Body language, security and e-commerce

Security is becoming an increasingly more important concern both at the desktop level and at the network level. This article discusses several approaches to authenticating individuals through the use of biometric devices. While libraries might not implement such devices, they may appear in the near future of desktop computing, particularly for access to institutional computers or for access to sensitive information. Other approaches to computer security focus on protecting the contents of electronic transmissions and verification of individual users. After a brief overview of encryption technologies, the article examines public-key cryptography which is getting a lot of attention in the business world in what is called public key infrastructure. It also examines other efforts, such as IBM’s Cryptolope, the Secure Sockets Layer of Web browsers, and Digital Certificates and Signatures. Secure electronic transmissions are an important condition for conducting business on the Net. These business transactions are not limited to purchase orders, invoices, and contracts. This could become an important tool for information vendors and publishers to control access to the electronic resources they license. As license negotiators and contract administrators, librarians need to be aware of what is happening in these new technologies and the impact that will have on their operations

TOWARDS INSTITUTIONAL INFRASTRUCTURES FOR E-SCIENCE: The Scope of the Challenge

The three-fold purpose of this Report to the Joint Information Systems Committee (JISC) of the Research Councils (UK) is to: • articulate the nature and significance of the non-technological issues that will bear on the practical effectiveness of the hardware and software infrastructures that are being created to enable collaborations in e- Science; • characterise succinctly the fundamental sources of the organisational and institutional challenges that need to be addressed in regard to defining terms, rights and responsibilities of the collaborating parties, and to illustrate these by reference to the limited experience gained to date in regard to intellectual property, liability, privacy, and security and competition policy issues affecting scientific research organisations; and • propose approaches for arriving at institutional mechanisms whose establishment would generate workable, specific arrangements facilitating collaboration in e-Science; and, that also might serve to meet similar needs in other spheres such as e- Learning, e-Government, e-Commerce, e-Healthcare. In carrying out these tasks, the report examines developments in enhanced computer-mediated telecommunication networks and digital information technologies, and recent advances in technologies of collaboration. It considers the economic and legal aspects of scientific collaboration, with attention to interactions between formal contracting and 'private ordering' arrangements that rest upon research community norms. It offers definitions of e-Science, virtual laboratories, collaboratories, and develops a taxonomy of collaborative e-Science activities which is implemented to classify British e-Science pilot projects and contrast these with US collaboratory projects funded during the 1990s. The approach to facilitating inter-organizational participation in collaborative projects rests upon the development of a modular structure of contractual clauses that permit flexibility and experience-based learning.

An investigation into the “beautification” of security ceremonies

“Beautiful Security” is a paradigm that requires security ceremonies to contribute to the ‘beauty’ of a user experience. The underlying assumption is that people are likely to be willing to engage with more beautiful security ceremonies. It is hoped that such ceremonies will minimise human deviations from the prescribed interaction, and that security will be improved as a consequence. In this paper, we explain how we went about deriving beautification principles, and how we tested the efficacy of these by applying them to specific security ceremonies. As a first step, we deployed a crowd-sourced platform, using both explicit and metaphorical questions, to extract general aspects associated with the perception of the beauty of real-world security mechanisms. This resulted in the identification of four beautification design guidelines. We used these to beautify the following existing security ceremonies: Italian voting, user-to-laptop authentication, password setup and EU premises access. To test the efficacy of our guidelines, we again leveraged crowd-sourcing to determine whether our “beautified” ceremonies were indeed perceived to be more beautiful than the original ones. The results of this initial foray into the beautification of security ceremonies delivered promising results, but must be interpreted carefully

Blockchain Copyright Exchange – A Prototype

The copyright market for creative works such as music and movies traditionally involves a complex web of licensing transactions and exorbitant transaction costs. Out of every dollar that consumers pay, an artist who writes, performs, and produces her own work may receive less than fifteen cents while the rest are diverted to cover the costs of financing new production, marketing new works, and distributing royalties. Although artists are typically scheduled to receive royalties on a quarterly basis, a payment may lag as far as two years after users paid. Furthermore, if a collecting society is unable to identify the rightful owner for a royalty payment, it routinely allocates the royalty among its existing members. This Article proposes a blockchain copyright exchange (“BCE”) that dramatically improves efficiency and accuracy in copyright transactions by hardcoding thousands of copyright rules and license terms in blockchain-based smart contracts. First, BCE allows artists to earn a royalty per stream potentially sixteen times larger than Spotify offers and eighty times larger than YouTube offers. Artists receive payments at a speed millions of times faster, in a matter of seconds instead of months, with zero administrative charges and zero dollars falling through the cracks. Second, BCE allows artists to launch crowdfunding campaigns inviting fans to securely finance creative works in return for a share of copyright ownership in the form of a non-fungible token (“NFT”) or a fungible token (“FT”). It significantly diversifies the investment risks for artists and labels alike. Third, BCE cultivates a healthy ecosystem among artists and users by mobilizing users to mine BCE tokens through distribution and promotion of licensed works. These powerful incentives, together with BCE’s innovative enforcement mechanisms, may effectively eliminate the breeding ground for copyright piracy

Biometric Identification, Law and Ethics

This book undertakes a multifaceted and integrated examination of biometric identification, including the current state of the technology, how it is being used, the key ethical issues, and the implications for law and regulation. The five chapters examine the main forms of contemporary biometrics–fingerprint recognition, facial recognition and DNA identification– as well the integration of biometric data with other forms of personal data, analyses key ethical concepts in play, including privacy, individual autonomy, collective responsibility, and joint ownership rights, and proposes a raft of principles to guide the regulation of biometrics in liberal democracies.Biometric identification technology is developing rapidly and being implemented more widely, along with other forms of information technology. As products, services and communication moves online, digital identity and security is becoming more important. Biometric identification facilitates this transition. Citizens now use biometrics to access a smartphone or obtain a passport; law enforcement agencies use biometrics in association with CCTV to identify a terrorist in a crowd, or identify a suspect via their fingerprints or DNA; and companies use biometrics to identify their customers and employees. In some cases the use of biometrics is governed by law, in others the technology has developed and been implemented so quickly that, perhaps because it has been viewed as a valuable security enhancement, laws regulating its use have often not been updated to reflect new applications. However, the technology associated with biometrics raises significant ethical problems, including in relation to individual privacy, ownership of biometric data, dual use and, more generally, as is illustrated by the increasing use of biometrics in authoritarian states such as China, the potential for unregulated biometrics to undermine fundamental principles of liberal democracy. Resolving these ethical problems is a vital step towards more effective regulation.Ethics & Philosophy of Technolog

Navigating Risk in Vendor Data Privacy Practices: An Analysis of Elsevier\u27s ScienceDirect

Executive Summary As libraries transitioned from buying materials to licensing content, serious threats to privacy followed. This change shifted more control over library user data (and whether it is collected or kept at all) from the local library to third-party vendors, including personal data about what people search for and what they read. This transition has further reinforced the move by some of the largest academic publishers to move beyond content and become data analytics businesses that provide platforms of tools used throughout the research lifecycle that can collect user data at each stage. These companies have an increasing incentive to collect and monetize the rich streams of data that these platforms can generate from users. As a result, user privacy depends on the strength of privacy protections guaranteed by vendors (e.g., negotiated for in contracts), and a growing body of evidence indicates that this should be a source of concern. User tracking that would be unthinkable in a physical library setting now happens routinely through such platforms. The potential integration of this tracking with other lines of business, including research analytics tools and data brokering services, raises pressing questions for users and institutions. Elsevier provides an important case study in this dynamic. Elsevier is many academic libraries’ largest vendor for collections, and its platforms span the knowledge production process, from discovery and idea generation to publication to evaluation. Furthermore, Elsevier’s parent company, RELX, is a leading data broker. Its “risk” business, which provides services to corporations, governments, and law enforcement agencies based on expansive databases of personal data, has surpassed its Elsevier division in revenue and profitability. For these reasons, it is important to carefully consider Elsevier’s privacy practices, the risks they may pose, and proactive steps to protect users. This analysis focuses on ScienceDirect due to its position as a leading discovery platform for research as well as the Elsevier product that researchers are most likely to interact with regularly. Based on our findings, many of ScienceDirect\u27s data privacy practices directly conflict with library privacy standards and guidelines. The data privacy practices identified in our analysis are like the practices found in many businesses and organizations that track and harvest user data to sustain privacy-intrusive data-driven business models. The widespread data collection, user tracking and surveillance, and disclosure of user data inherent to these business models run counter to the library\u27s commitment to user privacy as specified in the ALA Code of Ethics, Library Bill of Rights, and the IFLA Statement on Privacy in the Library Environment. Examples of current ScienceDirect practices found in our analysis that conflict with these standards include: • Use of web beacons, cookies, and other invasive web surveillance methods to track user behavior outside and beyond the ScienceDirect website • Extensive collection of a broad range of personal data (e.g., behavioral and location data) from ScienceDirect combined with personal data harvested from sources beyond ScienceDirect (i.e., third parties in and outside of RELX and data brokers as stated in Elsevier’s Privacy Policy and U.S. Consumer Privacy Notice) • Collection of personal data by third parties, including search engines, social media platforms, and other personal-data aggregators and profilers such as Google, Adobe, Cloudflare, and New Relic, through extensive use of third-party trackers on the ScienceDirect site • Disclosure of personal data to other Elsevier products and the potential for disclosure of personal data to other business units within RELX, including risk products and services sold to corporations, governments, and law enforcement agencies • Processing and disclosure of personal data (and personal data inferred from personal data) for targeted, personalized advertising and marketing In particular, ScienceDirect’s U.S. Consumer Privacy Notice, posted and updated in 2023, raises important concerns. The notice describes the disclosure of detailed user data—including geolocation data, sensitive personal information, and inference data used to create profiles on individuals—both for wide-ranging internal use and to external third parties, including “affiliates” and “business and joint venture partners.” The collection and disclosure of data about who someone is, where they are, and what they search for and read by the same overarching company that provides sophisticated surveillance and data brokering products to corporations, governments, and law enforcement should be alarming. These practices raise the question of whether simultaneous ownership of key academic infrastructure alongside sophisticated surveillance and data brokering businesses should be permitted at all—by users, by institutions, or by policymakers and regulatory authorities. Our analysis cannot definitively confirm whether personal data derived from academic products is currently being used in data brokering or “risk” products. Nevertheless, ScienceDirect’s privacy practices highlight the need to be aware of this risk, which is not mitigated by privacy policy revisions or potential verbal assurances concerning specific data uses. Privacy policies can be changed unilaterally, and denials are not legally binding. To be meaningful, any privacy guarantee a vendor makes must be durable, verifiable, and not limited to a particular jurisdiction. As many of the largest publishers reinvent themselves as platform businesses, users and institutions should actively evaluate and address the potential privacy risks as this transition occurs rather than after it is complete. In closely analyzing the privacy practices of the leading vendor in this transition, this report highlights the need for institutions to be proactive in responding to these risks and provides initial steps for doing so. This report underscores the significant expertise and capacity required for any institution to understand even one vendor’s privacy practices—and the power asymmetry this creates between vendors and libraries. Collaborative efforts, such as SPARC’s Privacy & Surveillance Community of Practice, can plan a key role in supporting future action to address the real privacy risks posed by vendors’ platforms. This report closes with options that institutions may consider to mitigate these risks over the short and longer term

Promising Approaches to Address the Needs of Poor Female Farmers: Resources, Constraints, and Interventions

This paper critically reviews attempts to increase poor female farmers' access to, and control of, productive resources in Sub-Saharan Africa and South Asia. It surveys the literature from 1998 to 2008 that describes interventions and policy changes across several key agricultural resources, including land, soil, and water; labor-saving technologies; improved varieties; extension services; and credit. Main questions: (1) Are women more constrained in access to, and control of, productive resources? (2) What are the key intervention strategies to address constraints to accessing such resources? (3) What are some of the promising approaches that have been used in the field? and (4) Have those approaches been rigorously evaluated, and what are the implications for scaling up

Large-scale Biometrics Deployment in Europe: Identifying Challenges and Threats

With large-scale biometrics deployment in the EU still in its infancy and with stakeholders racing to position themselves in view of the lucrative market that is forecasted, a study to identify challenges and threats that need to be dealt with was launched. This is the result: a report on Biometrics large-scale Deployment in Europe. The report tackles three main issues namely, the status, security / privacy and testing / certification processes. A survey was launched so as to help reveal the actual status of Biometrics large-scale Deployment initiatives in EU. The main outcome of the survey was that an open dissemination of implementation results policy is needed mainly on deployment plans, strategies, barriers and best practices. The security/ privacy challenges study identified a number of issues, the most important of which were related to proportionality and compliance to the existing regulatory framework while at the same time it revealed an important number of related actions aiming at ensuring both data security and privacy. The aim of the Bio Testing Europe study was double: to identify and collect comparable and certified results under different technologies, vendors and environments situations and to feed in this information to animate discussion among the members of a European network which would enhance the European testing and certification capacity. The study presents an integrated picture of the identified issues as well as a number of recommendations. With some of the systems that are being implemented involving millions of individuals as target users it is important for policy makers to adopt some of the options presented so as to address the identified through the study challengesJRC.J.4-Information Societ

Re-embodied fear : Designing deep learning methods in virtual reality to unravel emotional body loops

This thesis is an experimental research that theoretically examines the ontological nature of virtual reality (VR) and its possible implications to be used in designing new emotional learning environments and experiences. The focus is set on fear as an emotion that physically and mentally manifests itself as a specific phobia. The applications of using virtual reality as a psychological tool for treating negative emotions are questioned by making apparent the unanswered questions about our emotions and perception taking abilities. Through different case studies related to the manipulations of our sense of embodiment in VR, the plasticity of our mind and body is researched and applied into emotion theories. The thesis examines how VR could be harnessed to reveal the phenomenal ‘body loops’ with the help of sensor technology (HRV) and ultimately, be designed to unravel the maladaptive loops. Hypothetically, it considers taking advantage of the virtual space design and our sense of embodiment by literally creating new perspectives for experiencing through virtual body manipulations. Through problematization and the ideology of ontological design, it is suggested that we should adapt more radical design in VR to overcome the existing scientific paradigms about emotional learning