441 resultados para privacy violations
Resumo:
Real-world cryptographic protocols such as the widely used Transport Layer Security (TLS) protocol support many different combinations of cryptographic algorithms (called ciphersuites) and simultaneously support different versions. Recent advances in provable security have shown that most modern TLS ciphersuites are secure authenticated and confidential channel establishment (ACCE) protocols, but these analyses generally focus on single ciphersuites in isolation. In this paper we extend the ACCE model to cover protocols with many different sub-protocols, capturing both multiple ciphersuites and multiple versions, and define a security notion for secure negotiation of the optimal sub-protocol. We give a generic theorem that shows how secure negotiation follows, with some additional conditions, from the authentication property of secure ACCE protocols. Using this framework, we analyse the security of ciphersuite and three variants of version negotiation in TLS, including a recently proposed mechanism for detecting fallback attacks.
Resumo:
Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing cipher suites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem, we accompany these cipher suites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today's commercial certificate authorities, smoothing the path to adoption. Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE cipher suites integrated into the Open SSL library and using the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie-Hellman, this means an 8 KiB increased handshake size and a reduction in throughput of only 21%. This demonstrates that provably secure post-quantum key-exchange can already be considered practical.
Resumo:
Background: Younger and older pedestrians are both overrepresented in train-pedestrian injury and fatality collision databases. However, scant research has attempted to determine the factors that influence level crossing behaviours for these high risk groups. Method: Five focus groups were undertaken with a total of 27 younger and 17 older pedestrian level crossing users (N = 44). Due to the lack of research in the area, a focus group methodology was implemented to gain a deeper exploratory understanding into the sample’s decision making processes through a pilot study. The three main areas of enquiry were identifying the: (a) primary reasons for unsafe behaviour; (b) factors that deter this behaviour and (c) proposed interventions to improve pedestrian safety at level crossings in the future. Results: Common themes to emerge from both groups regarding the origins of unsafe behaviours were: running late and a fatalistic perspective that some accidents are inevitable. However, younger pedestrians were more likely to report motivators to be: (a) non-perception of danger; (b) impulsive risk taking; and (c) inattention. In contrast, older pedestrians reported their decisions to cross are influenced by mobility issues and sensory salience. Conclusion: The findings indicate that a range of factors influence pedestrian crossing behaviours. This paper will further outline the major findings of the research in regards to intervention development and future research direction.
Resumo:
In his 1987 book, The Media Lab: Inventing the Future at MIT, Stewart Brand provides an insight into the visions of the future of the media in the 1970s and 1980s. 1 He notes that Nicolas Negroponte made a compelling case for the foundation of a media laboratory at MIT with diagrams detailing the convergence of three sectors of the media—the broadcast and motion picture industry; the print and publishing industry; and the computer industry. Stewart Brand commented: ‘If Negroponte was right and communications technologies really are converging, you would look for signs that technological homogenisation was dissolving old boundaries out of existence, and you would expect an explosion of new media where those boundaries used to be’. Two decades later, technology developers, media analysts and lawyers have become excited about the latest phase of media convergence. In 2006, the faddish Time Magazine heralded the arrival of various Web 2.0 social networking services: You can learn more about how Americans live just by looking at the backgrounds of YouTube videos—those rumpled bedrooms and toy‐strewn basement rec rooms—than you could from 1,000 hours of network television. And we didn’t just watch, we also worked. Like crazy. We made Facebook profiles and Second Life avatars and reviewed books at Amazon and recorded podcasts. We blogged about our candidates losing and wrote songs about getting dumped. We camcordered bombing runs and built open‐source software. America loves its solitary geniuses—its Einsteins, its Edisons, its Jobses—but those lonely dreamers may have to learn to play with others. Car companies are running open design contests. Reuters is carrying blog postings alongside its regular news feed. Microsoft is working overtime to fend off user‐created Linux. We’re looking at an explosion of productivity and innovation, and it’s just getting started, as millions of minds that would otherwise have drowned in obscurity get backhauled into the global intellectual economy. The magazine announced that Time’s Person of the Year was ‘You’, the everyman and everywoman consumer ‘for seizing the reins of the global media, for founding and framing the new digital democracy, for working for nothing and beating the pros at their own game’. This review essay considers three recent books, which have explored the legal dimensions of new media. In contrast to the unbridled exuberance of Time Magazine, this series of legal works displays an anxious trepidation about the legal ramifications associated with the rise of social networking services. In his tour de force, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet, Daniel Solove considers the implications of social networking services, such as Facebook and YouTube, for the legal protection of reputation under privacy law and defamation law. Andrew Kenyon’s edited collection, TV Futures: Digital Television Policy in Australia, explores the intersection between media law and copyright law in the regulation of digital television and Internet videos. In The Future of the Internet and How to Stop It, Jonathan Zittrain explores the impact of ‘generative’ technologies and ‘tethered applications’—considering everything from the Apple Mac and the iPhone to the One Laptop per Child programme.
Resumo:
The secretive 2011 Anti-Counterfeiting Trade Agreement – known in short by the catchy acronym ACTA – is a controversial trade pact designed to provide for stronger enforcement of intellectual property rights. The preamble to the treaty reads like pulp fiction – it raises moral panics about piracy, counterfeiting, organised crime, and border security. The agreement contains provisions on civil remedies and criminal offences; copyright law and trademark law; the regulation of the digital environment; and border measures. Memorably, Susan Sell called the international treaty a TRIPS Double-Plus Agreement, because its obligations far exceed those of the World Trade Organization's TRIPS Agreement 1994, and TRIPS-Plus Agreements, such as the Australia-United States Free Trade Agreement 2004. ACTA lacks the language of other international intellectual property agreements, which emphasise the need to balance the protection of intellectual property owners with the wider public interest in access to medicines, human development, and transfer of knowledge and technology. In Australia, there was much controversy both about the form and the substance of ACTA. While the Department of Foreign Affairs and Trade was a partisan supporter of the agreement, a wide range of stakeholders were openly critical. After holding hearings and taking note of the position of the European Parliament and the controversy in the United States, the Joint Standing Committee on Treaties in the Australian Parliament recommended the deferral of ratification of ACTA. This was striking as representatives of all the main parties agreed on the recommendation. The committee was concerned about the lack of transparency, due process, public participation, and substantive analysis of the treaty. There were also reservations about the ambiguity of the treaty text, and its potential implications for the digital economy, innovation and competition, plain packaging of tobacco products, and access to essential medicines. The treaty has provoked much soul-searching as to whether the Trick or Treaty reforms on the international treaty-making process in Australia have been compromised or undermined. Although ACTA stalled in the Australian Parliament, the debate over it is yet to conclude. There have been concerns in Australia and elsewhere that ACTA will be revived as a ‘zombie agreement’. Indeed, in March 2013, the Canadian government introduced a bill to ensure compliance with ACTA. Will it be also resurrected in Australia? Has it already been revived? There are three possibilities. First, the Australian government passed enhanced remedies with respect to piracy, counterfeiting and border measures in a separate piece of legislation – the Intellectual Property Laws Amendment (Raising the Bar) Act 2012 (Cth). Second, the Department of Foreign Affairs and Trade remains supportive of ACTA. It is possible, after further analysis, that the next Australian Parliament – to be elected in September 2013 – will ratify the treaty. Third, Australia is involved in the Trans-Pacific Partnership negotiations. The government has argued that ACTA should be a template for the Intellectual Property Chapter in the Trans-Pacific Partnership. The United States Trade Representative would prefer a regime even stronger than ACTA. This chapter provides a portrait of the Australian debate over ACTA. It is the account of an interested participant in the policy proceedings. This chapter will first consider the deliberations and recommendations of the Joint Standing Committee on Treaties on ACTA. Second, there was a concern that ACTA had failed to provide appropriate safeguards with respect to civil liberties, human rights, consumer protection and privacy laws. Third, there was a concern about the lack of balance in the treaty’s copyright measures; the definition of piracy is overbroad; the suite of civil remedies, criminal offences and border measures is excessive; and there is a lack of suitable protection for copyright exceptions, limitations and remedies. Fourth, there was a worry that the provisions on trademark law, intermediary liability and counterfeiting could have an adverse impact upon consumer interests, competition policy and innovation in the digital economy. Fifth, there was significant debate about the impact of ACTA on pharmaceutical drugs, access to essential medicines and health-care. Sixth, there was concern over the lobbying by tobacco industries for ACTA – particularly given Australia’s leadership on tobacco control and the plain packaging of tobacco products. Seventh, there were concerns about the operation of border measures in ACTA. Eighth, the Joint Standing Committee on Treaties was concerned about the jurisdiction of the ACTA Committee, and the treaty’s protean nature. Finally, the chapter raises fundamental issues about the relationship between the executive and the Australian Parliament with respect to treaty-making. There is a need to reconsider the efficacy of the Trick or Treaty reforms passed by the Australian Parliament in the 1990s.
Resumo:
For a hundred years, since Federation, Australian consumers have suffered the indignity and the tragedy of price discrimination. From the time of imperial publishing networks, Australia has been suffered from cultural colonialism. In respect of pricing of copyright works, Australian consumers have been gouged; ripped-off; and exploited. Digital technologies have not necessarily brought an end to such price discrimination. Australian consumers have been locked out by technological protection measures; subject to surveillance, privacy intrusions and security breaches; locked into walled gardens by digital rights management systems; and geo-blocked.
Resumo:
This study investigates friendships between gay sales associates and heterosexual female customers in luxury retail settings. By employing grounded theory methodology, the study integrates theories and findings from diverse literature streams into an original conceptual framework to illustrate the resources gay sales associates and straight female customers receive from and provide to each other during retail exchanges. The study explains why gay male–straight female friendships are uniquely suited for luxury consumption settings. Female customers characterize their friendships with gay sales associates as providing honesty, security, trust, and comfort, which stems from the absence of sexual interest and a lack of inter-female competition. Gay sales associates receive acceptance for who they are and for their displays of unconventional masculinity in retail settings. They also obtain a temporary rite from their female customers, a so-called mandate of privacy, which permits both parties to ignore the bounds of modesty and accept a degree of intimacy. Such intimacy facilitates transactions that require both personalization and customer–employee closeness, such as the selling of high-end apparel, accessories, and jewelry.
Resumo:
The concept of big data has already outperformed traditional data management efforts in almost all industries. Other instances it has succeeded in obtaining promising results that provide value from large-scale integration and analysis of heterogeneous data sources for example Genomic and proteomic information. Big data analytics have become increasingly important in describing the data sets and analytical techniques in software applications that are so large and complex due to its significant advantages including better business decisions, cost reduction and delivery of new product and services [1]. In a similar context, the health community has experienced not only more complex and large data content, but also information systems that contain a large number of data sources with interrelated and interconnected data attributes. That have resulted in challenging, and highly dynamic environments leading to creation of big data with its enumerate complexities, for instant sharing of information with the expected security requirements of stakeholders. When comparing big data analysis with other sectors, the health sector is still in its early stages. Key challenges include accommodating the volume, velocity and variety of healthcare data with the current deluge of exponential growth. Given the complexity of big data, it is understood that while data storage and accessibility are technically manageable, the implementation of Information Accountability measures to healthcare big data might be a practical solution in support of information security, privacy and traceability measures. Transparency is one important measure that can demonstrate integrity which is a vital factor in the healthcare service. Clarity about performance expectations is considered to be another Information Accountability measure which is necessary to avoid data ambiguity and controversy about interpretation and finally, liability [2]. According to current studies [3] Electronic Health Records (EHR) are key information resources for big data analysis and is also composed of varied co-created values [3]. Common healthcare information originates from and is used by different actors and groups that facilitate understanding of the relationship for other data sources. Consequently, healthcare services often serve as an integrated service bundle. Although a critical requirement in healthcare services and analytics, it is difficult to find a comprehensive set of guidelines to adopt EHR to fulfil the big data analysis requirements. Therefore as a remedy, this research work focus on a systematic approach containing comprehensive guidelines with the accurate data that must be provided to apply and evaluate big data analysis until the necessary decision making requirements are fulfilled to improve quality of healthcare services. Hence, we believe that this approach would subsequently improve quality of life.
Resumo:
During everyday urban life, people spend time in public urban places waiting for specific events to occur. During these times, people sometimes tend to engage with their information and communication technology (ICT) devices in a way that shuts off interactions with collocated people. These devices could also be used to better connect with the urban space and collocated people within. This chapter presents and discusses the impact of three design interventions on the urban user experience enabling collocated people to share lightweight, non-privacy-sensitive data in the urban space. We investigate and discuss the impact on the urban experience under the notions of people, place, and technology with an emphasis on how the sharing of non-privacy-sensitive data can positively transform anonymous public urban places in various ways through anonymous digital augmentations.
Resumo:
With the ever increasing amount of eHealth data available from various eHealth systems and sources, Health Big Data Analytics promises enticing benefits such as enabling the discovery of new treatment options and improved decision making. However, concerns over the privacy of information have hindered the aggregation of this information. To address these concerns, we propose the use of Information Accountability protocols to provide patients with the ability to decide how and when their data can be shared and aggregated for use in big data research. In this paper, we discuss the issues surrounding Health Big Data Analytics and propose a consent-based model to address privacy concerns to aid in achieving the promised benefits of Big Data in eHealth.
Resumo:
Concerns over the security and privacy of patient information are one of the biggest hindrances to sharing health information and the wide adoption of eHealth systems. At present, there are competing requirements between healthcare consumers' (i.e. patients) requirements and healthcare professionals' (HCP) requirements. While consumers want control over their information, healthcare professionals want access to as much information as required in order to make well-informed decisions and provide quality care. In order to balance these requirements, the use of an Information Accountability Framework devised for eHealth systems has been proposed. In this paper, we take a step closer to the adoption of the Information Accountability protocols and demonstrate their functionality through an implementation in FluxMED, a customisable EHR system.
Resumo:
This tutorial primarily focuses on the implementation of Information Accountability (IA) protocols defined in an Information Accountability Framework (IAF) in eHealth systems. Concerns over the security and privacy of patient information are one of the biggest hindrances to sharing health information and the wide adoption of eHealth systems. At present, there are competing requirements between healthcare consumers' (i.e. patients) requirements and healthcare professionals' (HCP) requirements. While consumers want control over their information, healthcare professionals want access to as much information as required in order to make well-informed decisions and provide quality care. This conflict is evident in the review of Australia's PCEHR system and in recent studies of patient control of access to their eHealth information. In order to balance these requirements, the use of an Information Accountability Framework devised for eHealth systems has been proposed. Through the use of IA protocols, so-called Accountable-eHealth systems (AeH) create an eHealth environment where health information is available to the right person at the right time without rigid barriers whilst empowering the consumers with information control and transparency. In this half-day tutorial, we will discuss and describe the technical challenges surrounding the implementation of the IAF protocols into existing eHealth systems and demonstrate their use. The functionality of the protocols and AeH systems will be demonstrated, and an example of the implementation of the IAF protocols into an existing eHealth system will be presented and discussed.
Resumo:
The world has experienced a large increase in the amount of available data. Therefore, it requires better and more specialized tools for data storage and retrieval and information privacy. Recently Electronic Health Record (EHR) Systems have emerged to fulfill this need in health systems. They play an important role in medicine by granting access to information that can be used in medical diagnosis. Traditional systems have a focus on the storage and retrieval of this information, usually leaving issues related to privacy in the background. Doctors and patients may have different objectives when using an EHR system: patients try to restrict sensible information in their medical records to avoid misuse information while doctors want to see as much information as possible to ensure a correct diagnosis. One solution to this dilemma is the Accountable e-Health model, an access protocol model based in the Information Accountability Protocol. In this model patients are warned when doctors access their restricted data. They also enable a non-restrictive access for authenticated doctors. In this work we use FluxMED, an EHR system, and augment it with aspects of the Information Accountability Protocol to address these issues. The Implementation of the Information Accountability Framework (IAF) in FluxMED provides ways for both patients and physicians to have their privacy and access needs achieved. Issues related to storage and data security are secured by FluxMED, which contains mechanisms to ensure security and data integrity. The effort required to develop a platform for the management of medical information is mitigated by the FluxMED's workflow-based architecture: the system is flexible enough to allow the type and amount of information being altered without the need to change in your source code.
Resumo:
RFID is an important technology that can be used to create the ubiquitous society. But an RFID system uses open radio frequency signal to transfer information and this leads to pose many serious threats to its privacy and security. In general, the computing and storage resources in an RFID tag are very limited and this makes it difficult to solve its secure and private problems, especially for low-cost RFID tags. In order to ensure the security and privacy of low-cost RFID systems we propose a lightweight authentication protocol based on Hash function. This protocol can ensure forward security and prevent information leakage, location tracing, eavesdropping, replay attack and spoofing. This protocol completes the strong authentication of the reader to the tag by twice authenticating and it only transfers part information of the encrypted tag’s identifier for each session so it is difficult for an adversary to intercept the whole identifier of a tag. This protocol is simple and it takes less computing and storage resources, it is very suitable to some low-cost RFID systems.
Resumo:
Aims To discuss ethical issues that may arise in using WWA to monitor illicit drug use in the general population and in entertainment precincts, prisons, schools and work-places. Method Review current applications of WWA and identify ethical and social issues that may be raised with current and projected future uses of this method. Results Wastewater analysis (WWA) of drug residues is a promising method of monitoring illicit drug use that may overcome some limitations of other monitoring methods. When used for monitoring purposes in large populations, WWA does not raise major ethical concerns because individuals are not identified and the prospects of harming residents of catchment areas are remote. When WWA is used in smaller catchment areas (entertainment venues, prisons, schools or work-places) their results could, possibly, indirectly affect the occupants adversely. Researchers will need to take care in reporting their results to reduce media misreporting. Fears about possible use of WWA for mass individual surveillance by drug law enforcement officials are unlikely to be realized, but will need to be addressed because they may affect public support adversely for this type of research. Conclusions Using wastewater analysis to monitor illicit drug use in large populations does not raise major ethical concerns, but researchers need to minimize possible adverse consequences in studying smaller populations, such as workers, prisoners and students.
