Fred Zacharias’s Skeptical Moralism

Fred Zacharias\u27s articles, Rethinking Confidentiality, published in two parts, were a sensational start to an illustrious career. Fred conducted the first and one of the best empirical studies of confidentiality in years, surveying lawyers and clients in Tompkins County, New York, about what lawyers actually told clients about confidentiality and its exceptions, and what difference the exceptions made in whether clients withheld information from their lawyers

PROPYLA: Privacy Preserving Long-Term Secure Storage

An increasing amount of sensitive information today is stored electronically and a substantial part of this information (e.g., health records, tax data, legal documents) must be retained over long time periods (e.g., several decades or even centuries). When sensitive data is stored, then integrity and confidentiality must be protected to ensure reliability and privacy. Commonly used cryptographic schemes, however, are not designed for protecting data over such long time periods. Recently, the first storage architecture combining long-term integrity with long-term confidentiality protection was proposed (AsiaCCS'17). However, the architecture only deals with a simplified storage scenario where parts of the stored data cannot be accessed and verified individually. If this is allowed, however, not only the data content itself, but also the access pattern to the data (i.e., the information which data items are accessed at which times) may be sensitive information. Here we present the first long-term secure storage architecture that provides long-term access pattern hiding security in addition to long-term integrity and long-term confidentiality protection. To achieve this, we combine information-theoretic secret sharing, renewable timestamps, and renewable commitments with an information-theoretic oblivious random access machine. Our performance analysis of the proposed architecture shows that achieving long-term integrity, confidentiality, and access pattern hiding security is feasible.Comment: Few changes have been made compared to proceedings versio

Confidentiality in Patent Dispute Resolution: Antitrust implications

nformation is crucial to the functioning of the patent system, as it is for other markets. Nevertheless, patent licensing terms are often subject to confidentiality agreements. On the one hand, this is not surprising: sellers and buyers do not normally publicize the details of their transactions. On the other hand, explicit confidentiality agreements are not common in other markets, and they may be particularly problematic for patents. Several United States Supreme Court cases have condemned agreements that suppress market information, and those cases could be applied to confidentiality agreements in the patent context. Of course, confidentiality may sometimes be pro-competitive, particularly when it involves only private negotiations. In other contexts, however, and notably in arbitration, which is a substitute for open court proceedings, the competitive balance is more problematic. Indeed, U.S. patent law mandates that patent arbitration awards be made public through the Patent and Trademark Office, though this requirement is generally ignored. Information about licensing terms is particularly important in one of today’s most important patent licensing contexts. The standard-setting organizations that define the technologies used in products like smartphones typically require their members to commit to license patented technologies that are adopted in standards on fair, reasonable, and non- discriminatory (FRAND) terms. The non-discriminatory element of this commitment is difficult for potential licensees to enforce without information about the licensing terms to which other licensees have agreed. This Article describes the value of patent licensing information and discusses the antitrust implications of agreements to keep that information confidential, particularly in the FRAND context and in arbitration. The Article also offers several ways in which parties, standard- setting organizations, and arbitration bodies could seek to avoid the anticompetitive effects of confidentiality

CRAC: Confidentiality Risk Assessment and IT-Architecture Comparison

CRAC is an IT-architecture-based method for assessing and comparing confidentiality risks of distributed IT systems. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets), and the paths that may be followed by different attackers (e.g. insider and outsider). We evaluate its effectiveness by applying it to a real-world outsourcing case

Confidentiality and Disclosure in Accreditation

The law and the internal policies of accrediting entities have protected the confidentiality of accreditation information, but regulators who rely on accreditation decisions for public purposes are demanding greater access to this information. The litigation involving access to accrediting information is examined

Confidentiality and Disclosure in Accreditation

The law and the internal policies of accrediting entities have protected the confidentiality of accreditation information, but regulators who rely on accreditation decisions for public purposes are demanding greater access to this information. The litigation involving access to accrediting information is examined

Data Protection

What is information? Information is a resource, regardless of its presentation perceived by the person and / or special devices as a reflection of the material world of the facts in communication process (GOST 7.0-99). There are 3 properties of information: integrity, availability and confidentiality