Rethinking privacy in social networks: A case study of beacon

Popular online social network sites (SNS) such as Facebook and Bebo are technological platforms that are posing questions about personal privacy. This paper contributes to our understanding of the nature and form of online privacy by critically analysing the issues surrounding the failed launch of Facebook’s advertising tool Beacon. Beacon is an interesting case study because it highlighted the complexity of information ownership in an online social network. Qualitative data was gathered from 29 weblogs (blogs) representing user opinions published between 6th November 2007(when Beacon was launched) and 28th February 2008 (when commentary had dwindled). A thematic analysis of the blogs suggest that concerns such as commercialism, terms of service (TOS), lack of user control, lack of user awareness and data protection are factors that influence user perceptions of information ownership as a subset of online privacy

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

PPAA: Peer-to-Peer Anonymous Authentication (Extended Version)

In the pursuit of authentication schemes that balance user privacy and accountability, numerous anonymous credential systems have been constructed. However, existing systems assume a client-server architecture in which only the clients, but not the servers, care about their privacy. In peer-to-peer (P2P) systems where both clients and servers are peer users with privacy concerns, no existing system correctly strikes that balance between privacy and accountability. In this paper, we provide this missing piece: a credential system in which peers are {\em pseudonymous} to one another (that is, two who interact more than once can recognize each other via pseudonyms) but are otherwise anonymous and unlinkable across different peers. Such a credential system finds applications in, e.g., Vehicular Ad-hoc Networks (VANets) and P2P networks. We formalize the security requirements of our proposed credential system, provide a construction for it, and prove the security of our construction. Our solution is efficient: its complexities are independent of the number of users in the system

Double Secret Protection: Bridging Federal and State Law To Protect Privacy Rights for Telemental and Mobile Health Users

Mental health care in the United States is plagued by stigma, cost, and access issues that prevent many people from seeking and continuing treatment for mental health conditions. Emergent technology, however, may offer a solution. Through telemental health, patients can connect with providers remotely—avoiding stigmatizing situations that can arise from traditional healthcare delivery, receiving more affordable care, and reaching providers across geographic boundaries. And with mobile health technology, people can use smart phone applications both to self-monitor their mental health and to communicate with their doctors. But people do not want to take advantage of telemental and mobile health unless their privacy is protected. After evaluating the applicability of current health information privacy law to these new forms of treatment, this Note proposes changes to the federal regime to protect privacy rights for telemental and mobile health users

Double Secret Protection: Bridging Federal and State Law To Protect Privacy Rights for Telemental and Mobile Health Users

Mental health care in the United States is plagued by stigma, cost, and access issues that prevent many people from seeking and continuing treatment for mental health conditions. Emergent technology, however, may offer a solution. Through telemental health, patients can connect with providers remotely—avoiding stigmatizing situations that can arise from traditional healthcare delivery, receiving more affordable care, and reaching providers across geographic boundaries. And with mobile health technology, people can use smart phone applications both to self-monitor their mental health and to communicate with their doctors. But people do not want to take advantage of telemental and mobile health unless their privacy is protected. After evaluating the applicability of current health information privacy law to these new forms of treatment, this Note proposes changes to the federal regime to protect privacy rights for telemental and mobile health users

A Secure and Privacy-Preserving Targeted Ad-System

Thanks to its low product-promotion cost and its efficiency, targeted online advertising has become very popular. Unfortunately, being profile-based, online advertising methods violate consumers' privacy, which has engendered resistance to the ads. However, protecting privacy through anonymity seems to encourage click-fraud. In this paper, we define consumer's privacy and present a privacy-preserving, targeted ad system (PPOAd) which is resistant towards click fraud. Our scheme is structured to provide financial incentives to to all entities involved

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

A Real World Identity Management System with Master Secret Revocation

Cybersecurity mechanisms have become increasingly important as online and offline worlds converge. Strong authentication and accountability are key tools for dealing with online attacks, and we would like to realize them through a token-based, centralized identity management system. In this report, we present a privacy-preserving group of protocols comprising a unique per user digital identity card, with which its owner is able to authenticate himself, prove possession of attributes, register himself to multiple online organizations (anonymously or not) and provide proof of membership. Unlike existing credential-based identity management systems, this card is revocable, i.e., its legal owner may invalidate it if physically lost, and still recover its content and registrations into a new credential. This card will protect an honest individual's anonymity when applicable as well as ensure his activity is known only to appropriate users

The Supreme Court’s Theory of Private Law

In this Article, we revisit the clash between private law and the First Amendment in the Supreme Court\u27s recent case, Snyder v. Phelps, using a private-law lens. We are scholars who write about private law as individual justice, a perspective that has been lost in recent years but is currently enjoying something of a revival. Our argument is that the Supreme Court\u27s theory of private law has led it down a path that has distorted its doctrine in several areas, including the First Amendment–tort clash in Snyder. In areas that range from punitive damages to preemption, the Supreme Court has adopted a particular and dominant, but highly contested, theory of private law. It is the theory that private law is not private at all; it is part and parcel of government regulation, or public law in disguise. Part I is a brief overview of how that jurisprudential view came to be, as well as a sketch of a competing view of private law as individual justice. In Part II, we briefly trace the development of the doctrine surrounding the tension between the First Amendment and private law, particularly tort law, and how it helps lead to the view of private law as government regulation displayed in Snyder. We also point out how the intentional infliction of emotional distress tort, the main claim at issue in Snyder, is a particularly poor vehicle for the Court\u27s theory of private law. A relatively recent tort, it was developed by scholars and judges as a means of redress for plaintiffs who had been wronged, but were left without a remedy. Part III presents the central claims of the Article. We argue that the conception of private law as government regulation in Snyder arises from a combination of (1) the doctrinal tools that judges use in First Amendment cases, (2) the unitary nature of the state-action doctrine, and (3) the influence of instrumentalism, specifically in obscuring the plaintiff\u27s agency and the state interest in redress, and in privileging a particular view of compensation. In Part IV, we present some normative or prescriptive implications of our analysis, and then conclude