Justice and Home Affairs databases and a Smart Borders System at EU external borders. An evaluation of current and forthcoming proposals. CEPS Paper in Liberty and Security No. 52/December 2012

This study examines current and forthcoming measures related to the exchange of data and information in EU Justice and Home Affairs policies, with a focus on the ‘smart borders’ initiative. It argues that there is no reversibility in the growing reliance on such schemes and asks whether current and forthcoming proposals are necessary and original. It outlines the main challenges raised by the proposals, including issues related to the right to data protection, but also to privacy and non-discrimination.

Trends and gaps in the academic literature on EU labour migration policies. CEPS Paper in Liberty and Security No. 50/December 2012

This paper provides an overview of the ‘state of the art’ in the academic literature on EU labour migration policies. It forms part of the research agenda of Work Package 18 of the NEUJOBS project, which aims at reviewing legislation and practices regarding the labour market inclusion and protection of rights of different categories of foreign workers in European labour markets. Accordingly, particular attention is paid to the works of scholars who evaluate the status of rights of third-country national workers in relation to labour market access, employment security, social integration, etc., in European legislation on labour immigration. More specifically, the review has selected those scholarly works that focus specifically on analysing the manner in which policy-makers have addressed the granting of rights to non-EU migrant workers, and the manner in which policy agendas – through the relevant political and institutional dynamics – have found their translation in the legislation adopted. This paper consists of two core parts. In the first section, it reviews the works of scholars who have touched on these research questions with respect to the internal dimensions of EU labour migration policies. The second section does the same for the external dimensions of these policies. Both sections start off by analysing the main trends in the literature that reviews these questions for the internal and external dimensions of European migration policies as a whole, and then move on to how these ‘trends’ can (or cannot) be found translated in scholarly writings on labour migration policies more specifically. In the final section, the paper concludes by summarising the main trends and gaps in the literature reviewed, and indicates avenues for further research.

Current Challenges regarding the International Refugee Law, with focus on EU Policies and EU Co-operation with UNHCR. CEPS Paper on Liberty and Security in Europe No. 59, September 2013

From an examination of the instruments of the Common European Asylum System (CEAS) and related policy measures regarding border surveillance and migration management, two interrelated issues stand out as particularly sensitive: Access to asylum and responsibility for refugee protection. The prevailing view, supported by UNHCR and others, is that responsibility for the care of asylum seekers and the determination of their claims falls on the state within whose jurisdiction the claim is made. However, the possibility to shift that responsibility to another state through inter-state cooperation or unilateral mechanisms undertaken territorially as well as abroad has been a matter of great interest to EU Member States and institutions. Initiatives adopted so far challenge the prevailing view and have the potential to undermine compliance with international refugee and human rights law. This note reviews EU action in the field by reference to the relevant legal standards and best practices developed by UNHCR, focusing on the specific problems of climate refugees and access to international protection, evaluating the inconsistencies between the internal and external dimension of asylum policy. Some recommendations for the European Parliament are formulated at the end, including on action in relation to readmission agreements, Frontex engagement rules in maritime operations, Regional Protection Programmes, and resettlement.

The EU and its Counter-Terrorism Policies after the Paris Attacks. Liberty and Security in Europe No. 84, 27 November 2015

This paper examines the EU’s counter-terrorism policies responding to the Paris attacks of 13 November 2015. It argues that these events call for a re-think of the current information-sharing and preventive-justice model guiding the EU’s counter-terrorism tools, along with security agencies such as Europol and Eurojust. Priority should be given to independently evaluating ‘what has worked’ and ‘what has not’ when it comes to police and criminal justice cooperation in the Union. Current EU counter-terrorism policies face two challenges: one is related to their efficiency and other concerns their legality. ‘More data’ without the necessary human resources, more effective cross-border operational cooperation and more trust between the law enforcement authorities of EU member states is not an efficient policy response. Large-scale surveillance and preventive justice techniques are also incompatible with the legal and judicial standards developed by the Court of Justice of the EU. The EU can bring further added value first, by boosting traditional policing and criminal justice cooperation to fight terrorism; second, by re-directing EU agencies’ competences towards more coordination and support in cross-border operational cooperation and joint investigations, subject to greater accountability checks (Europol and Eurojust +); and third, by improving the use of policy measures following a criminal justice-led cooperation model focused on improving cross-border joint investigations and the use of information that meets the quality standards of ‘evidence’ in criminal judicial proceedings. Any EU and national counter-terrorism policies must not undermine democratic rule of law, fundamental rights or the EU’s founding constitutional principles, such as the free movement of persons and the Schengen system. Otherwise, these policies will defeat their purpose by generating more insecurity, instability, mistrust and legal uncertainty for all.

Cyber-security, privacy and trust: trends in the Latin American and Caribbean region and the way forward

Este artigo é parte do relatório Cybersecurity Are We Ready in Latin America and the Caribbean?

EU governance of the internet:analyzing Europol’s role in the development of a EU cyber crime and cyber security policies

In recent years, the European Union has come to view cyber security, and in particular, cyber crime as one of the most relevant challenges to the completion of its Area of Freedom, Security and Justice. Given European societies’ increased reliance on borderless and decentralized information technologies, this sector of activity has been identified as an easy target for actors such as organised criminals, hacktivists or terrorist networks. Such analysis has been accompanied by EU calls to step up the fight against unlawful online activities, namely through increased cooperation among law enforcement authorities (both national and extra- communitarian), the approximation of legislations, and public- private partnerships. Although EU initiatives in this field have, so far, been characterized by a lack of interconnection and an integrated strategy, there has been, since the mid- 2000s, an attempt to develop a more cohesive and coordinated policy. An important part of this policy is connected to the activities of Europol, which have come to assume a central role in the coordination of intelligence gathering and analysis of cyber crime. The European Cybercrime Center (EC3), which will become operational within Europol in January 2013, is regarded, in particular, as a focal point of the EU’s fight against this phenomenon. Bearing this background in mind, the present article wishes to understand the role of Europol in the development of a European policy to counter the illegal use of the internet. The article proposes to reach this objective by analyzing, through the theoretical lenses of experimental governance, the evolution of this agency’s activities in the area of cyber crime and cyber security, its positioning as an expert in the field, and the consequences for the way this policy is currently developing and is expected to develop in the near future.

Pervasive eHealth services a security and privacy risk awareness survey

The human factor is often recognised as a major aspect of cyber-security research. Risk and situational perception are identified as key factors in the decision making process, often playing a lead role in the adoption of security mechanisms. However, risk awareness and perception have been poorly investigated in the field of eHealth wearables. Whilst end-users often have limited understanding of privacy and security of wearables, assessing the perceived risks and consequences will help shape the usability of future security mechanisms. This paper present a survey of the the risks and situational awareness in eHealth services. An analysis of the lack of security and privacy measures in connected health devices is described with recommendations to circumvent critical situations.

SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs.

Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Privacy and trust management for electronic health records

Establishing a nationwide Electronic Health Record system has become a primary objective for many countries around the world, including Australia, in order to improve the quality of healthcare while at the same time decreasing its cost. Doing so will require federating the large number of patient data repositories currently in use throughout the country. However, implementation of EHR systems is being hindered by several obstacles, among them concerns about data privacy and trustworthiness. Current IT solutions fail to satisfy patients’ privacy desires and do not provide a trustworthiness measure for medical data. This thesis starts with the observation that existing EHR system proposals suer from six serious shortcomings that aect patients’ privacy and safety, and medical practitioners’ trust in EHR data: accuracy and privacy concerns over linking patients’ existing medical records; the inability of patients to have control over who accesses their private data; the inability to protect against inferences about patients’ sensitive data; the lack of a mechanism for evaluating the trustworthiness of medical data; and the failure of current healthcare workflow processes to capture and enforce patient’s privacy desires. Following an action research method, this thesis addresses the above shortcomings by firstly proposing an architecture for linking electronic medical records in an accurate and private way where patients are given control over what information can be revealed about them. This is accomplished by extending the structure and protocols introduced in federated identity management to link a patient’s EHR to his existing medical records by using pseudonym identifiers. Secondly, a privacy-aware access control model is developed to satisfy patients’ privacy requirements. The model is developed by integrating three standard access control models in a way that gives patients access control over their private data and ensures that legitimate uses of EHRs are not hindered. Thirdly, a probabilistic approach for detecting and restricting inference channels resulting from publicly-available medical data is developed to guard against indirect accesses to a patient’s private data. This approach is based upon a Bayesian network and the causal probabilistic relations that exist between medical data fields. The resulting definitions and algorithms show how an inference channel can be detected and restricted to satisfy patients’ expressed privacy goals. Fourthly, a medical data trustworthiness assessment model is developed to evaluate the quality of medical data by assessing the trustworthiness of its sources (e.g. a healthcare provider or medical practitioner). In this model, Beta and Dirichlet reputation systems are used to collect reputation scores about medical data sources and these are used to compute the trustworthiness of medical data via subjective logic. Finally, an extension is made to healthcare workflow management processes to capture and enforce patients’ privacy policies. This is accomplished by developing a conceptual model that introduces new workflow notions to make the workflow management system aware of a patient’s privacy requirements. These extensions are then implemented in the YAWL workflow management system.

Contextualizing the tensions and weaknesses of information privacy and data breach notification laws

Data breach notification laws have detailed numerous failures relating to the protection of personal information that have blighted both corporate and governmental institutions. There are obvious parallels between data breach notification and information privacy law as they both involve the protection of personal information. However, a closer examination of both laws reveals conceptual differences that give rise to vertical tensions between each law and shared horizontal weaknesses within both laws. Tensions emanate from conflicting approaches to the implementation of information privacy law that results in different regimes and the implementation of different types of protections. Shared weaknesses arise from an overt focus on specified types of personal information which results in ‘one size fits all’ legal remedies. The author contends that a greater contextual approach which promotes the importance of social context is required and highlights the effect that contextualization could have on both laws.

Interaction, privacy and profiling considerations in local mobile social software : a prototype agile ride share system

Agile ridesharing aims to utilise the capability of social networks and mobile phones to facilitate people to share vehicles and travel in real time. However the application of social networking technologies in local communities to address issues of personal transport faces significant design challenges. In this paper we describe an iterative design-based approach to exploring this problem and discuss findings from the use of an early prototype. The findings focus upon interaction, privacy and profiling. Our early results suggest that explicitly entering information such as ride data and personal profile data into formal fields for explicit computation of matches, as is done in many systems, may not be the best strategy. It might be preferable to support informal communication and negotiation with text search techniques.

Improving patient privacy and confidentiality in one regional Emergency Department – a quality project

Background: Patient privacy and confidentiality (PPaC) is an important consideration for nurses and other members of the health care team. Can a patient expect to have confidentiality and in particular privacy in the current climate of emergency health care? Do staff who work in the Emergency Department (ED) see confidentiality as an important factor when providing emergency care? These questions are important to consider. Methods: This is a two phased quality improvement project, developed and implemented over a six month period in a busy regional, tertiary referral ED. Results: Issues identified for this department included department design and layout, overcrowding due to patient flow and access block, staff practices and department policies which were also impacted upon by culture of the team, and use of space. Conclusions: Changes successful in improving this issue include increased staff awareness about PPaC, intercom paging prior to nursing handover to remove visitors during handover, one visitor per patient policy, designated places for handover, allocated bed space for patient reviews/assessment and a strategy to temporarily move the patient if procedures would have been undertaken in shared bed space. These are important issues when considering policy, practice and department design in the ED.

Position, privacy and personnel : concerns for the (digital) future

Firms are moving away from decentralized regional offices. Last year the author spoke with a valuer working on the Sunshine Coast for a Brisbane firm. In years past this valuer would have left home in the morning to go to the office, as well as travelling during the day to client sites. Now they get up, have breakfast, change out of their pyjamas (if they have meetings!) and walk into their employer set-up home office to ‘punch-in’. Apart from travel for essential meetings at head office, or for the purpose of on-site inspections, they can attend work, engage with colleagues and clients and never leave home. While this practice may be a cost saving to the firm and a commuter-friendly way of working, it raises a range of issues to be managed.