Adaptive Privacy Management System Design For Context-Aware Mobile Devices

While mobile technologies can provide great personalized services for mobile users, they also threaten their privacy. Such personalization-privacy paradox are particularly salient for context aware technology based mobile applications where user's behaviors, movement and habits can be associated with a consumer's personal identity. In this thesis, I studied the privacy issues in the mobile context, particularly focus on an adaptive privacy management system design for context-aware mobile devices, and explore the role of personalization and control over user's personal data. This allowed me to make multiple contributions, both theoretical and practical. In the theoretical world, I propose and prototype an adaptive Single-Sign On solution that use user's context information to protect user's private information for smartphone. To validate this solution, I first proved that user's context is a unique user identifier and context awareness technology can increase user's perceived ease of use of the system and service provider's authentication security. I then followed a design science research paradigm and implemented this solution into a mobile application called "Privacy Manager". I evaluated the utility by several focus group interviews, and overall the proposed solution fulfilled the expected function and users expressed their intentions to use this application. To better understand the personalization-privacy paradox, I built on the theoretical foundations of privacy calculus and technology acceptance model to conceptualize the theory of users' mobile privacy management. I also examined the role of personalization and control ability on my model and how these two elements interact with privacy calculus and mobile technology model. In the practical realm, this thesis contributes to the understanding of the tradeoff between the benefit of personalized services and user's privacy concerns it may cause. By pointing out new opportunities to rethink how user's context information can protect private data, it also suggests new elements for privacy related business models.

ARCHITECTING USER-CENTRIC PRIVACY-AS-A-SET-OF-SERVICES: DIGITAL IDENTITY RELATED PRIVACY FRAMEWORK

AbstractDigitalization gives to the Internet the power by allowing several virtual representations of reality, including that of identity. We leave an increasingly digital footprint in cyberspace and this situation puts our identity at high risks. Privacy is a right and fundamental social value that could play a key role as a medium to secure digital identities. Identity functionality is increasingly delivered as sets of services, rather than monolithic applications. So, an identity layer in which identity and privacy management services are loosely coupled, publicly hosted and available to on-demand calls could be more realistic and an acceptable situation. Identity and privacy should be interoperable and distributed through the adoption of service-orientation and implementation based on open standards (technical interoperability). Ihe objective of this project is to provide a way to implement interoperable user-centric digital identity-related privacy to respond to the need of distributed nature of federated identity systems. It is recognized that technical initiatives, emerging standards and protocols are not enough to guarantee resolution for the concerns surrounding a multi-facets and complex issue of identity and privacy. For this reason they should be apprehended within a global perspective through an integrated and a multidisciplinary approach. The approach dictates that privacy law, policies, regulations and technologies are to be crafted together from the start, rather than attaching it to digital identity after the fact. Thus, we draw Digital Identity-Related Privacy (DigldeRP) requirements from global, domestic and business-specific privacy policies. The requirements take shape of business interoperability. We suggest a layered implementation framework (DigldeRP framework) in accordance to model-driven architecture (MDA) approach that would help organizations' security team to turn business interoperability into technical interoperability in the form of a set of services that could accommodate Service-Oriented Architecture (SOA): Privacy-as-a-set-of- services (PaaSS) system. DigldeRP Framework will serve as a basis for vital understanding between business management and technical managers on digital identity related privacy initiatives. The layered DigldeRP framework presents five practical layers as an ordered sequence as a basis of DigldeRP project roadmap, however, in practice, there is an iterative process to assure that each layer supports effectively and enforces requirements of the adjacent ones. Each layer is composed by a set of blocks, which determine a roadmap that security team could follow to successfully implement PaaSS. Several blocks' descriptions are based on OMG SoaML modeling language and BPMN processes description. We identified, designed and implemented seven services that form PaaSS and described their consumption. PaaSS Java QEE project), WSDL, and XSD codes are given and explained.

Le renforcement de la loi fédérale sur la protection des données : le cas de la protection de la vie privée dès la conception (privacy by design)

La protection des données est un élément essentiel d'un Etat de droit et une société démocratique, car elle accorde à chaque individu le droit de disposer de ce qui fait partie de sa sphère privée. Actuellement en Suisse, la loi fédérale sur la protection des données (LPD) est en vigueur depuis 1993. En 2010, l'Office fédéral de la justice a supervisé une évaluation de son efficacité : il en résulte que cette dernière a été prouvée, mais tendra à diminuer fortement dans les années à suivre. Pour causes principales : l'évolution des technologies, caractérisée notamment par le développement des moyens de traitement de données toujours plus variés et conséquents, et un manque d'informations des individus par rapport à la protection des données en générale et à leurs droits. Suite à l'évaluation, cinq objectifs de révision ont été formulés par le Conseil fédéral, dont celui d'intégrer la privacy by design ou « protection de la vie privée dès la conception » dans la loi. Ce concept, qui est également repris dans les travaux européens en cours, est développé à l'origine par l'Information and Privacy Commissionner de l'Ontario (Canada), Ann Cavoukian. Le principe général de la privacy by design est que la protection de la vie privée doit être incluse dans les systèmes traitant les données lors de leur conception. Souvent évoquée comme une solution idéale, répondant au problème de l'inadéquation de la loi par la logique de prévention qu'elle promeut, la privacy by design demeure toutefois un souhait dont l'application n'est que peu analysée. Ce travail cherche justement à répondre à la question de la manière de la mettre en oeuvre dans la législation suisse. Se basant sur les textes et la doctrine juridiques et une littérature dans les domaines de l'économie, l'informatique, la politique et la sociologie des données personnelles, il propose tout d'abord une revue générale des principes et définitions des concepts-clés de la protection des données en Suisse et dans le cadre international. Puis, il propose deux possibilités d'intégration de la privacy by design : la première est une solution privée non contraignante qui consiste à promouvoir le concept et faire en sorte que les responsables de traitement décident par eux-mêmes d'intégrer la privacy by design dans leurs projets ; ce procédé est possible grâce au renforcement du processus de certification déjà en cours. La deuxième option est une solution contraignante visant à intégrer le principe directement dans la loi et de prendre les mesures pour le rendre effectif ; ce travail montre que le développement de la figure du conseiller à la protection des données permet d'atteindre cet objectif. Enfin, des considérations générales sur l'application du principe sont abordées, telles que l'influence des développements en cours dans l'Union européenne sur la Suisse par rapport à la protection des données et la limite posée par le principe de territorialité.

Privacy as a Tradeoff: Introducing the Notion of Privacy Calculus for Context-Aware Mobile Applications

Evidences collected from smartphones users show a growing desire of personalization offered by services for mobile devices. However, the need to accurately identify users' contexts has important implications for user's privacy and it increases the amount of trust, which users are requested to have in the service providers. In this paper, we introduce a model that describes the role of personalization and control in users' assessment of cost and benefits associated to the disclosure of private information. We present an instantiation of such model, a context-aware application for smartphones based on the Android operating system, in which users' private information are protected. Focus group interviews were conducted to examine users' privacy concerns before and after having used our application. Obtained results confirm the utility of our artifact and provide support to our theoretical model, which extends previous literature on privacy calculus and user's acceptance of context-aware technology.

Privacy-friendly Business Models for Location-Based Mobile Services

This paper presents a theoretical model to analyze the privacy issues around location based mobile business models. We report the results of an exploratory field experiment in Switzerland that assessed the factors driving user payoff in mobile business. We found that (1) the personal data disclosed has a negative effect on user payoff; (2) the amount of personalization available has a direct and positive effect, as well as a moderating effect on user payoff; (3) the amount of control over user's personal data has a direct and positive effect, as well as a moderating effect on user payoff. The results suggest that privacy protection could be the main value proposition in the B2C mobile market. From our theoretical model we derive a set of guidelines to design a privacy-friendly business model pattern for third-party services. We discuss four examples to show the mobile platform can play a key role in the implementation of these new business models.

From 'Security for Privacy' to 'Privacy for Security'

This article envisions the use of context-awareness to improve single sign-on solutions (SSO) for mobile users. The attribute-based SSO is expected to increase users' perceived ease of use of the system and service providers' authentication security of the application. From these two features we derive two value propositions for a new business model for mobile platforms. The business model can be considered as an instantiation of the privacy-friendly business model pattern presented in our previous work, reinforcing our claim that privacy-friendly value propositions are possible and can be used to obtain a competitive advantage.

Business Model Considerations for Privacy Protection in a Mobile Location Based Context

In this paper we discuss the main privacy issues around mobile business models and we envision new solutions having privacy protection as a main value proposition. We construct a framework to help analyze the situation and assume that a third party is necessary to warrant transactions between mobile users and m-commerce providers. We then use the business model canvas to describe a generic business model pattern for privacy third party services. This pattern is then illustrated in two different variations of a privacy business model, which we call privacy broker and privacy management software. We conclude by giving examples for each business model and by suggesting further directions of investigation

The de facto independence of regulatory agencies and its consequences for policy making and regulatory outcomes

This dissertation focuses on the practice of regulatory governance, throughout the study of the functioning of formally independent regulatory agencies (IRAs), with special attention to their de facto independence. The research goals are grounded on a "neo-positivist" (or "reconstructed positivist") position (Hawkesworth 1992; Radaelli 2000b; Sabatier 2000). This perspective starts from the ontological assumption that even if subjective perceptions are constitutive elements of political phenomena, a real world exists beyond any social construction and can, however imperfectly, become the object of scientific inquiry. Epistemologically, it follows that hypothetical-deductive theories with explanatory aims can be tested by employing a proper methodology and set of analytical techniques. It is thus possible to make scientific inferences and general conclusions to a certain extent, according to a Bayesian conception of knowledge, in order to update the prior scientific beliefs in the truth of the related hypotheses (Howson 1998), while acknowledging the fact that the conditions of truth are at least partially subjective and historically determined (Foucault 1988; Kuhn 1970). At the same time, a sceptical position is adopted towards the supposed disjunction between facts and values and the possibility of discovering abstract universal laws in social science. It has been observed that the current version of capitalism corresponds to the golden age of regulation, and that since the 1980s no government activity in OECD countries has grown faster than regulatory functions (Jacobs 1999). Following an apparent paradox, the ongoing dynamics of liberalisation, privatisation, decartelisation, internationalisation, and regional integration hardly led to the crumbling of the state, but instead promoted a wave of regulatory growth in the face of new risks and new opportunities (Vogel 1996). Accordingly, a new order of regulatory capitalism is rising, implying a new division of labour between state and society and entailing the expansion and intensification of regulation (Levi-Faur 2005). The previous order, relying on public ownership and public intervention and/or on sectoral self-regulation by private actors, is being replaced by a more formalised, expert-based, open, and independently regulated model of governance. Independent regulation agencies (IRAs), that is, formally independent administrative agencies with regulatory powers that benefit from public authority delegated from political decision makers, represent the main institutional feature of regulatory governance (Gilardi 2008). IRAs constitute a relatively new technology of regulation in western Europe, at least for certain domains, but they are increasingly widespread across countries and sectors. For instance, independent regulators have been set up for regulating very diverse issues, such as general competition, banking and finance, telecommunications, civil aviation, railway services, food safety, the pharmaceutical industry, electricity, environmental protection, and personal data privacy. Two attributes of IRAs deserve a special mention. On the one hand, they are formally separated from democratic institutions and elected politicians, thus raising normative and empirical concerns about their accountability and legitimacy. On the other hand, some hard questions about their role as political actors are still unaddressed, though, together with regulatory competencies, IRAs often accumulate executive, (quasi-)legislative, and adjudicatory functions, as well as about their performance.

Ambulatory healthcare information system: a conceptual framework

Despite the tremendous amount of data collected in the field of ambulatory care, political authorities still lack synthetic indicators to provide them with a global view of health services utilization and costs related to various types of diseases. Moreover, public health indicators fail to provide useful information for physicians' accountability purposes. The approach is based on the Swiss context, which is characterized by the greatest frequency of medical visits in Europe, the highest rate of growth for care expenditure, poor public information but a lot of structured data (new fee system introduced in 2004). The proposed conceptual framework is universal and based on descriptors of six entities: general population, people with poor health, patients, services, resources and effects. We show that most conceptual shortcomings can be overcome and that the proposed indicators can be achieved without threatening privacy protection, using modern cryptographic techniques. Twelve indicators are suggested for the surveillance of the ambulatory care system, almost all based on routinely available data: morbidity, accessibility, relevancy, adequacy, productivity, efficacy (from the points of view of the population, people with poor health, and patients), effectiveness, efficiency, health services coverage and financing. The additional costs of this surveillance system should not exceed Euro 2 million per year (Euro 0.3 per capita).

Indicazioni e risultati della laparostomia retroperitoneale nel trattamento della pancreatite acuta necrotizzante infetta [Indications and results of retroperitoneal laparostomy in the treatment of infected acute necrotizing pancreatitis]

The aim of this study is to describe personal experience with retroperitoneal laparostomy in the management of infected acute necrotizing pancreatitis. The presence of an infected phlegmon requires surgical debridement and drainage. The surgical approach can be either an anterior laparotomy with irrigation and drainage (which can be either an open or closed laparotomy) or a posterior laparostomy. Three patients (2 men and 1 woman) presented with an unfavourable course of their acute necrotizing pancreatitis despite the administration of broad spectrum antibiotics. A posterior laparostomy with necrosectomy and drainage was performed. The postoperative course was slowly favorable in all 3 cases. Abdominal CT is the best modality for the detection and follow-up of pancreatic necrosis. CT-guided fine needle aspiration can detect superinfection of areas of necrosis. Posterior laparostomy presents several advantages compared to an anterior approach. There is no contamination of the peritoneal cavity; the integrity of the abdominal wall is respected. The necrosectomy is equally complete and the drainage is better as it is direct and posterior.

Swiss Democracy on the Web 2010 : Society and Politics in a Connected Age

The rapid adoption of online media like Facebook, Twitter or Wikileaks leaves us with little time to think. Where is information technology taking us, our society and our democratic institutions ? Is the Web replicating social divides that already exist offline or does collaborative technology pave the way for a more equal society ? How do we find the right balance between openness and privacy ? Can social media improve civic participation or do they breed superficial exchange and the promotion of false information ? These and lots of other questions arise when one starts to look at the Internet, society and politics. The first part of this paper gives an overview of the social changes that occur with the rise of the Web. The second part serves as an overview on how the Web is being used for political participation in Switzerland and abroad. Le développement rapide de nouveaux médias comme Facebook, Twitter ou Wikileaks ne laisse que peu de temps à la réflexion. Quels sont les changements que ces technologies de l'information impliquent pour nous, notre société et nos institutions démocratiques ? Internet ne fait-il que reproduire des divisions sociales qui lui préexistent ou constitue-t-il un moyen de lisser et d'égaliser ces mêmes divisions ? Comment trouver le bon équilibre entre transparence et respect de la vie privée ? Les médias sociaux permettent-ils de stimuler la participation politique ou ne sont-ils que le vecteur d'échanges superficiels et de fausses informations ? Ces questions, parmi d'autres, émergent rapidement lorsque l'on s'intéresse à la question des liens entre Internet, la société et la politique. La première partie de ce cahier est consacrée aux changements sociaux générés par l'émergence et le développement d'Internet. La seconde fait l'état des lieux de la manière dont Internet est utilisé pour stimuler la participation politique en Suisse et à l'étranger.

Metadata For Identity Management of Population Registers

A population register is an inventory of residents within a country, with their characteristics (date of birth, sex, marital status, etc.) and other socio-economic data, such as occupation or education. However, data on population are also stored in numerous other public registers such as tax, land, building and housing, military, foreigners, vehicles, etc. Altogether they contain vast amounts of personal and sensitive information. Access to public information is granted by law in many countries, but this transparency is generally subject to tensions with data protection laws. This paper proposes a framework to analyze data access (or protection) requirements, as well as a model of metadata for data exchange.