’s concept of audience commodification, the process of prosumer commodification on Facebook is analyzed. The political economy of privacy on Facebook is analyzed with the help of a theory of drives that is grounded in Herbert Marcuse’s interpretation of Sigmund Freud, which allows to analyze Facebook based on the concept of play labor (= the convergence of play and labor.

How socially aware are social media privacy controls?

OpenAIRE

Misra, Gaurav; Such Aparicio, Jose Miguel

2016-01-01

Social media sites are key mediators of online communication. Yet the privacy controls for these sites are not fully socially aware, even when privacy management is known to be fundamental to successful social relationships.

36 CFR 902.56 - Protection of personal privacy.

Science.gov (United States)

2010-07-01

... privacy. 902.56 Section 902.56 Parks, Forests, and Public Property PENNSYLVANIA AVENUE DEVELOPMENT... Protection of personal privacy. (a) Any of the following personnel, medical, or similar records is within the... invasion of his personal privacy: (1) Personnel and background records personal to any officer or employee...

Privacy enhancing techniques - the key to secure communication and management of clinical and genomic data.

Science.gov (United States)

De Moor, G J E; Claerhout, B; De Meyer, F

2003-01-01

To introduce some of the privacy protection problems related to genomics based medicine and to highlight the relevance of Trusted Third Parties (TTPs) and of Privacy Enhancing Techniques (PETs) in the restricted context of clinical research and statistics. Practical approaches based on two different pseudonymisation models, both for batch and interactive data collection and exchange, are described and analysed. The growing need of managing both clinical and genetic data raises important legal and ethical challenges. Protecting human rights in the realm of privacy, while optimising research potential and other statistical activities is a challenge that can easily be overcome with the assistance of a trust service provider offering advanced privacy enabling/enhancing solutions. As such, the use of pseudonymisation and other innovative Privacy Enhancing Techniques can unlock valuable data sources.

A Certificate Authority (CA-based cryptographic solution for HIPAA privacy/security regulations

Directory of Open Access Journals (Sweden)

Sangram Ray

2014-07-01

Full Text Available The Health Insurance Portability and Accountability Act (HIPAA passed by the US Congress establishes a number of privacy/security regulations for e-healthcare systems. These regulations support patients’ medical privacy and secure exchange of PHI (protected health information among medical practitioners. Three existing HIPAA-based schemes have been studied but appear to be ineffective as patients’ PHI is stored in smartcards. Moreover, carrying a smartcard during a treatment session and accessing PHI from different locations results in restrictions. In addition, authentication of the smartcard presenter would not be possible if the PIN is compromised. In this context, we propose an MCS (medical center server should be located at each hospital and accessed via the Internet for secure handling of patients’ PHI. All entities of the proposed e-health system register online with the MCS, and each entity negotiates a contributory registration key, where public-key certificates issued and maintained by CAs are used for authentication. Prior to a treatment session, a doctor negotiates a secret session key with MCS and uploads/retrieves patients’ PHI securely. The proposed scheme has five phases, which have been implemented in a secure manner for supporting HIPAA privacy/security regulations. Finally, the security aspects, computation and communication costs of the scheme are analyzed and compared with existing methods that display satisfactory performance.

22 CFR 212.22 - Protection of personal privacy.

Science.gov (United States)

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Protection of personal privacy. 212.22 Section... Information for Public Inspection and Copying § 212.22 Protection of personal privacy. To the extent required to prevent a clearly unwarranted invasion of personal privacy, USAID may delete identifying details...

Privacy-Preserving Electrocardiogram Monitoring for Intelligent Arrhythmia Detection.

Science.gov (United States)

Son, Junggab; Park, Juyoung; Oh, Heekuck; Bhuiyan, Md Zakirul Alam; Hur, Junbeom; Kang, Kyungtae

2017-06-12

Long-term electrocardiogram (ECG) monitoring, as a representative application of cyber-physical systems, facilitates the early detection of arrhythmia. A considerable number of previous studies has explored monitoring techniques and the automated analysis of sensing data. However, ensuring patient privacy or confidentiality has not been a primary concern in ECG monitoring. First, we propose an intelligent heart monitoring system, which involves a patient-worn ECG sensor (e.g., a smartphone) and a remote monitoring station, as well as a decision support server that interconnects these components. The decision support server analyzes the heart activity, using the Pan-Tompkins algorithm to detect heartbeats and a decision tree to classify them. Our system protects sensing data and user privacy, which is an essential attribute of dependability, by adopting signal scrambling and anonymous identity schemes. We also employ a public key cryptosystem to enable secure communication between the entities. Simulations using data from the MIT-BIH arrhythmia database demonstrate that our system achieves a 95.74% success rate in heartbeat detection and almost a 96.63% accuracy in heartbeat classification, while successfully preserving privacy and securing communications among the involved entities.

Public key infrastructure for DOE security research

Energy Technology Data Exchange (ETDEWEB)

Aiken, R.; Foster, I.; Johnston, W.E. [and others

1997-06-01

This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-key infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.

Secure open cloud in data transmission using reference pattern and identity with enhanced remote privacy checking

Science.gov (United States)

Vijay Singh, Ran; Agilandeeswari, L.

2017-11-01

To handle the large amount of client’s data in open cloud lots of security issues need to be address. Client’s privacy should not be known to other group members without data owner’s valid permission. Sometime clients are fended to have accessing with open cloud servers due to some restrictions. To overcome the security issues and these restrictions related to storing, data sharing in an inter domain network and privacy checking, we propose a model in this paper which is based on an identity based cryptography in data transmission and intermediate entity which have client’s reference with identity that will take control handling of data transmission in an open cloud environment and an extended remote privacy checking technique which will work at admin side. On behalf of data owner’s authority this proposed model will give best options to have secure cryptography in data transmission and remote privacy checking either as private or public or instructed. The hardness of Computational Diffie-Hellman assumption algorithm for key exchange makes this proposed model more secure than existing models which are being used for public cloud environment.

Security and privacy in electronic health records: a systematic literature review.

Science.gov (United States)

Fernández-Alemán, José Luis; Señor, Inmaculada Carrión; Lozoya, Pedro Ángel Oliver; Toval, Ambrosio

2013-06-01

To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems. Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. Only those articles dealing with the security and privacy of EHR systems. The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth. A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Copyright

32 CFR 701.109 - Privacy Act (PA) appeals.

Science.gov (United States)

2010-07-01

... 32 National Defense 5 2010-07-01 2010-07-01 false Privacy Act (PA) appeals. 701.109 Section 701... OF THE NAVY DOCUMENTS AFFECTING THE PUBLIC DON Privacy Program § 701.109 Privacy Act (PA) appeals. (a... commence when the appeal reaches the office of the review authority having jurisdiction over the record...

Teaching Information Privacy in Marketing Courses: Key Educational Issues for Principles of Marketing and Elective Marketing Courses

Science.gov (United States)

Peltier, James W.; Milne, George R.; Phelps, Joseph E.; Barrett, Jennifer T.

2010-01-01

An "information privacy gap" exists in marketing education, with little research addressing the state of information privacy and how appropriate privacy strategies and tactics should be communicated to students. The primary purpose of this article is to provide educators an understanding of information privacy and how they can incorporate this…

Right of Privacy, Right to Know: Which Prevails?

Science.gov (United States)

Simon, Morton J.

1977-01-01

Looks at the conflict between the 'right to know' and the 'right to privacy' by examining relationships and situations pertinent to both and concludes that the right to know and the right to privacy are two of the most ambiguous legal areas today facing government, the courts, the public and the individual. Available from: Public Relations Review,…

Scalable privacy-preserving data sharing methodology for genome-wide association studies: an application to iDASH healthcare privacy protection challenge.

Science.gov (United States)

Yu, Fei; Ji, Zhanglong

2014-01-01

In response to the growing interest in genome-wide association study (GWAS) data privacy, the Integrating Data for Analysis, Anonymization and SHaring (iDASH) center organized the iDASH Healthcare Privacy Protection Challenge, with the aim of investigating the effectiveness of applying privacy-preserving methodologies to human genetic data. This paper is based on a submission to the iDASH Healthcare Privacy Protection Challenge. We apply privacy-preserving methods that are adapted from Uhler et al. 2013 and Yu et al. 2014 to the challenge's data and analyze the data utility after the data are perturbed by the privacy-preserving methods. Major contributions of this paper include new interpretation of the χ2 statistic in a GWAS setting and new results about the Hamming distance score, a key component for one of the privacy-preserving methods.

Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

Science.gov (United States)

Coronado, Adolfo S.

2012-01-01

Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

Development and Analyses of Privacy Management Models in Online Social Networks Based on Communication Privacy Management Theory

Science.gov (United States)

Lee, Ki Jung

2013-01-01

Online social networks (OSNs), while serving as an emerging means of communication, promote various issues of privacy. Users of OSNs encounter diverse occasions that lead to invasion of their privacy, e.g., published conversation, public revelation of their personally identifiable information, and open boundary of distinct social groups within…

A security and privacy preserving e-prescription system based on smart cards.

Science.gov (United States)

Hsu, Chien-Lung; Lu, Chung-Fu

2012-12-01

In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations.

Privacy by design in personal health monitoring.

Science.gov (United States)

Nordgren, Anders

2015-06-01

The concept of privacy by design is becoming increasingly popular among regulators of information and communications technologies. This paper aims at analysing and discussing the ethical implications of this concept for personal health monitoring. I assume a privacy theory of restricted access and limited control. On the basis of this theory, I suggest a version of the concept of privacy by design that constitutes a middle road between what I call broad privacy by design and narrow privacy by design. The key feature of this approach is that it attempts to balance automated privacy protection and autonomously chosen privacy protection in a way that is context-sensitive. In personal health monitoring, this approach implies that in some contexts like medication assistance and monitoring of specific health parameters one single automatic option is legitimate, while in some other contexts, for example monitoring in which relatives are receivers of health-relevant information rather than health care professionals, a multi-choice approach stressing autonomy is warranted.

32 CFR 701.119 - Privacy and the web.

Science.gov (United States)

2010-07-01

... 32 National Defense 5 2010-07-01 2010-07-01 false Privacy and the web. 701.119 Section 701.119... THE NAVY DOCUMENTS AFFECTING THE PUBLIC DON Privacy Program § 701.119 Privacy and the web. DON activities shall consult SECNAVINST 5720.47B for guidance on what may be posted on a Navy Web site. ...

Negotiating privacy in surveillant welfare relations

DEFF Research Database (Denmark)

Andersen, Lars Bo; Lauritsen, Peter; Bøge, Ask Risom

. However, while privacy is central to debates of surveillance, it has proven less productive as an analytical resource for studying surveillance in practice. Consequently, this paper reviews different conceptualisations of privacy in relation to welfare and surveillance and argues for strengthening...... the analytical capacity of the concept by rendering it a situated and relational concept. The argument is developed through a research and design project called Teledialogue meant to improve the relation between case managers and children placed at institutions or in foster families. Privacy in Teledialogue...... notion of privacy are discussed in relation to both research- and public debates on surveillance in a welfare setting....

Privacy and Security Research Group workshop on network and distributed system security: Proceedings

Energy Technology Data Exchange (ETDEWEB)

1993-05-01

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

A brief review of revocable ID-based public key cryptosystem

Directory of Open Access Journals (Sweden)

Tsu-Yang Wu

2016-03-01

Full Text Available The design of ID-based cryptography has received much attention from researchers. However, how to revoke the misbehaviour/compromised user in ID-based public key cryptosystem becomes an important research issue. Recently, Tseng and Tsai proposed a novel public key cryptosystem called revocable ID-based public key cryptosystem (RIBE to solve the revocation problem. Later on, numerous research papers based on the Tseng-Tsai key RIBE were proposed. In this paper, we brief review Tseng and Tsai's RIBE. We hope this review can help the readers to understand the Tseng and Tsai's revocable ID-based public key cryptosystem.

Architectural Building A Public Key Infrastructure Integrated Information Space

Directory of Open Access Journals (Sweden)

Vadim Ivanovich Korolev

2015-10-01

Full Text Available The article keeps under consideration the mattersto apply the cryptographic system having a public key to provide information security and to implya digital signature. It performs the analysis of trust models at the formation of certificates and their use. The article describes the relationships between the trust model and the architecture public key infrastructure. It contains conclusions in respect of the options for building the public key infrastructure for integrated informationspace.

Privacy in the Genomic Era

Science.gov (United States)

NAVEED, MUHAMMAD; AYDAY, ERMAN; CLAYTON, ELLEN W.; FELLAY, JACQUES; GUNTER, CARL A.; HUBAUX, JEAN-PIERRE; MALIN, BRADLEY A.; WANG, XIAOFENG

2015-01-01

Genome sequencing technology has advanced at a rapid pace and it is now possible to generate highly-detailed genotypes inexpensively. The collection and analysis of such data has the potential to support various applications, including personalized medical services. While the benefits of the genomics revolution are trumpeted by the biomedical community, the increased availability of such data has major implications for personal privacy; notably because the genome has certain essential features, which include (but are not limited to) (i) an association with traits and certain diseases, (ii) identification capability (e.g., forensics), and (iii) revelation of family relationships. Moreover, direct-to-consumer DNA testing increases the likelihood that genome data will be made available in less regulated environments, such as the Internet and for-profit companies. The problem of genome data privacy thus resides at the crossroads of computer science, medicine, and public policy. While the computer scientists have addressed data privacy for various data types, there has been less attention dedicated to genomic data. Thus, the goal of this paper is to provide a systematization of knowledge for the computer science community. In doing so, we address some of the (sometimes erroneous) beliefs of this field and we report on a survey we conducted about genome data privacy with biomedical specialists. Then, after characterizing the genome privacy problem, we review the state-of-the-art regarding privacy attacks on genomic data and strategies for mitigating such attacks, as well as contextualizing these attacks from the perspective of medicine and public policy. This paper concludes with an enumeration of the challenges for genome data privacy and presents a framework to systematize the analysis of threats and the design of countermeasures as the field moves forward. PMID:26640318

Privacy in the Genomic Era.

Science.gov (United States)

Naveed, Muhammad; Ayday, Erman; Clayton, Ellen W; Fellay, Jacques; Gunter, Carl A; Hubaux, Jean-Pierre; Malin, Bradley A; Wang, Xiaofeng

2015-09-01

Genome sequencing technology has advanced at a rapid pace and it is now possible to generate highly-detailed genotypes inexpensively. The collection and analysis of such data has the potential to support various applications, including personalized medical services. While the benefits of the genomics revolution are trumpeted by the biomedical community, the increased availability of such data has major implications for personal privacy; notably because the genome has certain essential features, which include (but are not limited to) (i) an association with traits and certain diseases, (ii) identification capability (e.g., forensics), and (iii) revelation of family relationships. Moreover, direct-to-consumer DNA testing increases the likelihood that genome data will be made available in less regulated environments, such as the Internet and for-profit companies. The problem of genome data privacy thus resides at the crossroads of computer science, medicine, and public policy. While the computer scientists have addressed data privacy for various data types, there has been less attention dedicated to genomic data. Thus, the goal of this paper is to provide a systematization of knowledge for the computer science community. In doing so, we address some of the (sometimes erroneous) beliefs of this field and we report on a survey we conducted about genome data privacy with biomedical specialists. Then, after characterizing the genome privacy problem, we review the state-of-the-art regarding privacy attacks on genomic data and strategies for mitigating such attacks, as well as contextualizing these attacks from the perspective of medicine and public policy. This paper concludes with an enumeration of the challenges for genome data privacy and presents a framework to systematize the analysis of threats and the design of countermeasures as the field moves forward.

Privacy-Preserving Electrocardiogram Monitoring for Intelligent Arrhythmia Detection †

Science.gov (United States)

Son, Junggab; Park, Juyoung; Oh, Heekuck; Bhuiyan, Md Zakirul Alam; Hur, Junbeom; Kang, Kyungtae

2017-01-01

Long-term electrocardiogram (ECG) monitoring, as a representative application of cyber-physical systems, facilitates the early detection of arrhythmia. A considerable number of previous studies has explored monitoring techniques and the automated analysis of sensing data. However, ensuring patient privacy or confidentiality has not been a primary concern in ECG monitoring. First, we propose an intelligent heart monitoring system, which involves a patient-worn ECG sensor (e.g., a smartphone) and a remote monitoring station, as well as a decision support server that interconnects these components. The decision support server analyzes the heart activity, using the Pan–Tompkins algorithm to detect heartbeats and a decision tree to classify them. Our system protects sensing data and user privacy, which is an essential attribute of dependability, by adopting signal scrambling and anonymous identity schemes. We also employ a public key cryptosystem to enable secure communication between the entities. Simulations using data from the MIT-BIH arrhythmia database demonstrate that our system achieves a 95.74% success rate in heartbeat detection and almost a 96.63% accuracy in heartbeat classification, while successfully preserving privacy and securing communications among the involved entities. PMID:28604628

Musings on privacy issues in health research involving disaggregate geographic data about individuals.

Science.gov (United States)

Boulos, Maged N Kamel; Curtis, Andrew J; Abdelmalik, Philip

2009-07-20

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case.

From Data Privacy to Location Privacy

Science.gov (United States)

Wang, Ting; Liu, Ling

Over the past decade, the research on data privacy has achieved considerable advancement in the following two aspects: First, a variety of privacy threat models and privacy principles have been proposed, aiming at providing sufficient protection against different types of inference attacks; Second, a plethora of algorithms and methods have been developed to implement the proposed privacy principles, while attempting to optimize the utility of the resulting data. The first part of the chapter presents an overview of data privacy research by taking a close examination at the achievements from the above two aspects, with the objective of pinpointing individual research efforts on the grand map of data privacy protection. As a special form of data privacy, location privacy possesses its unique characteristics. In the second part of the chapter, we examine the research challenges and opportunities of location privacy protection, in a perspective analogous to data privacy. Our discussion attempts to answer the following three questions: (1) Is it sufficient to apply the data privacy models and algorithms developed to date for protecting location privacy? (2) What is the current state of the research on location privacy? (3) What are the open issues and technical challenges that demand further investigation? Through answering these questions, we intend to provide a comprehensive review of the state of the art in location privacy research.

Privacy-leakage codes for biometric authentication systems

NARCIS (Netherlands)

Ignatenko, T.; Willems, F.M.J.

2014-01-01

In biometric privacy-preserving authentication systems that are based on key-binding, two terminals observe two correlated biometric sequences. The first terminal selects a secret key, which is independent of the biometric data, binds this secret key to the observed biometric sequence and

77 FR 17460 - Multistakeholder Process To Develop Consumer Data Privacy Codes of Conduct

Science.gov (United States)

2012-03-26

..., 2012, NTIA requested public comments on (1) which consumer data privacy issues should be the focus of.... 120214135-2203-02] RIN 0660-XA27 Multistakeholder Process To Develop Consumer Data Privacy Codes of Conduct... request for public comments on the multistakeholder process to develop consumer data privacy codes of...

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

Science.gov (United States)

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

Privacy Concerns: The Effects of the Latest FERPA Changes

Science.gov (United States)

Cossler, Christine

2010-01-01

Privacy, something once taken for granted, has again become top-of-mind for public school districts thanks to technology's increasing reach, as well as new changes to privacy laws governing student information. Recently, educators have had to face important changes to the Family Educational Rights and Privacy Act (FERPA), originally signed into…

Certificate Transparency with Privacy

Directory of Open Access Journals (Sweden)

Eskandarian Saba

2017-10-01

Full Text Available Certificate transparency (CT is an elegant mechanism designed to detect when a certificate authority (CA has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of privacy-related challenges remain. In this paper we propose practical solutions to two issues. First, we develop a mechanism that enables web browsers to audit a CT log without violating user privacy. Second, we extend CT to support non-public subdomains.

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

Science.gov (United States)

Hernández-Ramos, José L.; Bernabe, Jorge Bernal; Moreno, M. Victoria; Skarmeta, Antonio F.

2015-01-01

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. PMID:26140349

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

Directory of Open Access Journals (Sweden)

José L. Hernández-Ramos

2015-07-01

Full Text Available As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

Science.gov (United States)

Hernández-Ramos, José L; Bernabe, Jorge Bernal; Moreno, M Victoria; Skarmeta, Antonio F

2015-07-01

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

Multilayered security and privacy protection in Car-to-X networks solutions from application down to physical layer

CERN Document Server

Stübing, Hagen

2013-01-01

Car-to-X (C2X) communication in terms of Car-to-Car (C2C) and Car-to-Infrastructure (C2I) communication aims at increasing road safety and traffic efficiency by exchanging foresighted traffic information. Thereby, security and privacy are regarded as an absolute prerequisite for successfully establishing the C2X technology on the market. Towards the paramount objective of covering the entire ITS reference model with security and privacy measures, Hagen Stübing develops dedicated solutions for each layer, respectively. On application layer a security architecture in terms of a Public Key Infras

32 CFR 505.3 - Privacy Act systems of records.

Science.gov (United States)

2010-07-01

... anticipated threats or hazards to the security or integrity of data, which could result in substantial harm... 32 National Defense 3 2010-07-01 2010-07-01 true Privacy Act systems of records. 505.3 Section 505... AND PUBLIC RELATIONS ARMY PRIVACY ACT PROGRAM § 505.3 Privacy Act systems of records. (a) Systems of...

A Review of RSA and Public-Key Cryptosystems | Rabah | Botswana ...

African Journals Online (AJOL)

... study and analyze the RSA cryptosystems – a public-key cryptographic algorithm - a system that uses two sets of keys; one for encryption and the other for decryption. Key Words: Public-key cryptography, DH, RSA, Internet Security and attacks, Digital Signature, Message digest, Authentication, Secure Socket Layer (SSL)

Calculation of key reduction for B92 QKD protocol

Science.gov (United States)

Mehic, Miralem; Partila, Pavol; Tovarek, Jaromir; Voznak, Miroslav

2015-05-01

It is well known that Quantum Key Distribution (QKD) can be used with the highest level of security for distribution of the secret key, which is further used for symmetrical encryption. B92 is one of the oldest QKD protocols. It uses only two non-orthogonal states, each one coding for one bit-value. It is much faster and simpler when compared to its predecessors, but with the idealized maximum efficiencies of 25% over the quantum channel. B92 consists of several phases in which initial key is significantly reduced: secret key exchange, extraction of the raw key (sifting), error rate estimation, key reconciliation and privacy amplification. QKD communication is performed over two channels: the quantum channel and the classical public channel. In order to prevent a man-in-the-middle attack and modification of messages on the public channel, authentication of exchanged values must be performed. We used Wegman-Carter authentication because it describes an upper bound for needed symmetric authentication key. We explained the reduction of the initial key in each of QKD phases.

45 CFR 164.520 - Notice of privacy practices for protected health information.

Science.gov (United States)

2010-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.520 Notice of privacy practices for protected health information. (a) Standard... 45 Public Welfare 1 2010-10-01 2010-10-01 false Notice of privacy practices for protected health...

Report from Dagstuhl Seminar 12331 Mobility Data Mining and Privacy

OpenAIRE

Clifton, Christopher W.; Kuijpers, Bart; Morik, Katharina; Saygin, Yucel

2012-01-01

This report documents the program and the outcomes of Dagstuhl Seminar 12331 “Mobility Data Mining and Privacy”. Mobility data mining aims to extract knowledge from movement behaviour of people, but this data also poses novel privacy risks. This seminar gathered a multidisciplinary team for a conversation on how to balance the value in mining mobility data with privacy issues. The seminar focused on four key issues: Privacy in vehicular data, in cellular data, context- dependent privacy, and ...

Efficient Dynamic Searchable Encryption with Forward Privacy

Directory of Open Access Journals (Sweden)

Etemad Mohammad

2018-01-01

Full Text Available Searchable symmetric encryption (SSE enables a client to perform searches over its outsourced encrypted files while preserving privacy of the files and queries. Dynamic schemes, where files can be added or removed, leak more information than static schemes. For dynamic schemes, forward privacy requires that a newly added file cannot be linked to previous searches. We present a new dynamic SSE scheme that achieves forward privacy by replacing the keys revealed to the server on each search. Our scheme is efficient and parallelizable and outperforms the best previous schemes providing forward privacy, and achieves competitive performance with dynamic schemes without forward privacy. We provide a full security proof in the random oracle model. In our experiments on the Wikipedia archive of about four million pages, the server takes one second to perform a search with 100,000 results.

Privacy in the Sharing Economy

DEFF Research Database (Denmark)

Ranzini, Giulia; Etter, Michael; Lutz, Christoph

’s digital services through providing recommendations to Europe’s institutions. The initial stage of this research project involves a set of three literature reviews of the state of research on three core topics in relation to the sharing economy: participation (1), privacy (2), and power (3). This piece...... is a literature review on the topic of privacy. It addresses key privacy challenges for different stakeholders in the sharing economy. Throughout, we use the term "consumers" to refer to users on the receiving end (e.g., Airbnb guests, Uber passengers), "providers" to refer to users on the providing end (e.......g., Airbnb hosts, Uber drivers) and "platforms" to refer to the mediating sites, apps and infrastructures matching consumers and providers (e.g., Airbnb, Uber)....

AN EMPIRICAL EXAMINATION OF THE PRIVACY BEHAVIOUR WITH REFERENCE SOCIAL NETWORKING SITES

OpenAIRE

Tanvi Gupta*1, Mamta Rani2 & Ravneet Singh Bhandari3

2018-01-01

Purpose – The purpose of this paper is to propose and examine a privacy behaviour model in the context of Social networking factors (Indian scenario). The effects of key elements of SNS factors on perceived values of privacy behaviour were empirically determined. Design/methodology/approach – SNS is conceptualized as a multi-dimensional construct including emotional privacy, social privacy, personal privacy, and value. The investigated socio demographic factors included, age, gender, ethn...

Musings on privacy issues in health research involving disaggregate geographic data about individuals

Directory of Open Access Journals (Sweden)

AbdelMalik Philip

2009-07-01

Full Text Available Abstract This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals, including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case.

76 FR 37329 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-06-27

... DEPARTMENT OF DEFENSE Department of the Air Force [Docket ID: USAF-2011-0018] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... public is to make these submissions available for public viewing on the Internet at http://www...

76 FR 12397 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Bureau of the Public Debt (BPD...

Science.gov (United States)

2011-03-07

...; Computer Matching Program (SSA/ Bureau of the Public Debt (BPD))--Match Number 1038 AGENCY: Social Security... as shown above. SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection... containing SSNs extracted from the Supplemental Security Record database. Exchanges for this computer...

Comparison of two speech privacy measurements, articulation index (AI) and speech privacy noise isolation class (NIC'), in open workplaces

Science.gov (United States)

Yoon, Heakyung C.; Loftness, Vivian

2002-05-01

Lack of speech privacy has been reported to be the main dissatisfaction among occupants in open workplaces, according to workplace surveys. Two speech privacy measurements, Articulation Index (AI), standardized by the American National Standards Institute in 1969, and Speech Privacy Noise Isolation Class (NIC', Noise Isolation Class Prime), adapted from Noise Isolation Class (NIC) by U. S. General Services Administration (GSA) in 1979, have been claimed as objective tools to measure speech privacy in open offices. To evaluate which of them, normal privacy for AI or satisfied privacy for NIC', is a better tool in terms of speech privacy in a dynamic open office environment, measurements were taken in the field. AIs and NIC's in the different partition heights and workplace configurations have been measured following ASTM E1130 (Standard Test Method for Objective Measurement of Speech Privacy in Open Offices Using Articulation Index) and GSA test PBS-C.1 (Method for the Direct Measurement of Speech-Privacy Potential (SPP) Based on Subjective Judgments) and PBS-C.2 (Public Building Service Standard Method of Test Method for the Sufficient Verification of Speech-Privacy Potential (SPP) Based on Objective Measurements Including Methods for the Rating of Functional Interzone Attenuation and NC-Background), respectively.

Survey of main challenges (security and privacy in wireless body area networks for healthcare applications

Directory of Open Access Journals (Sweden)

Samaher Al-Janabi

2017-07-01

Full Text Available Wireless Body Area Network (WBAN is a new trend in the technology that provides remote mechanism to monitor and collect patient’s health record data using wearable sensors. It is widely recognized that a high level of system security and privacy play a key role in protecting these data when being used by the healthcare professionals and during storage to ensure that patient’s records are kept safe from intruder’s danger. It is therefore of great interest to discuss security and privacy issues in WBANs. In this paper, we reviewed WBAN communication architecture, security and privacy requirements and security threats and the primary challenges in WBANs to these systems based on the latest standards and publications. This paper also covers the state-of-art security measures and research in WBAN. Finally, open areas for future research and enhancements are explored.

Comparative Approaches to Biobanks and Privacy.

Science.gov (United States)

Rothstein, Mark A; Knoppers, Bartha Maria; Harrell, Heather L

2016-03-01

Laws in the 20 jurisdictions studied for this project display many similar approaches to protecting privacy in biobank research. Although few have enacted biobank-specific legislation, many countries address biobanking within other laws. All provide for some oversight mechanisms for biobank research, even though the nature of that oversight varies between jurisdictions. Most have some sort of controlled access system in place for research with biobank specimens. While broad consent models facilitate biobanking, countries without national or federated biobanks have been slow to adopt broad consent. International guidelines have facilitated sharing and generally take a proportional risk approach, but many countries have provisions guiding international sharing and a few even limit international sharing. Although privacy laws may not prohibit international collaborations, the multi-prong approach to privacy unique to each jurisdiction can complicate international sharing. These symposium issues can serve as a resource for explaining the sometimes intricate privacy laws in each studied jurisdiction, outlining the key issues with regards to privacy and biobanking, and serving to describe a framework for the process of harmonization of privacy laws. © 2016 American Society of Law, Medicine & Ethics.

Privacy and human behavior in the age of information.

Science.gov (United States)

Acquisti, Alessandro; Brandimarte, Laura; Loewenstein, George

2015-01-30

This Review summarizes and draws connections between diverse streams of empirical research on privacy behavior. We use three themes to connect insights from social and behavioral sciences: people's uncertainty about the consequences of privacy-related behaviors and their own preferences over those consequences; the context-dependence of people's concern, or lack thereof, about privacy; and the degree to which privacy concerns are malleable—manipulable by commercial and governmental interests. Organizing our discussion by these themes, we offer observations concerning the role of public policy in the protection of privacy in the information age. Copyright © 2015, American Association for the Advancement of Science.

Privacy protection and public goods: building a genetic database for health research in Newfoundland and Labrador.

Science.gov (United States)

Kosseim, Patricia; Pullman, Daryl; Perrot-Daley, Astrid; Hodgkinson, Kathy; Street, Catherine; Rahman, Proton

2013-01-01

To provide a legal and ethical analysis of some of the implementation challenges faced by the Population Therapeutics Research Group (PTRG) at Memorial University (Canada), in using genealogical information offered by individuals for its genetics research database. This paper describes the unique historical and genetic characteristics of the Newfoundland and Labrador founder population, which gave rise to the opportunity for PTRG to build the Newfoundland Genealogy Database containing digitized records of all pre-confederation (1949) census records of the Newfoundland founder population. In addition to building the database, PTRG has developed the Heritability Analytics Infrastructure, a data management structure that stores genotype, phenotype, and pedigree information in a single database, and custom linkage software (KINNECT) to perform pedigree linkages on the genealogy database. A newly adopted legal regimen in Newfoundland and Labrador is discussed. It incorporates health privacy legislation with a unique research ethics statute governing the composition and activities of research ethics boards and, for the first time in Canada, elevating the status of national research ethics guidelines into law. The discussion looks at this integration of legal and ethical principles which provides a flexible and seamless framework for balancing the privacy rights and welfare interests of individuals, families, and larger societies in the creation and use of research data infrastructures as public goods. The complementary legal and ethical frameworks that now coexist in Newfoundland and Labrador provide the legislative authority, ethical legitimacy, and practical flexibility needed to find a workable balance between privacy interests and public goods. Such an approach may also be instructive for other jurisdictions as they seek to construct and use biobanks and related research platforms for genetic research.

76 FR 10010 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-02-23

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0020] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... the public is to make these submissions available for public viewing on the Internet at http://www...

78 FR 52517 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-08-23

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2013-OS-0183] Privacy Act of 1974... systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed action will... public is to make these submissions available for public viewing on the Internet at http://www...

76 FR 11213 - Privacy Act of 1974; Systems of Records

Science.gov (United States)

2011-03-01

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2011-OS-0017] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... public is of make these submissions available for public viewing on the Internet at http://www...

76 FR 43993 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-07-22

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0081] Privacy Act of 1974... the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed action would be effective... the public is to make these submissions available for public viewing on the Internet at http://www...

76 FR 45543 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-07-29

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0082] Privacy Act of 1974... subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed action will be... the public is to make these submissions available for public viewing on the Internet at http://www...

75 FR 67703 - Privacy Act of 1974; System of Records

Science.gov (United States)

2010-11-03

... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2010-0024] Privacy Act of 1974; System... record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed... the public is to make these submissions available for public viewing on the Internet at http://www...

76 FR 62394 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-10-07

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0109] Privacy Act of 1974... notice from its existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a... public is to make these submissions available for public viewing on the Internet at http://www...

75 FR 81247 - Privacy Act of 1974; System of Records

Science.gov (United States)

2010-12-27

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2010-OS-0168] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... public is to make these submissions available for public viewing on the Internet at http://www...

76 FR 1411 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-01-10

... DEPARTMENT OF DEFENSE Department of the Air Force [Docket ID: USAF-2011-0001] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... the public is to make these submissions available for public viewing on the Internet at http://www...

78 FR 6078 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-01-29

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-OS-0011] Privacy Act of 1974... record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed... public is to make these submissions available for public viewing on the Internet at http:// [[Page 6079...

77 FR 60400 - Privacy Act of 1974; System of Records

Science.gov (United States)

2012-10-03

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2012-OS-0119] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a(r)), as amended. DATES: This... public is to make these submissions available for public viewing on the Internet at http://www...

78 FR 14273 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-03-05

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2013-OS-0019] Privacy Act of 1974... record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed... public is to make these submissions available for public viewing on the Internet at http://www...

76 FR 28002 - Privacy Act of 1974; Systems of Records

Science.gov (United States)

2011-05-13

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0052] Privacy Act of 1974... existing inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES... the public is to make these submissions available for public viewing on the Internet at http://www...

75 FR 69650 - Privacy Act of 1974; System of Records

Science.gov (United States)

2010-11-15

... DEPARTMENT OF DEFENSE Department of the Army [Docket ID: USA-2010-0026] Privacy Act of 1974... record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed... from members of the public is to make these submissions available for public viewing on the Internet at...

78 FR 44102 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-07-23

... DEPARTMENT OF DEFENSE Department of the Army [Docket ID: USA-2013-0027] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... of the public is to make these submissions available for public viewing on the Internet at http://www...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Science.gov (United States)

2010-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

Image encryption using fingerprint as key based on phase retrieval algorithm and public key cryptography

Science.gov (United States)

Zhao, Tieyu; Ran, Qiwen; Yuan, Lin; Chi, Yingying; Ma, Jing

2015-09-01

In this paper, a novel image encryption system with fingerprint used as a secret key is proposed based on the phase retrieval algorithm and RSA public key algorithm. In the system, the encryption keys include the fingerprint and the public key of RSA algorithm, while the decryption keys are the fingerprint and the private key of RSA algorithm. If the users share the fingerprint, then the system will meet the basic agreement of asymmetric cryptography. The system is also applicable for the information authentication. The fingerprint as secret key is used in both the encryption and decryption processes so that the receiver can identify the authenticity of the ciphertext by using the fingerprint in decryption process. Finally, the simulation results show the validity of the encryption scheme and the high robustness against attacks based on the phase retrieval technique.

77 FR 15555 - Freedom of Information Act and Privacy Act Procedures

Science.gov (United States)

2012-03-16

... Freedom of Information Act and Privacy Act Procedures AGENCY: Special Inspector General for Afghanistan... Freedom of Information Act (FOIA) and the Privacy Act of 1974. These procedures will facilitate public..., Freedom of information, Privacy. Authority and Issuance For the reasons set forth above, SIGAR establishes...

78 FR 21600 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-04-11

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-OS-0050] Privacy Act of 1974... notice in its existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as... members of the public is to make these submissions available for public viewing on the Internet at http...

76 FR 10008 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-02-23

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0023] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... from members of the public is to make these submissions available for public viewing on the Internet at...

78 FR 31905 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-05-28

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-OS-0110] Privacy Act of 1974... notice in its existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as... members of the public is to make these submissions available for public viewing on the Internet at http...

76 FR 1409 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-01-10

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0001] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... from members of the public is to make these submissions available for public viewing on the Internet at...

76 FR 22682 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-04-22

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2011-OS-0044] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... from members of the public is to make these submissions available for public viewing on the Internet at...

78 FR 5788 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-01-28

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-OS-0005] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... of the public is to make these submissions available for public viewing on the Internet at http://www...

78 FR 14279 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-03-05

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2013-OS-0040] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... of the public is to make these submissions available for public viewing on the Internet at http://www...

Pythia: A Privacy-enhanced Personalized Contextual Suggestion System for Tourism

NARCIS (Netherlands)

Drosatos, G.; Efraimidis, P.S.; Arampatzis, A.; Stamatelatos, G.; Athanasiadis, I.N.

2015-01-01

We present Pythia, a privacy-enhanced non-invasive contextual suggestion system for tourists, with important architectural innovations. The system offers high quality personalized recommendations, non-invasive operation and protection of user privacy. A key feature of Pythia is the exploitation of

Public-key encryption with chaos

Science.gov (United States)

Kocarev, Ljupco; Sterjev, Marjan; Fekete, Attila; Vattay, Gabor

2004-12-01

We propose public-key encryption algorithms based on chaotic maps, which are generalization of well-known and commercially used algorithms: Rivest-Shamir-Adleman (RSA), ElGamal, and Rabin. For the case of generalized RSA algorithm we discuss in detail its software implementation and properties. We show that our algorithm is as secure as RSA algorithm.

78 FR 3971 - Children's Online Privacy Protection Rule

Science.gov (United States)

2013-01-17

... functionality or content of their properties or gain greater publicity through social media in an effort to... Children's Online Privacy Protection Rule; Final Rule #0;#0;Federal Register / Vol. 78 , No. 12 / Thursday... 3084-AB20 Children's Online Privacy Protection Rule AGENCY: Federal Trade Commission (``FTC'' or...

A New Heuristic Anonymization Technique for Privacy Preserved Datasets Publication on Cloud Computing

Science.gov (United States)

Aldeen Yousra, S.; Mazleena, Salleh

2018-05-01

Recent advancement in Information and Communication Technologies (ICT) demanded much of cloud services to sharing users’ private data. Data from various organizations are the vital information source for analysis and research. Generally, this sensitive or private data information involves medical, census, voter registration, social network, and customer services. Primary concern of cloud service providers in data publishing is to hide the sensitive information of individuals. One of the cloud services that fulfill the confidentiality concerns is Privacy Preserving Data Mining (PPDM). The PPDM service in Cloud Computing (CC) enables data publishing with minimized distortion and absolute privacy. In this method, datasets are anonymized via generalization to accomplish the privacy requirements. However, the well-known privacy preserving data mining technique called K-anonymity suffers from several limitations. To surmount those shortcomings, I propose a new heuristic anonymization framework for preserving the privacy of sensitive datasets when publishing on cloud. The advantages of K-anonymity, L-diversity and (α, k)-anonymity methods for efficient information utilization and privacy protection are emphasized. Experimental results revealed the superiority and outperformance of the developed technique than K-anonymity, L-diversity, and (α, k)-anonymity measure.

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Science.gov (United States)

2010-10-01

... ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights to request privacy protection for protected health information. (a)(1... 45 Public Welfare 1 2010-10-01 2010-10-01 false Rights to request privacy protection for protected...

Biobanking and Privacy in India.

Science.gov (United States)

Chaturvedi, Sachin; Srinivas, Krishna Ravi; Muthuswamy, Vasantha

2016-03-01

Biobank-based research is not specifically addressed in Indian statutory law and therefore Indian Council for Medical Research guidelines are the primary regulators of biobank research in India. The guidelines allow for broad consent and for any level of identification of specimens. Although privacy is a fundamental right under the Indian Constitution, courts have limited this right when it conflicts with other rights or with the public interest. Furthermore, there is no established privacy test or actionable privacy right in the common law of India. In order to facilitate biobank-based research, both of these lacunae should be addressed by statutory law specifically addressing biobanking and more directly addressing the accompanying privacy concerns. A biobank-specific law should be written with international guidelines in mind, but harmonization with other laws should not be attempted until after India has created a law addressing biobank research within the unique legal and cultural environment of India. © 2016 American Society of Law, Medicine & Ethics.

Privacy in Educational Use of Social Media in the U.S.

Science.gov (United States)

Marek, Michael W.; Skrabut, Stan

2017-01-01

Few scholarly publications have addressed in detail the question of student privacy when using social media for classroom educational activities. This study combined qualitative and conceptual methodologies to explore the implications of privacy law on learning activities, using the strict Family Educational Rights Privacy Act (FERPA) in the…

Public Auditing with Privacy Protection in a Multi-User Model of Cloud-Assisted Body Sensor Networks

Science.gov (United States)

Li, Song; Cui, Jie; Zhong, Hong; Liu, Lu

2017-01-01

Wireless Body Sensor Networks (WBSNs) are gaining importance in the era of the Internet of Things (IoT). The modern medical system is a particular area where the WBSN techniques are being increasingly adopted for various fundamental operations. Despite such increasing deployments of WBSNs, issues such as the infancy in the size, capabilities and limited data processing capacities of the sensor devices restrain their adoption in resource-demanding applications. Though providing computing and storage supplements from cloud servers can potentially enrich the capabilities of the WBSNs devices, data security is one of the prevailing issues that affects the reliability of cloud-assisted services. Sensitive applications such as modern medical systems demand assurance of the privacy of the users’ medical records stored in distant cloud servers. Since it is economically impossible to set up private cloud servers for every client, auditing data security managed in the remote servers has necessarily become an integral requirement of WBSNs’ applications relying on public cloud servers. To this end, this paper proposes a novel certificateless public auditing scheme with integrated privacy protection. The multi-user model in our scheme supports groups of users to store and share data, thus exhibiting the potential for WBSNs’ deployments within community environments. Furthermore, our scheme enriches user experiences by offering public verifiability, forward security mechanisms and revocation of illegal group members. Experimental evaluations demonstrate the security effectiveness of our proposed scheme under the Random Oracle Model (ROM) by outperforming existing cloud-assisted WBSN models. PMID:28475110

Public Auditing with Privacy Protection in a Multi-User Model of Cloud-Assisted Body Sensor Networks.

Science.gov (United States)

Li, Song; Cui, Jie; Zhong, Hong; Liu, Lu

2017-05-05

Wireless Body Sensor Networks (WBSNs) are gaining importance in the era of the Internet of Things (IoT). The modern medical system is a particular area where the WBSN techniques are being increasingly adopted for various fundamental operations. Despite such increasing deployments of WBSNs, issues such as the infancy in the size, capabilities and limited data processing capacities of the sensor devices restrain their adoption in resource-demanding applications. Though providing computing and storage supplements from cloud servers can potentially enrich the capabilities of the WBSNs devices, data security is one of the prevailing issues that affects the reliability of cloud-assisted services. Sensitive applications such as modern medical systems demand assurance of the privacy of the users' medical records stored in distant cloud servers. Since it is economically impossible to set up private cloud servers for every client, auditing data security managed in the remote servers has necessarily become an integral requirement of WBSNs' applications relying on public cloud servers. To this end, this paper proposes a novel certificateless public auditing scheme with integrated privacy protection. The multi-user model in our scheme supports groups of users to store and share data, thus exhibiting the potential for WBSNs' deployments within community environments. Furthermore, our scheme enriches user experiences by offering public verifiability, forward security mechanisms and revocation of illegal group members. Experimental evaluations demonstrate the security effectiveness of our proposed scheme under the Random Oracle Model (ROM) by outperforming existing cloud-assisted WBSN models.

Privacy-preserving data aggregation in two-tiered wireless sensor networks with mobile nodes.

Science.gov (United States)

Yao, Yonglei; Liu, Jingfa; Xiong, Neal N

2014-11-10

Privacy-preserving data aggregation in wireless sensor networks (WSNs) with mobile nodes is a challenging problem, as an accurate aggregation result should be derived in a privacy-preserving manner, under the condition that nodes are mobile and have no pre-specified keys for cryptographic operations. In this paper, we focus on the SUM aggregation function and propose two privacy-preserving data aggregation protocols for two-tiered sensor networks with mobile nodes: Privacy-preserving Data Aggregation against non-colluded Aggregator and Sink (PDAAS) and Privacy-preserving Data Aggregation against Colluded Aggregator and Sink (PDACAS). Both protocols guarantee that the sink can derive the SUM of all raw sensor data but each sensor's raw data is kept confidential. In PDAAS, two keyed values are used, one shared with the sink and the other shared with the aggregator. PDAAS can protect the privacy of sensed data against external eavesdroppers, compromised sensor nodes, the aggregator or the sink, but fails if the aggregator and the sink collude. In PDACAS, multiple keyed values are used in data perturbation, which are not shared with the aggregator or the sink. PDACAS can protect the privacy of sensor nodes even the aggregator and the sink collude, at the cost of a little more overhead than PDAAS. Thorough analysis and experiments are conducted, which confirm the efficacy and efficiency of both schemes.

Student Data Privacy Is Cloudy Today, Clearer Tomorrow

Science.gov (United States)

Trainor, Sonja

2015-01-01

An introduction to the big picture conversation on student data privacy and the norms that are coming out of it. The author looks at the current state of federal law, and ahead to proposed legislation at the federal level. The intent is to help educators become familiar with the key issues regarding student data privacy in education so as to…

Privacy protection and public goods: building a genetic database for health research in Newfoundland and Labrador

Science.gov (United States)

Pullman, Daryl; Perrot-Daley, Astrid; Hodgkinson, Kathy; Street, Catherine; Rahman, Proton

2013-01-01

Objective To provide a legal and ethical analysis of some of the implementation challenges faced by the Population Therapeutics Research Group (PTRG) at Memorial University (Canada), in using genealogical information offered by individuals for its genetics research database. Materials and methods This paper describes the unique historical and genetic characteristics of the Newfoundland and Labrador founder population, which gave rise to the opportunity for PTRG to build the Newfoundland Genealogy Database containing digitized records of all pre-confederation (1949) census records of the Newfoundland founder population. In addition to building the database, PTRG has developed the Heritability Analytics Infrastructure, a data management structure that stores genotype, phenotype, and pedigree information in a single database, and custom linkage software (KINNECT) to perform pedigree linkages on the genealogy database. Discussion A newly adopted legal regimen in Newfoundland and Labrador is discussed. It incorporates health privacy legislation with a unique research ethics statute governing the composition and activities of research ethics boards and, for the first time in Canada, elevating the status of national research ethics guidelines into law. The discussion looks at this integration of legal and ethical principles which provides a flexible and seamless framework for balancing the privacy rights and welfare interests of individuals, families, and larger societies in the creation and use of research data infrastructures as public goods. Conclusion The complementary legal and ethical frameworks that now coexist in Newfoundland and Labrador provide the legislative authority, ethical legitimacy, and practical flexibility needed to find a workable balance between privacy interests and public goods. Such an approach may also be instructive for other jurisdictions as they seek to construct and use biobanks and related research platforms for genetic research. PMID

Number Theory and Public-Key Cryptography.

Science.gov (United States)

Lefton, Phyllis

1991-01-01

Described are activities in the study of techniques used to conceal the meanings of messages and data. Some background information and two BASIC programs that illustrate the algorithms used in a new cryptographic system called "public-key cryptography" are included. (CW)

Valuating Privacy with Option Pricing Theory

Science.gov (United States)

Berthold, Stefan; Böhme, Rainer

One of the key challenges in the information society is responsible handling of personal data. An often-cited reason why people fail to make rational decisions regarding their own informational privacy is the high uncertainty about future consequences of information disclosures today. This chapter builds an analogy to financial options and draws on principles of option pricing to account for this uncertainty in the valuation of privacy. For this purpose, the development of a data subject's personal attributes over time and the development of the attribute distribution in the population are modeled as two stochastic processes, which fit into the Binomial Option Pricing Model (BOPM). Possible applications of such valuation methods to guide decision support in future privacy-enhancing technologies (PETs) are sketched.

77 FR 64962 - Privacy Act of 1974, as Amended

Science.gov (United States)

2012-10-24

... social media, and recipients of other public relations materials issued by the CFPB about CFPB sponsored... THE BUREAU OF CONSUMER FINANCIAL PROTECTION Privacy Act of 1974, as Amended AGENCY: Bureau of Consumer Financial Protection. ACTION: Notice of Proposed Privacy Act System of Records. SUMMARY: In...

Beyond individual-centric privacy : Information technology in social systems

NARCIS (Netherlands)

Pieters, W.

2017-01-01

In the public debate, social implications of information technology are mainly seen through the privacy lens. Impact assessments of information technology are also often limited to privacy impact assessments, which are focused on individual rights and well-being, as opposed to the social

Information Privacy: Culture, Legislation and User Attitudes

Directory of Open Access Journals (Sweden)

Sophie Cockcroft

2006-11-01

Full Text Available Information privacy has received much public and research interest in recent years. Globally this has arisen from public anxiety following the September 11 attacks and within Australia a progressive tightening of privacy legislation in particular the privacy amendment (private sector Act of 2000 which became operative in 2001. This paper presents the results of a study into attitudes towards information privacy. Based on an instrument developed and validated by Smith et al (1996a this study sets out to measure individual concerns regarding organisational use of information along four dimensions: collection, errors, unauthorised secondary use, and improper access. The survey was completed by 67 undergraduate and postgraduate students enrolled in an e-commerce security subject at the University of Queensland. Comparisons are drawn between the results of this study and an identical one carried out at the University of North Alabama. Whilst it is too early to draw conclusions about the impact of these attitudes on the success of e-commerce in general, the results should be of interest to those within universities seeking to expand the use of networking technologies for handling sensitive information such as enrolment and fee processing (Vanscoy & Oakleaf 2003

Enabling secure and privacy preserving communications in smart grids

CERN Document Server

Li, Hongwei

2014-01-01

This brief focuses on the current research on security and privacy preservation in smart grids. Along with a review of the existing works, this brief includes fundamental system models, possible frameworks, useful performance, and future research directions. It explores privacy preservation demand response with adaptive key evolution, secure and efficient Merkle tree based authentication, and fine-grained keywords comparison in the smart grid auction market. By examining the current and potential security and privacy threats, the author equips readers to understand the developing issues in sma

Multi-biometrics based cryptographic key regeneration scheme

OpenAIRE

Kanade , Sanjay Ganesh; Petrovska-Delacrétaz , Dijana; Dorizzi , Bernadette

2009-01-01

International audience; Biometrics lack revocability and privacy while cryptography cannot detect the user's identity. By obtaining cryptographic keys using biometrics, one can achieve the properties such as revocability, assurance about user's identity, and privacy. In this paper, we propose a multi-biometric based cryptographic key regeneration scheme. Since left and right irises of a person are uncorrelated, we treat them as two independent biometrics and combine in our system. We propose ...

45 CFR 2508.3 - What is the Corporation's Privacy Act policy?

Science.gov (United States)

2010-10-01

... 45 Public Welfare 4 2010-10-01 2010-10-01 false What is the Corporation's Privacy Act policy? 2508... NATIONAL AND COMMUNITY SERVICE IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 2508.3 What is the Corporation's Privacy Act policy? It is the policy of the Corporation to protect, preserve, and defend the right of...

Ensuring privacy in the study of pathogen genetics.

Science.gov (United States)

Mehta, Sanjay R; Vinterbo, Staal A; Little, Susan J

2014-08-01

Rapid growth in the genetic sequencing of pathogens in recent years has led to the creation of large sequence databases. This aggregated sequence data can be very useful for tracking and predicting epidemics of infectious diseases. However, the balance between the potential public health benefit and the risk to personal privacy for individuals whose genetic data (personal or pathogen) are included in such work has been difficult to delineate, because neither the true benefit nor the actual risk to participants has been adequately defined. Existing approaches to minimise the risk of privacy loss to participants are based on de-identification of data by removal of a predefined set of identifiers. These approaches neither guarantee privacy nor protect the usefulness of the data. We propose a new approach to privacy protection that will quantify the risk to participants, while still maximising the usefulness of the data to researchers. This emerging standard in privacy protection and disclosure control, which is known as differential privacy, uses a process-driven rather than data-centred approach to protecting privacy. Copyright © 2014 Elsevier Ltd. All rights reserved.

Pervasive Computing, Privacy and Distribution of the Self

Directory of Open Access Journals (Sweden)

Soraj Hongladarom

2011-05-01

Full Text Available The emergence of what is commonly known as “ambient intelligence” or “ubiquitous computing” means that our conception of privacy and trust needs to be reconsidered. Many have voiced their concerns about the threat to privacy and the more prominent role of trust that have been brought about by emerging technologies. In this paper, I will present an investigation of what this means for the self and identity in our ambient intelligence environment. Since information about oneself can be actively distributed and processed, it is proposed that in a significant sense it is the self itself that is distributed throughout a pervasive or ubiquitous computing network when information pertaining to the self of the individual travels through the network. Hence privacy protection needs to be extended to all types of information distributed. It is also recommended that appropriately strong legislation on privacy and data protection regarding this pervasive network is necessary, but at present not sufficient, to ensure public trust. What is needed is a campaign on public awareness and positive perception of the technology.

A digital memories based user authentication scheme with privacy preservation.

Directory of Open Access Journals (Sweden)

JunLiang Liu

Full Text Available The traditional username/password or PIN based authentication scheme, which still remains the most popular form of authentication, has been proved insecure, unmemorable and vulnerable to guessing, dictionary attack, key-logger, shoulder-surfing and social engineering. Based on this, a large number of new alternative methods have recently been proposed. However, most of them rely on users being able to accurately recall complex and unmemorable information or using extra hardware (such as a USB Key, which makes authentication more difficult and confusing. In this paper, we propose a Digital Memories based user authentication scheme adopting homomorphic encryption and a public key encryption design which can protect users' privacy effectively, prevent tracking and provide multi-level security in an Internet & IoT environment. Also, we prove the superior reliability and security of our scheme compared to other schemes and present a performance analysis and promising evaluation results.

Social Media Users’ Legal Consciousness About Privacy

Directory of Open Access Journals (Sweden)

Katharine Sarikakis

2017-02-01

Full Text Available This article explores the ways in which the concept of privacy is understood in the context of social media and with regard to users’ awareness of privacy policies and laws in the ‘Post-Snowden’ era. In the light of presumably increased public exposure to privacy debates, generated partly due to the European “Right to be Forgotten” ruling and the Snowden revelations on mass surveillance, this article explores users’ meaning-making of privacy as a matter of legal dimension in terms of its violations and threats online and users’ ways of negotiating their Internet use, in particular social networking sites. Drawing on the concept of legal consciousness, this article explores through focus group interviews the ways in which social media users negotiate privacy violations and what role their understanding of privacy laws (or lack thereof might play in their strategies of negotiation. The findings are threefold: first, privacy is understood almost universally as a matter of controlling one’s own data, including information disclosure even to friends, and is strongly connected to issues about personal autonomy; second, a form of resignation with respect to control over personal data appears to coexist with a recognized need to protect one’s private data, while respondents describe conscious attempts to circumvent systems of monitoring or violation of privacy, and third, despite widespread coverage of privacy legal issues in the press, respondents’ concerns about and engagement in “self-protecting” tactics derive largely from being personally affected by violations of law and privacy.

Reward-based spatial crowdsourcing with differential privacy preservation

Science.gov (United States)

Xiong, Ping; Zhang, Lefeng; Zhu, Tianqing

2017-11-01

In recent years, the popularity of mobile devices has transformed spatial crowdsourcing (SC) into a novel mode for performing complicated projects. Workers can perform tasks at specified locations in return for rewards offered by employers. Existing methods ensure the efficiency of their systems by submitting the workers' exact locations to a centralised server for task assignment, which can lead to privacy violations. Thus, implementing crowsourcing applications while preserving the privacy of workers' location is a key issue that needs to be tackled. We propose a reward-based SC method that achieves acceptable utility as measured by task assignment success rates, while efficiently preserving privacy. A differential privacy model ensures rigorous privacy guarantee, and Laplace noise is introduced to protect workers' exact locations. We then present a reward allocation mechanism that adjusts each piece of the reward for a task using the distribution of the workers' locations. Through experimental results, we demonstrate that this optimised-reward method is efficient for SC applications.

Privacy-preserving public auditing for data integrity in cloud

Science.gov (United States)

Shaik Saleem, M.; Murali, M.

2018-04-01

Cloud computing which has collected extent concentration from communities of research and with industry research development, a large pool of computing resources using virtualized sharing method like storage, processing power, applications and services. The users of cloud are vend with on demand resources as they want in the cloud computing. Outsourced file of the cloud user can easily tampered as it is stored at the third party service providers databases, so there is no integrity of cloud users data as it has no control on their data, therefore providing security assurance to the users data has become one of the primary concern for the cloud service providers. Cloud servers are not responsible for any data loss as it doesn’t provide the security assurance to the cloud user data. Remote data integrity checking (RDIC) licenses an information to data storage server, to determine that it is really storing an owners data truthfully. RDIC is composed of security model and ID-based RDIC where it is responsible for the security of every server and make sure the data privacy of cloud user against the third party verifier. Generally, by running a two-party Remote data integrity checking (RDIC) protocol the clients would themselves be able to check the information trustworthiness of their cloud. Within the two party scenario the verifying result is given either from the information holder or the cloud server may be considered as one-sided. Public verifiability feature of RDIC gives the privilege to all its users to verify whether the original data is modified or not. To ensure the transparency of the publicly verifiable RDIC protocols, Let’s figure out there exists a TPA who is having knowledge and efficiency to verify the work to provide the condition clearly by publicly verifiable RDIC protocols.

Vehicle Authentication via Monolithically Certified Public Key and Attributes

OpenAIRE

Dolev, Shlomi; Krzywiecki, Łukasz; Panwar, Nisha; Segal, Michael

2015-01-01

Vehicular networks are used to coordinate actions among vehicles in traffic by the use of wireless transceivers (pairs of transmitters and receivers). Unfortunately, the wireless communication among vehicles is vulnerable to security threats that may lead to very serious safety hazards. In this work, we propose a viable solution for coping with Man-in-the-Middle attacks. Conventionally, Public Key Infrastructure (PKI) is utilized for a secure communication with the pre-certified public key. H...

Exercising privacy rights in medical science.

Science.gov (United States)

Hillmer, Michael; Redelmeier, Donald A

2007-12-04

Privacy laws are intended to preserve human well-being and improve medical outcomes. We used the Sportstats website, a repository of competitive athletic data, to test how easily these laws can be circumvented. We designed a haphazard, unrepresentative case-series analysis and applied unscientific methods based on an Internet connection and idle time. We found it both feasible and titillating to breach anonymity, stockpile personal information and generate misquotations. We extended our methods to snoop on celebrities, link to outside databases and uncover refusal to participate. Throughout our study, we evaded capture and public humiliation despite violating these 6 privacy fundamentals. We suggest that the legitimate principle of safeguarding personal privacy is undermined by the natural human tendency toward showing off.

75 FR 20364 - Public Buildings Service; Key Largo Beacon Annex Site; Key Largo, FL; Transfer of Property

Science.gov (United States)

2010-04-19

... GENERAL SERVICES ADMINISTRATION [Wildlife Order 187; 4-D-FL-1218] Public Buildings Service; Key Largo Beacon Annex Site; Key Largo, FL; Transfer of Property Pursuant to section 2 of Public Law 537, 80th Congress, approved May 19, 1948 (16 U.S.C. 667c), notice is hereby given that: 1. The General...

Privacy-related context information for ubiquitous health.

Science.gov (United States)

Seppälä, Antto; Nykänen, Pirkko; Ruotsalainen, Pekka

2014-03-11

Ubiquitous health has been defined as a dynamic network of interconnected systems. A system is composed of one or more information systems, their stakeholders, and the environment. These systems offer health services to individuals and thus implement ubiquitous computing. Privacy is the key challenge for ubiquitous health because of autonomous processing, rich contextual metadata, lack of predefined trust among participants, and the business objectives. Additionally, regulations and policies of stakeholders may be unknown to the individual. Context-sensitive privacy policies are needed to regulate information processing. Our goal was to analyze privacy-related context information and to define the corresponding components and their properties that support privacy management in ubiquitous health. These properties should describe the privacy issues of information processing. With components and their properties, individuals can define context-aware privacy policies and set their privacy preferences that can change in different information-processing situations. Scenarios and user stories are used to analyze typical activities in ubiquitous health to identify main actors, goals, tasks, and stakeholders. Context arises from an activity and, therefore, we can determine different situations, services, and systems to identify properties for privacy-related context information in information-processing situations. Privacy-related context information components are situation, environment, individual, information technology system, service, and stakeholder. Combining our analyses and previously identified characteristics of ubiquitous health, more detailed properties for the components are defined. Properties define explicitly what context information for different components is needed to create context-aware privacy policies that can control, limit, and constrain information processing. With properties, we can define, for example, how data can be processed or how components

Quantum private query with perfect user privacy against a joint-measurement attack

Energy Technology Data Exchange (ETDEWEB)

Yang, Yu-Guang, E-mail: yangyang7357@bjut.edu.cn [College of Computer Science and Technology, Beijing University of Technology, Beijing 100124 (China); State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093 (China); Liu, Zhi-Chao [College of Computer Science and Technology, Beijing University of Technology, Beijing 100124 (China); Li, Jian [School of Computer, Beijing University of Posts and Telecommunications, Beijing 100876 (China); Chen, Xiu-Bo [Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876 (China); Zuo, Hui-Juan [College of Mathematics and Information Science, Hebei Normal University, Shijiazhuang 050024 (China); Zhou, Yi-Hua; Shi, Wei-Min [College of Computer Science and Technology, Beijing University of Technology, Beijing 100124 (China)

2016-12-16

The joint-measurement (JM) attack is the most powerful threat to the database security for existing quantum-key-distribution (QKD)-based quantum private query (QPQ) protocols. Wei et al. (2016) [28] proposed a novel QPQ protocol against the JM attack. However, their protocol relies on two-way quantum communication thereby affecting its real implementation and communication efficiency. Moreover, it cannot ensure perfect user privacy. In this paper, we present a new one-way QPQ protocol in which the special way of classical post-processing of oblivious key ensures the security against the JM attack. Furthermore, it realizes perfect user privacy and lower complexity of communication. - Highlights: • A special classical post-processing ensures the security against the JM attack. • It ensures perfect user privacy. • It ensures lower complexity of communication. Alice's conclusive key rate is 1/6.

Quantum private query with perfect user privacy against a joint-measurement attack

International Nuclear Information System (INIS)

Yang, Yu-Guang; Liu, Zhi-Chao; Li, Jian; Chen, Xiu-Bo; Zuo, Hui-Juan; Zhou, Yi-Hua; Shi, Wei-Min

2016-01-01

The joint-measurement (JM) attack is the most powerful threat to the database security for existing quantum-key-distribution (QKD)-based quantum private query (QPQ) protocols. Wei et al. (2016) [28] proposed a novel QPQ protocol against the JM attack. However, their protocol relies on two-way quantum communication thereby affecting its real implementation and communication efficiency. Moreover, it cannot ensure perfect user privacy. In this paper, we present a new one-way QPQ protocol in which the special way of classical post-processing of oblivious key ensures the security against the JM attack. Furthermore, it realizes perfect user privacy and lower complexity of communication. - Highlights: • A special classical post-processing ensures the security against the JM attack. • It ensures perfect user privacy. • It ensures lower complexity of communication. Alice's conclusive key rate is 1/6.

Challenges created by data dissemination and access restrictions when attempting to address community concerns: individual privacy versus public wellbeing.

Science.gov (United States)

Colquhoun, Amy; Aplin, Laura; Geary, Janis; Goodman, Karen J; Hatcher, Juanita

2012-05-08

Population health data are vital for the identification of public health problems and the development of public health strategies. Challenges arise when attempts are made to disseminate or access anonymised data that are deemed to be potentially identifiable. In these situations, there is debate about whether the protection of an individual's privacy outweighs potentially beneficial public health initiatives developed using potentially identifiable information. While these issues have an impact at planning and policy levels, they pose a particular dilemma when attempting to examine and address community concerns about a specific health problem. Research currently underway in northern Canadian communities on the frequency of Helicobacter pylori infection and associated diseases, such as stomach cancer, is used in this article to illustrate the challenges that data controls create on the ability of researchers and health officials to address community concerns. Barriers are faced by public health professionals and researchers when endeavouring to address community concerns; specifically, provincial cancer surveillance departments and community-driven participatory research groups face challenges related to data release or access that inhibit their ability to effectively address community enquiries. The resulting consequences include a limited ability to address misinformation or to alleviate concerns when dealing with health problems in small communities. The development of communication tools and building of trusting relationships are essential components of a successful investigation into community health concerns. It may also be important to consider that public wellbeing may outweigh the value of individual privacy in these situations. As such, a re-evaluation of data disclosure policies that are applicable in these circumstances should be considered.

Bit-Oriented Quantum Public-Key Cryptosystem Based on Bell States

Science.gov (United States)

Wu, WanQing; Cai, QingYu; Zhang, HuanGuo; Liang, XiaoYan

2018-06-01

Quantum public key encryption system provides information confidentiality using quantum mechanics. This paper presents a quantum public key cryptosystem ( Q P K C) based on the Bell states. By H o l e v o' s theorem, the presented scheme provides the security of the secret key using one-wayness during the QPKC. While the QPKC scheme is information theoretic security under chosen plaintext attack ( C P A). Finally some important features of presented QPKC scheme can be compared with other QPKC scheme.

Effective Privacy-Preserving Online Route Planning

DEFF Research Database (Denmark)

Vicente, Carmen Ruiz; Assent, Ira; Jensen, Christian S.

2011-01-01

An online Route Planning Service (RPS) computes a route from one location to another. Current RPSs such as Google Maps require the use of precise locations. However, some users may not want to disclose their source and destination locations due to privacy concerns. An approach that supplies fake...... privacy. The solution re-uses a standard online RPS rather than replicate this functionality, and it needs no trusted third party. The solution is able to compute the exact results without leaking of the exact locations to the RPS or un-trusted parties. In addition, we provide heuristics that reduce...... the number of times that the RPS needs to be queried, and we also describe how the accuracy and privacy requirements can be relaxed to achieve better performance. An empirical study offers insight into key properties of the approach....

Public interest approach to data protection law: the meaning, value and utility of the public interest for research uses of data

OpenAIRE

Stevens, Leslie Anne

2017-01-01

Due to legal uncertainty surrounding the application of key provisions of European and UK data protection law, the public interest in protecting individuals’ informational privacy is routinely neglected, as are the public interests in certain uses of data. Consent or anonymisation are often treated as the paradigmatic example of compliance with data protection law, even though both are unable to attend to the full range of rights and interests at stake in data processing. Curre...

Democracy and genetic privacy: the value of bodily integrity.

Science.gov (United States)

Beckman, Ludvig

2005-01-01

The right to genetic privacy is presently being incorporated in legal systems all over the world. It remains largely unclear however what interests and values this right serves to protect. There are many different arguments made in the literature, yet none takes into account the problem of how particular values can be justified given the plurality of moral and religious doctrines in our societies. In this article theories of public reason are used in order to explore how genetic privacy could be justified in a way that is sensitive to the "fact of pluralism". The idea of public reason is specified as the idea that governments should appeal only to values and beliefs that are acceptable to all reasonable citizens in the justification of rights. In examining prevalent arguments for genetic privacy--based on the value of autonomy or on the value of intimacy--it is concluded that they do not meet this requirement. In dealing with this deficiency in the literature, an argument is developed that genetic privacy is fundamental to the democratic participation of all citizens. By referring to the preconditions of democratic citizenship, genetic privacy can be justified in a way that respects the plurality of comprehensive doctrines of morality and religion in contemporary societies.

A Taxonomy of Privacy Constructs for Privacy-Sensitive Robotics

OpenAIRE

Rueben, Matthew; Grimm, Cindy M.; Bernieri, Frank J.; Smart, William D.

2017-01-01

The introduction of robots into our society will also introduce new concerns about personal privacy. In order to study these concerns, we must do human-subject experiments that involve measuring privacy-relevant constructs. This paper presents a taxonomy of privacy constructs based on a review of the privacy literature. Future work in operationalizing privacy constructs for HRI studies is also discussed.

Kids Sell: Celebrity Kids’ Right to Privacy

Directory of Open Access Journals (Sweden)

Seong Choul Hong

2016-04-01

Full Text Available The lives of celebrities are often spotlighted in the media because of their newsworthiness; however, many celebrities argue that their right to privacy is often infringed upon. Concerns about celebrity privacy are not limited to the celebrities themselves and often expand to their children. As a result of their popularity, public interest has pushed paparazzi and journalists to pursue trivial and private details about the lives of both celebrities and their children. This paper investigates conflicting areas where the right to privacy and the right to know collide when dealing with the children of celebrities. In general, the courts have been unsympathetic to celebrity privacy claims, noting their newsworthiness and self-promoted characteristic. Unless the press violates news-gathering ethics or torts, the courts will often rule in favor of the media. However, the story becomes quite different when related to an infringement on the privacy of celebrities’ children. This paper argues that all children have a right to protect their privacy regardless of their parents’ social status. Children of celebrities should not be exempt to principles of privacy just because their parents are a celebrity. Furthermore, they should not be exposed by the media without the voluntary consent of their legal patrons. That is, the right of the media to publish and the newsworthiness of children of celebrities must be restrictedly acknowledged.

32 CFR 806b.51 - Privacy and the Web.

Science.gov (United States)

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Privacy and the Web. 806b.51 Section 806b.51... PROGRAM Disclosing Records to Third Parties § 806b.51 Privacy and the Web. Do not post personal information on publicly accessible DoD web sites unless clearly authorized by law and implementing regulation...

76 FR 63611 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-10-13

... DEPARTMENT OF DEFENSE Department of the Army [Docket ID: USA-2011-0025] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES... submissions available for public viewing on the Internet at http:// [[Page 63612

New threats to health data privacy.

Science.gov (United States)

Li, Fengjun; Zou, Xukai; Liu, Peng; Chen, Jake Y

2011-11-24

Along with the rapid digitalization of health data (e.g. Electronic Health Records), there is an increasing concern on maintaining data privacy while garnering the benefits, especially when the data are required to be published for secondary use. Most of the current research on protecting health data privacy is centered around data de-identification and data anonymization, which removes the identifiable information from the published health data to prevent an adversary from reasoning about the privacy of the patients. However, published health data is not the only source that the adversaries can count on: with a large amount of information that people voluntarily share on the Web, sophisticated attacks that join disparate information pieces from multiple sources against health data privacy become practical. Limited efforts have been devoted to studying these attacks yet. We study how patient privacy could be compromised with the help of today's information technologies. In particular, we show that private healthcare information could be collected by aggregating and associating disparate pieces of information from multiple online data sources including online social networks, public records and search engine results. We demonstrate a real-world case study to show user identity and privacy are highly vulnerable to the attribution, inference and aggregation attacks. We also show that people are highly identifiable to adversaries even with inaccurate information pieces about the target, with real data analysis. We claim that too much information has been made available electronic and available online that people are very vulnerable without effective privacy protection.

New threats to health data privacy

Directory of Open Access Journals (Sweden)

Li Fengjun

2011-11-01

Full Text Available Abstract Background Along with the rapid digitalization of health data (e.g. Electronic Health Records, there is an increasing concern on maintaining data privacy while garnering the benefits, especially when the data are required to be published for secondary use. Most of the current research on protecting health data privacy is centered around data de-identification and data anonymization, which removes the identifiable information from the published health data to prevent an adversary from reasoning about the privacy of the patients. However, published health data is not the only source that the adversaries can count on: with a large amount of information that people voluntarily share on the Web, sophisticated attacks that join disparate information pieces from multiple sources against health data privacy become practical. Limited efforts have been devoted to studying these attacks yet. Results We study how patient privacy could be compromised with the help of today’s information technologies. In particular, we show that private healthcare information could be collected by aggregating and associating disparate pieces of information from multiple online data sources including online social networks, public records and search engine results. We demonstrate a real-world case study to show user identity and privacy are highly vulnerable to the attribution, inference and aggregation attacks. We also show that people are highly identifiable to adversaries even with inaccurate information pieces about the target, with real data analysis. Conclusion We claim that too much information has been made available electronic and available online that people are very vulnerable without effective privacy protection.

Privacy Protection in Cloud Using Rsa Algorithm

OpenAIRE

Amandeep Kaur; Manpreet Kaur

2014-01-01

The cloud computing architecture has been on high demand nowadays. The cloud has been successful over grid and distributed environment due to its cost and high reliability along with high security. However in the area of research it is observed that cloud computing still has some issues in security regarding privacy. The cloud broker provide services of cloud to general public and ensures that data is protected however they sometimes lag security and privacy. Thus in this work...

Privacy under construction : A developmental perspective on privacy perception

NARCIS (Netherlands)

Steijn, W.M.P.; Vedder, A.H.

2015-01-01

We present a developmental perspective regarding the difference in perceptions toward privacy between young and old. Here, we introduce the notion of privacy conceptions, that is, the specific ideas that individuals have regarding what privacy actually is. The differences in privacy concerns often

Privacy Bridges: EU and US Privacy Experts In Search of Transatlantic Privacy Solutions

NARCIS (Netherlands)

Abramatic, J.-F.; Bellamy, B.; Callahan, M.E.; Cate, F.; van Eecke, P.; van Eijk, N.; Guild, E.; de Hert, P.; Hustinx, P.; Kuner, C.; Mulligan, D.; O'Connor, N.; Reidenberg, J.; Rubinstein, I.; Schaar, P.; Shadbolt, N.; Spiekermann, S.; Vladeck, D.; Weitzner, D.J.; Zuiderveen Borgesius, F.; Hagenauw, D.; Hijmans, H.

2015-01-01

The EU and US share a common commitment to privacy protection as a cornerstone of democracy. Following the Treaty of Lisbon, data privacy is a fundamental right that the European Union must proactively guarantee. In the United States, data privacy derives from constitutional protections in the

A Generic Privacy Quantification Framework for Privacy-Preserving Data Publishing

Science.gov (United States)

Zhu, Zutao

2010-01-01

In recent years, the concerns about the privacy for the electronic data collected by government agencies, organizations, and industries are increasing. They include individual privacy and knowledge privacy. Privacy-preserving data publishing is a research branch that preserves the privacy while, at the same time, withholding useful information in…

Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

Science.gov (United States)

Pavone, Vincenzo; Esposti, Sara Degli

2012-07-01

As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

Privacy and Property? Multi-level Strategies for Protecting Personal Interests in Genetic Material

OpenAIRE

Laurie, Graeme

2003-01-01

The paper builds on earlier medico-legal work by Laurie on privacy in relation to genetic material. In this chapter, the author discusses not only Laurie's views as 'pro-privacy' but the limitations of privacy, particularly once information, genetic or otherwise, enters a public sphere. The article draws on cases and laws in the UK, continental Europe, and the US, to provide a comparative view in suggesting an alternative approach to privacy.

Privacy-Related Context Information for Ubiquitous Health

Science.gov (United States)

Nykänen, Pirkko; Ruotsalainen, Pekka

2014-01-01

Background Ubiquitous health has been defined as a dynamic network of interconnected systems. A system is composed of one or more information systems, their stakeholders, and the environment. These systems offer health services to individuals and thus implement ubiquitous computing. Privacy is the key challenge for ubiquitous health because of autonomous processing, rich contextual metadata, lack of predefined trust among participants, and the business objectives. Additionally, regulations and policies of stakeholders may be unknown to the individual. Context-sensitive privacy policies are needed to regulate information processing. Objective Our goal was to analyze privacy-related context information and to define the corresponding components and their properties that support privacy management in ubiquitous health. These properties should describe the privacy issues of information processing. With components and their properties, individuals can define context-aware privacy policies and set their privacy preferences that can change in different information-processing situations. Methods Scenarios and user stories are used to analyze typical activities in ubiquitous health to identify main actors, goals, tasks, and stakeholders. Context arises from an activity and, therefore, we can determine different situations, services, and systems to identify properties for privacy-related context information in information-processing situations. Results Privacy-related context information components are situation, environment, individual, information technology system, service, and stakeholder. Combining our analyses and previously identified characteristics of ubiquitous health, more detailed properties for the components are defined. Properties define explicitly what context information for different components is needed to create context-aware privacy policies that can control, limit, and constrain information processing. With properties, we can define, for example, how

Choose Privacy Week: Educate Your Students (and Yourself) about Privacy

Science.gov (United States)

Adams, Helen R.

2016-01-01

The purpose of "Choose Privacy Week" is to encourage a national conversation to raise awareness of the growing threats to personal privacy online and in day-to-day life. The 2016 Choose Privacy Week theme is "respecting individuals' privacy," with an emphasis on minors' privacy. A plethora of issues relating to minors' privacy…

75 FR 63703 - Privacy Act of 1974; Privacy Act Regulation

Science.gov (United States)

2010-10-18

... FEDERAL RESERVE SYSTEM 12 CFR Part 261a [Docket No. R-1313] Privacy Act of 1974; Privacy Act... implementing the Privacy Act of 1974 (Privacy Act). The primary changes concern the waiver of copying fees... records under the Privacy Act; the amendment of special procedures for the release of medical records to...

BangA: An Efficient and Flexible Generalization-Based Algorithm for Privacy Preserving Data Publication

Directory of Open Access Journals (Sweden)

Adeel Anjum

2017-01-01

Full Text Available Privacy-Preserving Data Publishing (PPDP has become a critical issue for companies and organizations that would release their data. k-Anonymization was proposed as a first generalization model to guarantee against identity disclosure of individual records in a data set. Point access methods (PAMs are not well studied for the problem of data anonymization. In this article, we propose yet another approximation algorithm for anonymization, coined BangA, that combines useful features from Point Access Methods (PAMs and clustering. Hence, it achieves fast computation and scalability as a PAM, and very high quality thanks to its density-based clustering step. Extensive experiments show the efficiency and effectiveness of our approach. Furthermore, we provide guidelines for extending BangA to achieve a relaxed form of differential privacy which provides stronger privacy guarantees as compared to traditional privacy definitions.

Public key infrastructure building trusted applications and web services

CERN Document Server

Vacca, John R

2004-01-01

OVERVIEW OF PKI TECHNOLOGYPublic Key Infrastructures (PKIs): What Are They?Type of Certificate Authorities (CAS) ServicesPKI StandardsTypes of Vendor and Third-Party CA SystemsProtecting Private KeysCA System AttacksStolen Private Keys: What Can Be Done?Certificate Practice StatementsPKI ReadinessANALYZING AND DESIGNING PUBLIC KEY INFRASTRUCTURESPKI Design IssuesCost Justification and ConsiderationPKI Standards Design IssuesPKI Architectural Design ConsiderationsIMPLEMENTING PKIRequirementsImplementation ScheduleImplementation CostsPKI PerformanceMANAGING PKIRequesting a CertificateObtaining a

Designing Privacy for You : A User Centric Approach For Privacy

OpenAIRE

Senarath, Awanthika; Arachchilage, Nalin A. G.; Slay, Jill

2017-01-01

Privacy directly concerns the user as the data owner (data- subject) and hence privacy in systems should be implemented in a manner which concerns the user (user-centered). There are many concepts and guidelines that support development of privacy and embedding privacy into systems. However, none of them approaches privacy in a user- centered manner. Through this research we propose a framework that would enable developers and designers to grasp privacy in a user-centered manner and implement...

78 FR 60265 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-10-01

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2013-OS-0201] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...

The Privacy Coach: Supporting customer privacy in the Internet of Things

OpenAIRE

Broenink, Gerben; Hoepman, Jaap-Henk; Hof, Christian van 't; van Kranenburg, Rob; Smits, David; Wisman, Tijmen

2010-01-01

The Privacy Coach is an application running on a mobile phone that supports customers in making privacy decisions when confronted with RFID tags. The approach we take to increase customer privacy is a radical departure from the mainstream research efforts that focus on implementing privacy enhancing technologies on the RFID tags themselves. Instead the Privacy Coach functions as a mediator between customer privacy preferences and corporate privacy policies, trying to find a match between the ...

Privacy for Key-Trees with Adaptive Adversaries

NARCIS (Netherlands)

Beye, M.; Veugen, P.J.M.

2011-01-01

Hash-lock authentication protocols for Radio Frequency IDentification (RFID) tags incur heavy search on the server. Key-trees have been proposed as a way to reduce search times, but because partial keys in such trees are shared, key compromise affects several tags. Butty´an [3] and Beye and Veugen

Public-Key Encryption with Non-interactive Opening

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Hofheinz, Dennis; Kiltz, Eike

2008-01-01

We formally define the primitive of public-key encryption with non-interactive opening (PKENO), where the receiver of a ciphertext C can, convincingly and without interaction, reveal what the result was of decrypting C, without compromising the scheme’s security. This has numerous applications...

Public Key Encryption Supporting Plaintext Equality Test and User-Specified Authorization

NARCIS (Netherlands)

Tang, Qiang

2011-01-01

In this paper we investigate a category of public key encryption schemes which supports plaintext equality test and user-specified authorization. With this new primitive, two users, who possess their own public/private key pairs, can issue token(s) to a proxy to authorize it to perform plaintext

Privacy and Security: A Bibliography.

Science.gov (United States)

Computer and Business Equipment Manufacturers Association, Washington, DC.

Compiled at random from many sources, this bibliography attempts to cite as many publications concerning privacy and security as are available. The entries are organized under seven headings: (1) systems security, technical security, clearance of personnel, (2) corporate physical security, (3) administrative security, (4) miscellaneous--privacy…

Freedom and privacy in ambient intelligence

NARCIS (Netherlands)

Brey, Philip A.E.

2006-01-01

This paper analyzes ethical aspects of the new paradigm of Ambient Intelligence, which is a combination of Ubiquitous Computing and Intelligent User Interfaces (IUI’s). After an introduction to the approach, two key ethical dimensions will be analyzed: freedom and privacy. It is argued that Ambient

76 FR 53420 - Privacy Act of 1974; Systems of Records

Science.gov (United States)

2011-08-26

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0097] Privacy Act of 1974... notice in its existing inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a... submissions available for public viewing on the Internet at http://www.regulations.gov as they are [[Page...

77 FR 37002 - Privacy Act of 1974; System of Records

Science.gov (United States)

2012-06-20

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2012-OS-0072] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... available for public viewing on the Internet at http://www.regulations.gov as they are received without...

78 FR 43869 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-07-22

... DEPARTMENT OF DEFENSE Department of the Navy [Docket ID USN-2013-0025] Privacy Act of 1974; System... systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...

76 FR 66698 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-10-27

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0117] Privacy Act of 1974... notice from its existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...

75 FR 52517 - Privacy Act of 1974; System of Records

Science.gov (United States)

2010-08-26

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2010-OS-0117] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES... available for public viewing on the Internet at http://www.regulations.gov as they are received without...

77 FR 60412 - Privacy Act of 1974; System of Records

Science.gov (United States)

2012-10-03

... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2012-0012] Privacy Act of 1974; System... systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...

76 FR 70428 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-11-14

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0120] Privacy Act of 1974... notice from its existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...

77 FR 37885 - Privacy Act of 1974; System of Records

Science.gov (United States)

2012-06-25

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2012-OS-0074] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES... available for public viewing on the Internet at http://www.regulations.gov as they are received without...

76 FR 60008 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-09-28

... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2011-0023] Privacy Act of 1974; System... existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...

76 FR 82286 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-12-30

... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2011-0028] Privacy Act of 1974; System... record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed... available for public viewing on the Internet at http://www.regulations.gov as they are received without...

75 FR 63824 - Privacy Act of 1974; System of Records

Science.gov (United States)

2010-10-18

... DEPARTMENT OF DEFENSE Department of the Air Force [Docket ID: USAF-2010-0026] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... for public viewing on the Internet at http://www.regulations.gov as they are received without change...

75 FR 65456 - Privacy Act of 1974; System of Records

Science.gov (United States)

2010-10-25

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0147] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. [[Page... available for public viewing on the Internet at http://www.regulations.gov as they are received without...

77 FR 26260 - Privacy Act of 1974; System of Records

Science.gov (United States)

2012-05-03

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2012-OS-0030] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... make these submissions available for public viewing on the Internet at http://www.regulations.gov as...

75 FR 3714 - Privacy Act of 1974; System of Records

Science.gov (United States)

2010-01-22

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0004] Privacy Act of 1974... its existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as... available for public viewing on the Internet at http://www.regulations.gov as they are received without...

76 FR 39394 - Privacy Act of 1974; System of Records

Science.gov (United States)

2011-07-06

... DEPARTMENT OF DEFENSE Department of the Navy [Docket ID USN-2011-0010] Privacy Act of 1974; System... systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...

75 FR 62111 - Privacy Act of 1974; System of Records

Science.gov (United States)

2010-10-07

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0140] Privacy Act of 1974... records notices in its existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...

78 FR 22525 - Privacy Act of 1974; System of Records

Science.gov (United States)

2013-04-16

... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-0057] Privacy Act of 1974... systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...

Policy recommendations for addressing privacy challenges associated with cell-based research and interventions.

Science.gov (United States)

Ogbogu, Ubaka; Burningham, Sarah; Ollenberger, Adam; Calder, Kathryn; Du, Li; El Emam, Khaled; Hyde-Lay, Robyn; Isasi, Rosario; Joly, Yann; Kerr, Ian; Malin, Bradley; McDonald, Michael; Penney, Steven; Piat, Gayle; Roy, Denis-Claude; Sugarman, Jeremy; Vercauteren, Suzanne; Verhenneman, Griet; West, Lori; Caulfield, Timothy

2014-02-03

The increased use of human biological material for cell-based research and clinical interventions poses risks to the privacy of patients and donors, including the possibility of re-identification of individuals from anonymized cell lines and associated genetic data. These risks will increase as technologies and databases used for re-identification become affordable and more sophisticated. Policies that require ongoing linkage of cell lines to donors' clinical information for research and regulatory purposes, and existing practices that limit research participants' ability to control what is done with their genetic data, amplify the privacy concerns. To date, the privacy issues associated with cell-based research and interventions have not received much attention in the academic and policymaking contexts. This paper, arising out of a multi-disciplinary workshop, aims to rectify this by outlining the issues, proposing novel governance strategies and policy recommendations, and identifying areas where further evidence is required to make sound policy decisions. The authors of this paper take the position that existing rules and norms can be reasonably extended to address privacy risks in this context without compromising emerging developments in the research environment, and that exceptions from such rules should be justified using a case-by-case approach. In developing new policies, the broader framework of regulations governing cell-based research and related areas must be taken into account, as well as the views of impacted groups, including scientists, research participants and the general public. This paper outlines deliberations at a policy development workshop focusing on privacy challenges associated with cell-based research and interventions. The paper provides an overview of these challenges, followed by a discussion of key themes and recommendations that emerged from discussions at the workshop. The paper concludes that privacy risks associated with cell

Privacy vs security

CERN Document Server

Stalla-Bourdillon, Sophie; Ryan, Mark D

2014-01-01

Securing privacy in the current environment is one of the great challenges of today's democracies. Privacy vs. Security explores the issues of privacy and security and their complicated interplay, from a legal and a technical point of view. Sophie Stalla-Bourdillon provides a thorough account of the legal underpinnings of the European approach to privacy and examines their implementation through privacy, data protection and data retention laws. Joshua Philips and Mark D. Ryan focus on the technological aspects of privacy, in particular, on today's attacks on privacy by the simple use of today'

Privacy transparency patterns

NARCIS (Netherlands)

Siljee B.I.J.

2015-01-01

This paper describes two privacy patterns for creating privacy transparency: the Personal Data Table pattern and the Privacy Policy Icons pattern, as well as a full overview of privacy transparency patterns. It is a first step in creating a full set of privacy design patterns, which will aid

Impact of Mini-drone based Video Surveillance on Invasion of Privacy

OpenAIRE

Korshunov, Pavel; Bonetto, Margherita; Ebrahimi, Touradj; Ramponi, Giovanni

2015-01-01

An increase in adoption of video surveillance, affecting many aspects of daily lives, raises public concern about an intrusion into individual privacy. New sensing and surveillance technologies, such as mini-drones, threaten to eradicate boundaries of private space even more. Therefore, it is important to study the effect of mini-drones on privacy intrusion and to understand how existing protection privacy filters perform on a video captured by a mini-drone. To this end, we have built a publi...

Privacy 2.0

Directory of Open Access Journals (Sweden)

Stylianos Papathanassopoulos

2015-04-01

Full Text Available We live in the era of change. In this world, privacy is not a static concept, but instead has a dynamic component. Overall, it becomes clear that the public and private are not defined in the same manner as in the past and as in the actual world, while our personal information has become a commodity that can raise our visibility in the social media driven world.

Toward privacy-preserving JPEG image retrieval

Science.gov (United States)

Cheng, Hang; Wang, Jingyue; Wang, Meiqing; Zhong, Shangping

2017-07-01

This paper proposes a privacy-preserving retrieval scheme for JPEG images based on local variance. Three parties are involved in the scheme: the content owner, the server, and the authorized user. The content owner encrypts JPEG images for privacy protection by jointly using permutation cipher and stream cipher, and then, the encrypted versions are uploaded to the server. With an encrypted query image provided by an authorized user, the server may extract blockwise local variances in different directions without knowing the plaintext content. After that, it can calculate the similarity between the encrypted query image and each encrypted database image by a local variance-based feature comparison mechanism. The authorized user with the encryption key can decrypt the returned encrypted images with plaintext content similar to the query image. The experimental results show that the proposed scheme not only provides effective privacy-preserving retrieval service but also ensures both format compliance and file size preservation for encrypted JPEG images.

Security and Privacy Analyses of Internet of Things Toys

OpenAIRE

Chu, Gordon; Apthorpe, Noah; Feamster, Nick

2018-01-01

This paper investigates the security and privacy of Internet-connected children's smart toys through case studies of three commercially-available products. We conduct network and application vulnerability analyses of each toy using static and dynamic analysis techniques, including application binary decompilation and network monitoring. We discover several publicly undisclosed vulnerabilities that violate the Children's Online Privacy Protection Rule (COPPA) as well as the toys' individual pr...

δ-dependency for privacy-preserving XML data publishing.

Science.gov (United States)

Landberg, Anders H; Nguyen, Kinh; Pardede, Eric; Rahayu, J Wenny

2014-08-01

An ever increasing amount of medical data such as electronic health records, is being collected, stored, shared and managed in large online health information systems and electronic medical record systems (EMR) (Williams et al., 2001; Virtanen, 2009; Huang and Liou, 2007) [1-3]. From such rich collections, data is often published in the form of census and statistical data sets for the purpose of knowledge sharing and enabling medical research. This brings with it an increasing need for protecting individual people privacy, and it becomes an issue of great importance especially when information about patients is exposed to the public. While the concept of data privacy has been comprehensively studied for relational data, models and algorithms addressing the distinct differences and complex structure of XML data are yet to be explored. Currently, the common compromise method is to convert private XML data into relational data for publication. This ad hoc approach results in significant loss of useful semantic information previously carried in the private XML data. Health data often has very complex structure, which is best expressed in XML. In fact, XML is the standard format for exchanging (e.g. HL7 version 3(1)) and publishing health information. Lack of means to deal directly with data in XML format is inevitably a serious drawback. In this paper we propose a novel privacy protection model for XML, and an algorithm for implementing this model. We provide general rules, both for transforming a private XML schema into a published XML schema, and for mapping private XML data to the new privacy-protected published XML data. In addition, we propose a new privacy property, δ-dependency, which can be applied to both relational and XML data, and that takes into consideration the hierarchical nature of sensitive data (as opposed to "quasi-identifiers"). Lastly, we provide an implementation of our model, algorithm and privacy property, and perform an experimental analysis

Simple group password-based authenticated key agreements for the integrated EPR information system.

Science.gov (United States)

Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

2013-04-01

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

Privacy Awareness: A Means to Solve the Privacy Paradox?

Science.gov (United States)

Pötzsch, Stefanie

People are limited in their resources, i.e. they have limited memory capabilities, cannot pay attention to too many things at the same time, and forget much information after a while; computers do not suffer from these limitations. Thus, revealing personal data in electronic communication environments and being completely unaware of the impact of privacy might cause a lot of privacy issues later. Even if people are privacy aware in general, the so-called privacy paradox shows that they do not behave according to their stated attitudes. This paper discusses explanations for the existing dichotomy between the intentions of people towards disclosure of personal data and their behaviour. We present requirements on tools for privacy-awareness support in order to counteract the privacy paradox.

Privacy Policy

Science.gov (United States)

... Home → NLM Privacy Policy URL of this page: https://medlineplus.gov/privacy.html NLM Privacy Policy To ... out of cookies in the most popular browsers, http://www.usa.gov/optout_instructions.shtml. Please note ...

Security of public key encryption technique based on multiple chaotic systems

International Nuclear Information System (INIS)

Wang Kai; Pei Wenjiang; Zou Liuhua; Cheung Yiuming; He Zhenya

2006-01-01

Recently, a new public key encryption technique based on multiple chaotic systems has been proposed [B. Ranjan, Phys. Rev. Lett. 95 (2005) 098702]. This scheme employs m-chaotic systems and a set of linear functions for key exchange over an insecure channel. Security of the proposed algorithm grows as (NP) m , where N, P are the size of the key and the computational complexity of the linear functions respectively. In this Letter, the fundamental weakness of the cryptosystem is pointed out and a successful attack is described. Given the public keys and the initial vector, one can calculate the secret key based on Parseval's theorem. Both theoretical and experimental results show that the attacker can access to the secret key without difficulty. The lack of security discourages the use of such algorithm for practical applications

Patient Privacy in the Era of Big Data.

Science.gov (United States)

Kayaalp, Mehmet

2018-01-20

Privacy was defined as a fundamental human right in the Universal Declaration of Human Rights at the 1948 United Nations General Assembly. However, there is still no consensus on what constitutes privacy. In this review, we look at the evolution of privacy as a concept from the era of Hippocrates to the era of social media and big data. To appreciate the modern measures of patient privacy protection and correctly interpret the current regulatory framework in the United States, we need to analyze and understand the concepts of individually identifiable information, individually identifiable health information, protected health information, and de-identification. The Privacy Rule of the Health Insurance Portability and Accountability Act defines the regulatory framework and casts a balance between protective measures and access to health information for secondary (scientific) use. The rule defines the conditions when health information is protected by law and how protected health information can be de-identified for secondary use. With the advents of artificial intelligence and computational linguistics, computational text de-identification algorithms produce de-identified results nearly as well as those produced by human experts, but much faster, more consistently and basically for free. Modern clinical text de-identification systems now pave the road to big data and enable scientists to access de-identified clinical information while firmly protecting patient privacy. However, clinical text de-identification is not a perfect process. In order to maximize the protection of patient privacy and to free clinical and scientific information from the confines of electronic healthcare systems, all stakeholders, including patients, health institutions and institutional review boards, scientists and the scientific communities, as well as regulatory and law enforcement agencies must collaborate closely. On the one hand, public health laws and privacy regulations define rules

Concentrated Differential Privacy

OpenAIRE

Dwork, Cynthia; Rothblum, Guy N.

2016-01-01

We introduce Concentrated Differential Privacy, a relaxation of Differential Privacy enjoying better accuracy than both pure differential privacy and its popular "(epsilon,delta)" relaxation without compromising on cumulative privacy loss over multiple computations.

Public-key Encryption with Registered Keyword Search

NARCIS (Netherlands)

Tang, Qiang; Chen, Liqun

Public-key Encryption with Keyword Search (PEKS) enables a server to test whether a tag from a sender and a trapdoor from a receiver contain the same keyword. In this paper, we highlight some potential security concern, i.e. a curious server is able to answer whether any selected keyword is

Gaussian operations and privacy

International Nuclear Information System (INIS)

Navascues, Miguel; Acin, Antonio

2005-01-01

We consider the possibilities offered by Gaussian states and operations for two honest parties, Alice and Bob, to obtain privacy against a third eavesdropping party, Eve. We first extend the security analysis of the protocol proposed in [Navascues et al. Phys. Rev. Lett. 94, 010502 (2005)]. Then, we prove that a generalized version of this protocol does not allow one to distill a secret key out of bound entangled Gaussian states

Large-scale Health Information Database and Privacy Protection.

Science.gov (United States)

Yamamoto, Ryuichi

2016-09-01

Japan was once progressive in the digitalization of healthcare fields but unfortunately has fallen behind in terms of the secondary use of data for public interest. There has recently been a trend to establish large-scale health databases in the nation, and a conflict between data use for public interest and privacy protection has surfaced as this trend has progressed. Databases for health insurance claims or for specific health checkups and guidance services were created according to the law that aims to ensure healthcare for the elderly; however, there is no mention in the act about using these databases for public interest in general. Thus, an initiative for such use must proceed carefully and attentively. The PMDA projects that collect a large amount of medical record information from large hospitals and the health database development project that the Ministry of Health, Labour and Welfare (MHLW) is working on will soon begin to operate according to a general consensus; however, the validity of this consensus can be questioned if issues of anonymity arise. The likelihood that researchers conducting a study for public interest would intentionally invade the privacy of their subjects is slim. However, patients could develop a sense of distrust about their data being used since legal requirements are ambiguous. Nevertheless, without using patients' medical records for public interest, progress in medicine will grind to a halt. Proper legislation that is clear for both researchers and patients will therefore be highly desirable. A revision of the Act on the Protection of Personal Information is currently in progress. In reality, however, privacy is not something that laws alone can protect; it will also require guidelines and self-discipline. We now live in an information capitalization age. I will introduce the trends in legal reform regarding healthcare information and discuss some basics to help people properly face the issue of health big data and privacy

Privacy policies for health social networking sites

Science.gov (United States)

Li, Jingquan

2013-01-01

Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in health care and presents a practical example that demonstrates how the risks might be intrinsic to some HSNS. The aim of this study is to identify and sketch the policy implications of using HSNS and how policy makers and stakeholders should elaborate upon them to protect the privacy of online health data. PMID:23599228

Privacy policies for health social networking sites.

Science.gov (United States)

Li, Jingquan

2013-01-01

Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in health care and presents a practical example that demonstrates how the risks might be intrinsic to some HSNS. The aim of this study is to identify and sketch the policy implications of using HSNS and how policy makers and stakeholders should elaborate upon them to protect the privacy of online health data.

Key Spatial Factors Influencing the Perceived Privacy in Nursing Units: An Exploration Study With Eight Nursing Units in Hong Kong.

Science.gov (United States)

Lu, Yi; Cai, Hui; Bosch, Sheila J

2017-07-01

This study examined how the spatial characteristics of patient beds, which are influenced by patient room design and nursing unit configuration, affect patients' perceptions about privacy. In the hospital setting, most patients expect a certain degree of privacy but also understand that their caregivers need appropriate access to them in order to provide high-quality care. Even veteran healthcare designers may struggle to create just the right balance between privacy and accessibility. A paper-based survey was conducted with 159 participants in Hong Kong-72 (45.3%) participants had been hospitalized and 87 (54.7%) participants had not-to document their selection of high-privacy beds, given simplified plans of eight nursing units. Two types of information, comprised of six variables, were examined for each bed. These include (1) room-level variables, specifically the number of beds per room and area per bed and (2) relational variables, including walking distance, directional change, integration, and control. The results demonstrate that when asked to identify high-privacy beds, participants selected beds in patient rooms with fewer beds per room, a larger area per bed, and a longer walking distance to the care team workstation. Interestingly, the participants having been hospitalized also chose beds with a visual connection to the care team workstation as being high in privacy. The participants with hospitalization experience may be willing to accept a bed with reduced visual privacy, perhaps out of a concern for safety.

A Deontological View of the Privacy Debate.

Science.gov (United States)

Wilson, Alan

The mass media are at odds with the public on issues concerning privacy, i.e., issues concerning whether private information about a person should be printed in a newspaper or magazine. In a 1982 survey, one journalist/respondent said his or her newspaper "almost always" favored the public's right to know over a person's right to…

The differing privacy concerns regarding exchanging electronic medical records of internet users in Taiwan.

Science.gov (United States)

Hwang, Hsin-Ginn; Han, Hwai-En; Kuo, Kuang-Ming; Liu, Chung-Feng

2012-12-01

This study explores whether Internet users have different privacy concerns regarding the information contained in electronic medical records (EMRs) according to gender, age, occupation, education, and EMR awareness. Based on the Concern for Information Privacy (CFIP) scale developed by Smith and colleagues in 1996, we conducted an online survey using 15 items in four dimensions, namely, collection, unauthorized access, secondary use, and errors, to investigate Internet users' concerns regarding the privacy of EMRs under health information exchanges (HIE). We retrieved 213 valid questionnaires. The results indicate that the respondents had substantial privacy concerns regarding EMRs and their educational level and EMR awareness significantly influenced their privacy concerns regarding unauthorized access and secondary use of EMRs. This study recommends that the Taiwanese government organizes a comprehensive EMR awareness campaign, emphasizing unauthorized access and secondary use of EMRs. Additionally, to cultivate the public's understanding of EMRs, the government should employ various media, especially Internet channels, to promote EMR awareness, thereby enabling the public to accept the concept and use of EMRs. People who are highly educated and have superior EMR awareness should be given a comprehensive explanation of how hospitals protect patients' EMRs from unauthorized access and secondary use to address their concerns. Thus, the public can comprehend, trust, and accept the use of EMRs, reducing their privacy concerns, which should facilitate the future implementation of HIE.

Simple Public Key Infrastructure Protocol Analysis and Design

National Research Council Canada - National Science Library

Vidergar, Alexander G

2005-01-01

...). This thesis aims at proving the applicability of the Simple Public Key Infrastructure (SPKI) as a means of PKC. The strand space approach of Guttman and Thayer is used to provide an appropriate model for analysis...

Information verification cryptosystem using one-time keys based on double random phase encoding and public-key cryptography

Science.gov (United States)

Zhao, Tieyu; Ran, Qiwen; Yuan, Lin; Chi, Yingying; Ma, Jing

2016-08-01

A novel image encryption system based on double random phase encoding (DRPE) and RSA public-key algorithm is proposed. The main characteristic of the system is that each encryption process produces a new decryption key (even for the same plaintext), thus the encryption system conforms to the feature of the one-time pad (OTP) cryptography. The other characteristic of the system is the use of fingerprint key. Only with the rightful authorization will the true decryption be obtained, otherwise the decryption will result in noisy images. So the proposed system can be used to determine whether the ciphertext is falsified by attackers. In addition, the system conforms to the basic agreement of asymmetric cryptosystem (ACS) due to the combination with the RSA public-key algorithm. The simulation results show that the encryption scheme has high robustness against the existing attacks.

Building Secure Public Key Encryption Scheme from Hidden Field Equations

Directory of Open Access Journals (Sweden)

Yuan Ping

2017-01-01

Full Text Available Multivariate public key cryptography is a set of cryptographic schemes built from the NP-hardness of solving quadratic equations over finite fields, amongst which the hidden field equations (HFE family of schemes remain the most famous. However, the original HFE scheme was insecure, and the follow-up modifications were shown to be still vulnerable to attacks. In this paper, we propose a new variant of the HFE scheme by considering the special equation x2=x defined over the finite field F3 when x=0,1. We observe that the equation can be used to further destroy the special structure of the underlying central map of the HFE scheme. It is shown that the proposed public key encryption scheme is secure against known attacks including the MinRank attack, the algebraic attacks, and the linearization equations attacks. The proposal gains some advantages over the original HFE scheme with respect to the encryption speed and public key size.

Privacy Policies

NARCIS (Netherlands)

Dekker, M.A.C.; Etalle, Sandro; den Hartog, Jeremy; Petkovic, M.; Jonker, W.; Jonker, Willem

2007-01-01

Privacy is a prime concern in today's information society. To protect the privacy of individuals, enterprises must follow certain privacy practices, while collecting or processing personal data. In this chapter we look at the setting where an enterprise collects private data on its website,

Privacy rules for DNA databanks. Protecting coded 'future diaries'.

Science.gov (United States)

Annas, G J

1993-11-17

In privacy terms, genetic information is like medical information. But the information contained in the DNA molecule itself is more sensitive because it contains an individual's probabilistic "future diary," is written in a code that has only partially been broken, and contains information about an individual's parents, siblings, and children. Current rules for protecting the privacy of medical information cannot protect either genetic information or identifiable DNA samples stored in DNA databanks. A review of the legal and public policy rationales for protecting genetic privacy suggests that specific enforceable privacy rules for DNA databanks are needed. Four preliminary rules are proposed to govern the creation of DNA databanks, the collection of DNA samples for storage, limits on the use of information derived from the samples, and continuing obligations to those whose DNA samples are in the databanks.

Trust and Privacy in the Shift from E-Commerce to M-Commerce: A Comparative Approach

OpenAIRE

Papadopoulou , Panagiota; Pelet , Jean-Eric

2013-01-01

Part 2: Trust and Privacy; International audience; Trust and privacy have been widely studied as key issues and success factors for e-commerce. The advent of m-commerce calls for revisiting these concepts and re-examining their antecedents in the mobile context. This paper attempts a comparative approach to the issues of trust and privacy in e-commerce and m-commerce. It investigates how trust and privacy are differentiated with the shift from the context of e-commerce to the context of m-com...

Distributed public key schemes secure against continual leakage

DEFF Research Database (Denmark)

Akavia, Adi; Goldwasser, Shafi; Hazay, Carmit

2012-01-01

-secure against continual memory leakage. Our DPKE scheme also implies a secure storage system on leaky devices, where a value s can be secretely stored on devices that continually leak information about their internal state to an external attacker. The devices go through a periodic refresh protocol......In this work we study distributed public key schemes secure against continual memory leakage. The secret key will be shared among two computing devices communicating over a public channel, and the decryption operation will be computed by a simple 2-party protocol between the devices. Similarly...... against continual memory leakage, under the Bilinear Decisional Diffie-Hellman and $2$-linear assumptions. Our schemes have the following properties: 1. Our DPKE and DIBE schemes tolerate leakage at all times, including during refresh. During refresh the tolerated leakage is a (1/2-o (1),1)-fraction...

Disclosing genetic information to at-risk relatives: new Australian privacy principles, but uniformity still elusive.

Science.gov (United States)

Otlowski, Margaret F A

2015-04-06

There is growing understanding of the need for genetic information to be shared with genetic relatives in some circumstances. Since 2006, s 95AA of the Privacy Act 1988 (Cwlth) has permitted the disclosure of genetic information to genetic relatives without the patient's consent, provided that the health practitioner reasonably believes that disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of the genetic relatives. Enabling guidelines were introduced in 2009. These were limited to the private sector, and excluded doctors working in the public sector at both Commonwealth and state and territory levels. Privacy legislation was amended in March 2014, and new Australian Privacy Principles, which replace the National Privacy Principles and Information Privacy Principles, now cover the collection and use of personal information. The Privacy Act and the Australian Privacy Principles now extend to practitioners employed by the Commonwealth but not to health practitioners working in state and territory public hospitals. In this article, I review these legislative developments and highlight the implications of the lack of uniformity and the consequent need for a collaborative, uniform approach by states and territories.

Privacy policies

NARCIS (Netherlands)

Dekker, M.A.C.; Etalle, S.; Hartog, den J.I.; Petkovic, M.; Jonker, W.

2007-01-01

Privacy is a prime concern in today’s information society. To protect the privacy of individuals, enterprises must follow certain privacy practices while collecting or processing personal data. In this chapter we look at the setting where an enterprise collects private data on its website, processes

Walled Gardens: Privacy within Public Leisure Space Online and Offline

NARCIS (Netherlands)

P.A. Arora (Payal)

2012-01-01

textabstractAbstract Social network sites are the new urban parks where people congregate, socialize and exercise leisure. Its web architectures however are being walled in, dictated by market systems and State ideologies. These cyber-enclosures are justified along the lines of privacy that garners

Fourier Magnitude-Based Privacy-Preserving Clustering on Time-Series Data

Science.gov (United States)

Kim, Hea-Suk; Moon, Yang-Sae

Privacy-preserving clustering (PPC in short) is important in publishing sensitive time-series data. Previous PPC solutions, however, have a problem of not preserving distance orders or incurring privacy breach. To solve this problem, we propose a new PPC approach that exploits Fourier magnitudes of time-series. Our magnitude-based method does not cause privacy breach even though its techniques or related parameters are publicly revealed. Using magnitudes only, however, incurs the distance order problem, and we thus present magnitude selection strategies to preserve as many Euclidean distance orders as possible. Through extensive experiments, we showcase the superiority of our magnitude-based approach.

Opening More Data : A New Privacy Risk Scoring Model for Open Data

NARCIS (Netherlands)

Ali-Eldin, A.M.T.; Zuiderwijk-van Eijk, AMG; Janssen, M.F.W.H.A.

2017-01-01

While the opening of data has become a common practice for both governments and companies, many datasets
are still not published since they might violate privacy regulations. The risk on privacy violations is a factor
that often blocks the publication of data and results in a reserved

Privacy as Fundamental right:The Case of Indian AAdhar

DEFF Research Database (Denmark)

Khajuria, Samant; Skouby, Knud Erik; Sørensen, Lene Tolstrup

In August 2017; unanimous judgment by the Supreme Court of India (SCI) i was a resounding victory for privacy. The ruling was the outcome of a petition challenging the constitutional validity of the Indian biometric identity scheme Aadhaar. The one-page order signed by all nine judges declares....... “The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.” Privacy is a key concerns today in the emerging digital market of India. The vision of Digital Indian can only......-mining tool. Looking into EU General Data Protection Regulation (GDPR), where the main goal of the regulation is to build and/or increase trust in the EU citizens in using digital services. Similarly, a clear well defined privacy regulations needs to be in place in India with heavy fines failing to comply....

76 FR 64115 - Privacy Act of 1974; Privacy Act System of Records

Science.gov (United States)

2011-10-17

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-092)] Privacy Act of 1974; Privacy Act... retirement of one Privacy Act system of records notice. SUMMARY: In accordance with the Privacy Act of 1974, NASA is giving notice that it proposes to cancel the following Privacy Act system of records notice...

Virtual-optical information security system based on public key infrastructure

Science.gov (United States)

Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben

2005-01-01

A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.

Towards Public Key Encryption Scheme Supporting Equality Test with Fine-Grained Authorization

NARCIS (Netherlands)

Tang, Qiang

2011-01-01

In this paper we investigate a new category of public key encryption schemes which supports equality test between ciphertexts. With this new primitive, two users, who possess their own public/private key pairs, can issue token(s) to a proxy to authorize it to perform equality test between their

Privacy og selvbeskrivelse

DEFF Research Database (Denmark)

Rosengaard, Hans Ulrik

2015-01-01

En beskrivelse af feltet for forskning i Privacy med særligt henblik på privacys betydning for muligheden for at styre sin egen selvbeskrivelse......En beskrivelse af feltet for forskning i Privacy med særligt henblik på privacys betydning for muligheden for at styre sin egen selvbeskrivelse...

Couldn't or wouldn't? The influence of privacy concerns and self-efficacy in privacy management on privacy protection.

Science.gov (United States)

Chen, Hsuan-Ting; Chen, Wenghong

2015-01-01

Sampling 515 college students, this study investigates how privacy protection, including profile visibility, self-disclosure, and friending, are influenced by privacy concerns and efficacy regarding one's own ability to manage privacy settings, a factor that researchers have yet to give a great deal of attention to in the context of social networking sites (SNSs). The results of this study indicate an inconsistency in adopting strategies to protect privacy, a disconnect from limiting profile visibility and friending to self-disclosure. More specifically, privacy concerns lead SNS users to limit their profile visibility and discourage them from expanding their network. However, they do not constrain self-disclosure. Similarly, while self-efficacy in privacy management encourages SNS users to limit their profile visibility, it facilitates self-disclosure. This suggests that if users are limiting their profile visibility and constraining their friending behaviors, it does not necessarily mean they will reduce self-disclosure on SNSs because these behaviors are predicted by different factors. In addition, the study finds an interaction effect between privacy concerns and self-efficacy in privacy management on friending. It points to the potential problem of increased risk-taking behaviors resulting from high self-efficacy in privacy management and low privacy concerns.

Libraries Protecting Privacy on Social Media: Sharing without "Oversharing"

Directory of Open Access Journals (Sweden)

Kelley Cotter

2016-11-01

Full Text Available Libraries have increasingly adopted social media as an integral means of connecting with their users. However, social media presents many potential concerns regarding library patron privacy. This article presents the findings from a study of how librarians and library staff perceive and handle issues of patron privacy related to social media marketing in libraries. The study reports the results from a mixed-methods online survey, which used a nonprobability self-selection sampling method to collect responses from individuals employed by libraries, without restrictions on position or library type. Nearly three-quarters of respondents reported working in libraries that have either an official or unofficial social media policy. Approximately 53% of those policies mention patron privacy. The findings suggest that many respondents’ views and practices are influenced by the perception of the library’s physical space and social media presence as public places. The findings also suggest a lack of consensus regarding the extent of the library’s obligation to protect patron privacy on library social media sites and what would constitute a violation of privacy.

Privacy, professionalism and Facebook: a dilemma for young doctors.

Science.gov (United States)

MacDonald, Joanna; Sohn, Sangsu; Ellis, Pete

2010-08-01

This study aimed to examine the nature and extent of use of the social networking service Facebook by young medical graduates, and their utilisation of privacy options. We carried out a cross-sectional survey of the use of Facebook by recent medical graduates, accessing material potentially available to a wider public. Data were then categorised and analysed. Survey subjects were 338 doctors who had graduated from the University of Otago in 2006 and 2007 and were registered with the Medical Council of New Zealand. Main outcome measures were Facebook membership, utilisation of privacy options, and the nature and extent of the material revealed. A total of 220 (65%) graduates had Facebook accounts; 138 (63%) of these had activated their privacy options, restricting their information to 'Friends'. Of the remaining 82 accounts that were more publicly available, 30 (37%) revealed users' sexual orientation, 13 (16%) revealed their religious views, 35 (43%) indicated their relationship status, 38 (46%) showed photographs of the users drinking alcohol, eight (10%) showed images of the users intoxicated and 37 (45%) showed photographs of the users engaged in healthy behaviours. A total of 54 (66%) members had used their accounts within the last week, indicating active use. Young doctors are active members of Facebook. A quarter of the doctors in our survey sample did not use the privacy options, rendering the information they revealed readily available to a wider public. This information, although it included some healthy behaviours, also revealed personal information that might cause distress to patients or alter the professional boundary between patient and practitioner, as well as information that could bring the profession into disrepute (e.g. belonging to groups like 'Perverts united'). Educators and regulators need to consider how best to advise students and doctors on societal changes in the concepts of what is public and what is private.

The privacy coach: Supporting customer privacy in the internet of things

NARCIS (Netherlands)

Broenink, E.G.; Hoepman, J.H.; Hof, C. van 't; Kranenburg, R. van; Smits, D.; Wisman, T.

2010-01-01

The Privacy Coach is an application running on a mobile phone that supports customers in making privacy decisions when confronted with RFID tags. The approach we take to increase customer privacy is a radical departure from the mainstream research efforts that focus on implementing privacy enhancing

Semantic Security: Privacy Definitions Revisited

OpenAIRE

Jinfei Liu; Li Xiong; Jun Luo

2013-01-01

In this paper we illustrate a privacy framework named Indistinguishabley Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party computation. We introduce three representative privacy notions in the literature, Bayes-optimal privacy for privacy preserving data publishing, differential privacy for statistical data release, and privacy w.r.t. semi-honest behavior in the secure...

75 FR 7648 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Veterans Affairs...

Science.gov (United States)

2010-02-22

... Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503), amended the Privacy... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2010-0006] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Department of Veterans Affairs/Veterans Benefits Administration (VA/ VBA...

78 FR 43258 - Privacy Act; System of Records: Human Resources Records, State-31

Science.gov (United States)

2013-07-19

... DEPARTMENT OF STATE [Public Notice 8384] Privacy Act; System of Records: Human Resources Records... system of records, Human Resources Records, State- 31, pursuant to the provisions of the Privacy Act of... State proposes that the current system will retain the name ``Human Resources Records'' (previously...

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Science.gov (United States)

2010-10-01

... 42 Public Health 2 2010-10-01 2010-10-01 false HIPAA privacy, security, administrative data... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security, administrative data standards, and national identifiers. (a) HIPAA covered entities. An endorsed sponsor is a...

Privacy in the Internet: Myth or reality

Directory of Open Access Journals (Sweden)

Mikarić Bratislav

2016-01-01

Full Text Available The present time, unthinkable without using Internet - from e-mail, through social networks, cloud services, GPS, to YouTube and mobile computing in business, as well as on a private level, poses a question: Is there a way to protect data and their privacy on the Internet? What are the ways to control what personal information we will publicly share with others and is there a safe way to protect privacy on the world's global computer network? The paper gives an overview of the situation in the field, as well as tips for achieving the desired level of data protection.

Tales from the dark side: Privacy dark strategies and privacy dark patterns

DEFF Research Database (Denmark)

Bösch, Christoph; Erb, Benjamin; Kargl, Frank

2016-01-01

Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue...... that understanding the “dark side”, namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from...... a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from...

An examination of electronic health information privacy in older adults.

Science.gov (United States)

Le, Thai; Thompson, Hilaire; Demiris, George

2013-01-01

Older adults are the quickest growing demographic group and are key consumers of health services. As the United States health system transitions to electronic health records, it is important to understand older adult perceptions of privacy and security. We performed a secondary analysis of the Health Information National Trends Survey (2012, Cycle 1), to examine differences in perceptions of electronic health information privacy between older adults and the general population. We found differences in the level of importance placed on access to electronic health information (older adults placed greater emphasis on provider as opposed to personal access) and tendency to withhold information out of concerns for privacy and security (older adults were less likely to withhold information). We provide recommendations to alleviate some of these privacy concerns. This may facilitate greater use of electronic health communication between patient and provider, while promoting shared decision making.

Large-scale Health Information Database and Privacy Protection*1

Science.gov (United States)

YAMAMOTO, Ryuichi

2016-01-01

Japan was once progressive in the digitalization of healthcare fields but unfortunately has fallen behind in terms of the secondary use of data for public interest. There has recently been a trend to establish large-scale health databases in the nation, and a conflict between data use for public interest and privacy protection has surfaced as this trend has progressed. Databases for health insurance claims or for specific health checkups and guidance services were created according to the law that aims to ensure healthcare for the elderly; however, there is no mention in the act about using these databases for public interest in general. Thus, an initiative for such use must proceed carefully and attentively. The PMDA*2 projects that collect a large amount of medical record information from large hospitals and the health database development project that the Ministry of Health, Labour and Welfare (MHLW) is working on will soon begin to operate according to a general consensus; however, the validity of this consensus can be questioned if issues of anonymity arise. The likelihood that researchers conducting a study for public interest would intentionally invade the privacy of their subjects is slim. However, patients could develop a sense of distrust about their data being used since legal requirements are ambiguous. Nevertheless, without using patients’ medical records for public interest, progress in medicine will grind to a halt. Proper legislation that is clear for both researchers and patients will therefore be highly desirable. A revision of the Act on the Protection of Personal Information is currently in progress. In reality, however, privacy is not something that laws alone can protect; it will also require guidelines and self-discipline. We now live in an information capitalization age. I will introduce the trends in legal reform regarding healthcare information and discuss some basics to help people properly face the issue of health big data and privacy

Error-correcting pairs for a public-key cryptosystem

International Nuclear Information System (INIS)

Pellikaan, Ruud; Márquez-Corbella, Irene

2017-01-01

Code-based Cryptography (CBC) is a powerful and promising alternative for quantum resistant cryptography. Indeed, together with lattice-based cryptography, multivariate cryptography and hash-based cryptography are the principal available techniques for post-quantum cryptography. CBC was first introduced by McEliece where he designed one of the most efficient Public-Key encryption schemes with exceptionally strong security guarantees and other desirable properties that still resist to attacks based on Quantum Fourier Transform and Amplitude Amplification. The original proposal, which remains unbroken, was based on binary Goppa codes. Later, several families of codes have been proposed in order to reduce the key size. Some of these alternatives have already been broken. One of the main requirements of a code-based cryptosystem is having high performance t -bounded decoding algorithms which is achieved in the case the code has a t -error-correcting pair (ECP). Indeed, those McEliece schemes that use GRS codes, BCH, Goppa and algebraic geometry codes are in fact using an error-correcting pair as a secret key. That is, the security of these Public-Key Cryptosystems is not only based on the inherent intractability of bounded distance decoding but also on the assumption that it is difficult to retrieve efficiently an error-correcting pair. In this paper, the class of codes with a t -ECP is proposed for the McEliece cryptosystem. Moreover, we study the hardness of distinguishing arbitrary codes from those having a t -error correcting pair. (paper)

Effective sharing of health records, maintaining privacy: a practical schema.

Science.gov (United States)

Neame, Roderick

2013-01-01

A principal goal of computerisation of medical records is to join up care services for patients, so that their records can follow them wherever they go and thereby reduce delays, duplications, risks and errors, and costs. Healthcare records are increasingly being stored electronically, which has created the necessary conditions for them to be readily sharable. However simply driving the implementation of electronic medical records is not sufficient, as recent developments have demonstrated (1): there remain significant obstacles. The three main obstacles relate to (a) record accessibility (knowing where event records are and being able to access them), (b) maintaining privacy (ensuring that only those authorised by the patient can access and extract meaning from the records) and (c) assuring the functionality of the shared information (ensuring that the records can be shared non-proprietorially across platforms without loss of meaning, and that their authenticity and trustworthiness are demonstrable). These constitute a set of issues that need new thinking, since existing systems are struggling to deliver them. The solution to this puzzle lies in three main parts. Clearly there is only one environment suited to such widespread sharing, which is the World Wide Web, so this is the communications basis. Part one requires that a sharable synoptic record is created for each care event and stored in standard web-format and in readily accessible locations, on 'the web' or in 'the cloud'. To maintain privacy these publicly-accessible records must be suitably protected either stripped of identifiers (names, addresses, dates, places etc.) and/or encrypted: either way the record must be tagged with a tag that means nothing to anyone, but serves to identify and authenticate a specific record when retrieved. For ease of retrieval patients must hold an index of care events, records and web locations (plus any associated information for each such as encryption keys, context etc

Child privacy rights: A ‘Cinderella’ issue in HIV-prevention research

Directory of Open Access Journals (Sweden)

Ann Elaine Strode

2013-09-01

Full Text Available Legal debates regarding child participation in HIV research have tended to focus on issues of informed consent. However, much less attention has been given to privacy; accordingly, we classify this as a ‘Cinderella issue’ that has been excluded from ‘the ball’ (academic debate. Here we argue that privacy issues are as important as consent issues in HIV-prevention research. We describe a child’s right to privacy regarding certain health interventions in South African law, and identify four key norms that flow from the law and that could be applied to HIV-prevention research: (i children cannot have an expectation of privacy regarding research participation if they have not given independent consent to the study; (ii children may have an expectation of privacy regarding certain components of the study, such as HIV testing, if they consent independently to such services; (iii children’s rights to privacy in health research are limited by mandatory reporting obligations; (iv children’s rights to privacy in HIV-prevention research may be justifiably limited by the concept of the best interests of the child. We conclude with guidelines for researchers on how to implement these principles in HIV-related research studies.

Effective evaluation of privacy protection techniques in visible and thermal imagery

Science.gov (United States)

Nawaz, Tahir; Berg, Amanda; Ferryman, James; Ahlberg, Jörgen; Felsberg, Michael

2017-09-01

Privacy protection may be defined as replacing the original content in an image region with a (less intrusive) content having modified target appearance information to make it less recognizable by applying a privacy protection technique. Indeed, the development of privacy protection techniques also needs to be complemented with an established objective evaluation method to facilitate their assessment and comparison. Generally, existing evaluation methods rely on the use of subjective judgments or assume a specific target type in image data and use target detection and recognition accuracies to assess privacy protection. An annotation-free evaluation method that is neither subjective nor assumes a specific target type is proposed. It assesses two key aspects of privacy protection: "protection" and "utility." Protection is quantified as an appearance similarity, and utility is measured as a structural similarity between original and privacy-protected image regions. We performed an extensive experimentation using six challenging datasets (having 12 video sequences), including a new dataset (having six sequences) that contains visible and thermal imagery. The new dataset is made available online for the community. We demonstrate effectiveness of the proposed method by evaluating six image-based privacy protection techniques and also show comparisons of the proposed method over existing methods.

Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study.

Science.gov (United States)

Papoutsi, Chrysanthi; Reed, Julie E; Marston, Cicely; Lewis, Ruth; Majeed, Azeem; Bell, Derek

2015-10-14

Although policy discourses frame integrated Electronic Health Records (EHRs) as essential for contemporary healthcare systems, increased information sharing often raises concerns among patients and the public. This paper examines patient and public views about the security and privacy of EHRs used for health provision, research and policy in the UK. Sequential mixed methods study with a cross-sectional survey (in 2011) followed by focus group discussions (in 2012-2013). Survey participants (N = 5331) were recruited from primary and secondary care settings in West London (UK). Complete data for 2761 (51.8 %) participants were included in the final analysis for this paper. The survey results were discussed in 13 focus groups with people living with a range of different health conditions, and in 4 mixed focus groups with patients, health professionals and researchers (total N = 120). Qualitative data were analysed thematically. In the survey, 79 % of participants reported that they would worry about the security of their record if this was part of a national EHR system and 71 % thought the National Health Service (NHS) was unable to guarantee EHR safety at the time this work was carried out. Almost half (47 %) responded that EHRs would be less secure compared with the way their health record was held at the time of the survey. Of those who reported being worried about EHR security, many would nevertheless support their development (55 %), while 12 % would not support national EHRs and a sizeable proportion (33 %) were undecided. There were also variations by age, ethnicity and education. In focus group discussions participants weighed up perceived benefits against potential security and privacy threats from wider sharing of information, as well as discussing other perceived risks: commercial exploitation, lack of accountability, data inaccuracies, prejudice and inequalities in health provision. Patient and public worries about the security risks associated

78 FR 46686 - Privacy Act of 1974; Treasury/United States Mint .013-United States Mint National Electronic...

Science.gov (United States)

2013-08-01

... available publicly. FOR FURTHER INFORMATION CONTACT: For general questions and privacy issues, please... DEPARTMENT OF THE TREASURY Privacy Act of 1974; Treasury/United States Mint .013--United States... Privacy Act of 1974, as amended, 5 U.S.C. 552a, the Department of the Treasury (``Treasury'') and the...

Low-Power Public Key Cryptography

Energy Technology Data Exchange (ETDEWEB)

BEAVER,CHERYL L.; DRAELOS,TIMOTHY J.; HAMILTON,VICTORIA A.; SCHROEPPEL,RICHARD C.; GONZALES,RITA A.; MILLER,RUSSELL D.; THOMAS,EDWARD V.

2000-11-01

This report presents research on public key, digital signature algorithms for cryptographic authentication in low-powered, low-computation environments. We assessed algorithms for suitability based on their signature size, and computation and storage requirements. We evaluated a variety of general purpose and special purpose computing platforms to address issues such as memory, voltage requirements, and special functionality for low-powered applications. In addition, we examined custom design platforms. We found that a custom design offers the most flexibility and can be optimized for specific algorithms. Furthermore, the entire platform can exist on a single Application Specific Integrated Circuit (ASIC) or can be integrated with commercially available components to produce the desired computing platform.

Scalable privacy-preserving data sharing methodology for genome-wide association studies.

Science.gov (United States)

Yu, Fei; Fienberg, Stephen E; Slavković, Aleksandra B; Uhler, Caroline

2014-08-01

The protection of privacy of individual-level information in genome-wide association study (GWAS) databases has been a major concern of researchers following the publication of "an attack" on GWAS data by Homer et al. (2008). Traditional statistical methods for confidentiality and privacy protection of statistical databases do not scale well to deal with GWAS data, especially in terms of guarantees regarding protection from linkage to external information. The more recent concept of differential privacy, introduced by the cryptographic community, is an approach that provides a rigorous definition of privacy with meaningful privacy guarantees in the presence of arbitrary external information, although the guarantees may come at a serious price in terms of data utility. Building on such notions, Uhler et al. (2013) proposed new methods to release aggregate GWAS data without compromising an individual's privacy. We extend the methods developed in Uhler et al. (2013) for releasing differentially-private χ(2)-statistics by allowing for arbitrary number of cases and controls, and for releasing differentially-private allelic test statistics. We also provide a new interpretation by assuming the controls' data are known, which is a realistic assumption because some GWAS use publicly available data as controls. We assess the performance of the proposed methods through a risk-utility analysis on a real data set consisting of DNA samples collected by the Wellcome Trust Case Control Consortium and compare the methods with the differentially-private release mechanism proposed by Johnson and Shmatikov (2013). Copyright © 2014 Elsevier Inc. All rights reserved.

Video Surveillance: Privacy Issues and Legal Compliance

DEFF Research Database (Denmark)

Mahmood Rajpoot, Qasim; Jensen, Christian D.

2015-01-01

Pervasive usage of video surveillance is rapidly increasing in developed countries. Continuous security threats to public safety demand use of such systems. Contemporary video surveillance systems offer advanced functionalities which threaten the privacy of those recorded in the video. There is a...

The social life of genes: privacy, property and the new genetics.

Science.gov (United States)

Everett, Margaret

2003-01-01

With the advent of the Human Genome Project and widespread fears over human cloning and medical privacy, a number of states have moved to protect genetic privacy. Oregon's unique Genetic Privacy Act of 1995, which declared that an individual had property rights to their DNA, has provoked national and international interest and controversy. This paper critically reviews the literature on genetic privacy and gene patenting from law, philosophy, science and anthropology. The debate in Oregon, from 1995 to 2001, illustrates many of the key issues in this emerging area. Both sides of the debate invoke the property metaphor, reinforcing deterministic assumptions and avoiding more fundamental questions about the integrity of the body and self-identity. The anthropological critique of the commodification of the body, and the concept of 'embodiment' are useful in analyzing the debate over DNA as property.

Managing security and privacy concerns over data storage in healthcare research.

Science.gov (United States)

Mackenzie, Isla S; Mantay, Brian J; McDonnell, Patrick G; Wei, Li; MacDonald, Thomas M

2011-08-01

Issues surrounding data security and privacy are of great importance when handling sensitive health-related data for research. The emphasis in the past has been on balancing the risks to individuals with the benefit to society of the use of databases for research. However, a new way of looking at such issues is that by optimising procedures and policies regarding security and privacy of data to the extent that there is no appreciable risk to the privacy of individuals, we can create a 'win-win' situation in which everyone benefits, and pharmacoepidemiological research can flourish with public support. We discuss holistic measures, involving both information technology and people, taken to improve the security and privacy of data storage. After an internal review, we commissioned an external audit by an independent consultant with a view to optimising our data storage and handling procedures. Improvements to our policies and procedures were implemented as a result of the audit. By optimising our storage of data, we hope to inspire public confidence and hence cooperation with the use of health care data in research. Copyright © 2011 John Wiley & Sons, Ltd.

75 FR 81205 - Privacy Act: Revision of Privacy Act Systems of Records

Science.gov (United States)

2010-12-27

... DEPARTMENT OF AGRICULTURE Office of the Secretary Privacy Act: Revision of Privacy Act Systems of Records AGENCY: Office of the Secretary, USDA. ACTION: Notice to Revise Privacy Act Systems of Records... two Privacy Act Systems of Records entitled ``Information on Persons Disqualified from the...

Disclosure 'downunder': misadventures in Australian genetic privacy law.

Science.gov (United States)

Bonython, Wendy; Arnold, Bruce

2014-03-01

Along with many jurisdictions, Australia is struggling with the unique issues raised by genetic information in the context of privacy laws and medical ethics. Although the consequences of disclosure of most private information are generally confined to individuals, disclosure of genetic information has far-reaching consequences, with a credible argument that genetic relatives have a right to know about potential medical conditions. In 2006, the Privacy Act was amended to permit disclosure of an individual's genetic information, without their consent, to genetic relatives, if it was to avoid or mitigate serious illness. Unfortunately, additional amendments required for operation of the disclosure amendment were overlooked. Public Interest Determinations (PIDs)-delegated legislation issued by the privacy commissioner-have, instead, been used to exempt healthcare providers from provisions which would otherwise make disclosure unlawful. This paper critiques the PIDs using documents obtained under the Freedom of Information Act-specifically the impact of both the PIDs and the disclosure amendment on patients and relatives-and confidentiality and the procedural validity of subordinate laws regulating medical privacy.

Unbelievable security : Matching AES using public key systems

NARCIS (Netherlands)

Lenstra, A.K.; Boyd, C.

2001-01-01

The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits. Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols. For the latter both traditional multiplicative groups of finite

Privacy-Preserving k-Means Clustering under Multiowner Setting in Distributed Cloud Environments

Directory of Open Access Journals (Sweden)

Hong Rong

2017-01-01

Full Text Available With the advent of big data era, clients who lack computational and storage resources tend to outsource data mining tasks to cloud service providers in order to improve efficiency and reduce costs. It is also increasingly common for clients to perform collaborative mining to maximize profits. However, due to the rise of privacy leakage issues, the data contributed by clients should be encrypted using their own keys. This paper focuses on privacy-preserving k-means clustering over the joint datasets encrypted under multiple keys. Unfortunately, existing outsourcing k-means protocols are impractical because not only are they restricted to a single key setting, but also they are inefficient and nonscalable for distributed cloud computing. To address these issues, we propose a set of privacy-preserving building blocks and outsourced k-means clustering protocol under Spark framework. Theoretical analysis shows that our scheme protects the confidentiality of the joint database and mining results, as well as access patterns under the standard semihonest model with relatively small computational overhead. Experimental evaluations on real datasets also demonstrate its efficiency improvements compared with existing approaches.

Public key cryptography from weaker assumptions

DEFF Research Database (Denmark)

Zottarel, Angela

This dissertation is focused on the construction of public key cryptographic primitives and on the relative security analysis in a meaningful theoretic model. This work takes two orthogonal directions. In the first part, we study cryptographic constructions preserving their security properties also...... in the case the adversary is granted access to partial information about the secret state of the primitive. To do so, we work in an extension of the standard black-box model, a new framework where possible leakage from the secret state is taken into account. In particular, we give the first construction...

Separable Reversible Data Hiding in Encrypted Signals with Public Key Cryptography

Directory of Open Access Journals (Sweden)

Wei-Liang Tai

2018-01-01

Full Text Available We propose separable reversible data hiding in an encrypted signal with public key cryptography. In our separable framework, the image owner encrypts the original image by using a public key. On receipt of the encrypted signal, the data-hider embeds data in it by using a data-hiding key. The image decryption and data extraction are independent and separable at the receiver side. Even though the receiver, who has only the data-hiding key, does not learn about the decrypted content, he can extract data from the received marked encrypted signal. However, the receiver who has only the private key cannot extract the embedded data, but he can directly decrypt the received marked encrypted signal to obtain the original image without any error. Compared with other schemes using a cipher stream to encrypt the image, the proposed scheme is more appropriate for cloud services without degrading the security level.

78 FR 40515 - Privacy Act of 1974; Privacy Act System of Records

Science.gov (United States)

2013-07-05

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice 13-071] Privacy Act of 1974; Privacy Act System of Records AGENCY: National Aeronautics and Space Administration (NASA). ACTION: Notice of Privacy Act system of records. SUMMARY: Each Federal agency is required by the Privacy Act of 1974 to publish...

Model-driven Privacy Assessment in the Smart Grid

Energy Technology Data Exchange (ETDEWEB)

Knirsch, Fabian [Salzburg Univ. (Austria); Engel, Dominik [Salzburg Univ. (Austria); Neureiter, Christian [Salzburg Univ. (Austria); Frincu, Marc [Univ. of Southern California, Los Angeles, CA (United States); Prasanna, Viktor [Univ. of Southern California, Los Angeles, CA (United States)

2015-02-09

In a smart grid, data and information are transported, transmitted, stored, and processed with various stakeholders having to cooperate effectively. Furthermore, personal data is the key to many smart grid applications and therefore privacy impacts have to be taken into account. For an effective smart grid, well integrated solutions are crucial and for achieving a high degree of customer acceptance, privacy should already be considered at design time of the system. To assist system engineers in early design phase, frameworks for the automated privacy evaluation of use cases are important. For evaluation, use cases for services and software architectures need to be formally captured in a standardized and commonly understood manner. In order to ensure this common understanding for all kinds of stakeholders, reference models have recently been developed. In this paper we present a model-driven approach for the automated assessment of such services and software architectures in the smart grid that builds on the standardized reference models. The focus of qualitative and quantitative evaluation is on privacy. For evaluation, the framework draws on use cases from the University of Southern California microgrid.

45 CFR 2508.8 - Who is responsible for establishing the Corporation's rules of conduct for Privacy Act compliance?

Science.gov (United States)

2010-10-01

... Corporation's rules of conduct for Privacy Act compliance? 2508.8 Section 2508.8 Public Welfare Regulations Relating to Public Welfare (Continued) CORPORATION FOR NATIONAL AND COMMUNITY SERVICE IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 2508.8 Who is responsible for establishing the Corporation's rules of conduct for...

Secret key rates in quantum key distribution using Renyi entropies

Energy Technology Data Exchange (ETDEWEB)

Abruzzo, Silvestre; Kampermann, Hermann; Mertz, Markus; Bratzik, Sylvia; Bruss, Dagmar [Institut fuer Theoretische Physik III, Heinrich-Heine-Universitaet Duesseldorf (Germany)

2010-07-01

The secret key rate r of a quantum key distribution protocol depends on the involved number of signals and the accepted ''failure probability''. We reconsider a method to calculate r focusing on the analysis of the privacy amplification given by R. Renner and R. Koenig (2005). This approach involves an optimization problem with an objective function depending on the Renyi entropy of the density operator describing the classical outcomes and the eavesdropper system. This problem is analyzed for a generic class of QKD protocols and the current research status is presented.

Privacy Preserving Association Rule Mining Revisited: Privacy Enhancement and Resources Efficiency

Science.gov (United States)

Mohaisen, Abedelaziz; Jho, Nam-Su; Hong, Dowon; Nyang, Daehun

Privacy preserving association rule mining algorithms have been designed for discovering the relations between variables in data while maintaining the data privacy. In this article we revise one of the recently introduced schemes for association rule mining using fake transactions (FS). In particular, our analysis shows that the FS scheme has exhaustive storage and high computation requirements for guaranteeing a reasonable level of privacy. We introduce a realistic definition of privacy that benefits from the average case privacy and motivates the study of a weakness in the structure of FS by fake transactions filtering. In order to overcome this problem, we improve the FS scheme by presenting a hybrid scheme that considers both privacy and resources as two concurrent guidelines. Analytical and empirical results show the efficiency and applicability of our proposed scheme.

Governing the internet in the privacy arena

Directory of Open Access Journals (Sweden)

Carsten Ochs

2016-09-01

Full Text Available The surveillance disclosures triggered by Snowden have fueled the public re-negotiation of privacy. To follow resulting controversies we present a methodology that links social worlds theory to approaches asking for the democratic governance character of issue-centred arenas. After having outlined this approach it is put to the test. We analyse and compare two cases: the Schengen/National Routing, and the Parliamentary Committee investigating the NSA surveillance disclosures. The analysis reveals two oscillating governance modes at work in the privacy arena; their interplay results in an obstruction. Based on this observation we finally provide a diagnosis of possible future arena trajectories.

Internet and Privacy

OpenAIRE

Al-Fadhli, Meshal Shehab

2007-01-01

The concept of privacy is hard to understand and is not easy to define, because this concept is linked with several dimensions. Internet Privacy is associated with the use of the Internet and most likely appointed under communications privacy, involving the user of the Internet’s personal information and activities, and the disclosure of them online. This essay is going to present the meaning of privacy and the implications of it for Internet users. Also, this essay will demonstrate some of t...

IPO 2.0: The Panopticon Goes Public

Directory of Open Access Journals (Sweden)

Greg Elmer

2013-11-01

Full Text Available To suggest that privacy is dead is not to revel in or encourage its demise, nor even to claim that it is not a desirable outcome, right, or valued policy. Rather, what this paper suggests is that in certain circumstances (increasingly on social media platforms the privacy of users now stands in direct opposition to the stated goals and logic of the technology in question. One need not give up certain goals of privacy to recognize that business models of online companies like Facebook and Google are now entirely predicated upon the act of going public--there would be no Google search engine or Facebook social networking platform without the content, information, and demographic profiles uploaded, revised, updated, and shared by billions of users worldwide. This paper then offers some initial thoughts on a theory of publicity, of going public in the social media age. If social media platforms are governed by ubiquitous surveillance and continuous uploading and sharing of personal information, opinions, habits, and routines, then privacy would seem only to be a hindrance to these processes. To ignore such clear mission statements, coupled with repetitive attempts to undermine, display, and obfuscate so-called privacy settings, would seem disingenuous at best, and willfully blind at worst. These online platforms profit from publicity and suffer from stringent privacy protocols--their whole raison d’être is to learn as much as possible about users in order to aggregate and then sell such profiled and clustered information to advertisers and marketers. Can we really conclude that such businesses violate users’ privacy when their platforms are in the first and last instance wired for ubiquitous publicity? Or more to the point, do privacy-based perspectives provide an adequate framework for understanding users’ relationships with social media platforms and their parent companies?

45 CFR 2508.19 - What Privacy Act exemptions or control of systems of records are exempt from disclosure?

Science.gov (United States)

2010-10-01

... 45 Public Welfare 4 2010-10-01 2010-10-01 false What Privacy Act exemptions or control of systems of records are exempt from disclosure? 2508.19 Section 2508.19 Public Welfare Regulations Relating to... ACT OF 1974 § 2508.19 What Privacy Act exemptions or control of systems of records are exempt from...

Anonymous Search Histories Featuring Personalized Advertisement - Balancing Privacy with Economic Interests

OpenAIRE

Thorben Burghardt; Klemens Bohm; Achim Guttmann; Chris Clifton

2011-01-01

Search engines are key to finding information on the web. Search presently is free for users financed by targeted advertisement. Today, the current search terms determine the ad placement. In the near future, search-engine providers will make use of detailed user profiles for better ad placement. This puts user privacy at risk. Anonymizing search histories, which is a solution in principle, gives way to a trade-off between privacy and the usability of the data for ad placement. This paper stu...

A Quantum Private Query Protocol for Enhancing both User and Database Privacy

Science.gov (United States)

Zhou, Yi-Hua; Bai, Xue-Wei; Li, Lei-Lei; Shi, Wei-Min; Yang, Yu-Guang

2018-01-01

In order to protect the privacy of query user and database, some QKD-based quantum private query (QPQ) protocols were proposed. Unfortunately some of them cannot resist internal attack from database perfectly; some others can ensure better user privacy but require a reduction of database privacy. In this paper, a novel two-way QPQ protocol is proposed to ensure the privacy of both sides of communication. In our protocol, user makes initial quantum states and derives the key bit by comparing initial quantum state and outcome state returned from database by ctrl or shift mode instead of announcing two non-orthogonal qubits as others which may leak part secret information. In this way, not only the privacy of database be ensured but also user privacy is strengthened. Furthermore, our protocol can also realize the security of loss-tolerance, cheat-sensitive, and resisting JM attack etc. Supported by National Natural Science Foundation of China under Grant Nos. U1636106, 61572053, 61472048, 61602019, 61502016; Beijing Natural Science Foundation under Grant Nos. 4152038, 4162005; Basic Research Fund of Beijing University of Technology (No. X4007999201501); The Scientific Research Common Program of Beijing Municipal Commission of Education under Grant No. KM201510005016

A Survey of Key Technology of Network Public Opinion Analysis

Directory of Open Access Journals (Sweden)

Li Su Ying

2016-01-01

Full Text Available The internet has become an important base for internet users to make comments because of its interactivity and fast dissemination. The outbreak of internet public opinion has become a major risk for network information security. Domestic and foreign researchers had carried out extensive and in-depth study on public opinion. Fruitful results have achieved in the basic theory research and emergency handling and other aspects of public opinion. But research on the public opinion in China is still in the initial stage, the key technology of the public opinion analysis is still as a starting point for in-depth study and discussion.

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

Science.gov (United States)

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Corporate Privacy Policy Changes during PRISM and the Rise of Surveillance Capitalism

Directory of Open Access Journals (Sweden)

Priya Kumar

2017-03-01

Full Text Available Disclosure of the NSA’s PRISM program demonstrated that Internet companies have become prime targets of government surveillance. But what role do companies themselves play in putting users’ privacy at risk? By comparing the changes in the privacy policies of ten companies—the nine in PRISM plus Twitter—I seek to understand how users’ privacy shifted. Specifically, I study how company practices surrounding the life cycle of user information (e.g. collection, use, sharing, and retention shifted between the times when companies joined PRISM and when PRISM news broke. A qualitative analysis of the changes in the privacy policies suggests that company disclosure of tracking for advertising purposes increased. I draw on business scholar Shoshana Zuboff’s conceptualization of “surveillance capitalism” and legal scholar Joel Reidenberg’s “transparent citizen” to explain the implications such changes hold for users’ privacy. These findings underscore why public debates about post-Snowden privacy rights cannot ignore the role that companies play in legitimizing surveillance activities under the auspices of creating market value.

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Science.gov (United States)

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 Public Law (Pub. L.) 100-503...

Slumdog romance: Facebook love and digital privacy at the margins

Science.gov (United States)

Arora, Payal; Scheiber, Laura

2017-01-01

Facebook has consolidated its position as the one-stop-shop for social activity among the poor in the global South. Sex, romance, and love are key motivations for mobile and Internet technology usage among this demographic, much like the West. Digital romance is a critical context through which we gain fresh perspectives on Internet governance for an emerging digital and globalizing public. Revenge porn, slut-shaming, and Internet romance scams are a common and growing malady worldwide. Focusing on how it manifests in diverse digital cultures will aid in the shaping of new Internet laws for a more inclusive cross-cultural public. In specific, this article examines how low-income youth in two of the BRICS (Brazil, Russia, India, China and South Africa) nations – Brazil and India – exercise and express their notions on digital privacy, surveillance, and trust through the lens of romance. This allows for a more thorough investigation of the relationship between sexuality, morality, and governance within the larger Facebook ecology. As Facebook becomes the dominant virtual public sphere for the world’s poor, we are compelled to ask whether inclusivity of the digital users comes at the price of diversity of digital platforms.

Slumdog romance: Facebook love and digital privacy at the margins.

Science.gov (United States)

Arora, Payal; Scheiber, Laura

2017-04-01

Facebook has consolidated its position as the one-stop-shop for social activity among the poor in the global South. Sex, romance, and love are key motivations for mobile and Internet technology usage among this demographic, much like the West. Digital romance is a critical context through which we gain fresh perspectives on Internet governance for an emerging digital and globalizing public. Revenge porn, slut-shaming, and Internet romance scams are a common and growing malady worldwide. Focusing on how it manifests in diverse digital cultures will aid in the shaping of new Internet laws for a more inclusive cross-cultural public. In specific, this article examines how low-income youth in two of the BRICS (Brazil, Russia, India, China and South Africa) nations - Brazil and India - exercise and express their notions on digital privacy, surveillance, and trust through the lens of romance. This allows for a more thorough investigation of the relationship between sexuality, morality, and governance within the larger Facebook ecology. As Facebook becomes the dominant virtual public sphere for the world's poor, we are compelled to ask whether inclusivity of the digital users comes at the price of diversity of digital platforms.

76 FR 64112 - Privacy Act of 1974; Privacy Act System of Records Appendices

Science.gov (United States)

2011-10-17

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-091)] Privacy Act of 1974; Privacy Act...: Revisions of NASA Appendices to Privacy Act System of Records. SUMMARY: Notice is hereby given that NASA is... Privacy Act of 1974. This notice publishes those amendments as set forth below under the caption...

Public perceptions of key performance indicators of healthcare in Alberta, Canada.

Science.gov (United States)

Northcott, Herbert C; Harvey, Michael D

2012-06-01

To examine the relationship between public perceptions of key performance indicators assessing various aspects of the health-care system. Cross-sequential survey research. Annual telephone surveys of random samples of adult Albertans selected by random digit dialing and stratified according to age, sex and region (n = 4000 for each survey year). The survey questionnaires included single-item measures of key performance indicators to assess public perceptions of availability, accessibility, quality, outcome and satisfaction with healthcare. Cronbach's α and factor analysis were used to assess the relationship between key performance indicators focusing on the health-care system overall and on a recent interaction with the health-care system. The province of Alberta, Canada during the years 1996-2004. Four thousand adults randomly selected each survey year. Survey questions measuring public perceptions of healthcare availability, accessibility, quality, outcome and satisfaction with healthcare. Factor analysis identified two principal components with key performance indicators focusing on the health system overall loading most strongly on the first component and key performance indicators focusing on the most recent health-care encounter loading most strongly on the second component. Assessments of the quality of care most recently received, accessibility of that care and perceived outcome of care tended to be higher than the more general assessments of overall health system quality and accessibility. Assessments of specific health-care encounters and more general assessments of the overall health-care system, while related, nevertheless comprise separate dimensions for health-care evaluation.

Genetic secrets: Protecting privacy and confidentiality in the genetic era

Energy Technology Data Exchange (ETDEWEB)

Rothstein, M.A. [ed.

1998-07-01

Few developments are likely to affect human beings more profoundly in the long run than the discoveries resulting from advances in modern genetics. Although the developments in genetic technology promise to provide many additional benefits, their application to genetic screening poses ethical, social, and legal questions, many of which are rooted in issues of privacy and confidentiality. The ethical, practical, and legal ramifications of these and related questions are explored in depth. The broad range of topics includes: the privacy and confidentiality of genetic information; the challenges to privacy and confidentiality that may be projected to result from the emerging genetic technologies; the role of informed consent in protecting the confidentiality of genetic information in the clinical setting; the potential uses of genetic information by third parties; the implications of changes in the health care delivery system for privacy and confidentiality; relevant national and international developments in public policies, professional standards, and laws; recommendations; and the identification of research needs.

Cyber security challenges in Smart Cities: Safety, security and privacy

Science.gov (United States)

Elmaghraby, Adel S.; Losavio, Michael M.

2014-01-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

Cyber security challenges in Smart Cities: Safety, security and privacy

Directory of Open Access Journals (Sweden)

Adel S. Elmaghraby

2014-07-01

Full Text Available The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

Cyber security challenges in Smart Cities: Safety, security and privacy.

Science.gov (United States)

Elmaghraby, Adel S; Losavio, Michael M

2014-07-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

Secret-key rates and privacy leakage in biometric systems

NARCIS (Netherlands)

Ignatenko, T.

2009-01-01

In this thesis both the generation of secret keys from biometric data and the binding of secret keys to biometric data are investigated. These secret keys can be used to regulate access to sensitive data, services, and environments. In a biometric secrecy system a secret key is generated or chosen

Privacy protectionism and health information: is there any redress for harms to health?

Science.gov (United States)

Allen, Judy; Holman, C D'arcy J; Meslin, Eric M; Stanley, Fiona

2013-12-01

Health information collected by governments can be a valuable resource for researchers seeking to improve diagnostics, treatments and public health outcomes. Responsible use requires close attention to privacy concerns and to the ethical acceptability of using personal health information without explicit consent. Less well appreciated are the legal and ethical issues that are implicated when privacy protection is extended to the point where the potential benefits to the public from research are lost. Balancing these issues is a delicate matter for data custodians. This article examines the legal, ethical and structural context in which data custodians make decisions about the release of data for research. It considers the impact of those decisions on individuals. While there is strong protection against risks to privacy and multiple avenues of redress, there is no redress where harms result from a failure to release data for research.

Randomization Based Privacy Preserving Categorical Data Analysis

Science.gov (United States)

Guo, Ling

2010-01-01

The success of data mining relies on the availability of high quality data. To ensure quality data mining, effective information sharing between organizations becomes a vital requirement in today's society. Since data mining often involves sensitive information of individuals, the public has expressed a deep concern about their privacy.…

Privacy at end of life in ICU: A review of the literature.

Science.gov (United States)

Timmins, Fiona; Parissopoulos, Stelios; Plakas, Sotirios; Naughton, Margaret T; de Vries, Jan Ma; Fouka, Georgia

2018-06-01

To explore the issues surrounding privacy during death in ICU. While the provision of ICU care is vital, the nature and effect of the potential lack of privacy during death and dying in ICUs have not been extensively explored. A literature search using CINAHL and Pubmed revealed articles related to privacy, death and dying in ICU. Keywords used in the search were "ICU," "Privacy," "Death" and "Dying." A combination of these terms using Boolean operators "or" or "and" revealed a total of 23 citations. Six papers were ultimately deemed suitable for inclusion in the review and were subjected to code analysis with Atlas.ti v8 QDA software. The analysis of the studies revealed eight themes, and this study presents the three key themes that were found to be recurring and strongly interconnected to the experience of privacy and death in ICU: "Privacy in ICU," "ICU environment" and "End-of-Life Care". Research has shown that patient and family privacy during the ICU hospitalisation and the provision of the circumstances that lead to an environment of privacy during and after death remains a significant challenge for ICU nurses. Family members have little or no privacy in shared room and cramped waiting rooms, while they wish to be better informed and involved in end-of-life decisions. Hence, death and dying for many patients takes place in open and/or shared spaces which is problematic in terms of both the level of privacy and respect that death ought to afford. It is best if end-of-life care in the ICU is planned and coordinated, where possible. Nurses need to become more self-reflective and aware in relation to end-of-life situations in ICU in order to develop privacy practices that are responsive to family and patient needs. © 2018 John Wiley & Sons Ltd.

Trajectory data privacy protection based on differential privacy mechanism

Science.gov (United States)

Gu, Ke; Yang, Lihao; Liu, Yongzhi; Liao, Niandong

2018-05-01

In this paper, we propose a trajectory data privacy protection scheme based on differential privacy mechanism. In the proposed scheme, the algorithm first selects the protected points from the user’s trajectory data; secondly, the algorithm forms the polygon according to the protected points and the adjacent and high frequent accessed points that are selected from the accessing point database, then the algorithm calculates the polygon centroids; finally, the noises are added to the polygon centroids by the differential privacy method, and the polygon centroids replace the protected points, and then the algorithm constructs and issues the new trajectory data. The experiments show that the running time of the proposed algorithms is fast, the privacy protection of the scheme is effective and the data usability of the scheme is higher.

Review of the model of technological pragmatism considering privacy and security

Directory of Open Access Journals (Sweden)

Kovačević-Lepojević Marina M.

2013-01-01

Full Text Available The model of technological pragmatism assumes awareness that technological development involves both benefits and dangers. Most modern security technologies represent citizens' mass surveillance tools, which can lead to compromising a significant amount of personal data due to the lack of institutional monitoring and control. On the other hand, people are interested in improving crime control and reducing the fear of potential victimization which this framework provides as a rational justification for the apparent loss of privacy, personal rights and freedoms. Citizens' perception on the categories of security and privacy, and their balancing, can provide the necessary guidelines to regulate the application of security technologies in the actual context. The aim of this paper is to analyze the attitudes of students at the University of Belgrade (N = 269 toward the application of security technology and identification of the key dimensions. On the basis of the relevant research the authors have formed assumptions about the following dimensions: security, privacy, trust in institutions and concern about the misuse of security technology. The Prise Questionnaire on Security Technology and Privacy was used for data collection. Factor analysis abstracted eight factors which together account for 58% of variance, with the highest loading of the four factors that are identified as security, privacy, trust and concern. The authors propose a model of technological pragmatism considering security and privacy. The data also showed that students are willing to change their privacy for the purpose of improving security and vice versa.

Privacy Preserving Similarity Based Text Retrieval through Blind Storage

Directory of Open Access Journals (Sweden)

Pinki Kumari

2016-09-01

Full Text Available Cloud computing is improving rapidly due to their more advantage and more data owners give interest to outsource their data into cloud storage for centralize their data. As huge files stored in the cloud storage, there is need to implement the keyword based search process to data user. At the same time to protect the privacy of data, encryption techniques are used for sensitive data, that encryption is done before outsourcing data to cloud server. But it is critical to search results in encryption data. In this system we propose similarity text retrieval from the blind storage blocks with encryption format. This system provides more security because of blind storage system. In blind storage system data is stored randomly on cloud storage.  In Existing Data Owner cannot encrypt the document data as it was done only at server end. Everyone can access the data as there was no private key concept applied to maintained privacy of the data. But In our proposed system, Data Owner can encrypt the data himself using RSA algorithm.  RSA is a public key-cryptosystem and it is widely used for sensitive data storage over Internet. In our system we use Text mining process for identifying the index files of user documents. Before encryption we also use NLP (Nature Language Processing technique to identify the keyword synonyms of data owner document. Here text mining process examines text word by word and collect literal meaning beyond the words group that composes the sentence. Those words are examined in API of word net so that only equivalent words can be identified for index file use. Our proposed system provides more secure and authorized way of recover the text in cloud storage with access control. Finally, our experimental result shows that our system is better than existing.

Practical Privacy Assessment

DEFF Research Database (Denmark)

Peen, Søren; Jansen, Thejs Willem; Jensen, Christian D.

2008-01-01

This chapter proposes a privacy assessment model called the Operational Privacy Assessment Model that includes organizational, operational and technical factors for the protection of personal data stored in an IT system. The factors can be evaluated in a simple scale so that not only the resulting...... graphical depiction can be easily created for an IT system, but graphical comparisons across multiple IT systems are also possible. Examples of factors presented in a Kiviat graph are also presented. This assessment tool may be used to standardize privacy assessment criteria, making it less painful...... for the management to assess privacy risks on their systems....

39 CFR 7.8 - Open meetings, Freedom of Information, and Privacy of Information.

Science.gov (United States)

2010-07-01

... 39 Postal Service 1 2010-07-01 2010-07-01 false Open meetings, Freedom of Information, and Privacy of Information. 7.8 Section 7.8 Postal Service UNITED STATES POSTAL SERVICE THE BOARD OF GOVERNORS OF THE U.S. POSTAL SERVICE PUBLIC OBSERVATION (ARTICLE VII) § 7.8 Open meetings, Freedom of Information, and Privacy of Information. The provisions o...

Information security system based on virtual-optics imaging methodology and public key infrastructure

Science.gov (United States)

Peng, Xiang; Zhang, Peng; Cai, Lilong

In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.

Data Placement for Privacy-Aware Applications over Big Data in Hybrid Clouds

Directory of Open Access Journals (Sweden)

Xiaolong Xu

2017-01-01

Full Text Available Nowadays, a large number of groups choose to deploy their applications to cloud platforms, especially for the big data era. Currently, the hybrid cloud is one of the most popular computing paradigms for holding the privacy-aware applications driven by the requirements of privacy protection and cost saving. However, it is still a challenge to realize data placement considering both the energy consumption in private cloud and the cost for renting the public cloud services. In view of this challenge, a cost and energy aware data placement method, named CEDP, for privacy-aware applications over big data in hybrid cloud is proposed. Technically, formalized analysis of cost, access time, and energy consumption is conducted in the hybrid cloud environment. Then a corresponding data placement method is designed to accomplish the cost saving for renting the public cloud services and energy savings for task execution within the private cloud platforms. Experimental evaluations validate the efficiency and effectiveness of our proposed method.

An Effective Grouping Method for Privacy-Preserving Bike Sharing Data Publishing

Directory of Open Access Journals (Sweden)

A S M Touhidul Hasan

2017-10-01

Full Text Available Bike sharing programs are eco-friendly transportation systems that are widespread in smart city environments. In this paper, we study the problem of privacy-preserving bike sharing microdata publishing. Bike sharing systems collect visiting information along with user identity and make it public by removing the user identity. Even after excluding user identification, the published bike sharing dataset will not be protected against privacy disclosure risks. An adversary may arrange published datasets based on bike’s visiting information to breach a user’s privacy. In this paper, we propose a grouping based anonymization method to protect published bike sharing dataset from linking attacks. The proposed Grouping method ensures that the published bike sharing microdata will be protected from disclosure risks. Experimental results show that our approach can protect user privacy in the released datasets from disclosure risks and can keep more data utility compared with existing methods.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

Science.gov (United States)

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

75 FR 50987 - Privacy Act System of Records; National Animal Health Laboratory Network (NAHLN)

Science.gov (United States)

2010-08-18

...The U.S. Department of Agriculture (USDA) proposes to add a new Privacy Act system of records to its inventory of records systems subject to the Privacy Act of 1974, as amended, and invites public comment on this new records system. The system of records being proposed is the National Animal Health Laboratory Network. This notice is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of record systems maintained by the agency. Although the Privacy Act requires only that the portion of the system that describes ``routine uses'' of the system be published for comment, USDA invites comment on all portions of this notice.

Key Performance Indicators of Public Universities Based on Quality Assessment Criteria in Thailand

Science.gov (United States)

Sukboonyasatit, Kritsana; Thanapaisarn, Chaiwit; Manmar, Lampang

2011-01-01

The research objective was to develop public universities' key performance indicators. Qualitative research and interviews were employed with each public university's senior executive and quality assessors. The sample group was selected by the office of the public sector development commission and Thailand's public universities can be separated…

Realizing IoT service's policy privacy over publish/subscribe-based middleware.

Science.gov (United States)

Duan, Li; Zhang, Yang; Chen, Shiping; Wang, Shiyao; Cheng, Bo; Chen, Junliang

2016-01-01

The publish/subscribe paradigm makes IoT service collaborations more scalable and flexible, due to the space, time and control decoupling of event producers and consumers. Thus, the paradigm can be used to establish large-scale IoT service communication infrastructures such as Supervisory Control and Data Acquisition systems. However, preserving IoT service's policy privacy is difficult in this paradigm, because a classical publisher has little control of its own event after being published; and a subscriber has to accept all the events from the subscribed event type with no choice. Few existing publish/subscribe middleware have built-in mechanisms to address the above issues. In this paper, we present a novel access control framework, which is capable of preserving IoT service's policy privacy. In particular, we adopt the publish/subscribe paradigm as the IoT service communication infrastructure to facilitate the protection of IoT services policy privacy. The key idea in our policy-privacy solution is using a two-layer cooperating method to match bi-directional privacy control requirements: (a) data layer for protecting IoT events; and (b) application layer for preserving the privacy of service policy. Furthermore, the anonymous-set-based principle is adopted to realize the functionalities of the framework, including policy embedding and policy encoding as well as policy matching. Our security analysis shows that the policy privacy framework is Chosen-Plaintext Attack secure. We extend the open source Apache ActiveMQ broker by building into a policy-based authorization mechanism to enforce the privacy policy. The performance evaluation results indicate that our approach is scalable with reasonable overheads.

Neuroethics and Brain Privacy

DEFF Research Database (Denmark)

Ryberg, Jesper

2017-01-01

An introduction is presented in which editor discusses various articles within the issue on topics including ethical challenges with importance of privacy for well-being, impact of brain-reading on mind privacy and neurotechnology.......An introduction is presented in which editor discusses various articles within the issue on topics including ethical challenges with importance of privacy for well-being, impact of brain-reading on mind privacy and neurotechnology....

Context-Aware Generative Adversarial Privacy

Directory of Open Access Journals (Sweden)

Chong Huang

2017-12-01

Full Text Available Preserving the utility of published datasets while simultaneously providing provable privacy guarantees is a well-known challenge. On the one hand, context-free privacy solutions, such as differential privacy, provide strong privacy guarantees, but often lead to a significant reduction in utility. On the other hand, context-aware privacy solutions, such as information theoretic privacy, achieve an improved privacy-utility tradeoff, but assume that the data holder has access to dataset statistics. We circumvent these limitations by introducing a novel context-aware privacy framework called generative adversarial privacy (GAP. GAP leverages recent advancements in generative adversarial networks (GANs to allow the data holder to learn privatization schemes from the dataset itself. Under GAP, learning the privacy mechanism is formulated as a constrained minimax game between two players: a privatizer that sanitizes the dataset in a way that limits the risk of inference attacks on the individuals’ private variables, and an adversary that tries to infer the private variables from the sanitized dataset. To evaluate GAP’s performance, we investigate two simple (yet canonical statistical dataset models: (a the binary data model; and (b the binary Gaussian mixture model. For both models, we derive game-theoretically optimal minimax privacy mechanisms, and show that the privacy mechanisms learned from data (in a generative adversarial fashion match the theoretically optimal ones. This demonstrates that our framework can be easily applied in practice, even in the absence of dataset statistics.

Context-Aware Generative Adversarial Privacy

Science.gov (United States)

Huang, Chong; Kairouz, Peter; Chen, Xiao; Sankar, Lalitha; Rajagopal, Ram

2017-12-01

Preserving the utility of published datasets while simultaneously providing provable privacy guarantees is a well-known challenge. On the one hand, context-free privacy solutions, such as differential privacy, provide strong privacy guarantees, but often lead to a significant reduction in utility. On the other hand, context-aware privacy solutions, such as information theoretic privacy, achieve an improved privacy-utility tradeoff, but assume that the data holder has access to dataset statistics. We circumvent these limitations by introducing a novel context-aware privacy framework called generative adversarial privacy (GAP). GAP leverages recent advancements in generative adversarial networks (GANs) to allow the data holder to learn privatization schemes from the dataset itself. Under GAP, learning the privacy mechanism is formulated as a constrained minimax game between two players: a privatizer that sanitizes the dataset in a way that limits the risk of inference attacks on the individuals' private variables, and an adversary that tries to infer the private variables from the sanitized dataset. To evaluate GAP's performance, we investigate two simple (yet canonical) statistical dataset models: (a) the binary data model, and (b) the binary Gaussian mixture model. For both models, we derive game-theoretically optimal minimax privacy mechanisms, and show that the privacy mechanisms learned from data (in a generative adversarial fashion) match the theoretically optimal ones. This demonstrates that our framework can be easily applied in practice, even in the absence of dataset statistics.

Image encryption based on nonlinear encryption system and public-key cryptography

Science.gov (United States)

Zhao, Tieyu; Ran, Qiwen; Chi, Yingying

2015-03-01

Recently, optical asymmetric cryptosystem (OACS) has became the focus of discussion and concern of researchers. Some researchers pointed out that OACS was not tenable because of misunderstanding the concept of asymmetric cryptosystem (ACS). We propose an improved cryptosystem using RSA public-key algorithm based on existing OACS and the new system conforms to the basic agreement of public key cryptosystem. At the beginning of the encryption process, the system will produce an independent phase matrix and allocate the input image, which also conforms to one-time pad cryptosystem. The simulation results show that the validity of the improved cryptosystem and the high robustness against attack scheme using phase retrieval technique.

Cryptanalysis of the public key encryption based on multiple chaotic systems

International Nuclear Information System (INIS)

Zhang Linhua

2008-01-01

Recently, Ranjan proposed a novel public key encryption technique based on multiple chaotic systems [Phys Lett 2005;95]. Unfortunately, Wang soon gave a successful attack on its special case based on Parseval's theorem [Wang K, Pei W, Zhou L, et al. Security of public key encryption technique based on multiple chaotic system. Phys Lett A, in press]. In this letter, we give an improved example which can avoid the attack and point out that Wang cannot find the essential drawback of the technique. However, further experimental result shows Ruanjan's encryption technique is inefficient, and detailed theoretic analysis shows that the complexity to break the cryptosystem is overestimated

Protecting genetic privacy.

Science.gov (United States)

Roche, P A; Annas, G J

2001-05-01

This article outlines the arguments for and against new rules to protect genetic privacy. We explain why genetic information is different to other sensitive medical information, why researchers and biotechnology companies have opposed new rules to protect genetic privacy (and favour anti-discrimination laws instead), and discuss what can be done to protect privacy in relation to genetic-sequence information and to DNA samples themselves.

Disentangling privacy from property: toward a deeper understanding of genetic privacy.

Science.gov (United States)

Suter, Sonia M

2004-04-01

With the mapping of the human genome, genetic privacy has become a concern to many. People care about genetic privacy because genes play an important role in shaping us--our genetic information is about us, and it is deeply connected to our sense of ourselves. In addition, unwanted disclosure of our genetic information, like a great deal of other personal information, makes us vulnerable to unwanted exposure, stigmatization, and discrimination. One recent approach to protecting genetic privacy is to create property rights in genetic information. This Article argues against that approach. Privacy and property are fundamentally different concepts. At heart, the term "property" connotes control within the marketplace and over something that is disaggregated or alienable from the self. "Privacy," in contrast, connotes control over access to the self as well as things close to, intimately connected to, and about the self. Given these different meanings, a regime of property rights in genetic information would impoverish our understanding of that information, ourselves, and the relationships we hope will be built around and through its disclosure. This Article explores our interests in genetic information in order to deepen our understanding of the ongoing discourse about the distinction between property and privacy. It develops a conception of genetic privacy with a strong relational component. We ordinarily share genetic information in the context of relationships in which disclosure is important to the relationship--family, intimate, doctor-patient, researcher-participant, employer-employee, and insurer-insured relationships. Such disclosure makes us vulnerable to and dependent on the person to whom we disclose it. As a result, trust is essential to the integrity of these relationships and our sharing of genetic information. Genetic privacy can protect our vulnerability in these relationships and enhance the trust we hope to have in them. Property, in contrast, by

76 FR 31350 - Public Workshop; Privacy Compliance Basics and 2011 Developments

Science.gov (United States)

2011-05-31

... Privacy Act of 1974, as amended, the E-Government Act of 2002, Office of Management and Budget memoranda... telephone 703-235-0780; by facsimile 703-235-0442; or by e-mail at [email protected] . SUPPLEMENTARY INFORMATION... send an e-mail to [email protected] , with ``PRIVComplianceWorkshop'' in the subject line, and your full name...

Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees.

Science.gov (United States)

Ren, Hao; Li, Hongwei; Liang, Xiaohui; He, Shibo; Dai, Yuanshun; Zhao, Lian

2016-09-10

With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one.

Privacy Verification Using Ontologies

NARCIS (Netherlands)

Kost, Martin; Freytag, Johann-Christoph; Kargl, Frank; Kung, Antonio

2011-01-01

As information systems extensively exchange information between participants, privacy concerns may arise from its potential misuse. A Privacy by Design (PbD) approach considers privacy requirements of different stakeholders during the design and the implementation of a system. Currently, a

Privacy, Time Consistent Optimal Labour Income Taxation and Education Policy

OpenAIRE

Konrad, Kai A.

1999-01-01

Incomplete information is a commitment device for time consistency problems. In the context of time consistent labour income taxation privacy reduces welfare losses and increases the effectiveness of public education as a second best policy.

Method for decoupling error correction from privacy amplification

Energy Technology Data Exchange (ETDEWEB)

Lo, Hoi-Kwong [Department of Electrical and Computer Engineering and Department of Physics, University of Toronto, 10 King' s College Road, Toronto, Ontario, Canada, M5S 3G4 (Canada)

2003-04-01

In a standard quantum key distribution (QKD) scheme such as BB84, two procedures, error correction and privacy amplification, are applied to extract a final secure key from a raw key generated from quantum transmission. To simplify the study of protocols, it is commonly assumed that the two procedures can be decoupled from each other. While such a decoupling assumption may be valid for individual attacks, it is actually unproven in the context of ultimate or unconditional security, which is the Holy Grail of quantum cryptography. In particular, this means that the application of standard efficient two-way error-correction protocols like Cascade is not proven to be unconditionally secure. Here, I provide the first proof of such a decoupling principle in the context of unconditional security. The method requires Alice and Bob to share some initial secret string and use it to encrypt their communications in the error correction stage using one-time-pad encryption. Consequently, I prove the unconditional security of the interactive Cascade protocol proposed by Brassard and Salvail for error correction and modified by one-time-pad encryption of the error syndrome, followed by the random matrix protocol for privacy amplification. This is an efficient protocol in terms of both computational power and key generation rate. My proof uses the entanglement purification approach to security proofs of QKD. The proof applies to all adaptive symmetric methods for error correction, which cover all existing methods proposed for BB84. In terms of the net key generation rate, the new method is as efficient as the standard Shor-Preskill proof.

Method for decoupling error correction from privacy amplification

International Nuclear Information System (INIS)

Lo, Hoi-Kwong

2003-01-01

In a standard quantum key distribution (QKD) scheme such as BB84, two procedures, error correction and privacy amplification, are applied to extract a final secure key from a raw key generated from quantum transmission. To simplify the study of protocols, it is commonly assumed that the two procedures can be decoupled from each other. While such a decoupling assumption may be valid for individual attacks, it is actually unproven in the context of ultimate or unconditional security, which is the Holy Grail of quantum cryptography. In particular, this means that the application of standard efficient two-way error-correction protocols like Cascade is not proven to be unconditionally secure. Here, I provide the first proof of such a decoupling principle in the context of unconditional security. The method requires Alice and Bob to share some initial secret string and use it to encrypt their communications in the error correction stage using one-time-pad encryption. Consequently, I prove the unconditional security of the interactive Cascade protocol proposed by Brassard and Salvail for error correction and modified by one-time-pad encryption of the error syndrome, followed by the random matrix protocol for privacy amplification. This is an efficient protocol in terms of both computational power and key generation rate. My proof uses the entanglement purification approach to security proofs of QKD. The proof applies to all adaptive symmetric methods for error correction, which cover all existing methods proposed for BB84. In terms of the net key generation rate, the new method is as efficient as the standard Shor-Preskill proof

78 FR 14669 - Privacy Act of 1974; Implementation

Science.gov (United States)

2013-03-07

... law enforcement and intelligence matters, and for the reasons set forth in the rule these exemptions... general editorial revisions to the reasons for the existing IRFS exemptions. The public was provided with...) The proposed exemptions contravene the intent of the Privacy Act; (2) the DEA does not clearly...

An application of different dioids in public key cryptography

International Nuclear Information System (INIS)

Durcheva, Mariana I.

2014-01-01

Dioids provide a natural framework for analyzing a broad class of discrete event dynamical systems such as the design and analysis of bus and railway timetables, scheduling of high-throughput industrial processes, solution of combinatorial optimization problems, the analysis and improvement of flow systems in communication networks. They have appeared in several branches of mathematics such as functional analysis, optimization, stochastic systems and dynamic programming, tropical geometry, fuzzy logic. In this paper we show how to involve dioids in public key cryptography. The main goal is to create key – exchange protocols based on dioids. Additionally the digital signature scheme is presented

An application of different dioids in public key cryptography

Energy Technology Data Exchange (ETDEWEB)

Durcheva, Mariana I., E-mail: mdurcheva66@gmail.com [Technical University of Sofia, Faculty of Applied Mathematics and Informatics, 8 Kliment Ohridski St., Sofia 1000 (Bulgaria)

2014-11-18

Dioids provide a natural framework for analyzing a broad class of discrete event dynamical systems such as the design and analysis of bus and railway timetables, scheduling of high-throughput industrial processes, solution of combinatorial optimization problems, the analysis and improvement of flow systems in communication networks. They have appeared in several branches of mathematics such as functional analysis, optimization, stochastic systems and dynamic programming, tropical geometry, fuzzy logic. In this paper we show how to involve dioids in public key cryptography. The main goal is to create key – exchange protocols based on dioids. Additionally the digital signature scheme is presented.

Lower and Upper Bounds for Deniable Public-Key Encryption

DEFF Research Database (Denmark)

Bendlin, Rikke; Nielsen, Jesper Buus; Nordholt, Peter Sebastian

2011-01-01

the parties to change their internal state to make it look like a given ciphertext decrypts to a message different from what it really decrypts to. Deniable encryption was in this way introduced to allow to deny a message exchange and hence combat coercion. Depending on which parties can be coerced...... that it is impossible to construct a non-interactive bi-deniable public-key encryption scheme with better than polynomial security. Specifically, we give an explicit bound relating the security of the scheme to how efficient the scheme is in terms of key size. Our impossibility result establishes a lower bound...

Privacy in context technology, policy, and the integrity of social life

CERN Document Server

Nissenbaum, Helen

2009-01-01

Privacy is one of the most urgent issues associated with information technology and digital media. This book claims that what people really care about when they complain and protest that privacy has been violated is not the act of sharing information itself—most people understand that this is crucial to social life —but the inappropriate, improper sharing of information. Arguing that privacy concerns should not be limited solely to concern about control over personal information, Helen Nissenbaum counters that information ought to be distributed and protected according to norms governing distinct social contexts—whether it be workplace, health care, schools, or among family and friends. She warns that basic distinctions between public and private, informing many current privacy policies, in fact obscure more than they clarify. In truth, contemporary information systems should alarm us only when they function without regard for social norms and values, and thereby weaken the fabric of social life.

Enhancing Privacy for Biometric Identification Cards

Directory of Open Access Journals (Sweden)

2009-01-01

Full Text Available Most developed countries have started the implementation of biometric electronic identification cards, especially passports. The European Union and the United States of America struggle to introduce and standardize these electronic documents. Due to the personal nature of the biometric elements used for the generation of these cards, privacy issues were raised on both sides of the Atlantic Ocean, leading to civilian protests and concerns. The lack of transparency from the public authorities responsible with the implementation of such identification systems, and the poor technological approaches chosen by these authorities, are the main reasons for the negative popularity of the new identification methods. The following article shows an approach that provides all the benefits of modern technological advances in the fields of biometrics and cryptography, without sacrificing the privacy of those that will be the beneficiaries of the new system

Noncoherent capacity of secret-key agreement with public discussion

KAUST Repository

Agrawal, Anurag

2011-09-01

We study the noncoherent capacity of secret-key agreement with public discussion over independent identically distributed (i.i.d.) Rayleigh fading wireless channels, where neither the sender nor the receivers have access to instantaneous channel state information (CSI). We present two results. At high signal-to-noise ratio (SNR), the secret-key capacity is bounded in SNR, regardless of the number of antennas at each terminal. Second, for a system with a single antenna at both the legitimate and the eavesdropper terminals and an arbitrary number of transmit antennas, the secret-key capacity-achieving input distribution is discrete, with a finite number of mass points. Numerically we observe that at low SNR, the capacity achieving distribution has two mass points with one of them at the origin. © 2011 IEEE.

Noncoherent capacity of secret-key agreement with public discussion

KAUST Repository

Agrawal, Anurag; Rezki, Zouheir; Khisti, Ashish J.; Alouini, Mohamed-Slim

2011-01-01

We study the noncoherent capacity of secret-key agreement with public discussion over independent identically distributed (i.i.d.) Rayleigh fading wireless channels, where neither the sender nor the receivers have access to instantaneous channel state information (CSI). We present two results. At high signal-to-noise ratio (SNR), the secret-key capacity is bounded in SNR, regardless of the number of antennas at each terminal. Second, for a system with a single antenna at both the legitimate and the eavesdropper terminals and an arbitrary number of transmit antennas, the secret-key capacity-achieving input distribution is discrete, with a finite number of mass points. Numerically we observe that at low SNR, the capacity achieving distribution has two mass points with one of them at the origin. © 2011 IEEE.

Secure and privacy-preserving data communication in Internet of Things

CERN Document Server

Zhu, Liehuang; Xu, Chang

2017-01-01

This book mainly concentrates on protecting data security and privacy when participants communicate with each other in the Internet of Things (IoT). Technically, this book categorizes and introduces a collection of secure and privacy-preserving data communication schemes/protocols in three traditional scenarios of IoT: wireless sensor networks, smart grid and vehicular ad-hoc networks recently. This book presents three advantages which will appeal to readers. Firstly, it broadens reader’s horizon in IoT by touching on three interesting and complementary topics: data aggregation, privacy protection, and key agreement and management. Secondly, various cryptographic schemes/protocols used to protect data confidentiality and integrity is presented. Finally, this book will illustrate how to design practical systems to implement the algorithms in the context of IoT communication. In summary, readers can simply learn and directly apply the new technologies to communicate data in IoT after reading this book.

Identity management and privacy languages technologies: Improving user control of data privacy

Science.gov (United States)

García, José Enrique López; García, Carlos Alberto Gil; Pacheco, Álvaro Armenteros; Organero, Pedro Luis Muñoz

The identity management solutions have the capability to bring confidence to internet services, but this confidence could be improved if user has more control over the privacy policy of its attributes. Privacy languages could help to this task due to its capability to define privacy policies for data in a very flexible way. So, an integration problem arises: making work together both identity management and privacy languages. Despite several proposals for accomplishing this have already been defined, this paper suggests some topics and improvements that could be considered.

Privacy and internet services

OpenAIRE

Samec, Marek

2010-01-01

This thesis is focused on internet services user privacy. Goal of this thesis is to determine level of user awareness of how is their privacy approached while using internet services. Then suggest procedure to improve this awareness, or that will lead to better control of individual privacy. In theoretical part I analyze general and legislative approach to privacy, followed by analysis of behaviour of internet service users and providers. Part of this analysis deals with usage of web cookies ...

Gender and online privacy among teens: risk perception, privacy concerns, and protection behaviors.

Science.gov (United States)

Youn, Seounmi; Hall, Kimberly

2008-12-01

Survey data from 395 high school students revealed that girls perceive more privacy risks and have a higher level of privacy concerns than boys. Regarding privacy protection behaviors, boys tended to read unsolicited e-mail and register for Web sites while directly sending complaints in response to unsolicited e-mail. This study found girls to provide inaccurate information as their privacy concerns increased. Boys, however, refrained from registering to Web sites as their concerns increased.

Publics and biobanks: Pan-European diversity and the challenge of responsible innovation.

Science.gov (United States)

Gaskell, George; Gottweis, Herbert; Starkbaum, Johannes; Gerber, Monica M; Broerse, Jacqueline; Gottweis, Ursula; Hobbs, Abbi; Helén, Ilpo; Paschou, Maria; Snell, Karoliina; Soulier, Alexandra

2013-01-01

This article examines public perceptions of biobanks in Europe using a multi-method approach combining quantitative and qualitative data. It is shown that public support for biobanks in Europe is variable and dependent on a range of interconnected factors: people's engagement with biobanks; concerns about privacy and data security, and trust in the socio-political system, key actors and institutions involved in biobanks. We argue that the biobank community needs to acknowledge the impact of these factors if they are to successfully develop and integrate biobanks at a pan-European level.

Security, privacy and ethics in electronic records management in the ...

African Journals Online (AJOL)

Security, privacy and ethics in electronic records management in the South African public sector. ... Computers have become such valuable tools for conducting business ... One great advantage of the computers is the ease with which a large

(IN-PRIVACY IN MOBILE APPS. CUSTOMER OPPORTUNITIES

Directory of Open Access Journals (Sweden)

Yu.S. Chemerkina

2016-01-01

Full Text Available Subject of Study. The paper presents the results of an investigation of cross-platform mobile applications. This paper focuses on a cross-platform app data investigation in purpose of creating a database that helps to make decisions from data privacy viewpoint. These decisions refer to knowledge about mobile apps that are available to the public, especially on how consumer data is protected while it is stored locally or transferred via network as well as what type of data may leak. Methods. This paper proposes a forensics methodology as a cornerstone of an app data investigation process. The object of research is an application data protection under different security control types among modern mobile OS. The subject of research is a modification of forensics approach and behavioral analysis to examine application data privacy in order to find data that are not properly handled by applications which lead to data leakages, defining protection control type without forensics limits. In addition, this paper relies on using the simplest tools, proposing a limit to examine locally stored data and transmitted over the network to cover all data, excluding memory and code analysis unless it is valuable (behavioral analysis. The research methods of the tasks set in the paper include digital forensics approach methods depending on data conception (at-rest, in-use/memory, in-transit with behavioral analysis of application, and static and dynamic application code analysis. Main Results. The research was carried out for the scope of that thesis, and the following scientific results were obtained. First, the methods used to investigate the privacy of application data allow considering application features and protection code design and flaws in the context of incomplete user awareness about the privacy state due to external activity of the developer. Second, the knowledge set about facts of application data protection that allows making a knowledge database to

Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees

Science.gov (United States)

Ren, Hao; Li, Hongwei; Liang, Xiaohui; He, Shibo; Dai, Yuanshun; Zhao, Lian

2016-01-01

With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one. PMID:27626417

Privacy and security of patient data in the pathology laboratory.

Science.gov (United States)

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Privacy and security of patient data in the pathology laboratory

Directory of Open Access Journals (Sweden)

Ioan C Cucoranu

2013-01-01

Full Text Available Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI. In the United States, the Health Insurance Portability and Accountability Act (HIPAA govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

48 CFR 39.105 - Privacy.

Science.gov (United States)

2010-10-01

... 48 Federal Acquisition Regulations System 1 2010-10-01 2010-10-01 false Privacy. 39.105 Section 39... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.105 Privacy. Agencies shall ensure that contracts for information technology address protection of privacy in accordance with the Privacy Act (5 U.S.C...

Privacy in domestic environments

OpenAIRE

Radics, Peter J; Gracanin, Denis

2011-01-01

non-peer-reviewed While there is a growing body of research on privacy,most of the work puts the focus on information privacy. Physical and psychological privacy issues receive little to no attention. However, the introduction of technology into our lives can cause problems with regard to these aspects of privacy. This is especially true when it comes to our homes, both as nodes of our social life and places for relaxation. This paper presents the results of a study intended to captu...

Public Perspectives of Mobile Phones' Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey.

Science.gov (United States)

Richardson, Joshua E; Ancker, Jessica S

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician's electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized.

Privacy is an essentially contested concept: a multi-dimensional analytic for mapping privacy

Science.gov (United States)

Koopman, Colin; Doty, Nick

2016-01-01

The meaning of privacy has been much disputed throughout its history in response to wave after wave of new technological capabilities and social configurations. The current round of disputes over privacy fuelled by data science has been a cause of despair for many commentators and a death knell for privacy itself for others. We argue that privacy’s disputes are neither an accidental feature of the concept nor a lamentable condition of its applicability. Privacy is essentially contested. Because it is, privacy is transformable according to changing technological and social conditions. To make productive use of privacy’s essential contestability, we argue for a new approach to privacy research and practical design, focused on the development of conceptual analytics that facilitate dissecting privacy’s multiple uses across multiple contexts. This article is part of the themed issue ‘The ethical impact of data science’. PMID:28336797

75 FR 18251 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Internal Revenue Service (IRS...

Science.gov (United States)

2010-04-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0066] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Internal Revenue Service (IRS))--Match 1305 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

Key-phrase based classification of public health web pages.

Science.gov (United States)

Dolamic, Ljiljana; Boyer, Célia

2013-01-01

This paper describes and evaluates the public health web pages classification model based on key phrase extraction and matching. Easily extendible both in terms of new classes as well as the new language this method proves to be a good solution for text classification faced with the total lack of training data. To evaluate the proposed solution we have used a small collection of public health related web pages created by a double blind manual classification. Our experiments have shown that by choosing the adequate threshold value the desired value for either precision or recall can be achieved.

Towards Territorial Privacy in Smart Environments

NARCIS (Netherlands)

Könings, Bastian; Schaub, Florian; Weber, M.; Kargl, Frank

Territorial privacy is an old concept for privacy of the personal space dating back to the 19th century. Despite its former relevance, territorial privacy has been neglected in recent years, while privacy research and legislation mainly focused on the issue of information privacy. However, with the

Privacy and Library Records

Science.gov (United States)

Bowers, Stacey L.

2006-01-01

This paper summarizes the history of privacy as it relates to library records. It commences with a discussion of how the concept of privacy first originated through case law and follows the concept of privacy as it has affected library records through current day and the "USA PATRIOT Act."

Scoping Electronic Communication Privacy Rules: Data, Services and Values

NARCIS (Netherlands)

van Hoboken, J.; Zuiderveen Borgesius, F.

2015-01-01

We use electronic communication networks for more than simply traditional telecommunications: we access the news, buy goods online, file our taxes, contribute to public debate, and more. As a result, a wider array of privacy interests is implicated for users of electronic communications networks and

Data privacy for the smart grid

CERN Document Server

Herold, Rebecca

2015-01-01

The Smart Grid and PrivacyWhat Is the Smart Grid? Changes from Traditional Energy Delivery Smart Grid Possibilities Business Model Transformations Emerging Privacy Risks The Need for Privacy PoliciesPrivacy Laws, Regulations, and Standards Privacy-Enhancing Technologies New Privacy Challenges IOT Big Data What Is the Smart Grid?Market and Regulatory OverviewTraditional Electricity Business SectorThe Electricity Open Market Classifications of Utilities Rate-Making ProcessesElectricity Consumer

A national agenda for public health informatics: summarized recommendations from the 2001 AMIA Spring Congress.

Science.gov (United States)

Yasnoff, W A; Overhage, J M; Humphreys, B L; LaVenture, M

2001-01-01

The AMIA 2001 Spring Congress brought together members of the the public health and informatics communities to develop a national agenda for public health informatics. Discussions of funding and governance; architecture and infrastructure; standards and vocabulary; research, evaluation, and best practices; privacy, confidentiality, and security; and training and workforce resulted in 74 recommendations with two key themes-that all stakeholders need to be engaged in coordinated activities related to public health information architecture, standards, confidentiality, best practices, and research; and that informatics training is needed throughout the public health workforce. Implementation of this consensus agenda will help promote progress in the application of information technology to improve public health.

IoT Privacy and Security Challenges for Smart Home Environments

Directory of Open Access Journals (Sweden)

Huichen Lin

2016-07-01

Full Text Available Often the Internet of Things (IoT is considered as a single problem domain, with proposed solutions intended to be applied across a wide range of applications. However, the privacy and security needs of critical engineering infrastructure or sensitive commercial operations are very different to the needs of a domestic Smart Home environment. Additionally, the financial and human resources available to implement security and privacy vary greatly between application domains. In domestic environments, human issues may be as important as technical issues. After surveying existing solutions for enhancing IoT security, the paper identifies key future requirements for trusted Smart Home systems. A gateway architecture is selected as the most appropriate for resource-constrained devices, and for high system availability. Two key technologies to assist system auto-management are identified. Firstly, support for system auto-configuration will enhance system security. Secondly, the automatic update of system software and firmware is needed to maintain ongoing secure system operation.

Designing Privacy-by-Design

NARCIS (Netherlands)

Rest, J.H.C. van; Boonstra, D.; Everts, M.H.; Rijn, M. van; Paassen, R.J.G. van

2014-01-01

The proposal for a new privacy regulation d.d. January 25th 2012 introduces sanctions of up to 2% of the annual turnover of enterprises. This elevates the importance of mitigation of privacy risks. This paper makes Privacy by Design more concrete, and positions it as the mechanism to mitigate these

78 FR 12128 - Privacy Act of 1974; Computer Matching Program (SSA/Department of the Treasury, Internal Revenue...

Science.gov (United States)

2013-02-21

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0067] Privacy Act of 1974; Computer Matching... Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

77 FR 49849 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Child Support...

Science.gov (United States)

2012-08-17

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer-matching... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0021] Privacy Act of 1974, as Amended...

75 FR 32833 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Office of Personnel Management...

Science.gov (United States)

2010-06-09

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2009-0077] Privacy Act of 1974, as Amended; Computer Matching Program (SSA/ Office of Personnel Management (OPM))--Match 1307 AGENCY: Social Security... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...

Efficient quantum secure communication with a publicly known key

International Nuclear Information System (INIS)

Li Chunyan; Li Xihan; Deng Fuguo; Zhou Hongyu

2008-01-01

This paper presents a simple way for an eavesdropper to eavesdrop freely the secret message in the experimental realization of quantum communication protocol proposed by Beige et al (2002 Acta Phys. Pol. A 101 357). Moreover, it introduces an efficient quantum secure communication protocol based on a publicly known key with decoy photons and two biased bases by modifying the original protocol. The total efficiency of this new protocol is double that of the original one. With a low noise quantum channel, this protocol can be used for transmitting a secret message. At present, this protocol is good for generating a private key efficiently. (general)

High utility-itemset mining and privacy-preserving utility mining

Directory of Open Access Journals (Sweden)

Jerry Chun-Wei Lin

2016-03-01

Full Text Available In recent decades, high-utility itemset mining (HUIM has emerging a critical research topic since the quantity and profit factors are both concerned to mine the high-utility itemsets (HUIs. Generally, data mining is commonly used to discover interesting and useful knowledge from massive data. It may, however, lead to privacy threats if private or secure information (e.g., HUIs are published in the public place or misused. In this paper, we focus on the issues of HUIM and privacy-preserving utility mining (PPUM, and present two evolutionary algorithms to respectively mine HUIs and hide the sensitive high-utility itemsets in PPUM. Extensive experiments showed that the two proposed models for the applications of HUIM and PPUM can not only generate the high quality profitable itemsets according to the user-specified minimum utility threshold, but also enable the capability of privacy preserving for private or secure information (e.g., HUIs in real-word applications.

Protecting privacy in data release

CERN Document Server

Livraga, Giovanni

2015-01-01

This book presents a comprehensive approach to protecting sensitive information when large data collections are released by their owners. It addresses three key requirements of data privacy: the protection of data explicitly released, the protection of information not explicitly released but potentially vulnerable due to a release of other data, and the enforcement of owner-defined access restrictions to the released data. It is also the first book with a complete examination of how to enforce dynamic read and write access authorizations on released data, applicable to the emerging data outsou

Attribute-Based Signcryption: Signer Privacy, Strong Unforgeability and IND-CCA Security in Adaptive-Predicates Model (Extended Version

Directory of Open Access Journals (Sweden)

Tapas Pandit

2016-08-01

Full Text Available Attribute-Based Signcryption (ABSC is a natural extension of Attribute-Based Encryption (ABE and Attribute-Based Signature (ABS, where one can have the message confidentiality and authenticity together. Since the signer privacy is captured in security of ABS, it is quite natural to expect that the signer privacy will also be preserved in ABSC. In this paper, first we propose an ABSC scheme which is weak existential unforgeable and IND-CCA secure in adaptive-predicates models and, achieves signer privacy. Then, by applying strongly unforgeable one-time signature (OTS, the above scheme is lifted to an ABSC scheme to attain strong existential unforgeability in adaptive-predicates model. Both the ABSC schemes are constructed on common setup, i.e the public parameters and key are same for both the encryption and signature modules. Our first construction is in the flavor of CtE&S paradigm, except one extra component that will be computed using both signature components and ciphertext components. The second proposed construction follows a new paradigm (extension of CtE&S , we call it “Commit then Encrypt and Sign then Sign” (CtE&S . The last signature is generated using a strong OTS scheme. Since, the non-repudiation is achieved by CtE&S paradigm, our systems also achieve the same.

When Differential Privacy Meets Randomized Perturbation: A Hybrid Approach for Privacy-Preserving Recommender System

KAUST Repository

Liu, Xiao; Liu, An; Zhang, Xiangliang; Li, Zhixu; Liu, Guanfeng; Zhao, Lei; Zhou, Xiaofang

2017-01-01

result. However, none is designed for both hiding users’ private data and preventing privacy inference. To achieve this goal, we propose in this paper a hybrid approach for privacy-preserving recommender systems by combining differential privacy (DP

Performing privacy in schools

DEFF Research Database (Denmark)

Lauritsen, Peter; Bøge, Ask Risom; Andersen, Lars Bo

with technologies is carried out as well as observation is conducted. We obtain and present new knowledge about how surveillance is practiced in the interpersonal relations of students and teachers. References: Monahan, T., & Torres, R. D. (2009). Schools Under Surveillance: Cultures of Control in Public Education....... Rutgers University Press. Selwyn, N. (2010). Schools and Schooling in the Digital Age: A Critical Analysis. Routledge. Taylor, E. (2013). Surveillance Schools: Security, Discipline and Control in Contemporary Education. Palgrave Macmillan UK. Taylor, E., & Rooney, T. (2016). Surveillance Futures: Social......In this presentation we pursue the question: How is privacy performed and perceived in schools by children? Our aim is to investigate how the boundaries between public and private spheres are continuously performed in the formal setting of the classroom as well as in the social lives of students...

An Attribute Involved Public Key Cryptosystem Based on P-Sylow Subgroups and Randomization

Directory of Open Access Journals (Sweden)

Sumalatha GUNNALA

2018-04-01

Full Text Available The Asymmetric Key Cryptosystem (AKC or Public Key Encryption (PKE is a mechanism used to encrypt the messages by using public key and decrypt the enciphered messages by using private key. Of late, the Attribute-Based Encryption (ABE is an expansion of asymmetric key encryption scheme that allows users to encrypt and decrypt the plaintext messages using the key based on the user’s credentials, called attributes, like social security number, PAN (Permanent Account Number, email ids or Aadhar number etc. Most of the existing ABE schemes rely on the multiple attributes from which the access control policies are derived. These policies define the users’ private keys, required for the decryption process and access to the confidential information. In this paper, we proposed a new attribute based asymmetric cryptosystem that uses the features of both the schemes: PKE and ABE. Here, we used a value of an attribute, personal to the user, for the encryption and the decryption process. This scheme assures that the receiver will only be able to access the secret data if recipient is shared with the valid attribute value. The asymmetric nature is this scheme is based on the concept of p-sylow sub-group assumption. In addition, the randomization factor is used in the encipherment process to strengthen the cipher further. The development of this cryptosystem is an embodiment where the merits of randomized asymmetric encryption technique and the attribute based encryption are integrated to achieve the authentication on top of confidentiality to secure the information transmission over the public networks.

Regulation of Unmanned Aerial Systems and Related Privacy Issues in Lithuania

Directory of Open Access Journals (Sweden)

Pūraitė Aurelija

2017-12-01

Full Text Available In the past few years the use of unmanned aerial vehicles in Lithuania has significantly increased. However, enjoying the advantages of this technology, which improves society’s socio-economical safety (public safety in a broad sense, raises some privacy concerns. This article analyses European Union and national legal regulations regarding the use of unmanned aerial vehicles as well as legal tools for defence of the right to privacy or prevention from its breaches in the Republic of Lithuania. Unmanned aerial vehicles have become popular only recently; thus, legislation regarding their use has not yet become a common topic among lawyers. Furthermore, case law of the Republic of Lithuania is silent about it. Thus, the authors model a situation of breach of privacy using an unmanned aerial vehicle and analyse possible defence mechanisms.

Practical Implementation of Various Public Key Infrastructure Models

Directory of Open Access Journals (Sweden)

Dmitriy Anatolievich Melnikov

2016-03-01

Full Text Available The paper proposes a short comparative analysis of the contemporary models of public key infrastructure (PKI and the issues of the PKI models real implementation. The Russian model of PKI is presented. Differences between the North American and West Europe models of PKI and Russian model of PKI are described. The problems of creation and main directions of further development and improvement of the Russian PKI and its integration into the global trust environment are defined.

Fourier domain asymmetric cryptosystem for privacy protected multimodal biometric security

Science.gov (United States)

Choudhury, Debesh

2016-04-01

We propose a Fourier domain asymmetric cryptosystem for multimodal biometric security. One modality of biometrics (such as face) is used as the plaintext, which is encrypted by another modality of biometrics (such as fingerprint). A private key is synthesized from the encrypted biometric signature by complex spatial Fourier processing. The encrypted biometric signature is further encrypted by other biometric modalities, and the corresponding private keys are synthesized. The resulting biometric signature is privacy protected since the encryption keys are provided by the human, and hence those are private keys. Moreover, the decryption keys are synthesized using those private encryption keys. The encrypted signatures are decrypted using the synthesized private keys and inverse complex spatial Fourier processing. Computer simulations demonstrate the feasibility of the technique proposed.

76 FR 21091 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Centers for Medicare & Medicaid...

Science.gov (United States)

2011-04-14

...: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching...: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub. L.) 100-503...), as amended, (Pub. L. 100-503, the Computer Matching and Privacy Protection Act (CMPPA) of 1988), the...

A reflective commentary of teaching critical thinking of privacy and surveillance in UK higher education

Directory of Open Access Journals (Sweden)

Yu-Wei Lin

2017-02-01

Full Text Available The importance of data literacy and the need of raising and improving it through formal educational channel or public engagement has repeatedly been flagged up in each of the past Economic and Social Research Council-funded Data-Psst! Seminar I attended in 2014–2016. There is a real demand for action taking. I took advantage of the knowledge I learned from the Data-Psst seminars and devised a module teaching Level 5 undergraduate media students about critical issues in today’s data-centric digital society, including privacy and surveillance. In this article, I share how the class activities were devised and carried out, and how guided engagement with the current debate in privacy and surveillance were realised. I also draw on relevant pedagogical theories to discuss my educational approaches, student performance, the challenges of the project, and evaluate and reflect upon the outcomes. This report from the field provides fresh first-hand information about the data ethics of the younger public who are practising media arts and their behaviours and attitudes towards privacy and surveillance. This article shall open up the discussion about the role educators play in enriching public engagement with critical thinking about Big Data. The lessons learned can also contextualise the pedagogical implication of the recent scholarly research on Big Data and privacy, and provide a framework for constructing future collaborative or creative projects.

Technical Privacy Metrics: a Systematic Survey

OpenAIRE

Wagner, Isabel; Eckhoff, David

2018-01-01

The file attached to this record is the author's final peer reviewed version The goal of privacy metrics is to measure the degree of privacy enjoyed by users in a system and the amount of protection offered by privacy-enhancing technologies. In this way, privacy metrics contribute to improving user privacy in the digital world. The diversity and complexity of privacy metrics in the literature makes an informed choice of metrics challenging. As a result, instead of using existing metrics, n...

Trust Threshold Based Public Key Management in Mobile Ad Hoc Networks

Science.gov (United States)

2016-03-05

detection 49 [6,7] , authentication, access control, key management, iso- 50 lating misbehaving nodes for effective routing [6,8,9] , and 51 many other...83 84 85 aims to achieve: (a) resiliency against misbehaving nodes 86 in the network to maintain minimum security vulnerabil- 87 ity; (b...neighbor will decreas the misbehaving node’s direct competence trust. Fur thermore, this neighbor when acting as a recommended public key management in

Advanced research in data privacy

CERN Document Server

Torra, Vicenç

2015-01-01

This book provides an overview of the research work on data privacy and privacy enhancing technologies carried by the participants of the ARES project. ARES (Advanced Research in Privacy an Security, CSD2007-00004) has been one of the most important research projects funded by the Spanish Government in the fields of computer security and privacy. It is part of the now extinct CONSOLIDER INGENIO 2010 program, a highly competitive program which aimed to advance knowledge and open new research lines among top Spanish research groups. The project started in 2007 and will finish this 2014. Composed by 6 research groups from 6 different institutions, it has gathered an important number of researchers during its lifetime. Among the work produced by the ARES project, one specific work package has been related to privacy. This books gathers works produced by members of the project related to data privacy and privacy enhancing technologies. The presented works not only summarize important research carried in the proje...

Data Placement for Privacy-Aware Applications over Big Data in Hybrid Clouds

OpenAIRE

Xiaolong Xu; Xuan Zhao; Feng Ruan; Jie Zhang; Wei Tian; Wanchun Dou; Alex X. Liu

2017-01-01

Nowadays, a large number of groups choose to deploy their applications to cloud platforms, especially for the big data era. Currently, the hybrid cloud is one of the most popular computing paradigms for holding the privacy-aware applications driven by the requirements of privacy protection and cost saving. However, it is still a challenge to realize data placement considering both the energy consumption in private cloud and the cost for renting the public cloud services. In view of this chall...

Genetic secrets: Protecting privacy and confidentiality in the genetic era. Final report

Energy Technology Data Exchange (ETDEWEB)

Rothstein, M.A. [ed.

1998-09-01

Few developments are likely to affect human beings more profoundly in the long run than the discoveries resulting from advances in modern genetics. Although the developments in genetic technology promise to provide many additional benefits, their application to genetic screening poses ethical, social, and legal questions, many of which are rooted in issues of privacy and confidentiality. The ethical, practical, and legal ramifications of these and related questions are explored in depth. The broad range of topics includes: the privacy and confidentiality of genetic information; the challenges to privacy and confidentiality that may be projected to result from the emerging genetic technologies; the role of informed consent in protecting the confidentiality of genetic information in the clinical setting; the potential uses of genetic information by third parties; the implications of changes in the health care delivery system for privacy and confidentiality; relevant national and international developments in public policies, professional standards, and laws; recommendations; and the identification of research needs.

A privacy protection model to support personal privacy in relational databases.

OpenAIRE

2008-01-01

The individual of today incessantly insists on more protection of his/her personal privacy than a few years ago. During the last few years, rapid technological advances, especially in the field of information technology, directed most attention and energy to the privacy protection of the Internet user. Research was done and is still being done covering a vast area to protect the privacy of transactions performed on the Internet. However, it was established that almost no research has been don...

A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

Science.gov (United States)

Mishra, Raghavendra; Barnwal, Amit Kumar

2015-05-01

The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes.

Cognitive Privacy for Personal Clouds

Directory of Open Access Journals (Sweden)

Milena Radenkovic

2016-01-01

Full Text Available This paper proposes a novel Cognitive Privacy (CogPriv framework that improves privacy of data sharing between Personal Clouds for different application types and across heterogeneous networks. Depending on the behaviour of neighbouring network nodes, their estimated privacy levels, resource availability, and social network connectivity, each Personal Cloud may decide to use different transmission network for different types of data and privacy requirements. CogPriv is fully distributed, uses complex graph contacts analytics and multiple implicit novel heuristics, and combines these with smart probing to identify presence and behaviour of privacy compromising nodes in the network. Based on sensed local context and through cooperation with remote nodes in the network, CogPriv is able to transparently and on-the-fly change the network in order to avoid transmissions when privacy may be compromised. We show that CogPriv achieves higher end-to-end privacy levels compared to both noncognitive cellular network communication and state-of-the-art strategies based on privacy-aware adaptive social mobile networks routing for a range of experiment scenarios based on real-world user and network traces. CogPriv is able to adapt to varying network connectivity and maintain high quality of service while managing to keep low data exposure for a wide range of privacy leakage levels in the infrastructure.

Efficient Key Management System for Large-scale Smart RFID Applications

Directory of Open Access Journals (Sweden)

Mohammad Fal Sadikin

2015-08-01

Full Text Available Due to low-cost and its practical solution, the integration of RFID tag to the sensor node called smart RFID has become prominent solution in various fields including industrial applications. Nevertheless, the constrained nature of smart RFID system introduces tremendous security and privacy problem. One of them is the problem in key management system. Indeed, it is not feasible to recall all RFID tags in order to update their security properties (e.g. update their private keys. On the other hand, using common key management solution like standard TLS/SSL is too heavy-weight that can drain and overload the limited resources. Furthermore, most of existing solutions are highly susceptible to various threats reaching from privacy threats, physical attacks to various technics of Man-in-the-Middle attacks. This paper introduces novel key management system, tailored to the limited resources of smart RFID system. It proposes light-weight mutual authentication and identity protection to mitigate the existing threats.

76 FR 48807 - Public Key Infrastructure (PKI) Certificate Action Form

Science.gov (United States)

2011-08-09

... Infrastructure (PKI) technology to support electronic commerce between the USPTO and its customers. PKI is a set... security for its electronic commerce systems, the USPTO uses PKI technology to protect the integrity and... DEPARTMENT OF COMMERCE United States Patent and Trademark Office Public Key Infrastructure (PKI...

Efficient task assignment in spatial crowdsourcing with worker and task privacy protection

KAUST Repository

Liu, An

2017-08-01

Spatial crowdsourcing (SC) outsources tasks to a set of workers who are required to physically move to specified locations and accomplish tasks. Recently, it is emerging as a promising tool for emergency management, as it enables efficient and cost-effective collection of critical information in emergency such as earthquakes, when search and rescue survivors in potential ares are required. However in current SC systems, task locations and worker locations are all exposed in public without any privacy protection. SC systems if attacked thus have penitential risk of privacy leakage. In this paper, we propose a protocol for protecting the privacy for both workers and task requesters while maintaining the functionality of SC systems. The proposed protocol is built on partially homomorphic encryption schemes, and can efficiently realize complex operations required during task assignment over encrypted data through a well-designed computation strategy. We prove that the proposed protocol is privacy-preserving against semi-honest adversaries. Simulation on two real-world datasets shows that the proposed protocol is more effective than existing solutions and can achieve mutual privacy-preserving with acceptable computation and communication cost.

Cybersecurity and Privacy

DEFF Research Database (Denmark)

he huge potential in future connected services has as a precondition that privacy and security needs are dealt with in order for new services to be accepted. This issue is increasingly on the agenda both at the company and at individual level. Cybersecurity and Privacy – bridging the gap addresses...... two very complex fields of the digital world, i.e., Cybersecurity and Privacy. These multifaceted, multidisciplinary and complex issues are usually understood and valued differently by different individuals, data holders and legal bodies. But a change in one field immediately affects the others....... Policies, frameworks, strategies, laws, tools, techniques, and technologies – all of these are tightly interwoven when it comes to security and privacy. This book is another attempt to bridge the gap between the industry and academia. The book addresses the views from academia and industry on the subject...

Privacy for Sale?

DEFF Research Database (Denmark)

Sørensen, Lene Tolstrup; Sørensen, Jannick Kirk; Khajuria, Samant

Data brokers have become central players in the collection online of private user data. Data brokers’ activities are however not very transparent or even known by users. Many users regard privacy a central element when they use online services. Based on 12 short interviews with users, this paper...... analyses how users perceive the concept of online privacy in respect to data brokers col- lection of private data, and particularly novel services that offer users the possi- bility to sell their private data. Two groups of users are identified: Those who are considering selling their data under specific...... conditions, and those who reject the idea completely. Based on the literature we identify two positions to privacy either as an instrumental good, or as an intrinsic good. The paper positions vari- ous user perceptions on privacy that are relevant for future service develop- ment....

Non-coherent capacity of secret-key agreement with public discussion

KAUST Repository

Agrawal, Anurag

2011-06-01

We study the Rayleigh fading non-coherent capacity of secret-key agreement with public discussion, where neither the sender nor the receivers have access to instantaneous channel state information (CSI) of any channel. We present two results. At high Signal-to-Noise Ratio (SNR), the secret-key capacity is bounded in SNR, regardless of the number of antennas at each terminal. Second, for a system with a single antenna at both the legitimate and the eavesdropper terminals and an arbitrary number of transmit antennas, the secret-key capacity-achieving input distribution is discrete, with a finite number of mass points. Numerically we observe that at low-SNR, the capacity achieving distribution has two mass points with one of them at the origin. © 2011 IEEE.

Non-coherent capacity of secret-key agreement with public discussion

KAUST Repository

Agrawal, Anurag; Rezki, Zouheir; Khisti, Ashish J.; Alouini, Mohamed-Slim

2011-01-01

We study the Rayleigh fading non-coherent capacity of secret-key agreement with public discussion, where neither the sender nor the receivers have access to instantaneous channel state information (CSI) of any channel. We present two results. At high Signal-to-Noise Ratio (SNR), the secret-key capacity is bounded in SNR, regardless of the number of antennas at each terminal. Second, for a system with a single antenna at both the legitimate and the eavesdropper terminals and an arbitrary number of transmit antennas, the secret-key capacity-achieving input distribution is discrete, with a finite number of mass points. Numerically we observe that at low-SNR, the capacity achieving distribution has two mass points with one of them at the origin. © 2011 IEEE.

Information hiding based on double random-phase encoding and public-key cryptography.

Science.gov (United States)

Sheng, Yuan; Xin, Zhou; Alam, Mohammed S; Xi, Lu; Xiao-Feng, Li

2009-03-02

A novel information hiding method based on double random-phase encoding (DRPE) and Rivest-Shamir-Adleman (RSA) public-key cryptosystem is proposed. In the proposed technique, the inherent diffusion property of DRPE is cleverly utilized to make up the diffusion insufficiency of RSA public-key cryptography, while the RSA cryptosystem is utilized for simultaneous transmission of the cipher text and the two phase-masks, which is not possible under the DRPE technique. This technique combines the complementary advantages of the DPRE and RSA encryption techniques and brings security and convenience for efficient information transmission. Extensive numerical simulation results are presented to verify the performance of the proposed technique.

Privacy for All Students? Talking about and around Trans Students in "Public"

Science.gov (United States)

Stiegler, Sam

2016-01-01

This paper places under examination the arguments used to fight against school policies and legislation intended to guarantee and protect the rights of trans students. That is, the paper's central investigation works to uncover the regimes of truth about children, gender, race and privacy implicit in the methods employed by activists who seek to…

Courts, privacy and data protection in Belgium : Fundamental rights that might as well be struck from the constitution

NARCIS (Netherlands)

de Hert, Paul; Brkan, Maja; Psychogiopoulou, Evangelia

2017-01-01

Through critical analysis of case law in Belgium courts, this chapter reveals the significant role courts play in the protection of privacy and personal data within the new technological environment. It addresses the pressing question from a public who are increasingly aware of their privacy rights

Are privacy-enhancing technologies for genomic data ready for the clinic? A survey of medical experts of the Swiss HIV Cohort Study.

Science.gov (United States)

Raisaro, Jean-Louis; McLaren, Paul J; Fellay, Jacques; Cavassini, Matthias; Klersy, Catherine; Hubaux, Jean-Pierre

2018-03-01

Protecting patient privacy is a major obstacle for the implementation of genomic-based medicine. Emerging privacy-enhancing technologies can become key enablers for managing sensitive genetic data. We studied physicians' attitude toward this kind of technology in order to derive insights that might foster their future adoption for clinical care. We conducted a questionnaire-based survey among 55 physicians of the Swiss HIV Cohort Study who tested the first implementation of a privacy-preserving model for delivering genomic test results. We evaluated their feedback on three different aspects of our model: clinical utility, ability to address privacy concerns and system usability. 38/55 (69%) physicians participated in the study. Two thirds of them acknowledged genetic privacy as a key aspect that needs to be protected to help building patient trust and deploy new-generation medical information systems. All of them successfully used the tool for evaluating their patients' pharmacogenomics risk and 90% were happy with the user experience and the efficiency of the tool. Only 8% of physicians were unsatisfied with the level of information and wanted to have access to the patient's actual DNA sequence. This survey, although limited in size, represents the first evaluation of privacy-preserving models for genomic-based medicine. It has allowed us to derive unique insights that will improve the design of these new systems in the future. In particular, we have observed that a clinical information system that uses homomorphic encryption to provide clinicians with risk information based on sensitive genetic test results can offer information that clinicians feel sufficient for their needs and appropriately respectful of patients' privacy. The ability of this kind of systems to ensure strong security and privacy guarantees and to provide some analytics on encrypted data has been assessed as a key enabler for the management of sensitive medical information in the near future

The loss of personal privacy and its consequences for social research

OpenAIRE

Robbin, Alice

2001-01-01

This article chronicles more than 30 years of public opinion, politics, and law and policy on privacy and confidentiality that have had far-reaching consequences for access by the social research community to administrative and statistical records produced by government. A hostile political environment, public controversy over the decennial census long form, media coverage, and public fears about the vast accumulations of personal information by the private sector were catalysts for a recent ...

Secret-Key Agreement with Public Discussion subject to an Amplitude Constraint

KAUST Repository

Zorgui, Marwen

2016-04-06

This paper considers the problem of secret-key agreement with public discussion subject to a peak power constraint A on the channel input. The optimal input distribution is proved to be discrete with finite support. To overcome the computationally heavy search for the optimal discrete distribution, several suboptimal schemes are proposed and shown numerically to perform close to the capacity. Moreover, lower and upper bounds for the secret-key capacity are provided and used to prove that the secret-key capacity converges for asymptotic high values of A, to the secret-key capacity with an average power constraint A2. Finally, when the amplitude constraint A is small (A ! 0), the secret-key capacity is proved to be asymptotically equal to the capacity of the legitimate user with an amplitude constraint A and no secrecy constraint.

Secret-Key Agreement with Public Discussion subject to an Amplitude Constraint

KAUST Repository

Zorgui, Marwen; Rezki, Zouheir; Alomair, Basel; Alouini, Mohamed-Slim

2016-01-01

This paper considers the problem of secret-key agreement with public discussion subject to a peak power constraint A on the channel input. The optimal input distribution is proved to be discrete with finite support. To overcome the computationally heavy search for the optimal discrete distribution, several suboptimal schemes are proposed and shown numerically to perform close to the capacity. Moreover, lower and upper bounds for the secret-key capacity are provided and used to prove that the secret-key capacity converges for asymptotic high values of A, to the secret-key capacity with an average power constraint A2. Finally, when the amplitude constraint A is small (A ! 0), the secret-key capacity is proved to be asymptotically equal to the capacity of the legitimate user with an amplitude constraint A and no secrecy constraint.

A Model for Calculated Privacy and Trust in pHealth Ecosystems.

Science.gov (United States)

Ruotsalainen, Pekka; Blobel, Bernd

2018-01-01

A pHealth ecosystem is a community of service users and providers. It is also a dynamic socio-technical system. One of its main goals is to help users to maintain their personal health status. Another goal is to give economic benefit to stakeholders which use personal health information existing in the ecosystem. In pHealth ecosystems, a huge amount of health related data is collected and used by service providers such as data extracted from the regulated health record and information related to personal characteristics, genetics, lifestyle and environment. In pHealth ecosystems, there are different kinds of service providers such as regulated health care service providers, unregulated health service providers, ICT service providers, researchers and industrial organizations. This fact together with the multidimensional personal health data used raises serious privacy concerns. Privacy is a necessary enabler for successful pHealth, but it is also an elastic concept without any universally agreed definition. Regardless of what kind of privacy model is used in dynamic socio-technical systems, it is difficult for a service user to know the privacy level of services in real life situations. As privacy and trust are interrelated concepts, the authors have developed a hybrid solution where knowledge got from regulatory privacy requirements and publicly available privacy related documents is used for calculation of service providers' specific initial privacy value. This value is then used as an estimate for the initial trust score. In this solution, total trust score is a combination of recommended trust, proposed trust and initial trust. Initial privacy level is a weighted arithmetic mean of knowledge and user selected weights. The total trust score for any service provider in the ecosystem can be calculated deploying either a beta trust model or the Fuzzy trust calculation method. The prosed solution is easy to use and to understand, and it can be also automated. It is

13 CFR 102.36 - Privacy Act standards of conduct.

Science.gov (United States)

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Privacy Act standards of conduct. 102.36 Section 102.36 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION RECORD DISCLOSURE... existence or development of any system of records that is not the subject of a current or planned public...

76 FR 59073 - Privacy Act

Science.gov (United States)

2011-09-23

... CENTRAL INTELLIGENCE AGENCY 32 CFR Part 1901 Privacy Act AGENCY: Central Intelligence Agency. ACTION: Proposed rule. SUMMARY: Consistent with the Privacy Act (PA), the Central Intelligence Agency...-1379. SUPPLEMENTARY INFORMATION: Consistent with the Privacy Act (PA), the CIA has undertaken and...

Optimal attacks on qubit-based Quantum Key Recycling

Science.gov (United States)

Leermakers, Daan; Škorić, Boris

2018-03-01

Quantum Key Recycling (QKR) is a quantum cryptographic primitive that allows one to reuse keys in an unconditionally secure way. By removing the need to repeatedly generate new keys, it improves communication efficiency. Škorić and de Vries recently proposed a QKR scheme based on 8-state encoding (four bases). It does not require quantum computers for encryption/decryption but only single-qubit operations. We provide a missing ingredient in the security analysis of this scheme in the case of noisy channels: accurate upper bounds on the required amount of privacy amplification. We determine optimal attacks against the message and against the key, for 8-state encoding as well as 4-state and 6-state conjugate coding. We provide results in terms of min-entropy loss as well as accessible (Shannon) information. We show that the Shannon entropy analysis for 8-state encoding reduces to the analysis of quantum key distribution, whereas 4-state and 6-state suffer from additional leaks that make them less effective. From the optimal attacks we compute the required amount of privacy amplification and hence the achievable communication rate (useful information per qubit) of qubit-based QKR. Overall, 8-state encoding yields the highest communication rates.

Large-scale Health Information Database and Privacy Protection*1

OpenAIRE

YAMAMOTO, Ryuichi

2016-01-01

Japan was once progressive in the digitalization of healthcare fields but unfortunately has fallen behind in terms of the secondary use of data for public interest. There has recently been a trend to establish large-scale health databases in the nation, and a conflict between data use for public interest and privacy protection has surfaced as this trend has progressed. Databases for health insurance claims or for specific health checkups and guidance services were created according to the law...

A smart-card-enabled privacy preserving E-prescription system.

Science.gov (United States)

Yang, Yanjiang; Han, Xiaoxi; Bao, Feng; Deng, Robert H

2004-03-01

Within the overall context of protection of health care information, privacy of prescription data needs special treatment. First, the involvement of diverse parties, especially nonmedical parties in the process of drug prescription complicates the protection of prescription data. Second, both patients and doctors have privacy stakes in prescription, and their privacy should be equally protected. Third, the following facts determine that prescription should not be processed in a truly anonymous manner: certain involved parties conduct useful research on the basis of aggregation of prescription data that are linkable with respect to either the patients or the doctors; prescription data has to be identifiable in some extreme circumstances, e.g., under the court order for inspection and assign liability. In this paper, we propose an e-prescription system to address issues pertaining to the privacy protection in the process of drug prescription. In our system, patients' smart cards play an important role. For one thing, the smart cards are implemented to be portable repositories carrying up-to-date personal medical records and insurance information, providing doctors instant data access crucial to the process of diagnosis and prescription. For the other, with the secret signing key being stored inside, the smart card enables the patient to sign electronically the prescription pad, declaring his acceptance of the prescription. To make the system more realistic, we identify the needs for a patient to delegate his signing capability to other people so as to protect the privacy of information housed on his card. A strong proxy signature scheme achieving technologically mutual agreements on the delegation is proposed to implement the delegation functionality.

Patient Perceptions About Data Sharing & Privacy: Insights from ActionADE.

Science.gov (United States)

Small, Serena S; Peddie, David; Ackerley, Christine; Hohl, Corinne M; Balka, Ellen

2017-01-01

Information communication technologies (ICTs) may improve health delivery by enhancing informational continuity of care and enabling secondary use of health data including public health surveillance and research. ICTs also introduce concerns related to privacy. In this paper, we examine and address this tension in the context of the development and implementation of a novel platform that will enable the documentation and communication of patient-specific ADE information, titled ActionADE. We explored privacy concerns qualitatively from the perspective of patients. Our findings will inform a series of recommendations for system design that seek to balance the need to both share and protect personal health information.

Bridging the transatlantic divide in privacy

Directory of Open Access Journals (Sweden)

Paula Kift

2013-08-01

Full Text Available In the context of the US National Security Agency surveillance scandal, the transatlantic privacy divide has come back to the fore. In the United States, the right to privacy is primarily understood as a right to physical privacy, thus the protection from unwarranted government searches and seizures. In Germany on the other hand, it is also understood as a right to spiritual privacy, thus the right of citizens to develop into autonomous moral agents. The following article will discuss the different constitutional assumptions that underlie American and German attitudes towards privacy, namely privacy as an aspect of liberty or as an aspect of dignity. As data flows defy jurisdictional boundaries, however, policymakers across the Atlantic are faced with a conundrum: how can German and American privacy cultures be reconciled?

MetaSeq: privacy preserving meta-analysis of sequencing-based association studies.

Science.gov (United States)

Singh, Angad Pal; Zafer, Samreen; Pe'er, Itsik

2013-01-01

Human genetics recently transitioned from GWAS to studies based on NGS data. For GWAS, small effects dictated large sample sizes, typically made possible through meta-analysis by exchanging summary statistics across consortia. NGS studies groupwise-test for association of multiple potentially-causal alleles along each gene. They are subject to similar power constraints and therefore likely to resort to meta-analysis as well. The problem arises when considering privacy of the genetic information during the data-exchange process. Many scoring schemes for NGS association rely on the frequency of each variant thus requiring the exchange of identity of the sequenced variant. As such variants are often rare, potentially revealing the identity of their carriers and jeopardizing privacy. We have thus developed MetaSeq, a protocol for meta-analysis of genome-wide sequencing data by multiple collaborating parties, scoring association for rare variants pooled per gene across all parties. We tackle the challenge of tallying frequency counts of rare, sequenced alleles, for metaanalysis of sequencing data without disclosing the allele identity and counts, thereby protecting sample identity. This apparent paradoxical exchange of information is achieved through cryptographic means. The key idea is that parties encrypt identity of genes and variants. When they transfer information about frequency counts in cases and controls, the exchanged data does not convey the identity of a mutation and therefore does not expose carrier identity. The exchange relies on a 3rd party, trusted to follow the protocol although not trusted to learn about the raw data. We show applicability of this method to publicly available exome-sequencing data from multiple studies, simulating phenotypic information for powerful meta-analysis. The MetaSeq software is publicly available as open source.

How Well Are We Respecting Patient Privacy in Medical Imaging? Lessons Learnt From a Departmental Audit.

Science.gov (United States)

Dilauro, Marc; Thornhill, Rebecca; Fasih, Najla

2016-11-01

Preservation of patient privacy and dignity are basic requirements for all patients visiting a hospital. The purpose of this study was to perform an audit of patients' satisfaction with privacy whilst in the Department of Medical Imaging (MI) at the Civic Campus of the Ottawa Hospital. Outpatients who underwent magnetic resonance imaging (MRI), computed tomography (CT), ultrasonography (US), and plain film (XR) examinations were provided with a survey on patient privacy. The survey asked participants to rank (on a 6-point scale ranging from 6 = excellent to 1 = no privacy) whether their privacy was respected in 5 key locations within the Department of MI. The survey was conducted over a consecutive 5-day period. A total of 502 surveys were completed. The survey response rate for each imaging modality was: 55% MRI, 42% CT, 45% US, and 47% XR. For each imaging modality, the total percentage of privacy scores greater than or equal to 5 were: 98% MRI, 96% CT, 94% US, and 92% XR. Privacy ratings for the MRI reception and waiting room areas were significantly higher in comparison to the other imaging modalities (P = .0025 and P = .0227, respectively). Overall, patient privacy was well respected within the Department of MI. Copyright © 2016 Canadian Association of Radiologists. Published by Elsevier Inc. All rights reserved.

Toward Privacy-Preserving Personalized Recommendation Services

Directory of Open Access Journals (Sweden)

Cong Wang

2018-02-01

Full Text Available Recommendation systems are crucially important for the delivery of personalized services to users. With personalized recommendation services, users can enjoy a variety of targeted recommendations such as movies, books, ads, restaurants, and more. In addition, personalized recommendation services have become extremely effective revenue drivers for online business. Despite the great benefits, deploying personalized recommendation services typically requires the collection of users’ personal data for processing and analytics, which undesirably makes users susceptible to serious privacy violation issues. Therefore, it is of paramount importance to develop practical privacy-preserving techniques to maintain the intelligence of personalized recommendation services while respecting user privacy. In this paper, we provide a comprehensive survey of the literature related to personalized recommendation services with privacy protection. We present the general architecture of personalized recommendation systems, the privacy issues therein, and existing works that focus on privacy-preserving personalized recommendation services. We classify the existing works according to their underlying techniques for personalized recommendation and privacy protection, and thoroughly discuss and compare their merits and demerits, especially in terms of privacy and recommendation accuracy. We also identity some future research directions. Keywords: Privacy protection, Personalized recommendation services, Targeted delivery, Collaborative filtering, Machine learning

Towards Privacy Managment of Information Systems

OpenAIRE

Drageide, Vidar

2009-01-01

This masters thesis provides insight into the concept of privacy. It argues why privacy is important, and why developers and system owners should keep privacy in mind when developing and maintaining systems containing personal information. Following this, a strategy for evaluating the overall level of privacy in a system is defined. The strategy is then applied to parts of the cellphone system in an attempt to evaluate the privacy of traffic and location data in this system.

Evaluation of unique identifiers used as keys to match identical publications in Pure and SciVal

DEFF Research Database (Denmark)

Madsen, Heidi Holst; Madsen, Dicte; Gauffriau, Marianne

2016-01-01

, and erroneous optical or special character recognition. The case study explores the use of UIDs in the integration between the databases Pure and SciVal. Specifically journal publications in English are matched between the two databases. We find all error types except erroneous optical or special character......Unique identifiers (UID) are seen as an effective key to match identical publications across databases or identify duplicates in a database. The objective of the present study is to investigate how well UIDs work as match keys in the integration between Pure and SciVal, based on a case...... also briefly discuss how publication sets formed by using UIDs as the match keys may affect the bibliometric indicators number of publications, number of citations, and the average number of citations per publication. The objective is addressed in a literature review and a case study. The literature...

Privacy in an Ambient World

NARCIS (Netherlands)

Dekker, M.A.C.; Etalle, Sandro; den Hartog, Jeremy

Privacy is a prime concern in today's information society. To protect the privacy of individuals, enterprises must follow certain privacy practices, while collecting or processing personal data. In this chapter we look at the setting where an enterprise collects private data on its website,

Information Privacy Revealed

Science.gov (United States)

Lavagnino, Merri Beth

2013-01-01

Why is Information Privacy the focus of the January-February 2013 issue of "EDUCAUSE Review" and "EDUCAUSE Review Online"? Results from the 2012 annual survey of the International Association of Privacy Professionals (IAPP) indicate that "meeting regulatory compliance requirements continues to be the top perceived driver…

Improved security proofs and constructions for public-key cryptography

OpenAIRE

Pan, Jiaxin (M. Sc.)

2016-01-01

Diese Arbeit verbessert die Sicherheitsanalyse und Konstruktierbarkeit von Public-Key-Kryptographie: Der erste Teil der Arbeit schlägt einen vereinfachten Sicherheitsbeweis für digitale Signaturverfahren von kanonischen Identifikationsschemata über die klassischen Fiat-Shamir-Transformation im Random Oracle Modell vor. Der zweite Teil der Arbeit schlägt eine neue Variante der Message Authentication Codes (MACs) vor, die sogenannten affinen MACs. Außerdem wird eine generische Transform...

Student Privacy and Educational Data Mining: Perspectives from Industry

Science.gov (United States)

Sabourin, Jennifer; Kosturko, Lucy; FitzGerald, Clare; McQuiggan, Scott