Authentication and authorisation in entrusted unions

This paper reports on the status of a project whose aim is to implement and demonstrate in a real-life environment an integrated eAuthentication and eAuthorisation framework to enable trusted collaborations and delivery of services across different organisational/governmental jurisdictions. This aim will be achieved by designing a framework with assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption to address the security and confidentiality requirements of large distributed infrastructures. The framework supports collaborative secure distributed storage, secure data processing and management in both the cloud and offline scenarios and is intended to be deployed and tested in two pilot studies in two different domains, viz, Bio-security incident management and Ambient Assisted Living (eHealth). Interim results in terms of security requirements, privacy preserving authentication, and authorisation are reported

The National Dialogue on the Quadrennial Homeland Security Review

Six years after its creation, the Department of Homeland Security (DHS) undertook the first Quadrennial Homeland Security Review (QHSR) to inform the design and implementation of actions to ensure the safety of the United States and its citizens. This review, mandated by the Implementing the 9/11 Commission Recommendations Act of 2007, represents the first comprehensive examination of the homeland security strategy of the nation. The QHSR includes recommendations addressing the long-term strategy and priorities of the nation for homeland security and guidance on the programs, assets, capabilities, budget, policies, and authorities of the department.Rather than set policy internally and implement it in a top-down fashion, DHS undertook the QHSR in a new and innovative way by engaging tens of thousands of stakeholders and soliciting their ideas and comments at the outset of the process. Through a series of three-week-long, web-based discussions, stakeholders reviewed materials developed by DHS study groups, submitted and discussed their own ideas and priorities, and rated or "tagged" others' feedback to surface the most relevant ideas and important themes deserving further consideration.Key FindingsThe recommendations included: (1) DHS should enhance its capacity for coordinating stakeholder engagement and consultation efforts across its component agencies, (2) DHS and other agencies should create special procurement and contracting guidance for acquisitions that involve creating or hosting such web-based engagement platforms as the National Dialogue, and (3) DHS should begin future stakeholder engagements by crafting quantitative metrics or indicators to measure such outcomes as transparency, community-building, and capacity

A Collaborative Access Control Model for Shared Items in Online Social Networks

The recent emergence of online social networks (OSNs) has changed the communication behaviors of thousand of millions of users. OSNs have become significant platforms for connecting users, sharing information, and a valuable source of private and sensitive data about individuals. While OSNs insert constantly new social features to increase the interaction between users, they, unfortunately, offer primitive access control mechanisms that place the burden of privacy policy configuration solely on the holder who has shared data in her/his profile regardless of other associated users, who may have different privacy preferences. Therefore, current OSN privacy mechanisms violate the privacy of all stakeholders by giving one user full authority over another’s privacy settings, which is extremely ineffective. Based on such considerations, it is essential to develop an effective and flexible access control model for OSNs, accommodating the special administration requirements coming from multiple users having a variety of privacy policies over shared items. In order to solve the identified problems, we begin by analyzing OSN scenarios where at least two users should be involved in the access control process. Afterward, we propose collaborative access control framework that enables multiple controllers of the shared item to collaboratively specify their privacy settings and to resolve the conflicts among co-controllers with different requirements and desires. We establish our conflict resolution strategy’s rules to achieve the desired equilibrium between the privacy of online users and the utility of sharing data in OSNs. We present a policy specification scheme for collaborative access control and authorization administration. Based on these considerations, we devise algorithms to achieve a collaborative access control policy over who can access or disseminate the shared item and who cannot. In our dissertation, we also present the implementation details of a proof-of-concept prototype of our approach to demonstrate the effectiveness of such an approach. With our approach, sharing and interconnection among users in OSNs will be promoted in a more trustworthy environment

Police Knowledge Exchange: Full Report 2018

[Executive Summary] This report was commissioned to explore the enablers and barriers to sharing within and between police forces and between police forces and partners, including the public. This was completed from an interdisciplinary review of international literature covering sharing, knowledge exchange, learning and organisational learning. The literature broke down into four main factors; who, why, what and how. An introduction to the literature is presented with ‘Who’ is sharing which considers both personal identity and different institutional issues. The ‘Why’ literature covers issues of cultural and community motivators and barriers. The ‘What’ segment reviews concepts of data, information and knowledge and related legislative issues. Finally, the ‘how’ section spans face to face sharing approaches to technologies that produce both enablers and barriers. A series of 42 in-depth interviews and focus groups were completed and combined with 47 survey responses . The aim of the interviews, focus groups and survey was to show perceptions and beliefs around knowledge sharing from a small sample across policing in order to complement the findings from the literature review. The survey was adapted from a standardised questionnaire (Biggs, 1987). The Biggs questionnaire focused on what motivated students to learn and how they approached their learning. Our adapted survey looked at what motivated police to share, and how they approached sharing. The responses showed a trend, across the police, towards a motivation for sharing to develop a deeper understanding of issues. However, the approaches and the strategies they used to share with others, which were primarily driven by achieving and surface approaches (to get promoted and get the job done). According to Biggs (1987) this could leave them discontented as they never progress to a deeper understanding of issues. Scaffolding sharing within the police through processes that are clearly defined, effective and valued could help to overcome these issues. Within the interviews and focus group findings a similar structured approach to sharing was adopted. Within the ‘who’ section some key aspects around personal relationships, reciprocity and reputation were identified. The ‘why’ the police share was one of the largest discussion points. Not only was there a deep motivation to solve key policing issues there was an approach of reciprocity. Police sharing was deeply motivated to support ‘good practice’ in the prevention and detection of crime. However, a sharing barrier was identified in the parity of value given to different types of knowledge for example between professional judgement and research evidence knowledge. Sharing was achieved when there were reciprocal benefits, in particular with personal networks or face to face sharing which was noted as ‘safe’. Again, this was inhibited by misunderstandings around the ‘risks’ of sharing, frequently attributed to data protection legislation; producing cautious reactions and as an avoidance tactic to save time and effort sharing. However, a divide was noted between technical users and those who avoided any online systems for sharing; often due to poorly designed systems and a lack of confidence in how to use systems. The police culture was identified as being risk-adverse, and competitive due to multiple factors, a lack of supported time to share, Her Majesty’s Inspectorate of Constabulary (HMIC) reviews and promotion criteria. The result was perceived to be a poor cultural ability to learn from mistakes and a likelihood to repeat errors. A set of strategic recommendations are given and include the use of a sharing authorised professional practice for HMIC reviews, sharing networks and training. A further set of operational recommendations are given such as; sharing impact cases for evidence based practice, data sharing officers and evaluating mechanisms for sharing. This full report is supported by the Police Knowledge Exchange Summary Report 2018 which gives an overview of the findings and recommendations

Toward a social compact for digital privacy and security

Executive summary The Global Commission on Internet Governance (GCIG) was established in January 2014 to articulate and advance a strategic vision for the future of Internet governance. In recent deliberations, the Commission discussed the potential for a damaging erosion of trust in the absence of a broad social agreement on norms for digital privacy and security. The Commission considers that, for the Internet to remain a global engine of social and economic progress that reflects the world’s cultural diversity, confidence must be restored in the Internet because trust is eroding. The Internet should be open, freely available to all, secure and safe. The Commission thus agrees that all stakeholders must collaborate together to adopt norms for responsible behaviour on the Internet. On the occasion of the April 2015 Global Conference on Cyberspace meeting in The Hague, the Commission calls on the global community to build a new social compact between citizens and their elected representatives, the judiciary, law enforcement and intelligence agencies, business, civil society and the Internet technical community, with the goal of restoring trust and enhancing confidence in the Internet. It is now essential that governments, collaborating with all other stakeholders, take steps to build confidence that the right to privacy of all people is respected on the Internet. It is essential at the same time to ensure the rule of law is upheld. The two goals are not exclusive; indeed, they are mutually reinforcing. Individuals and businesses must be protected both from the misuse of the Internet by terrorists, cyber criminal groups and the overreach of governments and businesses that collect and use private data. A social compact must be built on a shared commitment by all stakeholders in developed and less developed countries to take concrete action in their own jurisdictions to build trust and confidence in the Internet. A commitment to the concept of collaborative security and to privacy must replace lengthy and over-politicized negotiations and conferences

Lex Informatica: The Formulation of Information Policy Rules through Technology

Historically, law and government regulation have established default rules for information policy, including constitutional rules on freedom of expression and statutory rights of ownership of information. This Article will show that for network environments and the Information Society, however, law and government regulation are not the only source of rule-making. Technological capabilities and system design choices impose rules on participants. The creation and implementation of information policy are embedded in network designs and standards as well as in system configurations. Even user preferences and technical choices create overarching, local default rules. This Article argues, in essence, that the set of rules for information flows imposed by technology and communication networks form a “Lex Informatica” that policymakers must understand, consciously recognize, and encourage