Photo by Xacobe de Toro
The identity information protection act 2006 has been passed by the Californian state senate and given to governor Arnold Schwarzenegger for signing, according to reports.
Identity Information Protection Act (SB 768): Setting the Record Straight, EFF Website
Office of Privacy Protection - California Department of Consumer Affairs
Photo by Xacobe de Toro
Text Source EPIC newsletter
In a letter addressed to the Secretary of Commerce Carlos Gutierrez, EPIC urged the Department of Commerce to restrict the export of high-tech surveillance equipment to China. While the US has restricted the export of products such as tear gas, handcuffs, and shotguns to China, the letter noted, high-tech equipment that can be used for surveillance and censorship is freely exported to the country.
The export restrictions were put in place following the 1989 Tienanmen Square massacre. Recent reports on human rights abuses in China have focused on the role that US technology companies have played in the suppression of free speech. A recent article in BusinessWeek, for example, highlighted the fact that Oracle, Cisco, Motorola, and EMC Corp. all sold technology products to Chinese police and security authorities that can be used to track political dissidents, in spite of China's "dismal" human rights record.
The Information Law Institute will held the Multidisciplinary Graduate Student Symposium: Identity and Identification in a Networked World, September 29-30, 2006, New York University School of Law .
Increasingly, who we are is represented by key bits of information scattered throughout the data-intensive, networked world. Online and off, these core identifiers mediate our sense of self, social interactions, movements through space, and access to goods and services. There is much at stake in designing systems of identification and identity management, deciding who or what will be in control of them, and building in adequate protection for our bits of identity permeating the network.
This symposium will examine critical and controversial issues surrounding socio-technical systems of identity, identifiability and identification. It will showcase emerging scholarship of graduate students at the cutting edge of humanities, social sciences, artists, systems design & engineering, philosophy, law, and policy to work towards a clearer understanding of these complex problems, and build foundations for future collaborative work.
In addition to graduate student panels, keynote talks will be delivered by Professor Ian Kerr, Canada Research Chair in Ethics, Law & Technology at the University of Ottawa, and Dick Hardt, CEO and founder of Sxip Identity.
Text Source: Information Law Institute website
Pew Internet & American Life Project has just published a survey of internet leaders, activists, and analysts shows that a majority agree with predictions that by 2020:
People will wittingly and unwittingly disclose more about themselves, gaining some benefits in the process even as they lose some privacy.
The experts and analysts also split evenly on a central question of whether the world will be a better place in 2020 due to the greater transparency of people and institutions afforded by the internet: 46% agreed that the benefits of greater transparency of organizations and individuals would outweigh the privacy costs and 49% disagreed.
Transparency builds a better world, even at the expense of privacy: As sensing, storage and communication technologies get cheaper and better, individuals' public and private lives will become increasingly “transparent” globally. Everything will be more visible to everyone, with good and bad results. Looking at the big picture - at all of the lives affected on the planet in every way possible - this will make the world a better place by the year 2020. The benefits will outweigh the costs.46% agreed... 49% disagreed... 5% didn't answer
Full results of the survey, including engaging quotes from hundreds of respondents and brief biographies on many of these people, can be found on the Web at http://www.imaginingtheinternet.org by using the "Predictions Surveys" link.
Text Source Pew Internet & American Life Project Press Page
Links:
Elon University "Imagining the Internet" database
First report on the Future of the Internet
BBC: Internet's future in 2020 debated
Pictures of the Future by Siemens
Text source PARC website
The Palo Alto Research Center (PARC), a subsidiary of Xerox Corporation, conducts pioneering interdisciplinary research in the physical, computational, and social sciences. Building on a 36-year tradition of innovation, PARC today provides research services, technology, and intellectual property to Xerox and other strategic partners.
One of the research areas is: Security & Privacy
PARC is developing technologies that intelligently support security and privacy for ubiquitous computing environments. Work in this area ranges from usable techniques for securely managing large networks of devices, to privacy-preserving methods for collecting and disseminating content over such networks.
This research area incorporates competencies in applied cryptography, human factors, and network security.
Project Areas
Usable Security
Today's users want mobile access to previously unknown devices and services as well as firewalled content. A fundamental challenge in providing such access securely is ease of use: if a security procedure is too difficult, users may configure it incorrectly, won't deploy it, or will just switch it off. PARC is developing technology that enables easy management of large networks of devices as well as usable access control for the content distributed on these networks. An example of a technology is the Network-in-a-Box.
Privacy-preserving Data Management
The trend toward ubiquitous computing has made the gathering and sharing of personal data increasingly easy. PARC is developing technologies that support such activities while providing strong privacy guarantees. One particular technology is a privacy appliance that protects against the identification of individuals through inference control.
Content Protection
With the growing demand for data-management outsourcing and the continued growth of content piracy, secure and efficient methods for protecting content are of increasing importance. One particular project in this space is developing semi-automated ways of protecting documents based on deep content analysis. This project is in collaboration with natural language processing and image analysis groups at PARC.
Knowledge Wharton publishes this week this article Does Your Web Browsing Create a Unique 'Clickprint'? based in a new research paper "Balaji Padmanabhan and Catherine Yang about how identify some of the web users.
"We address the question of whether humans have unique signatures - or clickprints - when they browse the Web. The importance of being able to answer this can be significant given applications to electronic commerce in general and in particular online fraud detection, a major problem in electronic commerce costing the economy billions of dollars annually. In this paper we present a data mining approach to answer this “unique clickprint determination problem.
The solution technique is based on a simple yet powerful idea of casting this problem as an aggregation problem. We develop formal methods to solve this problem and thereby determine the optimal amount of user data that must be aggregated before unique clickprints can be deemed to exist. Using some basic behavioral variables derived from real Web browsing data, our results suggest that the answer to the main question is “most likely”, given that we observe reasonably accurate user predictions using limited data."
“Paper Abstract
“Clickprints on the Web: Are there signatures in Web browsing data?”
By Balaji Padmanabhan and Catherine Yang
SWAMI Project (Safeguards in a World of Ambient Intelligence) a project that aims to identify and analyse the social, economic, legal, technological and ethical issues related to identity, privacy and security in the forecasted but not yet deployed Ambient Intelligence (AmI) environment.
SWAMI Partners
Final Report and Dissemination DRAFT
Wright, David (ed.), Safeguards in a World of Ambient Intelligence: Final Report, SWAMI Deliverable D4: A report of the SWAMI consortium to the European Commission under contract 006507, August 2006.
http://swami.jrc.es
Source EPIC Press Release
On Friday, September 8, EPIC and Privacy International release the 8th Privacy and Human Rights Report, which covers privacy laws and developments around the world. This annual report provides an overview of key privacy topics and reviews the state of privacy in over 70 countries around the world. It singles out a number of trends, including new anti-terrorism laws that provide for increased search capabilities and sharing of information among law enforcement authorities; and new traveler pre-screening and profiling systems.
PHR 2005 at the EPIC Bookstore:
http://www.epic.org/bookstore/phr2005/phr2005.html
PHR 2005 Executive Summary in Spanish:
http://www.epic.org/bookstore/phr2005/phr05_execsum_sp.pdf
PHR 2005 Executive Summary in Russian:
http://www.epic.org/bookstore/phr2005/phr05_execsum_ru.pdf
PHR 2005 Executive Summary in Arabic:
http://www.epic.org/bookstore/phr2005/phr05_execsum_AR.pdf
The Eminent Jurists Panel, U.S. Hearings:
http://ejp.icj.org/hearing.php3?id_rubrique=10
Knowledge Wharton publishes this week an article about loyalty programs:
The Lowdown on Customer Loyalty Programs: Which Are the Most Effective and Why
When making a purchase, a consumer has a choice between using frequent-flier miles, cash, or some combination thereof. Which will he or she choose?...
Wharton marketing professor Xavier Drèze and Joseph C. Nunes of the University of California's Marshall School of Business have spent several years studying how these programs can be structured to generate the most revenue for companies offering them.
Links:
"Using Combined-Currency Prices to Lower Consumers' Perceived Cost" a paper by Dreze and Nunes.
The customer loyalty costs of data breaches
The Value of Privacy on Loyalty Retailing (by Melody Vargas)
In 2003 Edward Hurley wrote at SearchSecurity.com an article about the Chief Privacy Officer position, Companies creating more chief privacy officer jobs.
The chief security officer (CSO) position has matured to the point where the title isn't particularly jarring when you see it on a business card. However, the same probably cannot be said for the chief privacy officer (CPO) job.
CPOs are the public point people for a company's privacy initiatives. In other words, they function as the human face that is responsible for protecting the customer data that's collected and stored by companies.
Courier-Post Online has just published this article by Katie Grasso, Network of ideas available as privacy officers emerge.
A chief privacy officer's daily responsibilities include:
* Maintaining compliance and self-assessment documentation for new privacy and information security laws and regulations.
* Performing privacy compliance assessments by testing key privacy controls, systems and procedures.
* Determining the impact of current and pending privacy-related legislation and regulations.
* Responding to actual or potential breaches of stored information on customers and employees.
* Creating a privacy policy and training employees.
* But what if you're a small-business owner who can't afford a CPO?
According to BBC News the application Browzar has been branded "adware" by many because it directs web searches to online adverts.
Some technical experts also say Browzar, which claims to leave no trail of webpages visited, does not work.
Browzar's developers say they are examining the feedback but strongly deny that it is adware.
Read the entire article on bbc.news.
Image source ETRICS website
ETRICS 2006 took place from June 6th to 9th in Freiburg.
ETRICS is an International Conference on Emerging Trends in Information and Communication Security. Protecting information and communication systems and services from malicious use is essential for their deployment and acceptance. In addition to applying techniques from traditional security research and security engineering, it is necessary to take into account the vulnerabilities originating from increased mobility at application level and the integration of security requirements into business processes.
Workshops
1: UC and RFID today – Breakthrough or still on hold?
2: Security and Privacy in Future Business Services
3: Security in Autonomous Systems
4: Long-lasting Security
Workshop 2: Security and Privacy in Future Business Services
Part 1: Importance of Privacy for Individuals, Society and Economy
Ursula Sury
Rechtsanwältin in Luzern und Zug, Prof. an der Hochschule für Wirtschaft, Technik und Architektur in Luzern
Privacy: Ausgewählte Aspekte von Rechtsverletzungen durch Computing
Alessandro Acquisti
Carnegie Mellon University, Pittsburgh
Is There a Cost to Privacy Breaches? - An Event Study
Alfred Kobsa
University of California, Humboldt University, Berlin
Convincing Users to Disclose Personal Data
Sarah Spiekermann
University of Berlin
Privacy in the Germans' Mind
Part 2: Technical Approaches for Protecting Privacy
Sebastian Gajek
University of Bochum
A Case Study on Online-Banking Security
Marit Hansen
Independent Centre for Privacy Protection Schleswig-Holstein
Using Legally Compliant Reputation Systems to Filter SPIT (Spam over Internet Telephony)
Matthew Smith
University of Marburg
Future Internet Security Services Enabled by Sharing of Anonymized Logs
Stefan Sackmann
University of Freiburg
Privacy Evidence for Protecting Customer's Privacy in Ubiquitous Computing
Sören Preibusch
DIW Berlin
Designing Incentive-Compatible Privacy Negotiations
Boursas Latifa
Munich University of Technology
Integration and Propagation of Trust in Federated Identity Management Scenarios
