Regulatory approaches to genetic testing in insurance

Rapid advancements in the field of genetic science have engendered considerable debate, speculation, misinformation and legislative action worldwide. While programs such as the Human Genome Project bring the prospect of seemingly miraculous medical advancements within imminent reach, they also create the potential for significant invasions of traditional areas of privacy and human dignity through laying the potential foundation for new forms of discrimination in insurance, employment and immigration regulation. The insurance industry, which has of course, traditionally been premised on discrimination as part of its underwriting process, is proving to be the frontline of this regulatory battle with extensive legislation, guidelines and debate marking its progress.

One-time-password-authenticated key exchange

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. ---------- We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.

Predicate-based key exchange

We provide the first description of and security model for authenticated key exchange protocols with predicate-based authentication. In addition to the standard goal of session key security, our security model also provides for credential privacy: a participating party learns nothing more about the other party's credentials than whether they satisfy the given predicate. Our model also encompasses attribute-based key exchange since it is a special case of predicate-based key exchange.---------- We demonstrate how to realize a secure predicate-based key exchange protocol by combining any secure predicate-based signature scheme with the basic Diffie-Hellman key exchange protocol, providing an efficient and simple solution.

Legal aspects of Web 2.0 activities : management of legal risk associated with use of YouTube, MySpace and Second Life

This Report, prepared for Smart Service Queensland (“SSQ”), addresses legal issues, areas of risk and other factors associated with activities conducted on three popular online platforms—YouTube, MySpace and Second Life (which are referred to throughout this Report as the “Platforms”). The Platforms exemplify online participatory spaces and behaviours, including blogging and networking, multimedia sharing, and immersive virtual environments.

A genealogy of the problematic of homelessness and the homeless in Australia

The homeless have been subject to considerable scrutiny, historically and within current social, political and public discourse. The aetiology of homelessness has been the focus of a large body of economic, sociological, historical and political investigation. Importantly, efforts to conceptualise, explain and measure, the phenomenon of homelessness and homeless people has occurred largely within the context of defining “the problem of the homeless” and the generation of solutions to the ‘problem’. There has been little consideration of how and why homelessness has come to be seen, or understood, as a problem, or how this can change across time and/or place. This alternative stream of research has focused on tracing and analysing the relationship between how people experiencing homeless have become a matter of government concern and the manner in which homelessness itself has been problematised. With this in mind this study has analysed the discourses - political, social and economic rationalities and knowledges - which have provided the conditions of possibility for the identification of the homeless and homelessness as a problem needing to be governed and the means for translating these discourses into the applied domain. The aim of this thesis has been to contribute to current knowledge by developing a genealogy of the conditions and rationalities that have underpinned the problematisation of homelessness and the homeless. The outcome of this analysis has been to open up the opportunity to consider alternative governmental possibilities arising from the exposure of the way in which contemporary problematisation and responses have been influenced by the past. An understanding of this process creates an ability to appreciate the intended and unintended consequences for the future direction of public policy and contemporary research.

Fraud detection in ERP systems using scenario matching

ERP systems generally implement controls to prevent certain common kinds of fraud. In addition however, there is an imperative need for detection of more sophisticated patterns of fraudulent activity as evidenced by the legal requirement for company audits and the common incidence of fraud. This paper describes the design and implementation of a framework for detecting patterns of fraudulent activity in ERP systems. We include the description of six fraud scenarios and the process of specifying and detecting the occurrence of those scenarios in ERP user log data using the prototype software which we have developed. The test results for detecting these scenarios in log data have been verified and confirm the success of our approach which can be generalized to ERP systems in general.

If it's encrypted it's secure! The viability of US state-based encryption exemptions

US state-based data breach notification laws have unveiled serious corporate and government failures regarding the security of personal information. These laws require organisations to notify persons who may be affected by an unauthorized acquisition of their personal information. Safe harbours to notification exist if personal information is encrypted. Three types of safe harbour have been identified in the literature: exemptions, rebuttable presumptions and factors. The underlying assumption of exemptions is that encrypted personal information is secure and therefore unauthorized access does not pose a risk. However, the viability of this assumption is questionable when examined against data breaches involving encrypted information and the demanding practical requirements of effective encryption management. Recent recommendations by the Australian Law Reform Commission (ALRC) would amend the Privacy Act 1988 (Cth) to implement a data breach scheme that includes a different type of safe harbour, factor based analysis. The authors examine the potential capability of the ALRC’s proposed encryption safe harbour in relation to the US experience at the state legislature level.

Home advantage

This article discusses a house located in Bowen Hills, Brisbane, Queensland, that was designed by its owner, architect Paul Curran of Push. The house features a zinc clad multipurpose structure in front of the living areas that also acts to provide privacy to the house from its busy street.

Reparations for Indigenous People: International and Comparative Perspectives

Published in concomitance with the adoption of the United Nations Declaration on the Rights of Indigenous Peoples, this volume brings together a group of renowned legal experts and activists from different parts of the world who, from international and comparative perspectives, investigate the right of indigenous peoples to reparation for breaches of their individual and collective rights. The first part of the book is devoted to general aspects of this important matter, providing a comprehensive assessment of the relevant international legal framework and including overviews of the topic of reparations for human rights violations, the status of indigenous peoples in international law, and the vision of reparations as conceived by the communities concerned. The second part embraces a comprehensive investigation of the relevant practice at the international, regional, and national level, examining the best practices of reparations according to the ideologies and expectations of indigenous peoples and offering a comparative perspective on the ways in which the right of these peoples to redress for the injuries suffered is realized worldwide. The global picture painted by these contributions provides a view of the status of relevant international law that is synthesized in the two final chapters of the book, which include a concrete example of how a judicial claim for reparation is to be structured and prescribes the best practices and strategies to be adopted in order to maximize the opportunities for indigenous peoples to obtain effective redress. As a whole, this volume offers a comprehensive vision of its subject matter in international and comparative law, with a practical approach aimed at supporting legal academics, administrators, and practitioners in improving the avenues and modalities of reparations for indigenous peoples

In Bed with Autobiography: Unravelling the Fabric of Gender and Genre in Women’s Bed(room) Confessions

This thesis consists of a confessional narrative, What My Mother Doesn’t Know, and an accompanying exegesis, And Why I Should (Maybe) Tell Her. The creative piece employs the confessional mode as a subversive device in three separate narratives, each of which situates the bed as a site of resistance. The exegesis investigates how this self-disclosure in a domestic space flouts the governing rules of self-representation, specifically: telling the truth, respecting privacy and displaying normalcy. The female confession, I argue, creates an alternative space in women’s autobiography where notions of truth-telling can be undermined, the political dimensions of personal experience can be uncovered and the discourse of normality can be negotiated. In particular, women’s confessions told in, on or about the bed, dismantle the genre’s illusion of self and confirm the representative aspects of women’s experience. Framed within these parameters of power and powerlessness, the exegesis includes textual analyses of Charlotte Perkins Gilman’s The Yellow Wallpaper (1892), Tracey Emin’s My Bed (1999) and Lauren Slater’s Lying (2000), each of which exposes in a bedroom space, the author’s most obscure, intimate and traumatic experiences. Situated firmly within and against the genre’s traditional masculine domain, the exegesis also includes mediations on the creative work that validate the bed as my fabric for confession.

Urban informatics and sustainable cities (Workshop)

One way to build more sustainable cities through network technologies is to start with monitoring the level and usage of resources as well as encourage citizens to participate in sustainable everyday practices. This workshop focuses on three fundamental areas of sustainable cities through urban informatics and ubiquitous computing: Environment: climate change adaptation Health: Food practices and cultures Civic engagement: citizen participation and interaction In particular, the workshop seeks to come up with locally (Oulu) specific ‘mash-up’ solutions that enhance the interactions of citizens with the physical city using data from various sources such as sensor networks. Students will work in groups to research, analyze, design, and develop local mash-ups. The workshop is designed to help students gain understanding of sustainability in a techno-social context, such as how the existing data can be effectively utilized, how to gather new data, and how to design efficient and engaging computer-human interactions. Further issues of consideration include access to and privacy of information and spaces, cultural specificities, and transdisciplinary research.

Health law in Australia

Health Law in Australia is the first book to deal with health law on a comprehensive national basis. In a field of law that is becoming increasingly important and where the demand for expertise is rapidly expanding, Health Law in Australia takes a logical, structured approach to an examination of the law in all Australian jurisdictions. By covering all the major areas in this diverse field of law, Health Law in Australia enhances the understanding of the discipline as a whole. Beginning with an exploration of the general principles of health law, including chapters on “Medical Negligence”, “Children and Consent”, and “Confidentiality, Privacy, and Access to Health Records”, the book goes on to consider beginning-of-life and end-of-life issues before concluding with chapters on emerging areas in health law, such as biotechnology and medical research. The contributing authors include national leaders in the field who are specialists in these areas of health law and who can therefore reveal to readers the results of their research. Health Law in Australia has been written for those with a legal background and is essential reading for undergraduate law students, postgraduate law students, researchers and scholars in the disciplines of law, health and medicine, as well as legal practitioners, government departments and bodies in the health area, and private health providers.

Securing medical research data with a rights management system

We propose a digital rights management approach for sharing electronic health records for research purposes and argue advantages of the approach. We give an outline of our implementation, discuss challenges that we faced and future directions.

Attribute-based authenticated key exchange

We introduce the concept of attribute-based authenticated key exchange (AB-AKE) within the framework of ciphertext policy attribute-based systems. A notion of AKE-security for AB-AKE is presented based on the security models for group key exchange protocols and also taking into account the security requirements generally considered in the ciphertext policy attribute-based setting. We also extend the paradigm of hybrid encryption to the ciphertext policy attribute-based encryption schemes. A new primitive called encapsulation policy attribute-based key encapsulation mechanism (EP-AB-KEM) is introduced and a notion of chosen ciphertext security is de�ned for EP-AB-KEMs. We propose an EP-AB-KEM from an existing attribute-based encryption scheme and show that it achieves chosen ciphertext security in the generic group and random oracle models. We present a generic one-round AB-AKE protocol that satis�es our AKE-security notion. The protocol is generically constructed from any EP-AB-KEM that satis�es chosen ciphertext security. Instantiating the generic AB-AKE protocol with our EP-AB-KEM will result in a concrete one-round AB-AKE protocol also secure in the generic group and random oracle models.

Improved algebraic cryptanalysis of QUAD, Bivium and Trivium via graph partitioning on equation systems

We present a novel approach for preprocessing systems of polynomial equations via graph partitioning. The variable-sharing graph of a system of polynomial equations is defined. If such graph is disconnected, then the corresponding system of equations can be split into smaller ones that can be solved individually. This can provide a tremendous speed-up in computing the solution to the system, but is unlikely to occur either randomly or in applications. However, by deleting certain vertices on the graph, the variable-sharing graph could be disconnected in a balanced fashion, and in turn the system of polynomial equations would be separated into smaller systems of near-equal sizes. In graph theory terms, this process is equivalent to finding balanced vertex partitions with minimum-weight vertex separators. The techniques of finding these vertex partitions are discussed, and experiments are performed to evaluate its practicality for general graphs and systems of polynomial equations. Applications of this approach in algebraic cryptanalysis on symmetric ciphers are presented: For the QUAD family of stream ciphers, we show how a malicious party can manufacture conforming systems that can be easily broken. For the stream ciphers Bivium and Trivium, we nachieve significant speedups in algebraic attacks against them, mainly in a partial key guess scenario. In each of these cases, the systems of polynomial equations involved are well-suited to our graph partitioning method. These results may open a new avenue for evaluating the security of symmetric ciphers against algebraic attacks.