An analysis of security and privacy issues relating to RFID enabled ePassports

The European Union sees the introduction of the ePassport as a step towards rendering passports more secure against forgery while facilitating more reliable border controls. In this paper we take an interdisciplinary approach to the key security and privacy issues arising from the use of ePassports. We further anallyse how European data protection legislation must be respected and what additional security measures must be integrated in order to safeguard the privacy of the EU ePassport holder.

A metaphorical analysis of client organisations and the briefing process

This paper reviews and critiques the current practice of classifying building clients according to their 'type'. An alternative approach to understanding organisations is developed in accordance with the principles of naturalistic inquiry. It is contended that the complex pluralistic clients of the 1990s can only really be understood 'from the inside'. The concept of organisational metaphors is introduced as the basis for a more sophisticated way of thinking about organisations. The various strands of organisational theory are also analyzed in terms of their underlying metaphors. Different theories are seen to bring different insights. The implicit metaphors adopted by practitioners are held to be important in that they tend to dictate the adopted approach to client briefing. This contention is illustrated by analyzing three different characterisations of the briefing process in terms of their underlying metaphors. Finally, the discussion is placed in a contemporary UK context by comparing the dominant paradigm of practice during the 1980s to that of the 1990s.

Distributed access control and privacy for the internet of me

This article presents an experimental scalable message driven IoT and its security architecture based on Decentralized Information Flow Control. The system uses a gateway that exports SoA (REST) interfaces to the internet simplifying external applications whereas uses DIFC and asynchronous messaging within the home environment.

Data protection and privacy: the Australian legislation and its implications for IT professionals

The notion of privacy takes on a completely different meaning when viewed from the perspective of an IT professional, an organisation using technology to support strategic directions or a member of the public. This paper looks past the technical issues involved in data protection and examines some of the business, social and regulatory aspects that have become important to those involved in the management, storage and dissemination of electronic information. The paper documents some of the legislative developments in privacy and data protection and examines what these developments mean for IT professionals for whom the link between data captured, stored and processed into information and the resulting effect on privacy is important. The Commonwealth Privacy Act 1988 based on work done by the Council of Europe, the OECD and the European Union provides some general guidelines but only for the public sector. However, new legislation imminent. Thus, IT professionals need to be aware of the changing situation and examine their organisation’s current practices to ensure compliance with future laws.

Acknowledgement of client diversity and oppression in social work student supervision

An enduring theme of social work literature and education has been the need for workers to recognise and challenge oppressive structures and develop competence in working with diverse client groups. This paper reports the findings of a qualitative research project where student and field educator supervision sessions were recorded, with the view to examining how oppression and diversity were addressed in these sessions. The authors have used the term 'difference' to describe the breach between the student and client experiences. Examples of anti-discriminatory practice were identified in the recordings, however on occasions supervisors had difficulty in assisting students to acknowledge diversity and oppression in supervision. Four factors that related to addressing diversity emerged from the supervision material. These were: the struggle to unmask subtle themes of oppression; the use of questioning to raise student awareness and development of self-knowledge; using student biography to facilitate learning on 'difference'; and field educator use of self-disclosure during discussions on diversity. Successful approaches to anti-oppressive practice and responding to diversity are outlined.

Client identification and money laundering control : perspectives on the Financial Intelligence Centre Act 38 of 2001

The Financial Intelligence Centre Act 38 of 2001 (FICA) compels certain persons and institutions (defined as "accountable institutions'') to identify and verify the identity of a new client before any transaction may be concluded or any business relationship is established.1 Accountable institutions are listed in schedule ¹ to FICA and include banks, brokers, financial advisers, insurance companies, attorneys and estate agents. This duty to identify new clients came into effect on 30 June 2003. However, FICA also requires a similar procedure to be followed in respect of all current clients. Current clients are those with whom an accountable institution had business relationships on 30 June 2003.² After 30 June 2004 an institution may not conclude a transaction in the course of its business relationship with an unidentified current client, until it has established and verified that client's identity as prescribed. An institution that concludes any transaction in contravention of this prohibition, commits an offence and is liable to a fine not exceeding R10 million or to imprisonment of up to 15 years.³

The majority of accountable institutions and their clients failed to meet the June 2004 current client identification deadline.4 This failure posed serious economic and legal risks. With a few days to spare, the minister of finance granted a partial and temporary exemption in respect of these requirements. This article explores the statutory scheme for identification and re-identification of clients and some of the practical problems that were encountered. The June 2004 exemptions from these requirements are also considered and proposals for law reform are made.

The discussion of the FICA identification scheme necessitates the following brief overview of the international and South African money laundering control framework.

1 s 21(1) of FICA.
2 s 21(2) of FICA. See also s 82(2)(b).
3 s 46(2) of FICA read with s 68(1) of FICA.

Security and privacy threats to volunteer computing

The vision of volunteer computing is to provide large scale computational infrastructure by using dynamic collections of donated desktop computers. There have been many works that highlighted the significant benefits of volunteer computing but little on the security and privacy threats associated with its exploitation. However, volunteer computing is vulnerable to a variety of attacks and presents numerous significant security threats to the stakeholders. This paper presents security and privacy threat taxonomy along with the security features developed to cope with such threats.