992 resultados para Platform Privacy
Resumo:
After years of deliberation, the EU commission sped up the reform process of a common EU digital policy considerably in 2015 by launching the EU digital single market strategy. In particular, two core initiatives of the strategy were agreed upon: General Data Protection Regulation and the Network and Information Security (NIS) Directive law texts. A new initiative was additionally launched addressing the role of online platforms. This paper focuses on the platform privacy rationale behind the data protection legislation, primarily based on the proposal for a new EU wide General Data Protection Regulation. We analyse the legislation rationale from an Information System perspective to understand the role user data plays in creating platforms that we identify as “processing silos”. Generative digital infrastructure theories are used to explain the innovative mechanisms that are thought to govern the notion of digitalization and successful business models that are affected by digitalization. We foresee continued judicial data protection challenges with the now proposed Regulation as the adoption of the “Internet of Things” continues. The findings of this paper illustrate that many of the existing issues can be addressed through legislation from a platform perspective. We conclude by proposing three modifications to the governing rationale, which would not only improve platform privacy for the data subject, but also entrepreneurial efforts in developing intelligent service platforms. The first modification is aimed at improving service differentiation on platforms by lessening the ability of incumbent global actors to lock-in the user base to their service/platform. The second modification posits limiting the current unwanted tracking ability of syndicates, by separation of authentication and data store services from any processing entity. Thirdly, we propose a change in terms of how security and data protection policies are reviewed, suggesting a third party auditing procedure.
Resumo:
This research has established a new privacy framework, privacy model, and privacy architecture to create more transparent privacy for social networking users. The architecture is designed into three levels: Business, Data, and Technology, which is based on The Open Group Architecture Framework (TOGAF®). This framework and architecture provides a novel platform for investigating privacy in Social Networks (SNs). This approach mitigates many current SN privacy issues, and leads to a more controlled form of privacy assessment. Ultimately, more privacy will encourage more connections between people across SN services.
Resumo:
Ubiquitous computing is about making computers and computerized artefacts a pervasive part of our everyday lifes, bringing more and more activities into the realm of information. The computationalization, informationalization of everyday activities increases not only our reach, efficiency and capabilities but also the amount and kinds of data gathered about us and our activities. In this thesis, I explore how information systems can be constructed so that they handle this personal data in a reasonable manner. The thesis provides two kinds of results: on one hand, tools and methods for both the construction as well as the evaluation of ubiquitous and mobile systems---on the other hand an evaluation of the privacy aspects of a ubiquitous social awareness system. The work emphasises real-world experiments as the most important way to study privacy. Additionally, the state of current information systems as regards data protection is studied. The tools and methods in this thesis consist of three distinct contributions. An algorithm for locationing in cellular networks is proposed that does not require the location information to be revealed beyond the user's terminal. A prototyping platform for the creation of context-aware ubiquitous applications called ContextPhone is described and released as open source. Finally, a set of methodological findings for the use of smartphones in social scientific field research is reported. A central contribution of this thesis are the pragmatic tools that allow other researchers to carry out experiments. The evaluation of the ubiquitous social awareness application ContextContacts covers both the usage of the system in general as well as an analysis of privacy implications. The usage of the system is analyzed in the light of how users make inferences of others based on real-time contextual cues mediated by the system, based on several long-term field studies. The analysis of privacy implications draws together the social psychological theory of self-presentation and research in privacy for ubiquitous computing, deriving a set of design guidelines for such systems. The main findings from these studies can be summarized as follows: The fact that ubiquitous computing systems gather more data about users can be used to not only study the use of such systems in an effort to create better systems but in general to study phenomena previously unstudied, such as the dynamic change of social networks. Systems that let people create new ways of presenting themselves to others can be fun for the users---but the self-presentation requires several thoughtful design decisions that allow the manipulation of the image mediated by the system. Finally, the growing amount of computational resources available to the users can be used to allow them to use the data themselves, rather than just being passive subjects of data gathering.
Resumo:
This paper presents a theoretical model to analyze the privacy issues around location based mobile business models. We report the results of an exploratory field experiment in Switzerland that assessed the factors driving user payoff in mobile business. We found that (1) the personal data disclosed has a negative effect on user payoff; (2) the amount of personalization available has a direct and positive effect, as well as a moderating effect on user payoff; (3) the amount of control over user's personal data has a direct and positive effect, as well as a moderating effect on user payoff. The results suggest that privacy protection could be the main value proposition in the B2C mobile market. From our theoretical model we derive a set of guidelines to design a privacy-friendly business model pattern for third-party services. We discuss four examples to show the mobile platform can play a key role in the implementation of these new business models.
Resumo:
L’avénement des réseaux sociaux, tel que Facebook, MySpace et LinkedIn, a fourni une plateforme permettant aux individus de rester facilement connectés avec leurs amis, leurs familles ou encore leurs collègues tout en les encourageant activement à partager leurs données personnelles à travers le réseau. Avec la richesse des activités disponibles sur un réseau social, la quantité et la variété des informations personnelles partagées sont considérables. De plus, de part leur nature numérique, ces informations peuvent être facilement copiées, modifiées ou divulguées sans le consentement explicite de leur propriétaire. Ainsi, l’information personnelle révélée par les réseaux sociaux peut affecter de manière concrète la vie de leurs utilisateurs avec des risques pour leur vie privée allant d’un simple embarras à la ruine complète de leur réputation, en passant par l’usurpation d’identité. Malheureusement, la plupart des utilisateurs ne sont pas conscients de ces risques et les outils mis en place par les réseaux sociaux actuels ne sont pas suffisants pour protéger efficacement la vie privée de leurs utilisateurs. En outre, même si un utilisateur peut contrôler l’accès à son propre profil, il ne peut pas contrôler ce que les autres révèlent à son sujet. En effet, les “amis” d’un utilisateur sur un réseau social peuvent parfois révéler plus d’information à son propos que celui-ci ne le souhaiterait. Le respect de la vie privée est un droit fondamental pour chaque individu. Nous pré- sentons dans cette thèse une approche qui vise à accroître la prise de conscience des utilisateurs des risques par rapport à leur vie privée et à maintenir la souveraineté sur leurs données lorsqu’ils utilisent un réseau social. La première contribution de cette thèse réside dans la classification des risques multiples ainsi que les atteintes à la vie privée des utilisateurs d’un réseau social. Nous introduisons ensuite un cadre formel pour le respect de la vie privée dans les réseaux sociaux ainsi que le concept de politique de vie privée (UPP). Celle-ci définie par l’utilisateur offre une manière simple et flexible de spécifier et communiquer leur attentes en terme de respect de la vie privée à d’autres utilisateurs, tiers parties ainsi qu’au fournisseur du réseau social. Par ailleurs, nous dé- finissons une taxonomie (possiblement non-exhaustive) des critères qu’un réseau social peut intégrer dans sa conception pour améliorer le respect de la vie privée. En introduisant le concept de réseau social respectueux de la vie privée (PSNS), nous proposons Privacy Watch, un réseau social respectueux de la vie privée qui combine les concepts de provenance et d’imputabilité afin d’aider les utilisateurs à maintenir la souveraineté sur leurs données personnelles. Finalement, nous décrivons et comparons les différentes propositions de réseaux sociaux respectueux de la vie privée qui ont émergé récemment. Nous classifions aussi ces différentes approches au regard des critères de respect de la vie privée introduits dans cette thèse.
Resumo:
Driven by new network and middleware technologies such as mobile broadband, near-field communication, and context awareness the so-called ambient lifestyle will foster innovative use cases in building automation, healthcare and agriculture. In the EU project Hydra1 highlevel security, trust and privacy concerns such as loss of control, profiling and surveillance are considered at the outset. At the end of this project the Hydra middleware development platform will have been designed so as to enable developers to realise secure ambient scenarios especially in the user domains of building automation, healthcare, and agriculture. This paper gives a short introduction to the Hydra project, its user domains and its approach to ensure security by design. Based on the results of a focus group analysis of the building automation domain typical threats are evaluated and their risks are assessed. Then, specific security requirements with respect to security, privacy, and trust are derived in order to incorporate them into the Hydra Security Meta Model. How concepts such as context security, semantic security, and virtualisation support the overall Hydra approach will be introduced and illustrated on the basis of a technical building automation scenario.
Resumo:
This research investigated the proliferation of malicious applications on smartphones and a framework that can efficiently detect and classify such applications based on behavioural patterns was proposed. Additionally the causes and impact of unauthorised disclosure of personal information by clean applications were examined and countermeasures to protect smartphone users’ privacy were proposed.
Resumo:
The Internet of Things (IoT) is the next industrial revolution: we will interact naturally with real and virtual devices as a key part of our daily life. This technology shift is expected to be greater than the Web and Mobile combined. As extremely different technologies are needed to build connected devices, the Internet of Things field is a junction between electronics, telecommunications and software engineering. Internet of Things application development happens in silos, often using proprietary and closed communication protocols. There is the common belief that only if we can solve the interoperability problem we can have a real Internet of Things. After a deep analysis of the IoT protocols, we identified a set of primitives for IoT applications. We argue that each IoT protocol can be expressed in term of those primitives, thus solving the interoperability problem at the application protocol level. Moreover, the primitives are network and transport independent and make no assumption in that regard. This dissertation presents our implementation of an IoT platform: the Ponte project. Privacy issues follows the rise of the Internet of Things: it is clear that the IoT must ensure resilience to attacks, data authentication, access control and client privacy. We argue that it is not possible to solve the privacy issue without solving the interoperability problem: enforcing privacy rules implies the need to limit and filter the data delivery process. However, filtering data require knowledge of how the format and the semantics of the data: after an analysis of the possible data formats and representations for the IoT, we identify JSON-LD and the Semantic Web as the best solution for IoT applications. Then, this dissertation present our approach to increase the throughput of filtering semantic data by a factor of ten.
Resumo:
When it comes to platform sustainability, mitigating user privacy concerns and enhancing trust represent two major tasks providers of Social Networking Sites (SNSs) are facing today. State-of-the-art research advocates reliance on the justice-based measures as possible means to address these challenges. However, as providers are increasingly expanding into foreign markets, the effectiveness of these measures in a cross-cultural setting is questioned. In an attempt to address this set of issues, in this study we build on the existing model to examine the impact of culture on the robustness of four justice-based means in mitigating privacy concerns and ensuring trust. Survey responses from German and Russian SNS members are used to evaluate the two structural equation models, which are then compared. We find that perceptions regarding Procedural and Informational Justice are universally important and hence should be addressed as part of the basic strategy by the SNS provider. When expanding to collectivistic countries like Russia, measures enhancing perceptions of Distributive and Interpersonal Justice can be additionally applied. Beyond practical implications, our study makes a significant contribution to the theoretical discourse on the role of culture in determining individual perceptions and behavior.
Behind the curtains of privacy calculus on social networking sites: the study of Germany and the USA
Resumo:
As social networking sites (SNSs) become increasingly global, the issues of cultural differences in participation patterns become acute. However, current research offers only limited insights into the role of culture behind SNS usage. Aiming to fill this gap, this study adopts a ‘privacy calculus’ perspective to study the differences between German and American SNS users. Results of structural equation modeling and multi-group analysis reveal distinct variability in the cognitive patterns of American and German subjects. We contribute to the theory by rejecting the universal nature of privacy-calculus processes. From a practical standpoint, our results signal that SNS providers cannot rely on the “proven” means in ensuring user participation when crossing geographic boundaries. When financial means are limited, SNS providers should direct their investments into enhancing platform enjoyment and granting users with more control and, paradoxically, lobbying for more legalistic safeguards of user privacy.
Resumo:
Unprecedented success of Online Social Networks, such as Facebook, has been recently overshadowed by the privacy risks they imply. Weary of privacy concerns and unable to construct their identity in the desired way, users may restrict or even terminate their platform activities. Even though this means a considerable business risk for these platforms, so far there have been no studies on how to enable social network providers to address these problems. This study fills this gap by adopting a fairness perspective to analyze related measures at the disposal of the provider. In a Structural Equation Model with 237 subjects we find that ensuring interactional and procedural justice are two important strategies to support user participation on the platform.
Resumo:
The unprecedented success of social networking sites (SNSs) has been recently overshadowed by concerns about privacy risks. As SNS users grow weary of privacy breaches and thus develop distrust, they may restrict or even terminate their platform activities. In the long run, these developments endanger SNS platforms’ financial viability and undermine their ability to create individual and social value. By applying a justice perspective, this study aims to understand the means at the disposal of SNS providers to leverage the privacy concerns and trusting beliefs of their users—two important determinants of user participation on SNSs. Considering that SNSs have a global appeal, empirical tests assess the effectiveness of justice measures for three culturally distinct countries: Germany, Russia and Morocco. The results indicate that these measures are particularly suited to address trusting beliefs of SNS audience. Specifically, in all examined countries, procedural justice and the awareness dimension of informational justice improve perceptions of trust in the SNS provider. Privacy concerns, however, are not as easy to manage, because the impact of justice-based measures on privacy concerns is not universal. Beyond theoretical value, this research offers valuable practical insights into the use of justice-based measures to promote trust and mitigate privacy concerns in a cross-cultural setting.
Resumo:
Durch den großen Erfolg des Cloud Computing und der hohen Geschwindigkeit, mit der Cloud-Innovationen seither Einzug in die Praxis finden, eröffnen sich für die Industrie neue Chancen im Wettbewerb. Von besonderer Bedeutung sind die Möglichkeiten, Cloud-gestützte Geschäftsprozesse dynamisch, als direkte Reaktion auf einen Kundenauftrag, anzupassen und auszuführen. Dies gilt insbesondere auch für kooperative und unternehmensübergreifende Anwendungen, welche aus mehreren IT-Diensten verschiedener Partner bestehen. Gegenstand dieses Artikels ist die Vorstellung eines Konzeptes und einer Architektur für eine zentrale Cloud-Plattform zur Konfiguration, Ausführung und Überwachung von kollaborativen Logistik-Prozessen. Auf dieser Plattform können Geschäftsprozesse modelliert und in ihren Privacy-Eigenschaften parametrisiert werden. Die einzelnen Prozesselemente werden dabei mit IT-Diensten verknüpft, die beispielsweise auf externen Cloud-Plattformen ausgeführt werden. Ein Schwerpunkt der Veröffentlichung liegt in der Betrachtung der Erstellung, Umsetzung und Überwachung von Privacy-Anforderungen.
Resumo:
Only recently, during the past five years, consumer electronics has been evolving rapidly. Many products have started to include “smart home” capabilities, enabling communication and interoperability of various smart devices. Even more devices and sensors can be remote controlled and monitored through cloud services. While the smart home systems have become very affordable to average consumer compared to the early solutions decades ago, there are still many issues and things that need to be fixed or improved upon: energy efficiency, connectivity with other devices and applications, security and privacy concerns, reliability, and response time. This paper focuses on designing Internet of Things (IoT) node and platform architectures that take these issues into account, notes other currently used solutions, and selects technologies in order to provide better solution. The node architecture aims for energy efficiency and modularity, while the platform architecture goals are in scalability, portability, maintainability, performance, and modularity. Moreover, the platform architecture attempts to improve user experience by providing higher reliability and lower response time compared to the alternative platforms. The architectures were developed iteratively using a development process involving research, planning, design, implementation, testing, and analysis. Additionally, they were documented using Kruchten’s 4+1 view model, which is used to describe the use cases and different views of the architectures. The node architecture consisted of energy efficient hardware, FC3180 microprocessor and CC2520 RF transceiver, modular operating system, Contiki, and a communication protocol, AllJoyn, used for providing better interoperability with other IoT devices and applications. The platform architecture provided reliable low response time control, monitoring, and initial setup capabilities by utilizing web technologies on various devices such as smart phones, tablets, and computers. Furthermore, an optional cloud service was provided in order to control devices and monitor sensors remotely by utilizing scalable high performance technologies in the backend enabling low response time and high reliability.
Resumo:
Public agencies are increasingly required to collaborate with each other in order to provide high-quality e-government services. This collaboration is usually based on the service-oriented approach and supported by interoperability platforms. Such platforms are specialized middleware-based infrastructures enabling the provision, discovery and invocation of interoperable software services. In turn, given that personal data handled by governments are often very sensitive, most governments have developed some sort of legislation focusing on data protection. This paper proposes solutions for monitoring and enforcing data protection laws within an E-government Interoperability Platform. In particular, the proposal addresses requirements posed by the Uruguayan Data Protection Law and the Uruguayan E-government Platform, although it can also be applied in similar scenarios. The solutions are based on well-known integration mechanisms (e.g. Enterprise Service Bus) as well as recognized security standards (e.g. eXtensible Access Control Markup Language) and were completely prototyped leveraging the SwitchYard ESB product.
