Market research and the ethics of big data

The term 'big data' has recently emerged to describe a range of technological and commercial trends enabling the storage and analysis of huge amounts of customer data, such as that generated by social networks and mobile devices. Much of the commercial promise of big data is in the ability to generate valuable insights from collecting new types and volumes of data in ways that were not previously economically viable. At the same time a number of questions have been raised about the implications for individual privacy. This paper explores key perspectives underlying the emergence of big data, and considers both the opportunities and ethical challenges raised for market research.

Search engine liability for autocomplete suggestions: personality, privacy and the power of the algorithm

This article is concerned with the liability of search engines for algorithmically produced search suggestions, such as through Google’s ‘autocomplete’ function. Liability in this context may arise when automatically generated associations have an offensive or defamatory meaning, or may even induce infringement of intellectual property rights. The increasing number of cases that have been brought before courts all over the world puts forward questions on the conflict of fundamental freedoms of speech and access to information on the one hand, and personality rights of individuals— under a broader right of informational self-determination—on the other. In the light of the recent judgment of the Court of Justice of the European Union (EU) in Google Spain v AEPD, this article concludes that many requests for removal of suggestions including private individuals’ information will be successful on the basis of EU data protection law, even absent prejudice to the person concerned.

Big data: a normal accident waiting to happen?

Widespread commercial use of the internet has significantly increased the volume and scope of data being collected by organisations. ‘Big data’ has emerged as a term to encapsulate both the technical and commercial aspects of this growing data collection activity. To date, much of the discussion of big data has centred upon its transformational potential for innovation and efficiency, yet there has been less reflection on its wider implications beyond commercial value creation. This paper builds upon normal accident theory (NAT) to analyse the broader ethical implications of big data. It argues that the strategies behind big data require organisational systems that leave them vulnerable to normal accidents, that is to say some form of accident or disaster that is both unanticipated and inevitable. Whilst NAT has previously focused on the consequences of physical accidents, this paper suggests a new form of system accident that we label data accidents. These have distinct, less tangible and more complex characteristics and raise significant questions over the role of individual privacy in a ‘data society’. The paper concludes by considering the ways in which the risks of such data accidents might be managed or mitigated.

An annotation-free method for evaluating privacy protection techniques in videos

While several privacy protection techniques are pre- sented in the literature, they are not complemented with an established objective evaluation method for their assess- ment and comparison. This paper proposes an annotation- free evaluation method that assesses the two key aspects of privacy protection that are privacy and utility. Unlike some existing methods, the proposed method does not rely on the use of subjective judgements and does not assume a spe- cific target type in the image data. The privacy aspect is quantified as an appearance similarity and the utility aspect is measured as a structural similarity between the original raw image data and the privacy-protected image data. We performed an extensive experimentation using six challeng- ing datasets (including two new ones) to demonstrate the effectiveness of the evaluation method by providing a per- formance comparison of four state-of-the-art privacy pro- tection techniques.

Extracting Causal Graphs from an Open Provenance Data Model

The open provenance architecture (OPA) approach to the challenge was distinct in several regards. In particular, it is based on an open, well-defined data model and architecture, allowing different components of the challenge workflow to independently record documentation, and for the workflow to be executed in any environment. Another noticeable feature is that we distinguish between the data recorded about what has occurred, emphprocess documentation, and the emphprovenance of a data item, which is all that caused the data item to be as it is and is obtained as the result of a query over process documentation. This distinction allows us to tailor the system to separately best address the requirements of recording and querying documentation. Other notable features include the explicit recording of causal relationships between both events and data items, an interaction-based world model, intensional definition of data items in queries rather than relying on explicit naming mechanisms, and emphstyling of documentation to support non-functional application requirements such as reducing storage costs or ensuring privacy of data. In this paper we describe how each of these features aid us in answering the challenge provenance queries.

Privacy Advocacy in Libraries in the Age of Mass Surveillance

Alison Macrina is the founder and director of the Library Freedom Project, an initiative that aims to make real the promise of intellectual freedom in libraries. The Library Freedom Project trains librarians on the state of global surveillance, privacy rights, and privacy-protecting technology, so that librarians may in turn teach their communities about safeguarding privacy. In 2015, Alison was named one of Library Journal‘s Movers and Shakers. Read more about the Library Freedom Project at libraryfreedomproject.org.

Protecting Your Search Privacy: A Lesson Plan

Each year search engines like Google, Bing and Yahoo, complete trillions of search queries online. Students are especially dependent on these search tools because of their popularity, convenience and accessibility. However, what students are unaware of, by choice or naiveté is the amount of personal information that is collected during each search session, how that data is used and who is interested in their online behavior profile. Privacy policies are frequently updated in favor of the search companies but are lengthy and often are perused briefly or ignored entirely with little thought about how personal web habits are being exploited for analytics and marketing. As an Information Literacy instructor, and a member of the Electronic Frontier Foundation, I believe in the importance of educating college students and web users in general that they have a right to privacy online. Class discussions on the topic of web privacy have yielded an interesting perspective on internet search usage. Students are unaware of how their online behavior is recorded and have consistently expressed their hesitancy to use tools that disguise or delete their IP address because of the stigma that it may imply they have something to hide or are engaging in illegal activity. Additionally, students fear they will have to surrender the convenience of uber connectivity in their applications to maintain their privacy. The purpose of this lightning presentation is to provide educators with a lesson plan highlighting and simplifying the privacy terms for the three major search engines, Google, Bing and Yahoo. This presentation focuses on what data these search engines collect about users, how that data is used and alternative search solutions, like DuckDuckGo, for increased privacy. Students will directly benefit from this lesson because informed internet users can protect their data, feel safer online and become more effective web searchers.

Library Privacy Policies in 2015: Strategies for Renewed Relevance

In recent decades, library associations have advocated for the adoption of privacy and confidentiality policies as practical support to the Library Code of Ethics with a threefold purpose to (1) define and uphold privacy practices within the library, (2) convey privacy practices to patrons and, (3) protect against potential liability and public relations problems. The adoption of such policies has been instrumental in providing libraries with effective responses to surveillance initiatives such as warrantless requests and the USA PATRIOT ACT. Nevertheless, as reflected in recent news stories, the rapid emergence of data brokerage relationships and technologies and the increasing need for libraries to utilize third party vendor services have increased opportunities for data surveillers to access patrons’ personal information and reading habits, which are funneled and made available through multiple online library service platforms. Additionally, the advice that libraries should “contract for the same level of privacy reflected in their privacy policies” is no longer realistic given that the existence of multiple vendor contracts negotiated at arms length is likely to produce varying privacy terms and even varying definitions of what constitutes personal information (PII). These conditions sharply threaten the effectiveness and relevance of library privacy policies and privacy initiatives in that such policies increasingly offer false comfort by failing to reflect privacy weaknesses in the data sharing landscape and vendor contracts when library-vendor contracts fail to keep up with vendor data sharing capabilities. While some argue that library privacy ethics are antiquated and rendered obscure in the current online sharing economy PEW studies point to pronounced public discomfort with increasing privacy erosion. At the same time, new directions in FTC enforcement raise the possibility that public institutions’ privacy policies may serve as swords to unfair or deceptive commercial trade practices – offering the potential of renewed relevance for library privacy and confidentiality policies. This dual coin of public concern and the potential for enhanced FTC enforcement suggests that when crafting privacy polices libraries must now walk the knife’s edge by offering patrons both realistic notice about the limitations of protections the library can ensure while at the same time publicly holding vendors accountable to library privacy ethics and expectations. Potential solutions for how to walk this edge are developed and offered as a subject for further discussion to assist the modification of model policies for both public and academic libraries alike.

Privacidade e inovação na era do Big Data

A coleta e o armazenamento de dados em larga escala, combinados à capacidade de processamento de dados que não necessariamente tenham relação entre si de forma a gerar novos dados e informações, é uma tecnologia amplamente usada na atualidade, conhecida de forma geral como Big Data. Ao mesmo tempo em que possibilita a criação de novos produtos e serviços inovadores, os quais atendem a demandas e solucionam problemas de diversos setores da sociedade, o Big Data levanta uma série de questionamentos relacionados aos direitos à privacidade e à proteção dos dados pessoais. Esse artigo visa proporcionar um debate sobre o alcance da atual proteção jurídica aos direitos à privacidade e aos dados pessoais nesse contexto, e consequentemente fomentar novos estudos sobre a compatibilização dos mesmos com a liberdade de inovação. Para tanto, abordará, em um primeiro momento, pontos positivos e negativos do Big Data, identificando como o mesmo afeta a sociedade e a economia de forma ampla, incluindo, mas não se limitando, a questões de consumo, saúde, organização social, administração governamental, etc. Em seguida, serão identificados os efeitos dessa tecnologia sobre os direitos à privacidade e à proteção dos dados pessoais, tendo em vista que o Big Data gera grandes mudanças no que diz respeito ao armazenamento e tratamento de dados. Por fim, será feito um mapeamento do atual quadro regulatório brasileiro de proteção a tais direitos, observando se o mesmo realmente responde aos desafios atuais de compatibilização entre inovação e privacidade.

On data-centric misbehavior detection in VANETs

Detecting misbehavior (such as transmissions of false information) in vehicular ad hoc networks (VANETs) is a very important problem with wide range of implications, including safety related and congestion avoidance applications. We discuss several limitations of existing misbehavior detection schemes (MDS) designed for VANETs. Most MDS are concerned with detection of malicious nodes. In most situations, vehicles would send wrong information because of selfish reasons of their owners, e.g. for gaining access to a particular lane. It is therefore more important to detect false information than to identify misbehaving nodes. We introduce the concept of data-centric misbehavior detection and propose algorithms which detect false alert messages and misbehaving nodes by observing their actions after sending out the alert messages. With the data-centric MDS, each node can decide whether an information received is correct or false. The decision is based on the consistency of recent messages and new alerts with reported and estimated vehicle positions. No voting or majority decisions is needed, making our MDS resilient to Sybil attacks. After misbehavior is detected, we do not revoke all the secret credentials of misbehaving nodes, as done in most schemes. Instead, we impose fines on misbehaving nodes (administered by the certification authority), discouraging them to act selfishly. This reduces the computation and communication costs involved in revoking all the secret credentials of misbehaving nodes. © 2011 IEEE.

An assessment of big data for official statistics in the Caribbean: Challenges and opportunities

The data revolution for sustainable development has triggered interest in the use of big data for official statistics such that theUnited Nations Economic and Social Council considers it to be almost an obligation for statistical organizations to explore big data. Big data has been promoted as a more timely and cheaper alternative to traditional sources of official data, and one that offers great potential for monitoring the sustainable development goals. However, privacy concerns, technology and capacity remain significant obstacles to the use of big data. This study makes a case for incorporating big data in official statitics in the Caribbean by highlight the opportunities that big data provides for the subregion, while suggesting ways to manage the challenges. It serves as a starting point for further discussions on the many facets of big data and provides an initial platform upon which a Caribbean big data strategy could be built.

Il fascicolo sanitario elettronico tra Semantic Web e diritto alla privacy

Principale obiettivo della ricerca è quello di ricostruire lo stato dell’arte in materia di sanità elettronica e Fascicolo Sanitario Elettronico, con una precipua attenzione ai temi della protezione dei dati personali e dell’interoperabilità. A tal fine sono stati esaminati i documenti, vincolanti e non, dell’Unione europea nonché selezionati progetti europei e nazionali (come “Smart Open Services for European Patients” (EU); “Elektronische Gesundheitsakte” (Austria); “MedCom” (Danimarca); “Infrastruttura tecnologica del Fascicolo Sanitario Elettronico”, “OpenInFSE: Realizzazione di un’infrastruttura operativa a supporto dell’interoperabilità delle soluzioni territoriali di fascicolo sanitario elettronico nel contesto del sistema pubblico di connettività”, “Evoluzione e interoperabilità tecnologica del Fascicolo Sanitario Elettronico”, “IPSE - Sperimentazione di un sistema per l’interoperabilità europea e nazionale delle soluzioni di Fascicolo Sanitario Elettronico: componenti Patient Summary e ePrescription” (Italia)). Le analisi giuridiche e tecniche mostrano il bisogno urgente di definire modelli che incoraggino l’utilizzo di dati sanitari ed implementino strategie effettive per l’utilizzo con finalità secondarie di dati sanitari digitali , come Open Data e Linked Open Data. L’armonizzazione giuridica e tecnologica è vista come aspetto strategico per ridurre i conflitti in materia di protezione di dati personali esistenti nei Paesi membri nonché la mancanza di interoperabilità tra i sistemi informativi europei sui Fascicoli Sanitari Elettronici. A questo scopo sono state individuate tre linee guida: (1) armonizzazione normativa, (2) armonizzazione delle regole, (3) armonizzazione del design dei sistemi informativi. I principi della Privacy by Design (“prottivi” e “win-win”), così come gli standard del Semantic Web, sono considerate chiavi risolutive per il suddetto cambiamento.

Data sanitization in a clearing system for public transport operators

In this work we will discuss about a project started by the Emilia-Romagna Regional Government regarding the manage of the public transport. In particular we will perform a data mining analysis on the data-set of this project. After introducing the Weka software used to make our analysis, we will discover the most useful data mining techniques and algorithms; and we will show how these results can be used to violate the privacy of the same public transport operators. At the end, despite is off topic of this work, we will spend also a few words about how it's possible to prevent this kind of attack.

Privacy Tradeoffs in Information Technology Law

The thesis aims to make the dynamics of the tradeoffs involving privacy more visible; both theoretically and in two of the central current policy debates in European data protection law, the right to be forgotten and online tracking. In doing so, it offers an explanation for data protection law from an economic perspective and provides a basis for the evaluation of further data protection measures.

Modelli e Strumenti di Classifciazione Automatica per il Controllo dell'Accesso su Piattaforme Big Data

Dall'analisi dei big data si possono trarre degli enormi benefici in svariati ambiti applicativi. Uno dei fattori principali che contribuisce alla ricchezza dei big data, consiste nell'uso non previsto a priori di dati immagazzinati in precedenza, anche in congiunzione con altri dataset eterogenei: questo permette di trovare correlazioni significative e inaspettate tra i dati. Proprio per questo, il Valore, che il dato potenzialmente porta con sè, stimola le organizzazioni a raccogliere e immagazzinare sempre più dati e a ricercare approcci innovativi e originali per effettuare analisi su di essi. L’uso fortemente innovativo che viene fatto dei big data in questo senso e i requisiti tecnologici richiesti per gestirli hanno aperto importanti problematiche in materia di sicurezza e privacy, tali da rendere inadeguati o difficilmente gestibili, gli strumenti di sicurezza utilizzati finora nei sistemi tradizionali. Con questo lavoro di tesi si intende analizzare molteplici aspetti della sicurezza in ambito big data e offrire un possibile approccio alla sicurezza dei dati. In primo luogo, la tesi si occupa di comprendere quali sono le principali minacce introdotte dai big data in ambito di privacy, valutando la fattibilità delle contromisure presenti all’attuale stato dell’arte. Tra queste anche il controllo dell’accesso ha riscontrato notevoli sfide causate dalle necessità richieste dai big data: questo elaborato analizza pregi e difetti del controllo dell’accesso basato su attributi (ABAC), un modello attualmente oggetto di discussione nel dibattito inerente sicurezza e privacy nei big data. Per rendere attuabile ABAC in un contesto big data, risulta necessario l’ausilio di un supporto per assegnare gli attributi di visibilità alle informazioni da proteggere. L’obiettivo di questa tesi consiste nel valutare fattibilità, caratteristiche significative e limiti del machine learning come possibile approccio di utilizzo.