Adaptive Privacy Management System Design For Context-Aware Mobile Devices

While mobile technologies can provide great personalized services for mobile users, they also threaten their privacy. Such personalization-privacy paradox are particularly salient for context aware technology based mobile applications where user's behaviors, movement and habits can be associated with a consumer's personal identity. In this thesis, I studied the privacy issues in the mobile context, particularly focus on an adaptive privacy management system design for context-aware mobile devices, and explore the role of personalization and control over user's personal data. This allowed me to make multiple contributions, both theoretical and practical. In the theoretical world, I propose and prototype an adaptive Single-Sign On solution that use user's context information to protect user's private information for smartphone. To validate this solution, I first proved that user's context is a unique user identifier and context awareness technology can increase user's perceived ease of use of the system and service provider's authentication security. I then followed a design science research paradigm and implemented this solution into a mobile application called "Privacy Manager". I evaluated the utility by several focus group interviews, and overall the proposed solution fulfilled the expected function and users expressed their intentions to use this application. To better understand the personalization-privacy paradox, I built on the theoretical foundations of privacy calculus and technology acceptance model to conceptualize the theory of users' mobile privacy management. I also examined the role of personalization and control ability on my model and how these two elements interact with privacy calculus and mobile technology model. In the practical realm, this thesis contributes to the understanding of the tradeoff between the benefit of personalized services and user's privacy concerns it may cause. By pointing out new opportunities to rethink how user's context information can protect private data, it also suggests new elements for privacy related business models.

ARCHITECTING USER-CENTRIC PRIVACY-AS-A-SET-OF-SERVICES: DIGITAL IDENTITY RELATED PRIVACY FRAMEWORK

AbstractDigitalization gives to the Internet the power by allowing several virtual representations of reality, including that of identity. We leave an increasingly digital footprint in cyberspace and this situation puts our identity at high risks. Privacy is a right and fundamental social value that could play a key role as a medium to secure digital identities. Identity functionality is increasingly delivered as sets of services, rather than monolithic applications. So, an identity layer in which identity and privacy management services are loosely coupled, publicly hosted and available to on-demand calls could be more realistic and an acceptable situation. Identity and privacy should be interoperable and distributed through the adoption of service-orientation and implementation based on open standards (technical interoperability). Ihe objective of this project is to provide a way to implement interoperable user-centric digital identity-related privacy to respond to the need of distributed nature of federated identity systems. It is recognized that technical initiatives, emerging standards and protocols are not enough to guarantee resolution for the concerns surrounding a multi-facets and complex issue of identity and privacy. For this reason they should be apprehended within a global perspective through an integrated and a multidisciplinary approach. The approach dictates that privacy law, policies, regulations and technologies are to be crafted together from the start, rather than attaching it to digital identity after the fact. Thus, we draw Digital Identity-Related Privacy (DigldeRP) requirements from global, domestic and business-specific privacy policies. The requirements take shape of business interoperability. We suggest a layered implementation framework (DigldeRP framework) in accordance to model-driven architecture (MDA) approach that would help organizations' security team to turn business interoperability into technical interoperability in the form of a set of services that could accommodate Service-Oriented Architecture (SOA): Privacy-as-a-set-of- services (PaaSS) system. DigldeRP Framework will serve as a basis for vital understanding between business management and technical managers on digital identity related privacy initiatives. The layered DigldeRP framework presents five practical layers as an ordered sequence as a basis of DigldeRP project roadmap, however, in practice, there is an iterative process to assure that each layer supports effectively and enforces requirements of the adjacent ones. Each layer is composed by a set of blocks, which determine a roadmap that security team could follow to successfully implement PaaSS. Several blocks' descriptions are based on OMG SoaML modeling language and BPMN processes description. We identified, designed and implemented seven services that form PaaSS and described their consumption. PaaSS Java QEE project), WSDL, and XSD codes are given and explained.

La responsabilité des Etats pour les violations des droits de l'homme commises par les entreprises militaires et de sécurité privées

Cet article traite des entreprises militaires et de sécurité privées (EMSP) fournissant des services qui jusque lors étaient dévolus aux armées nationales. Malgré les nombreux incidents entraînant des violations des droits de l'homme, ces contractors ne sont que rarement poursuivis et sanctionnés. Les EMSP opèrent-elles dès lors dans un vide juridique où elles peuvent agir en toute impunité ? Qui peut être tenu pour responsable de leurs actes ? Cet article part du principe que les activités des EMSP sont rendues possibles grâce à l'assentiment ou l'absence de réprobation des Etats, et donc que la question de la responsabilité pour les actes des EMSP est également celle de la responsabilité de l'Etat. Il convient donc d'analyser les règles sur la responsabilité de l'Etat pour fait internationalement illicite et surtout les obligations positives des Etats découlant des principaux instruments internationaux et régionaux de protection des droits de l'homme. L'enjeu est de démontrer qu'un Etat ne peut pas s'exonérer de sa responsabilité en délégant ses fonctions gouvernementales à des organismes privés.

Le renforcement de la loi fédérale sur la protection des données : le cas de la protection de la vie privée dès la conception (privacy by design)

La protection des données est un élément essentiel d'un Etat de droit et une société démocratique, car elle accorde à chaque individu le droit de disposer de ce qui fait partie de sa sphère privée. Actuellement en Suisse, la loi fédérale sur la protection des données (LPD) est en vigueur depuis 1993. En 2010, l'Office fédéral de la justice a supervisé une évaluation de son efficacité : il en résulte que cette dernière a été prouvée, mais tendra à diminuer fortement dans les années à suivre. Pour causes principales : l'évolution des technologies, caractérisée notamment par le développement des moyens de traitement de données toujours plus variés et conséquents, et un manque d'informations des individus par rapport à la protection des données en générale et à leurs droits. Suite à l'évaluation, cinq objectifs de révision ont été formulés par le Conseil fédéral, dont celui d'intégrer la privacy by design ou « protection de la vie privée dès la conception » dans la loi. Ce concept, qui est également repris dans les travaux européens en cours, est développé à l'origine par l'Information and Privacy Commissionner de l'Ontario (Canada), Ann Cavoukian. Le principe général de la privacy by design est que la protection de la vie privée doit être incluse dans les systèmes traitant les données lors de leur conception. Souvent évoquée comme une solution idéale, répondant au problème de l'inadéquation de la loi par la logique de prévention qu'elle promeut, la privacy by design demeure toutefois un souhait dont l'application n'est que peu analysée. Ce travail cherche justement à répondre à la question de la manière de la mettre en oeuvre dans la législation suisse. Se basant sur les textes et la doctrine juridiques et une littérature dans les domaines de l'économie, l'informatique, la politique et la sociologie des données personnelles, il propose tout d'abord une revue générale des principes et définitions des concepts-clés de la protection des données en Suisse et dans le cadre international. Puis, il propose deux possibilités d'intégration de la privacy by design : la première est une solution privée non contraignante qui consiste à promouvoir le concept et faire en sorte que les responsables de traitement décident par eux-mêmes d'intégrer la privacy by design dans leurs projets ; ce procédé est possible grâce au renforcement du processus de certification déjà en cours. La deuxième option est une solution contraignante visant à intégrer le principe directement dans la loi et de prendre les mesures pour le rendre effectif ; ce travail montre que le développement de la figure du conseiller à la protection des données permet d'atteindre cet objectif. Enfin, des considérations générales sur l'application du principe sont abordées, telles que l'influence des développements en cours dans l'Union européenne sur la Suisse par rapport à la protection des données et la limite posée par le principe de territorialité.

Privacy as a Tradeoff: Introducing the Notion of Privacy Calculus for Context-Aware Mobile Applications

Evidences collected from smartphones users show a growing desire of personalization offered by services for mobile devices. However, the need to accurately identify users' contexts has important implications for user's privacy and it increases the amount of trust, which users are requested to have in the service providers. In this paper, we introduce a model that describes the role of personalization and control in users' assessment of cost and benefits associated to the disclosure of private information. We present an instantiation of such model, a context-aware application for smartphones based on the Android operating system, in which users' private information are protected. Focus group interviews were conducted to examine users' privacy concerns before and after having used our application. Obtained results confirm the utility of our artifact and provide support to our theoretical model, which extends previous literature on privacy calculus and user's acceptance of context-aware technology.

Privacy-friendly Business Models for Location-Based Mobile Services

This paper presents a theoretical model to analyze the privacy issues around location based mobile business models. We report the results of an exploratory field experiment in Switzerland that assessed the factors driving user payoff in mobile business. We found that (1) the personal data disclosed has a negative effect on user payoff; (2) the amount of personalization available has a direct and positive effect, as well as a moderating effect on user payoff; (3) the amount of control over user's personal data has a direct and positive effect, as well as a moderating effect on user payoff. The results suggest that privacy protection could be the main value proposition in the B2C mobile market. From our theoretical model we derive a set of guidelines to design a privacy-friendly business model pattern for third-party services. We discuss four examples to show the mobile platform can play a key role in the implementation of these new business models.

From 'Security for Privacy' to 'Privacy for Security'

This article envisions the use of context-awareness to improve single sign-on solutions (SSO) for mobile users. The attribute-based SSO is expected to increase users' perceived ease of use of the system and service providers' authentication security of the application. From these two features we derive two value propositions for a new business model for mobile platforms. The business model can be considered as an instantiation of the privacy-friendly business model pattern presented in our previous work, reinforcing our claim that privacy-friendly value propositions are possible and can be used to obtain a competitive advantage.

Business Model Considerations for Privacy Protection in a Mobile Location Based Context

In this paper we discuss the main privacy issues around mobile business models and we envision new solutions having privacy protection as a main value proposition. We construct a framework to help analyze the situation and assume that a third party is necessary to warrant transactions between mobile users and m-commerce providers. We then use the business model canvas to describe a generic business model pattern for privacy third party services. This pattern is then illustrated in two different variations of a privacy business model, which we call privacy broker and privacy management software. We conclude by giving examples for each business model and by suggesting further directions of investigation

A prospective randomised multi-centre controlled trial on tight glucose control by intensive insulin therapy in adult intensive care units: the Glucontrol study.

PURPOSE: An optimal target for glucose control in ICU patients remains unclear. This prospective randomized controlled trial compared the effects on ICU mortality of intensive insulin therapy (IIT) with an intermediate glucose control. METHODS: Adult patients admitted to the 21 participating medico-surgical ICUs were randomized to group 1 (target BG 7.8-10.0 mmol/L) or to group 2 (target BG 4.4-6.1 mmol/L). RESULTS: While the required sample size was 1,750 per group, the trial was stopped early due to a high rate of unintended protocol violations. From 1,101 admissions, the outcomes of 542 patients assigned to group 1 and 536 of group 2 were analysed. The groups were well balanced. BG levels averaged in group 1 8.0 mmol/L (IQR 7.1-9.0) (median of all values) and 7.7 mmol/L (IQR 6.7-8.8) (median of morning BG) versus 6.5 mmol/L (IQR 6.0-7.2) and 6.1 mmol/L (IQR 5.5-6.8) for group 2 (p < 0.0001 for both comparisons). The percentage of patients treated with insulin averaged 66.2 and 96.3%, respectively. Proportion of time spent in target BG was similar, averaging 39.5% and 45.1% (median (IQR) 34.3 (18.5-50.0) and 39.3 (26.2-53.6)%) in the groups 1 and 2, respectively. The rate of hypoglycaemia was higher in the group 2 (8.7%) than in group 1 (2.7%, p < 0.0001). ICU mortality was similar in the two groups (15.3 vs. 17.2%). CONCLUSIONS: In this prematurely stopped and therefore underpowered study, there was a lack of clinical benefit of intensive insulin therapy (target 4.4-6.1 mmol/L), associated with an increased incidence of hypoglycaemia, as compared to a 7.8-10.0 mmol/L target. (ClinicalTrials.gov # NCT00107601, EUDRA-CT Number: 200400391440).

A forensic perspective of the AFL investigation into peptides: an antidoping investigation case study.

BACKGROUND: The World Anti-Doping Agency (WADA) is introducing enhancements to doping investigations in its 2015 Code, which include improved sharing of information between antidoping organisations (including sporting bodies) and enhanced accountability of athlete support staff. These additions will improve the control of links between sports doping and organised crime. In February 2013 the Australian Crime Commission released a report that linked several professional sporting codes, professional athletes with links to organised crime, performance enhancing drugs and illicit substances. Following this report the Australian Football League (AFL) partnered the Australian national antidoping organisation to investigate peptide use in Australian football. METHODS: This review compared the model proposed by Marclay, a hypothetical model for anti-doping investigations that proposed a forensic intelligence and analysis approach, to use the forensic capabilities of the AFL investigation to test the model's relevance to an actual case. RESULTS: The investigation uncovered the use of peptides used to enhance athlete performance. The AFL investigation found a high risk of doping where athlete support staff existed in teams with weak corporate governance controls. A further finding included the need for the investigation to provide a timely response in professional team sports that were sensitive to the competition timing. In the case of the AFL the team was sanctioned prior to the finals as an interim outcome for allowing the risk of use of performance-enhancing substances. Doping violation charges are still being considered. DISCUSSION: Antidoping strategies should include the investigation of corporate officers in team doping circumstances, the mandatory recording of all athlete substance use during competition and training phases, the wider sharing of forensic intelligence with non-sporting bodies particularly law enforcement and collaboration between antidoping and sporting organisations in doping investigations. CONCLUSIONS: The AFL investigation illustrated the importance of the 2015 WADA Code changes and highlighted the need for a systematic use of broad forensic intelligence activities in the investigation of doping violations.