Future consumer mobile phone security: a case study using the data centric security model

In the interconnected world that we live in, traditional security barriers are\ud broken down. Developments such as outsourcing, increased usage of mobile\ud devices and wireless networks each cause new security problems.\ud To address the new security threats, a number of solutions have been suggested,\ud mostly aiming at securing data rather than whole systems or networks.\ud However, these visions (such as proposed by the Jericho Forum [9] and IBM\ud [4]) are mostly concerned with large (inter-) enterprise systems. Until now, it is\ud unclear what data-centric security could mean for other systems and environments.\ud One particular category of systems that has been neglected is that of\ud consumer mobile phones. Currently, data security is usually limited to a PIN\ud number on startup and the option to disable wireless connections. The lack of\ud protection does not seem justified, as these devices have steadily increased in\ud capabilities and capacity; they can connect wirelessly to the Internet and have\ud a high risk of being lost or stolen [8]. This not only puts end users at risk, but\ud also their contacts, as phones can contain privacy sensitive data of many others.\ud For example, if birth dates and addresses are kept with the contact records, in\ud many cases a thief will have enough information to impersonate a contact and\ud steal his identity.\ud Could consumer mobile phones benefit from data-centric security? How\ud useful is data-centric security in this context? These are the core questions we\ud will try to address here

Conceptual evidence collection and analysis methodology for Android devices

Android devices continue to grow in popularity and capability meaning the need for a forensically sound evidence collection methodology for these devices also increases. This chapter proposes a methodology for evidence collection and analysis for Android devices that is, as far as practical, device agnostic. Android devices may contain a significant amount of evidential data that could be essential to a forensic practitioner in their investigations. However, the retrieval of this data requires that the practitioner understand and utilize techniques to analyze information collected from the device. The major contribution of this research is an in-depth evidence collection and analysis methodology for forensic practitioners.Comment: in Cloud Security Ecosystem (Syngress, an Imprint of Elsevier), 201

The Cost Of Privacy: Riley v. California’s Impact on Cell Phone Searches

Riley v. California is the United States Supreme Court’s first attempt to regulate the searches of cell phones by law enforcement. The 2014 unanimous decision requires a warrant for all cell phone searches incident to arrest absent an emergency. This work summarizes the legal precedent and analyzes the limitations and practical implications of the ruling. General guidelines for members of the criminal justice system at all levels consistent with the Supreme Court’s decision are provided

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

The Supreme Digital Divide

Society has long struggled with the meaning of privacy in a modern world. This struggle is not new. With the advent of modern technology and information sharing, however, the challenges have become more complex. Socially, Americans seek to both protect their private lives, and also to utilize technology to connect with the world. Commercially, industries seek to obtain information from individuals, often without their consent, and sell it to the highest bidder. As technology has advanced, the ability of other individuals, institutions, and governments to encroach upon this privacy has strengthened. Nowhere is this tension between individual privacy rights and government security interests felt more acutely than within the context of the Fourth Amendment.Notwithstanding the long duration of this struggle, jurisprudentially, the nation is at a critical point. Traditionally, the touchstone for analyzing the boundaries of Fourth Amendment searches is reasonableness. Quite literally, therefore, the Supreme Court has the task of determining the unanswerable: What is reasonable? This task, combined with the modern realities of rapidly changing technology, increased use of government surveillance, and changing expectations and conceptions of privacy, as well as differing perspectives of privacy in a heterogeneous society, becomes an even further complicated endeavor.One of the significant realities in play at this critical juncture lies within the Court itself. This Article asserts that there is a new, different form of the digital divide — the divide between the perspective of the Court and twenty-first century realities — which negatively impacts Fourth Amendment jurisprudence. This Article focuses on two specific aspects of that gap, arguing that this gap in experience and perspective contributes to false presumptions by the Court, which then leads to less than optimal opinions. Such an approach creates a veritable house of cards in which the opinions themselves are weakened and erode over time. The potential of the Court to add crucial guidance in the area of privacy law in contemporary society is immense. That being said, any constructive impact is compromised when the validity of the opinions precludes their ability to withstand the test of time.This Article discusses the gap generally, with specific attention paid to the divide between the Court and technological realities, and the gap between the Court and the realities of modern policing and pressures on law enforcement. The author argues that these divides result in opinions purporting to determine what is reasonable in modern life, but which rest upon a set of inaccurate presumptions. By analyzing Riley v. California, in which the Court held that the police may not dispense with the warrant requirement to search arrestees’ cell phones incident to arrest, this paper demonstrates examples of this gap. In particular, the article explores three inaccurate presumptions made in Riley, arguing that they contribute to a failed jurisprudence in this critical area. The article concludes by offering concrete steps to close the digital divide and allow the Court to more effectively influence this critical area of the law and modern life

The Supreme Digital Divide

Society has long struggled with the meaning of privacy in a modern world. This struggle is not new. With the advent of modern technology and information sharing, however, the challenges have become more complex. Socially, Americans seek to both protect their private lives, and also to utilize technology to connect with the world. Commercially, industries seek to obtain information from individuals, often without their consent, and sell it to the highest bidder. As technology has advanced, the ability of other individuals, institutions, and governments to encroach upon this privacy has strengthened. Nowhere is this tension between individual privacy rights and government security interests felt more acutely than within the context of the Fourth Amendment.Notwithstanding the long duration of this struggle, jurisprudentially, the nation is at a critical point. Traditionally, the touchstone for analyzing the boundaries of Fourth Amendment searches is reasonableness. Quite literally, therefore, the Supreme Court has the task of determining the unanswerable: What is reasonable? This task, combined with the modern realities of rapidly changing technology, increased use of government surveillance, and changing expectations and conceptions of privacy, as well as differing perspectives of privacy in a heterogeneous society, becomes an even further complicated endeavor.One of the significant realities in play at this critical juncture lies within the Court itself. This Article asserts that there is a new, different form of the digital divide — the divide between the perspective of the Court and twenty-first century realities — which negatively impacts Fourth Amendment jurisprudence. This Article focuses on two specific aspects of that gap, arguing that this gap in experience and perspective contributes to false presumptions by the Court, which then leads to less than optimal opinions. Such an approach creates a veritable house of cards in which the opinions themselves are weakened and erode over time. The potential of the Court to add crucial guidance in the area of privacy law in contemporary society is immense. That being said, any constructive impact is compromised when the validity of the opinions precludes their ability to withstand the test of time.This Article discusses the gap generally, with specific attention paid to the divide between the Court and technological realities, and the gap between the Court and the realities of modern policing and pressures on law enforcement. The author argues that these divides result in opinions purporting to determine what is reasonable in modern life, but which rest upon a set of inaccurate presumptions. By analyzing Riley v. California, in which the Court held that the police may not dispense with the warrant requirement to search arrestees’ cell phones incident to arrest, this paper demonstrates examples of this gap. In particular, the article explores three inaccurate presumptions made in Riley, arguing that they contribute to a failed jurisprudence in this critical area. The article concludes by offering concrete steps to close the digital divide and allow the Court to more effectively influence this critical area of the law and modern life

PRECEPT: A Framework for Ethical Digital Forensics Investigations.

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability. In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure. The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this. Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced. Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

VIII. Legal Ethics Update

New tech tools and solutions now allow a law practice to go paperless naturally, without putting excessive strain on everyday operations. The transition is not without a hurdle or two, however. Find out what types of software and organizational techniques will help you transition without loss of productivity. This practical guide will help you make certain all special attorney record-keeping rules and confidentiality concerns are taken into account. Get the latest efficiency tips for your law office on the go, and save time and money with a more streamlined and environmentally conscious legal practice

Information security behaviour of smartphone users: An empirical study on the students of University of Dhaka, Bangladesh.

Smartphone is the most popular electronic device in the present world. Along with the use of internet, smartphone has made revolution in the information communication technology sector. The current operating systems of smartphones allow to download mobile applications providing diverse types of features and functions. At the present days, the use of smartphone increases to a large extent that it is impossible to think a single day without using the smartphones. The widespread use of smartphones has introduced new types of information security threats, risks and vulnerabilities. The risky user behaviours, non-implementation of security counter measures and storage, and transmission of the vast amount of sensitive information in the smartphones are causing massive information security problems. Security of information is greatly depending on the information security behaviour of the users. Moreover, Information security behaviour has a direct impact to secure the information in the use of smartphone. In this study, the information security behaviour of the students of university of Dhaka, Bangladesh in the use of smartphone has been explored. This study will help to raise information security awareness among the students and encourage the authority to adopt appropriate strategy, policy and develop necessary training program to resolve information security risks in the use of smartphones. However, further research can be conducted by inclusion of a large sample size out of the students of other universities also