247,964 research outputs found

    Federalization in Information Privacy Law

    Get PDF
    In Preemption and Privacy, Professor Paul Schwartz argues that it would be unwise for Congress to adopt a unitary federal information privacy statute that both eliminates the sector-specific distinctions in federal information privacy law and blocks the development of stronger state regulation. That conclusion, though narrow, rests on descriptive and normative claims with broad implications for the state-federal balance in information privacy law. Descriptively, Professor Schwartz sees the current information privacy law landscape as the product of successful experimentation at the state level. That account, in turn, fuels his normative claims, and in particular his sympathy with theories of competitive federalism. As I will argue, however, we cannot ignore the federal inputs -- judicial and legislative -- that shape significant segments of state information privacy law. The story of information privacy law is one of federal leadership as well as state experimentation, and we should be wary -- whether on the basis of observable practice or theoretical perspective -- of disabling Congress from articulating and federalizing privacy norms. Moreover, even from the perspective of competitive federalism, the arguments for federal regulation of information privacy law are stronger than Professor Schwartz suggests. privacy, digital privacy, internet law, competitive federalis

    PriFHEte: Achieving Full-Privacy in Account-based Cryptocurrencies is Possible

    Get PDF
    In cryptocurrencies, all transactions are public. For their adoption, it is important that these transactions, while publicly verifiable, do not leak information about the identity and the balances of the transactors. For UTXO-based cryptocurrencies, there are well-established approaches (e.g., ZCash) that guarantee full privacy to the transactors. Full privacy in UTXO means that each transaction is anonymous within the set of all private transactions ever posted on the blockchain. In contrast, for account-based cryptocurrencies (e.g., Ethereum) full privacy, that is, privacy within the set of all accounts, seems to be impossible to achieve within the constraints of blockchain transactions (e.g., they have to fit in a block). Indeed, every approach proposed in the literature achieves only a much weaker privacy guarantee called k−k-anonymity where a transactor is private within a set of kk account holders. k−k-anonymity is achieved by adding kk accounts to the transaction, which concretely limits the anonymity guarantee to a very small constant (e.g.,  ~64 for QuisQuis and  ~256 for anonymous Zether), compared to the set of all possible accounts. In this paper, we propose a completely new approach that does not achieve anonymity by including more accounts in the transaction, but instead makes the transaction itself ``smarter\u27\u27. Our key contribution is to provide a mechanism whereby a compact transaction can be used to correctly update all accounts. Intuitively, this guarantees that all accounts are equally likely to be the recipients/sender of such a transaction. We, therefore, provide the first protocol that guarantees full privacy in account-based cryptocurrencies PriFHEte The contribution of this paper is theoretical. Our main objective is to demonstrate that achieving full privacy in account-based cryptocurrency is actually possible. We see our work as opening the door to new possibilities for anonymous account-based cryptocurrencies. Nonetheless, in this paper, we also discuss PriFHEte\u27s potential to be developed in practice by leveraging the power of off-chain scalability solutions such as zk rollups

    Developing educational materials about risks on social network sites: a design based research approach

    Get PDF
    Nearly all of today’s Western teenagers have a profile on a social network site (SNS). As many risks have been reported, researchers and governments have emphasized the role of school education to teach teenagers how to deal safely with SNSs. However, little is known about the specific characteristics which would make interventions effective. Therefore, the overall objective of this research aims to propose a list of validated theoretical design principles for future development of educational materials about risks on SNSs. This research goal was pursued through a design-based research procedure. Thereby targeting teenagers of secondary education in 8 separate studies, the different steps of the design-based research procedure have iteratively been completed. Firstly, a problem analysis was executed through 3 explorative studies, including an observational study, a theoretical evaluation of existing materials and a survey study. Secondly, initial solutions were developed and evaluated in practice through 5 quasi-experimental intervention studies. Thirdly, we reflected upon all the previous results to produce design principles. Finally, we conclude with an analysis of the design-based research methodology

    Rethinking Location Privacy for Unknown Mobility Behaviors

    Full text link
    Location Privacy-Preserving Mechanisms (LPPMs) in the literature largely consider that users' data available for training wholly characterizes their mobility patterns. Thus, they hardwire this information in their designs and evaluate their privacy properties with these same data. In this paper, we aim to understand the impact of this decision on the level of privacy these LPPMs may offer in real life when the users' mobility data may be different from the data used in the design phase. Our results show that, in many cases, training data does not capture users' behavior accurately and, thus, the level of privacy provided by the LPPM is often overestimated. To address this gap between theory and practice, we propose to use blank-slate models for LPPM design. Contrary to the hardwired approach, that assumes known users' behavior, blank-slate models learn the users' behavior from the queries to the service provider. We leverage this blank-slate approach to develop a new family of LPPMs, that we call Profile Estimation-Based LPPMs. Using real data, we empirically show that our proposal outperforms optimal state-of-the-art mechanisms designed on sporadic hardwired models. On non-sporadic location privacy scenarios, our method is only better if the usage of the location privacy service is not continuous. It is our hope that eliminating the need to bootstrap the mechanisms with training data and ensuring that the mechanisms are lightweight and easy to compute help fostering the integration of location privacy protections in deployed systems

    Ethics and social networking sites: A disclosive analysis of Facebook

    Get PDF
    Paper has been accepted for publication in Information, Technology and People.Purpose: This paper provides insights into the moral values embodied by a popular social networking site (SNS), Facebook. We adopt the position that technology as well as humans has a moral character in order to disclose ethical concerns that are not transparent to users of the site. Design/methodology/approach: This study is based upon qualitative field work, involving participant observation, conducted over a two year period. Findings: Much research on the ethics of information systems has focused on the way that people deploy particular technologies, and the consequences arising, with a view to making policy recommendations and ethical interventions. By focusing on technology as a moral actor with reach across and beyond the Internet, we reveal the complex and diffuse nature of ethical responsibility in our case and the consequent implications for governance of SNS. Research limitations/implications: We situate our research in a body of work known as disclosive ethics and argue for an ongoing process of evaluating SNS to reveal their moral importance. Along with other authors in the genre, our work is largely descriptive, but we engage with prior research by Brey and Introna to highlight the scope for theory development. Practical implications: Governance measures that require the developers of social networking sites to revise their designs fail to address the diffuse nature of ethical responsibility in this case. Such technologies need to be opened up to scrutiny on a regular basis to increase public awareness of the issues and thereby disclose concerns to a wider audience. We suggest that there is value in studying the development and use of these technologies in their infancy, or if established, in the experiences of novice users. Furthermore, flash points in technological trajectories can prove useful sites of investigation. Originality/value: Existing research on social networking sites either fails to address ethical concerns head on or adopts a tool view of the technologies so that the focus is on the ethical behaviour of users. We focus upon the agency, and hence the moral character, of technology to show both the possibilities for, and limitations of, ethical interventions in such cases

    On the anonymity risk of time-varying user profiles.

    Get PDF
    Websites and applications use personalisation services to profile their users, collect their patterns and activities and eventually use this data to provide tailored suggestions. User preferences and social interactions are therefore aggregated and analysed. Every time a user publishes a new post or creates a link with another entity, either another user, or some online resource, new information is added to the user profile. Exposing private data does not only reveal information about single users’ preferences, increasing their privacy risk, but can expose more about their network that single actors intended. This mechanism is self-evident in social networks where users receive suggestions based on their friends’ activities. We propose an information-theoretic approach to measure the differential update of the anonymity risk of time-varying user profiles. This expresses how privacy is affected when new content is posted and how much third-party services get to know about the users when a new activity is shared. We use actual Facebook data to show how our model can be applied to a real-world scenario.Peer ReviewedPostprint (published version
    • …
    corecore