Privacy Violation and Detection Using Pattern Mining Techniques

Privacy, its violations and techniques to bypass privacy violation have grabbed the centre-stage of both academia and industry in recent months. Corporations worldwide have become conscious of the implications of privacy violation and its impact on them and to other stakeholders. Moreover, nations across the world are coming out with privacy protecting legislations to prevent data privacy violations. Such legislations however expose organizations to the issues of intentional or unintentional violation of privacy data. A violation by either malicious external hackers or by internal employees can expose the organizations to costly litigations. In this paper, we propose PRIVDAM; a data mining based intelligent architecture of a Privacy Violation Detection and Monitoring system whose purpose is to detect possible privacy violations and to prevent them in the future. Experimental evaluations show that our approach is scalable and robust and that it can detect privacy violations or chances of violations quite accurately. Please contact the author for full text at [email protected]

Empirical Study of Privacy Issues Among Social Networking Sites.

Social media networks are increasing their types of services and the numbers of users are rapidly growing. However, online consumers have expressed concerns about their personal privacy protection and recent news articles have shown many privacy breaches and unannounced changes to privacy policies. These events could adversely affect data protection and compromise user trust, thus it is vital that social sites contain explicit privacy policies stating a comprehensive list of protection methods. This study analyzes 60 worldwide social sites and finds that even if sites contain a privacy policy, the site pages may also possess technical elements that could be used to serendipitously collect personal information. The results show specific technical collection methods most common within several social network categories. Methods for improving online privacy practices are suggested

A Distributed Context-Aware Trust Management Architecture

The realization of a pervasive context-aware service platform imposes new challenges for the security and privacy aspects of the system in relation to traditional service platforms. One important aspect is related with the management of trust relationships, which is especially hard in a pervasive environment because users are supposed to interact with entities unknown before hand in an ad-hoc and dynamic manner. Current trust management solutions do not adapt nor scale well in this dynamic service provisioning scenario because they require previously defined trust relationships in order to operate. The objective of this thesis is to design, prototype and validate a context-aware distributed trust management architecture in order to address: (a) the lack of integration between available trust solutions and security and privacy management languages, and (b) the dynamic characteristics of a context-aware service platform

InLoc: Indoor Visual Localization with Dense Matching and View Synthesis

We seek to predict the 6 degree-of-freedom (6DoF) pose of a query photograph with respect to a large indoor 3D map. The contributions of this work are three-fold. First, we develop a new large-scale visual localization method targeted for indoor environments. The method proceeds along three steps: (i) efficient retrieval of candidate poses that ensures scalability to large-scale environments, (ii) pose estimation using dense matching rather than local features to deal with textureless indoor scenes, and (iii) pose verification by virtual view synthesis to cope with significant changes in viewpoint, scene layout, and occluders. Second, we collect a new dataset with reference 6DoF poses for large-scale indoor localization. Query photographs are captured by mobile phones at a different time than the reference 3D map, thus presenting a realistic indoor localization scenario. Third, we demonstrate that our method significantly outperforms current state-of-the-art indoor localization approaches on this new challenging data

Privacy self-regulation and the changing role of the state: from public law to social and technical mechanisms of governance

This paper provides a structured overview of different self-governance mechanisms for privacy and data protection in the corporate world, with a special focus on Internet privacy. It also looks at the role of the state, and how it has related to privacy self-governance over time. While early data protection started out as law-based regulation by nation-states, transnational self-governance mechanisms have become more important due to the rise of global telecommunications and the Internet. Reach, scope, precision and enforcement of these industry codes of conduct vary a lot. The more binding they are, the more limited is their reach, though they - like the state-based instruments for privacy protection - are becoming more harmonised and global in reach nowadays. These social codes of conduct are developed by the private sector with limited participation of official data protection commissioners, public interest groups, or international organisations. Software tools - technical codes - for online privacy protection can give back some control over their data to individual users and customers, but only have limited reach and applications. The privacy-enhancing design of network infrastructures and database architectures is still mainly developed autonomously by the computer and software industry. Here, we can recently find a stronger, but new role of the state. Instead of regulating data processors directly, governments and oversight agencies now focus more on the intermediaries - standards developers, large software companies, or industry associations. And instead of prescribing and penalising, they now rely more on incentive-structures like certifications or public funding for social and technical self-governance instruments of privacy protection. The use of technology as an instrument and object of regulation is thereby becoming more popular, but the success of this approach still depends on the social codes and the underlying norms which technology is supposed to embed. --

Exploring personalized life cycle policies

Ambient Intelligence imposes many challenges in protecting people's privacy. Storing privacy-sensitive data permanently will inevitably result in privacy violations. Limited retention techniques might prove useful in order to limit the risks of unwanted and irreversible disclosure of privacy-sensitive data. To overcome the rigidness of simple limited retention policies, Life-Cycle policies more precisely describe when and how data could be first degraded and finally be destroyed. This allows users themselves to determine an adequate compromise between privacy and data retention. However, implementing and enforcing these policies is a difficult problem. Traditional databases are not designed or optimized for deleting data. In this report, we recall the formerly introduced life cycle policy model and the already developed techniques for handling a single collective policy for all data in a relational database management system. We identify the problems raised by loosening this single policy constraint and propose preliminary techniques for concurrently handling multiple policies in one data store. The main technical consequence for the storage structure is, that when allowing multiple policies, the degradation order of tuples will not always be equal to the insert order anymore. Apart from the technical aspects, we show that personalizing the policies introduces some inference breaches which have to be further investigated. To make such an investigation possible, we introduce a metric for privacy, which enables the possibility to compare the provided amount of privacy with the amount of privacy required by the policy

E-Commerce and Trans-Atlantic Privacy

For almost a decade, the United States and Europe have anticipated a clash over the protection of personal information. Between the implementation in Europe of comprehensive legal protections pursuant to the directive on data protection and the continued reliance on industry self-regulation in the United States, trans-Atlantic privacy policies have been at odds with each other. The rapid growth in e-commerce is now sparking the long-anticipated trans-Atlantic privacy clash. This Article will first look at the context of American e-commerce and the disjuncture between citizens\u27 privacy and business practices. The Article will then turn to the international context and explore the adverse impact, on the status quo in the United States, of European data protection law as harmonized by Directive 95/46/EC of the European Parliament and of the Council of 24 Oct. 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Following this analysis, the Article will show that the “safe harbor” agreement between the United States Department of Commerce and the European Commission--designed to alleviate the threat of disruption in trans-Atlantic data flows and, in particular, to mollify concerns for the stability of online data transfers--is only a weak, seriously flawed solution for e-commerce. In the end, extra-legal technical measures and contractual mechanisms might minimize privacy conflicts for e-commerce transactions, but an international treaty is likely the only sustainable solution for long-term growth in trans-border commercial interchange

A privacy awareness system for ubiquitous computing environments

www.inf.ethz.ch/˜langhein Abstract. Protecting personal privacy is going to be a prime concern for the deployment of ubiquitous computing systems in the real world. With daunting Orwellian visions looming, it is easy to conclude that tamper-proof technical protection mechanisms such as strong anonymization and encryption are the only solutions to such privacy threats. However, we argue that such perfect protection for personal information will hardly be achievable, and propose instead to build systems that help others respect our personal privacy, enable us to be aware of our own privacy, and to rely on social and legal norms to protect us from the few wrongdoers. We introduce a privacy awareness system targeted at ubiquitous computing environments that allows data collectors to both announce and implement data usage policies, as well as providing data subjects with technical means to keep track of their personal information as it is stored, used, and possibly removed from the system. Even though such a system cannot guarantee our privacy, we believe that it can create a sense of accountability in a world of invisible services that we will be comfortable living in and interacting with.

A Blockchain-based Approach for Data Accountability and Provenance Tracking

The recent approval of the General Data Protection Regulation (GDPR) imposes new data protection requirements on data controllers and processors with respect to the processing of European Union (EU) residents' data. These requirements consist of a single set of rules that have binding legal status and should be enforced in all EU member states. In light of these requirements, we propose in this paper the use of a blockchain-based approach to support data accountability and provenance tracking. Our approach relies on the use of publicly auditable contracts deployed in a blockchain that increase the transparency with respect to the access and usage of data. We identify and discuss three different models for our approach with different granularity and scalability requirements where contracts can be used to encode data usage policies and provenance tracking information in a privacy-friendly way. From these three models we designed, implemented, and evaluated a model where contracts are deployed by data subjects for each data controller, and a model where subjects join contracts deployed by data controllers in case they accept the data handling conditions. Our implementations show in practice the feasibility and limitations of contracts for the purposes identified in this paper