Metadata For Identity Management of Population Registers

A population register is an inventory of residents within a country, with their characteristics (date of birth, sex, marital status, etc.) and other socio-economic data, such as occupation or education. However, data on population are also stored in numerous other public registers such as tax, land, building and housing, military, foreigners, vehicles, etc. Altogether they contain vast amounts of personal and sensitive information. Access to public information is granted by law in many countries, but this transparency is generally subject to tensions with data protection laws. This paper proposes a framework to analyze data access (or protection) requirements, as well as a model of metadata for data exchange.

A Confluence of Risks: Control and Compliance in the World of Unstructured Data, Big Data and the Cloud

The emergence of powerful new technologies, the existence of large quantities of data, and increasing demands for the extraction of added value from these technologies and data have created a number of significant challenges for those charged with both corporate and information technology management. The possibilities are great, the expectations high, and the risks significant. Organisations seeking to employ cloud technologies and exploit the value of the data to which they have access, be this in the form of "Big Data" available from different external sources or data held within the organisation, in structured or unstructured formats, need to understand the risks involved in such activities. Data owners have responsibilities towards the subjects of the data and must also, frequently, demonstrate that they are in compliance with current standards, laws and regulations. This thesis sets out to explore the nature of the technologies that organisations might utilise, identify the most pertinent constraints and risks, and propose a framework for the management of data from discovery to external hosting that will allow the most significant risks to be managed through the definition, implementation, and performance of appropriate internal control activities.

A Three-Dimensional Framework to Analyse the Governance of Population Registers

In June 2006, the Swiss Parliament made two important decisions with regards to public registers' governance and individuals' identification. It adopted a new law on the harmonisation of population registers in order to simplify statistical data collection and data exchange from around 4'000 decentralized registers, and it also approved the introduction of a Unique Person Identifier (UPI). The law is rather vague about the implementation of this harmonisation and even though many projects are currently being undertaken in this domain, most of them are quite technical. We believe there is a need for analysis tools and therefore we propose a conceptual framework based on three pillars (Privacy, Identity and Governance) to analyse the requirements in terms of data management for population registers.

Adaptive Privacy Management System Design For Context-Aware Mobile Devices

While mobile technologies can provide great personalized services for mobile users, they also threaten their privacy. Such personalization-privacy paradox are particularly salient for context aware technology based mobile applications where user's behaviors, movement and habits can be associated with a consumer's personal identity. In this thesis, I studied the privacy issues in the mobile context, particularly focus on an adaptive privacy management system design for context-aware mobile devices, and explore the role of personalization and control over user's personal data. This allowed me to make multiple contributions, both theoretical and practical. In the theoretical world, I propose and prototype an adaptive Single-Sign On solution that use user's context information to protect user's private information for smartphone. To validate this solution, I first proved that user's context is a unique user identifier and context awareness technology can increase user's perceived ease of use of the system and service provider's authentication security. I then followed a design science research paradigm and implemented this solution into a mobile application called "Privacy Manager". I evaluated the utility by several focus group interviews, and overall the proposed solution fulfilled the expected function and users expressed their intentions to use this application. To better understand the personalization-privacy paradox, I built on the theoretical foundations of privacy calculus and technology acceptance model to conceptualize the theory of users' mobile privacy management. I also examined the role of personalization and control ability on my model and how these two elements interact with privacy calculus and mobile technology model. In the practical realm, this thesis contributes to the understanding of the tradeoff between the benefit of personalized services and user's privacy concerns it may cause. By pointing out new opportunities to rethink how user's context information can protect private data, it also suggests new elements for privacy related business models.

ARCHITECTING USER-CENTRIC PRIVACY-AS-A-SET-OF-SERVICES: DIGITAL IDENTITY RELATED PRIVACY FRAMEWORK

AbstractDigitalization gives to the Internet the power by allowing several virtual representations of reality, including that of identity. We leave an increasingly digital footprint in cyberspace and this situation puts our identity at high risks. Privacy is a right and fundamental social value that could play a key role as a medium to secure digital identities. Identity functionality is increasingly delivered as sets of services, rather than monolithic applications. So, an identity layer in which identity and privacy management services are loosely coupled, publicly hosted and available to on-demand calls could be more realistic and an acceptable situation. Identity and privacy should be interoperable and distributed through the adoption of service-orientation and implementation based on open standards (technical interoperability). Ihe objective of this project is to provide a way to implement interoperable user-centric digital identity-related privacy to respond to the need of distributed nature of federated identity systems. It is recognized that technical initiatives, emerging standards and protocols are not enough to guarantee resolution for the concerns surrounding a multi-facets and complex issue of identity and privacy. For this reason they should be apprehended within a global perspective through an integrated and a multidisciplinary approach. The approach dictates that privacy law, policies, regulations and technologies are to be crafted together from the start, rather than attaching it to digital identity after the fact. Thus, we draw Digital Identity-Related Privacy (DigldeRP) requirements from global, domestic and business-specific privacy policies. The requirements take shape of business interoperability. We suggest a layered implementation framework (DigldeRP framework) in accordance to model-driven architecture (MDA) approach that would help organizations' security team to turn business interoperability into technical interoperability in the form of a set of services that could accommodate Service-Oriented Architecture (SOA): Privacy-as-a-set-of- services (PaaSS) system. DigldeRP Framework will serve as a basis for vital understanding between business management and technical managers on digital identity related privacy initiatives. The layered DigldeRP framework presents five practical layers as an ordered sequence as a basis of DigldeRP project roadmap, however, in practice, there is an iterative process to assure that each layer supports effectively and enforces requirements of the adjacent ones. Each layer is composed by a set of blocks, which determine a roadmap that security team could follow to successfully implement PaaSS. Several blocks' descriptions are based on OMG SoaML modeling language and BPMN processes description. We identified, designed and implemented seven services that form PaaSS and described their consumption. PaaSS Java QEE project), WSDL, and XSD codes are given and explained.

The Identity Style Inventory (ISI-3) and the Utrecht-Management of Identity Commitments Scale (U-MICS): Factor structure, reliability, and convergent validity in French-speaking college students

The purpose of this study was to evaluate the factor structure and the reliability of the French versions of the Identity Style Inventory (ISI-3) and the Utrecht-Management of Identity Commitments Scale (U-MICS) in a sample of college students (N = 457, 18 to 25 years old). Confirmatory factor analyses confirmed the hypothesized three-factor solution of the ISI-3 identity styles (i.e. informational, normative, and diffuse-avoidant styles), the one-factor solution of the ISI-3 identity commitment, and the three-factor structure of the U-MICS (i.e. commitment, in-depth exploration, and reconsideration of commitment). Additionally, theoretically consistent and meaningful associations among the ISI-3, U-MICS, and Ego Identity Process Questionnaire (EIPQ) confirmed convergent validity. Overall, the results of the present study indicate that the French versions of the ISI-3 and UMICS are useful instruments for assessing identity styles and processes, and provide additional support to the cross-cultural validity of these tools.

Toward a novel forensic intelligence model: systematic profiling of false identity documents

False identity documents represent a serious threat through their production and use in organized crime and by terrorist organizations. The present-day fight against this criminal problem and threats to national security does not appropriately address the organized nature of this criminal activity, treating each fraudulent document on its own during investigation and the judicial process, which causes linkage blindness and restrains the analysis capacity. Given the drawbacks of this case-by-case approach, this article proposes an original model in which false identity documents are used to inform a systematic forensic intelligence process. The process aims to detect links, patterns, and tendencies among false identity documents in order to support strategic and tactical decision making, thus sustaining a proactive intelligence-led approach to fighting identity document fraud and the associated organized criminality. This article formalizes both the model and the process, using practical applications to illustrate its powerful capabilities. This model has a general application and can be transposed to other fields of forensic science facing similar difficulties.

National and Gender Measurement Invariance of the Utrecht-Management of Identity Commitments Scale (U-MICS) : A 10-Nation Study With University Students

The purpose of this study was to examine the psychometric properties of the Utrecht-Management of Identity Commitments Scale (U-MICS), a self-report measure aimed at assessing identity processes of commitment, in-depth exploration, and reconsideration of commitment. We tested its factor structure in university students from a large array of cultural contexts, including 10 nations located in Europe (i.e., Italy, the Netherlands, Poland, Portugal, Romania, and Switzerland), Middle East (i.e., Turkey), and Asia (i.e., China, Japan, and Taiwan). Furthermore, we tested national and gender measurement invariance. Participants were 6,118 (63.2% females) university students aged from 18 to 25 years (Mage = 20.91 years). Results indicated that the three-factor structure of the U-MICS fitted well in the total sample, in each national group, and in gender groups. Furthermore, national and gender measurement invariance were established. Thus, the U-MICS can be fruitfully applied to study identity in university students from various Western and non-Western contexts.

"Public on the outside, private on the inside": the organizational hybridization, sense of belonging and identity strategies of the employees of a public unemployment insurance fund in Switzerland

A number of studies show that New Public Management reforms have altered the current identity benchmarks of public officials, particularly by hybridizing values or management practices. However, existing studies have largely glossed over the sense of belonging of officials when their organization straddles the concerns of public service and private enterprise, so that the boundary between public and private sector is blurred. The purpose of this article is precisely to explore this sense of belonging in the context of organizational hybridization. It does so by drawing on the results of research conducted among the employees of a public unemployment insurance fund in Switzerland. On the one hand, the analysis shows how much their markers of belonging are hybrid, multiple and constructed in negative terms (with regard to the State), while indicating that the working practices of the employees point to an identity that is nevertheless closely bound with the public sector. On the other hand, the analysis shows that the organization plays strategically with its State status, by exploiting either its private or public identity in line with the needs related to its external image. The article concludes with a discussion of the results highlighting the strategic functionality of the hybrid identity of the actors.

Self-identity and religion/spirituality

Although medicine is practised in a secular setting, religious and spiritual issues have an impact on patient perspectives regarding their health and the management of any disorders that may afflict them. This is especially true in psychiatry, as feelings of spirituality and religiousness are very prevalent among the mentally ill. Clinicians are rarely aware of the importance of religion and understand little of its value as a mediating force for coping with mental illness. This book addresses various issues concerning mental illness in psychiatry: the relation of religious issues to mental health; the tension between a theoretical approach to problems and psychiatric approaches; the importance of addressing these varying approaches in patient care and how to do so; and differing ways to approach Christian, Muslim, and Buddhist patients. This is the first book to specifically cover the impact of religion and spirituality on mental illness.

Forensic intelligence framework. Part II: study of the main generic building blocks and challenges through the examples of illicit drugs and false identity documents monitoring

The development of forensic intelligence relies on the expression of suitable models that better represent the contribution of forensic intelligence in relation to the criminal justice system, policing and security. Such models assist in comparing and evaluating methods and new technologies, provide transparency and foster the development of new applications. Interestingly, strong similarities between two separate projects focusing on specific forensic science areas were recently observed. These observations have led to the induction of a general model (Part I) that could guide the use of any forensic science case data in an intelligence perspective. The present article builds upon this general approach by focusing on decisional and organisational issues. The article investigates the comparison process and evaluation system that lay at the heart of the forensic intelligence framework, advocating scientific decision criteria and a structured but flexible and dynamic architecture. These building blocks are crucial and clearly lay within the expertise of forensic scientists. However, it is only part of the problem. Forensic intelligence includes other blocks with their respective interactions, decision points and tensions (e.g. regarding how to guide detection and how to integrate forensic information with other information). Formalising these blocks identifies many questions and potential answers. Addressing these questions is essential for the progress of the discipline. Such a process requires clarifying the role and place of the forensic scientist within the whole process and their relationship to other stakeholders.

Centralised versus Decentralised Management of Patients's Medical Records

For more than 20 years, many countries have been trying to set up a standardised medical record at the regional or at the national level. Most of them have not reached this goal, essentially due to two main difficulties related to patient identification and medical records standardisation. Moreover, the issues raised by the centralisation of all gathered medical data have to be tackled particularly in terms of security and privacy. We discuss here the interest of a noncentralised management of medical records which would require a specific procedure that gives to the patient access to his/her distributed medical data, wherever he/she is located.

Identity [R]Evolution: Multi-Disciplinary Perpectives

The identity [r]evolution is happening. Who are you, who am I in the information society? In recent years, the convergence of several factors - technological, political, economic - has accelerated a fundamental change in our networked world. On a technological level, information becomes easier to gather, to store, to exchange and to process. The belief that more information brings more security has been a strong political driver to promote information gathering since September 11. Profiling intends to transform information into knowledge in order to anticipate one's behaviour, or needs, or preferences. It can lead to categorizations according to some specific risk criteria, for example, or to direct and personalized marketing. As a consequence, new forms of identities appear. They are not necessarily related to our names anymore. They are based on information, on traces that we leave when we act or interact, when we go somewhere or just stay in one place, or even sometimes when we make a choice. They are related to the SIM cards of our mobile phones, to our credit card numbers, to the pseudonyms that we use on the Internet, to our email addresses, to the IP addresses of our computers, to our profiles... Like traditional identities, these new forms of identities can allow us to distinguish an individual within a group of people, or describe this person as belonging to a community or a category. How far have we moved through this process? The identity [r]evolution is already becoming part of our daily lives. People are eager to share information with their "friends" in social networks like Facebook, in chat rooms, or in Second Life. Customers take advantage of the numerous bonus cards that are made available. Video surveillance is becoming the rule. In several countries, traditional ID documents are being replaced by biometric passports with RFID technologies. This raises several privacy issues and might actually even result in changing the perception of the concept of privacy itself, in particular by the younger generation. In the information society, our (partial) identities become the illusory masks that we choose -or that we are assigned- to interplay and communicate with each other. Rights, obligations, responsibilities, even reputation are increasingly associated with these masks. On the one hand, these masks become the key to access restricted information and to use services. On the other hand, in case of a fraud or negative reputation, the owner of such a mask can be penalized: doors remain closed, access to services is denied. Hence the current preoccupying growth of impersonation, identity-theft and other identity-related crimes. Where is the path of the identity [r]evolution leading us? The booklet is giving a glance on possible scenarios in the field of identity.