Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

Integrated Border Management at the EU Level. CEPS Working Documents No. 227, 1 August 2005

In times marked by trends as diverse as economic globalisation, international migration as well as fear of terrorism and organised crime, the efficient handling of borders has become an issue of political priority, in the EU and across the world. Modern, economy-oriented states have to rely on a flourishing trade and offer a comfortable degree of security to their citizens. The formula commonly chosen in combining these two objectives is that of ‘integrated border management’, which represents the delicate attempt to marry security concerns with trade facilitation. If the implementation of this innovative approach is already proving to be a challenge to well-established nation states, it becomes a genuine balancing act for an incomplete federation such as the EU, with its sensitive mix of a single external border and 25 separate legal/administrative systems. This working paper seeks to illustrate the difficulties encountered by the EU and develop solutions that should firmly go into the direction of a coherent, communitarian approach in border management, such as that sketched out by the recent Council Regulation No. 2007/2004 establishing the European Border Agency known as FRONTEX

The Shaping of a Policy Framework for the Wider Europe. CEPS Policy Brief No. 39, September 2003

[From the Introduction]. With the enlargement of the EU from 15 to 25, the new Wider Europe debate – interpreted in the broad sense as in this paper – rises high up on the EU agenda, complementing the draft Constitution prepared by the European Convention. Together they are defining what the EU is to be. The Convention is defining the EU from the inside. The Wider Europe debate is seeking to define it by reference to its outer edges and wider neighbourhood. Already in March 2003, the European Commission published a first policy communication on the subject. This has been followed by the document on European security strategy submitted to the European Council in June 2003 by Javier Solana, the optique of which is different, but whose content overlaps with the Wider Europe. These two documents may be viewed as ‘white’ or ‘green’ papers of the EU institutions. They are important references, yet highly preliminary and incomplete. The present document sketches a more structured policy framework, and makes proposals for how this might be further developed

CHALLENGES AND OPPORTUNITIES OF ADOPTING MANAGEMENT INFORMATION SYSTEMS (MIS) FOR PASSPORT PROCESSING: COMPARATIVE STUDY BETWEEN LESOTHO AND SOUTH AFRICA

Thesis ( M. Tech. (Business Administration )) - Central University of Technology, Free State, 2014Fast and secure public service delivery is not only a necessity, but a compulsory endeavour. However, it is close to impossible to achieve such objectives without the use of Information Technology (IT). It is correspondingly important to find proper sustainability frameworks of technology. Organisations do not only need technology for efficient public service; the constant upgrading of systems and cautious migration to the newest IT developments is also equally indispensable in today’s dynamic technological world. Conversely, countries in Africa are always lagging behind in technological progresses. Such deficiencies have been identified in the passport processing of Lesotho and South Africa, where to unequal extents, problems related to systems of passport production have contributed to delays and have become fertile grounds for corrupt practices. The study seeks to identify the main impediments in the adoption of Management Information Systems (MIS) for passport processing. Furthermore, the study explores the impact MIS might have in attempting to combat long queues and to avoid long waiting periods – from application to issuance of passports to citizens. The reasonable time frame between passport application and issuance, and specific passport management systems, have been extensively discussed along with various strategies that have been adopted by some of the world’s first movers in modern passport management technologies. In all cases and stages of this research, Lesotho and South Africa are compared. The research approach of the study was descriptive and explorative in nature. As a quantitative design, a structured questionnaire was used to solicit responses in Lesotho and South Africa. It was established that both Lesotho and South Africa have somewhat similar problems – although, to a greater extent, Lesotho needs much more urgent attention. Although the processes of South Africa need to be improved, the Republic releases a passport much faster and more efficiently than Lesotho. Economic issues are also revealed by the study as unavoidable factors that always affect technological developments in Africa. The study reveals that the latest MIS for passport processing has facilitated modern, automated border-control systems and resultant e-passports that incorporate more biometric information of citizens to passports – thanks to modern RFID technologies. One can anticipate that this study will provide simple, affordable and secure IT solutions for passport processing. Key words: Information Technology (IT); Management Information Systems (MIS); E-Government; E-Passport; Biometrics; and RFID

Connection men, pushers and migrant trajectories: examining the dynamics of the migration industry in Ghana and along routes into Europe and the Gulf States

This paper examines the inner workings and operational logic of the array of individuals, agencies, state and non-state actors, institutions and social networks that collectively make up the migration industry in Ghana. It sheds light on how actors in the migration industry facilitate and condition migrant mobility, focusing on workers moving from Ghana along two migration corridors towards Europe and the Gulf States for work in the domestic and construction sectors. The study draws on a broad and nuanced conceptualisation of the “migration industry” which goes beyond a narrow focus on actors operating mainly for financial gain. Instead, it focuses on migration not just as a movement from point of departure to arrival, but as a changing journey over both space and time. This allows not only empirical insights into the processes through which people move, but it also provides an analytical lens to better unpack the complexities of migration processes. We extend the analysis of migration industries by incorporating risk theory into the analysis of the migration decision. The decision takes place in a context where migrants’ high level of knowledge about the dangers of migration has not translated into a reduction in migration flows on these two corridors. We analyse migrants’ rationale for choosing to embark on highly risky journeys, even in the face of increasing knowledge about these risks, and to develop appropriate policy responses

COVID-19 Antibody Test/Vaccination Certification There’s an app for that

Goal: As the Coronavirus Pandemic of 2019/2020 unfolds, a COVID-19 ‘Immunity Passport’ has been mooted as a way to enable individuals to return back to work. While the quality of antibody testing, the avail- the ability of vaccines, and the likelihood of even attaining COVID-19 immunity continue to be researched, we address the issues involved in providing tamper-proof and privacy-preserving certification for test results and vaccinations. Methods: We developed a prototype mobile phone app and requisite decentralized server architecture that facilitates instant verification of tamper-proof test results. Personally identifiable information is only stored at the user’s discretion, and the app allows the end-user selectively to present only the specific test result with no other personal information revealed. The architecture, designed for scalability, relies upon (a) the 2019 World Wide Web Consortium standard called ‘Verifiable Credentials’, (b) Tim Berners-Lee’s decentralized personal data platform ‘Solid’, and (c) a Consortium Ethereum-based blockchain. Results: Our mobile phone app and decentralized server architecture enable the mixture of verifiability and privacy in a manner derived from public/private key pairs and digital signatures, generalized to avoid restrictive ownership of sensitive digital keys and/or data. Benchmark performance tests show it to scale linearly in the worst case, as significant processing is done locally on each app. For the test certificate Holder, Issuer (e.g. healthcare staff, pharmacy) and Verifier (e.g. employer), it is ‘just another app’ which takes only minutes to use. Conclusions: The app and decentralized server architecture offer a prototype proof of concept that is readily scalable, applicable generically, and in effect ‘waiting in the wings’ for the biological issues, plus key ethical issues raised in the discussion section, to be resolved

On Security and Privacy for Networked Information Society : Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes

Our society has developed into a networked information society, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet arguably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure communications. A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The methods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communications, not just the intended targets. When we continue to further build the networked information upon the unreliable foundation of the Internet we encounter increasingly complex problems,which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the importance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical. The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked information society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryptographic primitives in a resource-constrained environment, examine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Internet surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveillance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, examine what is essential security knowledge for citizens, advocate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work.Yhteiskunta, jossa elämme, on muovautunut teknologian kehityksen myötä todelliseksi tietoyhteiskunnaksi. Monet verkottuneen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tämän kehityksen seurauksena. Tämän muutoksen keskiössä on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa verkottuneiden laitteiden keskenäisen viestinnän ennennäkemättömässä mittakaavassa. Internet on muovautunut ehkä keskeisimmäksi osaksi globaalia viestintäinfrastruktuuria, ja siksi myös globaalin viestinnän turvaaminen korostuu tulevaisuudessa yhä enemmän. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edellyttävät vakaan, turvallisen ja nopean viestintäjärjestelmän olemassaoloa. Laajamittainen tietoverkkojen joukkovalvonta muodostaa merkittävän uhan tämän järjestelmän vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen käytetyt menetelmät ja työkalut eivät vain anna mahdollisuutta tarkastella valvonnan kohteena olevaa viestiliikennettä, vaan myös vaarantavat kaiken Internet-liikenteen ja siitä riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tämän kaltaisia valuvikoja ja haavoittuvuuksia sisältävän järjestelmän varaan, keskeinen uhkatekijä on, että yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. Näiden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tämän väitöskirjatyön keskiössä. Koska työssä on teknisen sisällön lisäksi vahva yhteiskunnallinen elementti, tarkastellaan tiukan teknisen tarkastelun sijaan aihepiirä laajemmin myös yhteiskunnallisesta näkökulmasta. Tässä väitöskirjassa pyritään rakentamaan kokonaiskuvaa verkottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja vakauteen vaikuttavista tekijöistä, sekä tuomaan esiin uusia ratkaisuja ja avauksia eri näkökulmista. Työn tavoitteena on osaltaan mahdollistaa entistä turvallisemman verkottuneen tietoyhteiskunnan rakentaminen tulevaisuudessa. Teknisestä näkökulmasta työssä esitetään suunnitteluvuo kryptografisia primitiivejä tehokkaasti hyödyntäville rajallisen laskentatehon sulautetuviiille järjestelmille, analysoidaan biometrisiin passeihin, kansainväliseen passijärjestelmään, sekä sähköiseen äänestykseen kohdistuvia uhkia, tarkastellaan joukkovalvontaan käytettyjen tekniikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekä tutkitaan suomalaisten Internet-käyttäjien salasanatottumuksia verkkosovelluksissa. Teknis-yhteiskunnallisesta näkökulmasta työssä tarkastellaan valvonnan teoriaa ja perehdytään siihen, miten valvonta vaikuttaa verkottuneen tietoyhteiskunnan kansalaisiin. Lisäksi kehitetään menetelmiä parempaan tietoturvaopetukseen kaikilla koulutusasteilla, määritellään keskeiset tietoturvatietouden käsitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaatetta verkottuneen tietoyhteiskunnan kansalaisistaan keräämän tiedon hallintaan ja käyttöön, sekä tutkitaan luottamuksen merkitystä yhteiskunnan ydintoimintojen turvallisuudelle ja toiminnalle, keskittyen erityisesti pakotetun luottamuksen vaikutuksiin