932 resultados para data privacy
Resumo:
Data leakage is a serious issue and can result in the loss of sensitive data, compromising user accounts and details, potentially affecting millions of internet users. This paper contributes to research in online security and reducing personal footprint by evaluating the levels of privacy provided by the Firefox browser. The aim of identifying conditions that would minimize data leakage and maximize data privacy is addressed by assessing and comparing data leakage in the four possible browsing modes: normal and private modes using a browser installed on the host PC or using a portable browser from a connected USB device respectively. To provide a firm foundation for analysis, a series of carefully designed, pre-planned browsing sessions were repeated in each of the various modes of Firefox. This included low RAM environments to determine any effects low RAM may have on browser data leakage. The results show that considerable data leakage may occur within Firefox. In normal mode, all of the browsing information is stored within the Mozilla profile folder in Firefox-specific SQLite databases and sessionstore.js. While passwords were not stored as plain text, other confidential information such as credit card numbers could be recovered from the Form history under certain conditions. There is no difference when using a portable browser in normal mode, except that the Mozilla profile folder is located on the USB device rather than the host's hard disk. By comparison, private browsing reduces data leakage. Our findings confirm that no information is written to the Firefox-related locations on the hard disk or USB device during private browsing, implying that no deletion would be necessary and no remnants of data would be forensically recoverable from unallocated space. However, two aspects of data leakage occurred equally in all four browsing modes. Firstly, all of the browsing history was stored in the live RAM and was therefore accessible while the browser remained open. Secondly, in low RAM situations, the operating system caches out RAM to pagefile.sys on the host's hard disk. Irrespective of the browsing mode used, this may include Firefox history elements which can then remain forensically recoverable for considerable time.
Resumo:
Tutkielman tarkoituksena on selvittää lukijalle, mistä syistä ja miten Euroopan unionin tietosuojainstrumentit – nykyinen tietosuojadirektiivi ja tuleva tietosuoja-asetus – asettavat rajoituksia EU:n kansalaisten henkilötietojen siirroille kolmansiin maihin kaupallisia tarkoituksia varten. Erityisen tarkastelun kohteena on henkilötietojen siirrot EU:n alueelta Yhdysvaltoihin mahdollistanut Safe Harbor-järjestelmä, jonka Euroopan unionin tuomioistuin katsoi pätemättömäksi asiassa C-362/14 Maximillian Schrems v Data Protection Commissioner. Tutkimusaiheen eli henkilötietojen rajat ylittävien siirtojen ollessa kansainvälisen oikeuden ja tietosuojaoikeuden leikkauspisteessä on tutkimuksessa käytetty molempien oikeudenalojen asiantuntijoiden tutkimuksia lähteenä. Kansainvälisen oikeuden peruslähteenä on käytetty Brownlien teosta Principles of Public International Law (6. painos), jota vasten on peilattu tutkimusaihetta tarkemmin käsittelevää kirjallisuutta. Erityisesti on syytä nostaa esille Bygraven tietosuojaoikeutta kansainvälisessä kontekstissa käsittelevä Data Privacy Law: An International Perspective sekä Kunerin nimenomaisesti henkilötietojen kansainvälisiä siirtoja käsittelevä Transborder Data Flows and Data Privacy Law. Uusien teknologioiden myötä nopeasti kehittyvästä tutkimusilmiöstä ja oikeudenalasta johtuen tutkimuksessa on käytetty lähdemateriaaleina runsaasti aihepiiriä käsitteleviä artikkeleita arvostetuista julkaisuista, sekä EU:n tietosuojaviranomaisten ja YK:n raportteja virallislähteinä. Keskeiset tutkimustulokset osoittavat EU:n ja sen jäsenvaltioiden intressit henkilötietojen siirroissa sekä EU:n asettamien henkilötietojen siirtosääntelyiden vaikutukset kolmansiin maihin. Globaalin konsensuksen saavuttamisen koskien henkilötietojen kansainvälisiä siirtosääntelyitä arvioitiin olevan ainakin lähitulevaisuudessa epätodennäköistä. Nykyisten alueellisten sääntelyratkaisujen osalta todettiin Euroopan neuvoston yleissopimuksen No. 108 eniten osoittavan potentiaalia maailmanlaajuiselle implementoinnille. Lopuksi arvioitiin oikeudellisen pluralismin mallin puitteissa tarkoituksenmukaisia keinoja EU:n kansalaisten perusoikeuksina turvattujen yksityisyyden ja henkilötietojen suojan parantamiseksi. Tarkastelu osoittaa EU:n kansalaisten sekä näiden henkilötietoja käsittelevien ja siirtävien yritysten välillä olleen tiedollinen ja voimallinen epätasapaino, joka ilmenee yksilön tiedollisen itseautonomian ja suostumuksen merkityksen heikentymisenä, joskin EU:n vuonna 2018 voimaan astuva tietosuoja-asetus organisaatioiden vastuuta korostamalla pyrkii poistamaan tätä ongelmaa.
Resumo:
This thesis investigates the legal, ethical, technical, and psychological issues of general data processing and artificial intelligence practices and the explainability of AI systems. It consists of two main parts. In the initial section, we provide a comprehensive overview of the big data processing ecosystem and the main challenges we face today. We then evaluate the GDPR’s data privacy framework in the European Union. The Trustworthy AI Framework proposed by the EU’s High-Level Expert Group on AI (AI HLEG) is examined in detail. The ethical principles for the foundation and realization of Trustworthy AI are analyzed along with the assessment list prepared by the AI HLEG. Then, we list the main big data challenges the European researchers and institutions identified and provide a literature review on the technical and organizational measures to address these challenges. A quantitative analysis is conducted on the identified big data challenges and the measures to address them, which leads to practical recommendations for better data processing and AI practices in the EU. In the subsequent part, we concentrate on the explainability of AI systems. We clarify the terminology and list the goals aimed at the explainability of AI systems. We identify the reasons for the explainability-accuracy trade-off and how we can address it. We conduct a comparative cognitive analysis between human reasoning and machine-generated explanations with the aim of understanding how explainable AI can contribute to human reasoning. We then focus on the technical and legal responses to remedy the explainability problem. In this part, GDPR’s right to explanation framework and safeguards are analyzed in-depth with their contribution to the realization of Trustworthy AI. Then, we analyze the explanation techniques applicable at different stages of machine learning and propose several recommendations in chronological order to develop GDPR-compliant and Trustworthy XAI systems.
Resumo:
In global scientific experiments with collaborative scenarios involving multinational teams there are big challenges related to data access, namely data movements are precluded to other regions or Clouds due to the constraints on latency costs, data privacy and data ownership. Furthermore, each site is processing local data sets using specialized algorithms and producing intermediate results that are helpful as inputs to applications running on remote sites. This paper shows how to model such collaborative scenarios as a scientific workflow implemented with AWARD (Autonomic Workflow Activities Reconfigurable and Dynamic), a decentralized framework offering a feasible solution to run the workflow activities on distributed data centers in different regions without the need of large data movements. The AWARD workflow activities are independently monitored and dynamically reconfigured and steering by different users, namely by hot-swapping the algorithms to enhance the computation results or by changing the workflow structure to support feedback dependencies where an activity receives feedback output from a successor activity. A real implementation of one practical scenario and its execution on multiple data centers of the Amazon Cloud is presented including experimental results with steering by multiple users.
Resumo:
Dissertação para obtenção do Grau de Mestre em Engenharia Informática
Resumo:
RESUMO - Os registos de enfermagem no Centro Hospitalar Lisboa Norte, E.P.E. (CHLN) são feitos em suporte de papel ou através de sistemas de informação (SI) próprios de cada serviço, com a utilização de várias aplicações como o Alert, Picis, etc. Esta diversidade gera alguns constrangimentos em termos de fluxo de informação, em virtude da falta de interoperabilidade dos respetivos sistemas. Esta realidade pode ter impactos na área da qualidade e segurança do utente, com a possibilidade de ocorrência de erros e/ou eventos adversos. Podem ainda ser notórios na área da privacidade e confidencialidade dos dados clínicos, na tomada de decisão, na gestão clínica e financeira e na produção de informação útil para a investigação científica. No CHLN está em curso a implementação de um SI capaz de dar resposta aos registos de enfermagem, integrados num registo de saúde eletrónico focado no utente que obedece à metodologia do processo de enfermagem e utiliza a linguagem codificada da Classificação Internacional para a Prática de Enfermagem (CIPE). Com o desenvolvimento desta investigação, devidamente autorizada pelo Conselho de Administração do CHLN, pretendeu-se dar resposta à pergunta de partida: Estarão os enfermeiros, utilizadores do Desktop de Enfermagem do CHLN, satisfeitos com esse sistema de informação? Com esse propósito, foi elaborada uma abordagem exploratória com recurso a pesquisa bibliográfica sobre os sistemas de informação de enfermagem e a sua avaliação, com base no “Modelo de Sucesso dos Sistemas de Informação de DeLone e McLean”, tendo sido desenvolvido um estudo de caso com uma abordagem quantitativa, mediante a aplicação de um inquérito por questionário aos 262 enfermeiros do CHLN, nos serviços onde já utilizavam o referido SI, entre maio e junho de 2014, com uma taxa de resposta de 84%. Os resultados da aplicação do questionário, objeto de análise estatística univariada e bivariada com recurso a procedimentos descritivos e inferenciais, visando a produção de sínteses dirigidas aos objetivos do estudo, permitiram caracterizar o nível de satisfação dos enfermeiros, enquanto utilizadores do “desktop de enfermagem”, suportados por Tecnologias de Informação e Comunicação. Na escala utilizada (de 1 a 5), o nível médio de satisfação global (2,78) foi ligeiramente inferior ao seu ponto médio (3). No entanto, a maioria dos inquiridos (81,5%) não pretende abandonar o SI que utilizam. Os resultados obtidos permitem demonstrar que a satisfação dos enfermeiros face à implementação e utilização do SIE se trata de uma estratégia bem sucedida do CHLN, ainda que haja áreas onde foram evidenciados menores níveis de satisfação, tais como a “velocidade de processamento”, o “equipamento informático” e o “apoio técnico”, que podem ser alvo de uma maior atenção e reflexão pela gestão de topo, numa estratégia de melhoria contínua da qualidade, com importantes benefícios para a governação da instituição, para os profissionais e para os utentes, no futuro.
Resumo:
This dissertation focuses on the practice of regulatory governance, throughout the study of the functioning of formally independent regulatory agencies (IRAs), with special attention to their de facto independence. The research goals are grounded on a "neo-positivist" (or "reconstructed positivist") position (Hawkesworth 1992; Radaelli 2000b; Sabatier 2000). This perspective starts from the ontological assumption that even if subjective perceptions are constitutive elements of political phenomena, a real world exists beyond any social construction and can, however imperfectly, become the object of scientific inquiry. Epistemologically, it follows that hypothetical-deductive theories with explanatory aims can be tested by employing a proper methodology and set of analytical techniques. It is thus possible to make scientific inferences and general conclusions to a certain extent, according to a Bayesian conception of knowledge, in order to update the prior scientific beliefs in the truth of the related hypotheses (Howson 1998), while acknowledging the fact that the conditions of truth are at least partially subjective and historically determined (Foucault 1988; Kuhn 1970). At the same time, a sceptical position is adopted towards the supposed disjunction between facts and values and the possibility of discovering abstract universal laws in social science. It has been observed that the current version of capitalism corresponds to the golden age of regulation, and that since the 1980s no government activity in OECD countries has grown faster than regulatory functions (Jacobs 1999). Following an apparent paradox, the ongoing dynamics of liberalisation, privatisation, decartelisation, internationalisation, and regional integration hardly led to the crumbling of the state, but instead promoted a wave of regulatory growth in the face of new risks and new opportunities (Vogel 1996). Accordingly, a new order of regulatory capitalism is rising, implying a new division of labour between state and society and entailing the expansion and intensification of regulation (Levi-Faur 2005). The previous order, relying on public ownership and public intervention and/or on sectoral self-regulation by private actors, is being replaced by a more formalised, expert-based, open, and independently regulated model of governance. Independent regulation agencies (IRAs), that is, formally independent administrative agencies with regulatory powers that benefit from public authority delegated from political decision makers, represent the main institutional feature of regulatory governance (Gilardi 2008). IRAs constitute a relatively new technology of regulation in western Europe, at least for certain domains, but they are increasingly widespread across countries and sectors. For instance, independent regulators have been set up for regulating very diverse issues, such as general competition, banking and finance, telecommunications, civil aviation, railway services, food safety, the pharmaceutical industry, electricity, environmental protection, and personal data privacy. Two attributes of IRAs deserve a special mention. On the one hand, they are formally separated from democratic institutions and elected politicians, thus raising normative and empirical concerns about their accountability and legitimacy. On the other hand, some hard questions about their role as political actors are still unaddressed, though, together with regulatory competencies, IRAs often accumulate executive, (quasi-)legislative, and adjudicatory functions, as well as about their performance.
Resumo:
L'objectiu principal d'aquest projecte és estudiar diverses eines de ticketing i analitzar les seves característiques per poder escollir amb criteri aquella que resulti més convenient i sobre la qual realitzar les modificacions necessàries per adaptar-la a l'àmbit dels drets ARCO.
Resumo:
Data management consists of collecting, storing, and processing the data into the format which provides value-adding information for decision-making process. The development of data management has enabled of designing increasingly effective database management systems to support business needs. Therefore as well as advanced systems are designed for reporting purposes, also operational systems allow reporting and data analyzing. The used research method in the theory part is qualitative research and the research type in the empirical part is case study. Objective of this paper is to examine database management system requirements from reporting managements and data managements perspectives. In the theory part these requirements are identified and the appropriateness of the relational data model is evaluated. In addition key performance indicators applied to the operational monitoring of production are studied. The study has revealed that the appropriate operational key performance indicators of production takes into account time, quality, flexibility and cost aspects. Especially manufacturing efficiency has been highlighted. In this paper, reporting management is defined as a continuous monitoring of given performance measures. According to the literature review, the data management tool should cover performance, usability, reliability, scalability, and data privacy aspects in order to fulfill reporting managements demands. A framework is created for the system development phase based on requirements, and is used in the empirical part of the thesis where such a system is designed and created for reporting management purposes for a company which operates in the manufacturing industry. Relational data modeling and database architectures are utilized when the system is built for relational database platform.
Resumo:
"Mémoire présenté à la Faculté des études supérieures en vue de l'obtention du grade de Maîtrise en LL.M. Droit - Recherche option Droit, Biotechnologies et Sociétés"
Resumo:
Les politiques de confidentialité définissent comment les services en ligne collectent, utilisent et partagent les données des utilisateurs. Bien qu’étant le principal moyen pour informer les usagers de l’utilisation de leurs données privées, les politiques de confidentialité sont en général ignorées par ces derniers. Pour cause, les utilisateurs les trouvent trop longues et trop vagues, elles utilisent un vocabulaire souvent difficile et n’ont pas de format standard. Les politiques de confidentialité confrontent également les utilisateurs à un dilemme : celui d’accepter obligatoirement tout le contenu en vue d’utiliser le service ou refuser le contenu sous peine de ne pas y avoir accès. Aucune autre option n’est accordée à l’utilisateur. Les données collectées des utilisateurs permettent aux services en ligne de leur fournir un service, mais aussi de les exploiter à des fins économiques (publicités ciblées, revente, etc). Selon diverses études, permettre aux utilisateurs de bénéficier de cette économie de la vie privée pourrait restaurer leur confiance et faciliter une continuité des échanges sur Internet. Dans ce mémoire, nous proposons un modèle de politique de confidentialité, inspiré du P3P (une recommandation du W3C, World Wide Web Consortium), en élargissant ses fonctionnalités et en réduisant sa complexité. Ce modèle suit un format bien défini permettant aux utilisateurs et aux services en ligne de définir leurs préférences et besoins. Les utilisateurs ont la possibilité de décider de l’usage spécifique et des conditions de partage de chacune de leurs données privées. Une phase de négociation permettra une analyse des besoins du service en ligne et des préférences de l’utilisateur afin d’établir un contrat de confidentialité. La valeur des données personnelles est un aspect important de notre étude. Alors que les compagnies disposent de moyens leur permettant d’évaluer cette valeur, nous appliquons dans ce mémoire, une méthode hiérarchique multicritères. Cette méthode va permettre également à chaque utilisateur de donner une valeur à ses données personnelles en fonction de l’importance qu’il y accorde. Dans ce modèle, nous intégrons également une autorité de régulation en charge de mener les négociations entre utilisateurs et services en ligne, et de générer des recommandations aux usagers en fonction de leur profil et des tendances.
Resumo:
Since the advent of the internet in every day life in the 1990s, the barriers to producing, distributing and consuming multimedia data such as videos, music, ebooks, etc. have steadily been lowered for most computer users so that almost everyone with internet access can join the online communities who both produce, consume and of course also share media artefacts. Along with this trend, the violation of personal data privacy and copyright has increased with illegal file sharing being rampant across many online communities particularly for certain music genres and amongst the younger age groups. This has had a devastating effect on the traditional media distribution market; in most cases leaving the distribution companies and the content owner with huge financial losses. To prove that a copyright violation has occurred one can deploy fingerprinting mechanisms to uniquely identify the property. However this is currently based on only uni-modal approaches. In this paper we describe some of the design challenges and architectural approaches to multi-modal fingerprinting currently being examined for evaluation studies within a PhD research programme on optimisation of multi-modal fingerprinting architectures. Accordingly we outline the available modalities that are being integrated through this research programme which aims to establish the optimal architecture for multi-modal media security protection over the internet as the online distribution environment for both legal and illegal distribution of media products.
Resumo:
In this article we explore the NVIDIA graphical processing units (GPU) computational power in cryptography using CUDA (Compute Unified Device Architecture) technology. CUDA makes the general purpose computing easy using the parallel processing presents in GPUs. To do this, the NVIDIA GPUs architectures and CUDA are presented, besides cryptography concepts. Furthermore, we do the comparison between the versions executed in CPU with the parallel version of the cryptography algorithms Advanced Encryption Standard (AES) and Message-digest Algorithm 5 (MD5) wrote in CUDA. © 2011 AISTI.
Resumo:
As distributed collaborative applications and architectures are adopting policy based management for tasks such as access control, network security and data privacy, the management and consolidation of a large number of policies is becoming a crucial component of such policy based systems. In large-scale distributed collaborative applications like web services, there is the need of analyzing policy interactions and integrating policies. In this thesis, we propose and implement EXAM-S, a comprehensive environment for policy analysis and management, which can be used to perform a variety of functions such as policy property analyses, policy similarity analysis, policy integration etc. As part of this environment, we have proposed and implemented new techniques for the analysis of policies that rely on a deep study of state of the art techniques. Moreover, we propose an approach for solving heterogeneity problems that usually arise when considering the analysis of policies belonging to different domains. Our work focuses on analysis of access control policies written in the dialect of XACML (Extensible Access Control Markup Language). We consider XACML policies because XACML is a rich language which can represent many policies of interest to real world applications and is gaining widespread adoption in the industry.
Resumo:
Biobanken sind Sammlungen von Körpersubstanzen, die mit umfangreichen gesundheits- und lebensstilbezogenen sowie geneologischen Daten ihrer Spender verknüpft sind. Sie dienen der Erforschung weit verbreiteter Krankheiten. Diese sog. Volkskrankheiten sind multifaktoriell bedingte Krankheiten. Dies bedeutet, dass diese Krankheiten das Ergebnis eines komplizierten Zusammenspiels von umwelt- und verhaltensrelevanten Faktoren mit individuellen genetischen Prädispositionen sind. Forschungen im Bereich von Pharmakogenomik und Pharmakogenetik untersuchen den Einfluss von Genen und Genexpressionen auf die individuelle Wirksamkeit von Medikamenten sowie auf die Entstehung ungewollter Nebenwirkungen und könnten so den Weg zu einer individualisierten Medizin ebnen. Menschliches Material ist ein wichtiger Bestandteil dieser Forschungen und die Nachfrage nach Sammlungen, die Proben mit Daten verknüpfen, steigt. Einerseits sehen Mediziner in Biobanken eine Chance für die Weiterentwicklung der medizinischen Forschung und des Gesundheitswesens. Andererseits lösen Biobanken auch Ängste und Misstrauen aus. Insbesondere wird befürchtet, dass Proben und Daten unkontrolliert verwendet werden und sensible Bereiche des Persönlichkeitsrechts und der persönlichen Identität betroffen sind. Diese Gefahren und Befürchtungen sind nicht neu, sondern bestanden schon in der Vergangenheit bei jeglicher Form der Spende von Körpersubstanzen. Neu ist aber der Umfang an Informationen, der durch die Genanalyse entsteht und den Spender in ganz besonderer Weise betreffen kann. Bei der Speicherung und Nutzung der medizinischen und genetischen Daten ergibt sich somit ein Spannungsfeld insbesondere zwischen dem Recht der betroffenen Datenspender auf informationelle Selbstbestimmung und den Forschungsinteressen der Datennutzer. Im Kern dreht sich die ethisch-rechtliche Bewertung der Biobanken um die Frage, ob diese Forschung zusätzliche Regeln braucht, und falls ja, wie umfassend diese sein müssten. Im Zentrum dieser Diskussion stehen dabei v.a. ethische Fragen im Zusammenhang mit der informierten Einwilligung, dem Datenschutz, der Wiederverwendung von Proben und Daten, der Information der Spender über Forschungsergebnisse und der Nutzungsrechte an den Daten. Ziel dieser Arbeit ist es, vor dem Hintergrund des Verfassungsrechts, insbesondere dem Recht auf informationelle Selbstbestimmung, das Datenschutzrecht im Hinblick auf die Risiken zu untersuchen, die sich aus der Speicherung, Verarbeitung und Kommunikation von persönlichen genetischen Informationen beim Aufbau von Biobanken ergeben. Daraus ergibt sich die weitere Untersuchung, ob und unter welchen Voraussetzungen die sich entgegenstehenden Interessen und Rechte aus verfassungsrechtlichem Blickwinkel in Einklang zu bringen sind. Eine wesentliche Frage lautet, ob die bisherigen rechtlichen Rahmenbedingungen ausreichen, um den Schutz der gespeicherten höchstpersönlichen Daten und zugleich ihre angemessene Nutzung zu gewährleisten. Das Thema ist interdisziplinär im Schnittfeld von Datenschutz, Verfassungsrecht sowie Rechts- und Medizinethik angelegt. Aus dem Inhalt: Naturwissenschaftliche und empirische Grundlagen von Biobanken – Überblick über Biobankprojekte in Europa und im außereuropäischen Ausland – Rechtsgrundlagen für Biobanken - Recht auf informationelle Selbstbestimmung - Recht auf Nichtwissen - Forschungsfreiheit - Qualitätssicherung und Verfahren – informierte Einwilligung – globale Einwilligung - Datenschutzkonzepte - Forschungsgeheimnis –– Biobankgeheimnis - Biobankgesetz
