Privacy-Preserving Optimal Meeting Location Determination on Mobile Devices

Equipped with state-of-the-art smartphones and mobile devices, today's highly interconnected urban population is increasingly dependent on these gadgets to organize and plan their daily lives. These applications often rely on current (or preferred) locations of individual users or a group of users to provide the desired service, which jeopardizes their privacy; users do not necessarily want to reveal their current (or preferred) locations to the service provider or to other, possibly untrusted, users. In this paper, we propose privacy-preserving algorithms for determining an optimal meeting location for a group of users. We perform a thorough privacy evaluation by formally quantifying privacy-loss of the proposed approaches. In order to study the performance of our algorithms in a real deployment, we implement and test their execution efficiency on Nokia smartphones. By means of a targeted user-study, we attempt to get an insight into the privacy-awareness of users in location-based services and the usability of the proposed solutions.

Effectiveness of Justice-Based Measures in Managing Trust and Privacy Concerns on Social Networking Sites: Intercultural Perspective

The unprecedented success of social networking sites (SNSs) has been recently overshadowed by concerns about privacy risks. As SNS users grow weary of privacy breaches and thus develop distrust, they may restrict or even terminate their platform activities. In the long run, these developments endanger SNS platforms’ financial viability and undermine their ability to create individual and social value. By applying a justice perspective, this study aims to understand the means at the disposal of SNS providers to leverage the privacy concerns and trusting beliefs of their users—two important determinants of user participation on SNSs. Considering that SNSs have a global appeal, empirical tests assess the effectiveness of justice measures for three culturally distinct countries: Germany, Russia and Morocco. The results indicate that these measures are particularly suited to address trusting beliefs of SNS audience. Specifically, in all examined countries, procedural justice and the awareness dimension of informational justice improve perceptions of trust in the SNS provider. Privacy concerns, however, are not as easy to manage, because the impact of justice-based measures on privacy concerns is not universal. Beyond theoretical value, this research offers valuable practical insights into the use of justice-based measures to promote trust and mitigate privacy concerns in a cross-cultural setting.

Dangers of ‘Facebook Login’ for Mobile Apps: Is There a Price Tag for Social Information?

Social networks offer horizontal integration for any mobile platform providing app users with a convenient single sign-on point. Nonetheless, there are growing privacy concerns regarding its use. These vulnerabilities trigger alarm among app developers who fight for their user base: While they are happy to act on users’ information collected via social networks, they are not always willing to sacrifice their adoption rate for this goal. So far, understanding of this trade-off has remained ambiguous. To fill this gap, we employ a discrete choice experiment to explore the role of Facebook Login and investigate the impact of accompanying requests for different information items / actions in the mobile app adoption process. We quantify users’ concerns regarding these items in monetary terms. Beyond hands-on insights for providers, our study contributes to the theoretical discourse on the value of privacy in the growing world of Social Media and mobile web.

Privacy Policies and Users’ Trust: Does Readability Matter?

Over the years, a drastic increase in online information disclosure spurs a wave of concerns from multiple stakeholders. Among others, users resent the “behind the closed doors” processing of their personal data by companies. Privacy policies are supposed to inform users how their personal information is handled by a website. However, several studies have shown that users rarely read privacy policies for various reasons, not least because limitedly readable policy texts are difficult to understand. Based on our online survey with over 440 responses, we examine the objective and subjective readability of privacy policies and investigate their impact on users’ trust in five big Internet services. Our findings show the stronger a user believes in having understood the privacy policy, the higher he or she trusts a web site across all companies we studied. Our results call for making readability of privacy policies more accessible to an average reader.

Privacy Preserving Probabilistic Record Linkage (P3RL): a novel method for linking existing health-related data and maintaining participant confidentiality.

BACKGROUND Record linkage of existing individual health care data is an efficient way to answer important epidemiological research questions. Reuse of individual health-related data faces several problems: Either a unique personal identifier, like social security number, is not available or non-unique person identifiable information, like names, are privacy protected and cannot be accessed. A solution to protect privacy in probabilistic record linkages is to encrypt these sensitive information. Unfortunately, encrypted hash codes of two names differ completely if the plain names differ only by a single character. Therefore, standard encryption methods cannot be applied. To overcome these challenges, we developed the Privacy Preserving Probabilistic Record Linkage (P3RL) method. METHODS In this Privacy Preserving Probabilistic Record Linkage method we apply a three-party protocol, with two sites collecting individual data and an independent trusted linkage center as the third partner. Our method consists of three main steps: pre-processing, encryption and probabilistic record linkage. Data pre-processing and encryption are done at the sites by local personnel. To guarantee similar quality and format of variables and identical encryption procedure at each site, the linkage center generates semi-automated pre-processing and encryption templates. To retrieve information (i.e. data structure) for the creation of templates without ever accessing plain person identifiable information, we introduced a novel method of data masking. Sensitive string variables are encrypted using Bloom filters, which enables calculation of similarity coefficients. For date variables, we developed special encryption procedures to handle the most common date errors. The linkage center performs probabilistic record linkage with encrypted person identifiable information and plain non-sensitive variables. RESULTS In this paper we describe step by step how to link existing health-related data using encryption methods to preserve privacy of persons in the study. CONCLUSION Privacy Preserving Probabilistic Record linkage expands record linkage facilities in settings where a unique identifier is unavailable and/or regulations restrict access to the non-unique person identifiable information needed to link existing health-related data sets. Automated pre-processing and encryption fully protect sensitive information ensuring participant confidentiality. This method is suitable not just for epidemiological research but also for any setting with similar challenges.

Property Condition Disclosure Law: Does 'Seller Tell All' Matter in Property Values?

At the time when at least two-thirds of the US states have already mandated some form of seller's property condition disclosure statement and there is a movement in this direction nationally, this paper examines the impact of seller's property condition disclosure law on the residential real estate values, the information asymmetry in housing transactions and shift of risk from buyers and brokers to the sellers, and attempts to ascertain the factors that lead to adoption of the disclosur law. The analytical structure employs parametric panel data models, semi-parametric propensity score matching models, and an event study framework using a unique set of economic and institutional attributes for a quarterly panel of 291 US Metropolitan Statistical Areas (MSAs) and 50 US States spanning 21 years from 1984 to 2004. Exploiting the MSA level variation in house prices, the study finds that the average seller may be able to fetch a higher price (about three to four percent) for the house if she furnishes a state-mandated seller's property condition disclosure statement to the buyer.

Women’s experiences with the use of medical abortion in a legally restricted context: the case of Argentina

This article presents the findings of a qualitative study exploring the experiences of women living in Buenos Aires Metropolitan Area, Argentina, with the use of misoprostol for inducing an abortion. We asked women about the range of decisions they had to make, their emotions, the physical experience, strategies they needed to use, including seeking health care advice and in dealing with a clandestine medical abortion, and their overall evaluation of the experience. An in-depth interview schedule was used. The women had either used misoprostol and sought counselling or care at a public hospital (n=24) or had used misoprostol based on the advice of a local hotline, information from the internet or from other women (n=21). Four stages in the women’s experiences were identified: how the decision to terminate the pregnancy was taken, how the medication was obtained, how the tablets were used, and reflections on the outcome whether or not they sought medical advice. Safety and privacy were key in deciding to use medical abortion. Access to the medication was the main obstacle, requiring a prescription or a friendly drugstore. Correct information about the number of pills to use and dosage intervals was the least easy to obtain and caused concerns. The possibility of choosing a time of privacy and having the company of a close one was highlighted as a unique advantage of medical abortion. Efforts to improve abortion law, policy and service provision in Argentina in order to ensure the best possible conditions for use of medical abortion by women should be redoubled.

PEPSI: Privacy-Enhanced Participatory Sensing Infrastructure.

Participatory Sensing combines the ubiquity of mobile phones with sensing capabilities of Wireless Sensor Networks. It targets pervasive collection of information, e.g., temperature, traffic conditions, or health-related data. As users produce measurements from their mobile devices, voluntary participation becomes essential. However, a number of privacy concerns -- due to the personal information conveyed by data reports -- hinder large-scale deployment of participatory sensing applications. Prior work on privacy protection, for participatory sensing, has often relayed on unrealistic assumptions and with no provably-secure guarantees. The goal of this project is to introduce PEPSI: a Privacy-Enhanced Participatory Sensing Infrastructure. We explore realistic architectural assumptions and a minimal set of (formal) privacy requirements, aiming at protecting privacy of both data producers and consumers. We design a solution that attains privacy guarantees with provable security at very low additional computational cost and almost no extra communication overhead.

Hummingbird: Privacy at the time of Twitter

In the last several years, micro-blogging Online Social Networks (OSNs), such as Twitter, have taken the world by storm, now boasting over 100 million subscribers. As an unparalleled stage for an enormous audience, they offer fast and reliable centralized diffusion of pithy tweets to great multitudes of information-hungry and always-connected followers. At the same time, this information gathering and dissemination paradigm prompts some important privacy concerns about relationships between tweeters, followers and interests of the latter. In this paper, we assess privacy in today?s Twitter-like OSNs and describe an architecture and a trial implementation of a privacy-preserving service called Hummingbird. It is essentially a variant of Twitter that protects tweet contents, hashtags and follower interests from the (potentially) prying eyes of the centralized server. We argue that, although inherently limited by Twitter?s mission of scalable information-sharing, this degree of privacy is valuable. We demonstrate, via a working prototype, that Hummingbird?s additional costs are tolerably low. We also sketch out some viable enhancements that might offer better privacy in the long term.

Training organization of a middle-size company engaged in information technology services: theory and practice

In order to establish an active internal know-how -reserve~ in an information processing and engineering services . company, a training architecture tailored to the company as an whole must be defined. When a company' s earnings come from . advisory services dynamically structured i.n the form of projects, as is the case at hand, difficulties arise that must be taken into account in the architectural design. The first difficulties are of a psychological nature and the design method proposed here begjns wi th the definition of the highest training metasystem, which is aimed at making adjustments for the variety of perceptions of the company's human components, before the architecture can be designed. This approach may be considered as an application of the cybernetic Law of Requisita Variety (Ashby) and of the Principle of Conceptual Integrity (Brooks) . Also included is a description of sorne of the results of the first steps of metasystems at the level of company organization.

Information reconciliation for Quantum Key Distribution

Secret-key agreement, a well-known problem in cryptography, allows two parties holding correlated sequences to agree on a secret key communicating over a public channel. It is usually divided into three different procedures: advantage distillation, information reconciliation and privacy amplification. The efficiency of each one of these procedures is needed if a positive key rate is to be attained from the legitimate parties? correlated sequences. Quantum key distribution (QKD) allows the two parties to obtain correlated sequences, provided that they have access to an authenticated channel. The new generation of QKD devices is able to work at higher speeds and in noisier or more absorbing environments. This exposes the weaknesses of current information reconciliation protocols, a key component to their performance. Here we present a new protocol based in low-density parity-check (LDPC) codes that presents the advantages of low interactivity, rate adaptability and high efficiency,characteristics that make it highly suitable for next generation QKD devices.

Analytical bearing capacity of strip footing in weightless materials with power-law failure criteria

Sokolovskii’s method of characteristics is extended to provide analytical solutions for the ultimate load at the moment of plastic failure under plane-strain conditions of shallow strip foundations on weightless rigid-plastic media with a noncohesive power-law failure envelope. The formulation is made parametrically in terms of the instantaneous friction angle, and the key idea to obtain the bearing capacity is that information can be transmitted from the free surface (where external loads are known) to the contact plane of the foundation. The methodology can consider foundations adjacent to a slope, external surcharges at the free surface, and inclined loads (both on the slope and on the foundation). Sensitivity analyses illustrate the influence on bearing capacity of changes in the different geometrical parameters involved. An application example is presented and design plots are provided, and model predictions are compared with results of bearing capacity tests under low gravity.

Exploring the economic value of personal information from firms' financial statements

Currently personal data gathering in online markets is done on a far larger scale and much cheaper and faster than ever before. Within this scenario, a number of highly relevant companies for whom personal data is the key factor of production have emerged. However, up to now, the corresponding economic analysis has been restricted primarily to a qualitative perspective linked to privacy issues. Precisely, this paper seeks to shed light on the quantitative perspective, approximating the value of personal information for those companies that base their business model on this new type of asset. In the absence of any systematic research or methodology on the subject, an ad hoc procedure is developed in this paper. It starts with the examination of the accounts of a number of key players in online markets. This inspection first aims to determine whether the value of personal information databases is somehow reflected in the firms’ books, and second to define performance measures able to capture this value. After discussing the strengths and weaknesses of possible approaches, the method that performs best under several criteria (revenue per data record) is selected. From here, an estimation of the net present value of personal data is derived, as well as a slight digression into regional differences in the economic value of personal information.

Smart meter privacy by suprression of low power frequency components

This paper focuses on the problems associated with privacy protection in smart grid. We will give an overview of a possible realization of a privacy-preserving approach that encompasses privacy-utility tradeoff into a single model. This approach proposes suppression of low power frequency components as a solution to reduce the amount of information leakage from smart meter readings. We will consider the applicability of the procedure to hide the appliance usage with respect to the type of home devices.