Cyber Babel: Finding the Lingua Franca in Cybersecurity Regulation

Cybersecurity regulations have proliferated over the past few years as the significance of the threat has drawn more attention. With breaches making headlines, the public and their representatives are imposing requirements on those that hold sensitive data with renewed vigor. As high-value targets that hold large amounts of sensitive data, financial institutions are among the most heavily regulated. Regulations are necessary. However, regulations also come with costs that impact both large and small companies, their customers, and local, national, and international economies. As the regulations have proliferated so have those costs. The regulations will inevitably and justifiably diverge where different governments view the needs of their citizens differently. However, that should not prevent regulators from recognizing areas of agreement. This Note examines the regulatory regimes governing the data and cybersecurity practices of financial institutions implemented by the Securities and Exchange Commission, the New York Department of Financial Services, and the General Data Protection Regulations of the European Union to identify areas where requirements overlap, with the goal of suggesting implementations that promote consistency, clarity, and cost reduction

Publishing and sharing sensitive data

Sensitive data has often been excluded from discussions about data publication and sharing. It was believed that sharing sensitive data is not ethical or that it is too difficult to do safely. This opinion has changed with greater understanding and use of methods to ‘de-sensitise’ (i.e., confidentialise) data; that is, modify the data to remove information so that participants or subjects are no longer identifiable, and the capacity to grant ‘conditional access’ to data. Requirements of publishers and funding bodies for researchers to publish and share their data have also seen sensitive data sharing increase. This guide outlines best practice for the publication and sharing of sensitive research data in the Australian context. The Guide follows the sequence of steps that are necessary for publishing and sharing sensitive data, as outlined in the ‘Publishing and Sharing Sensitive Data Decision Tree’. It provides the detail and context to the steps in this Decision Tree. References for further reading are provided for those that are interested. By following the sections below, and steps within, you will be able to make clear, lawful, and ethical decisions about sharing your data safely. It can be done in most cases! How the Guide interacts with your institutional policies This Guide is not intended to override institutional policies on data management or publication. Most researchers operate within the policies of their institution and/or funding arrangement and must, therefore, ensure their decisions about data publication align with these policies. This is particularly relevant for Intellectual Property, and sometimes, your classification of sensitive data (e.g., NSW Government Department of Environment & Heritage, Sensitive Data Species Policy) or selection of data repository. The Guide indicates the steps at which you should check your institutional policies

Privacy-preserving point-of-interest recommendation based on geographical and social influence

We investigate a privacy-preserving problem for point-of-interest (POI) recommendation system for rapidly growing location-based social networks (LBSNs). The LBSN-based recommendation algorithms usually consider three factors: user similarity, social influence between friends and geographical influence in. The LBSN-based recommendation system first needs to collect relevant information of users and then provide them with potentially interesting contents. However, sensitive information of users may be leaked when the recommendation is provided. In this article, we focus on preventing user’s privacy from disclosure upon geographical location and friend relationship factors. We propose a geographical location privacy-preserving algorithm (GLP) that achieves -privacy and present a friend relationship privacy-preserving algorithm (FRP) through adding Laplacian distributed noise for fusing the user trusts. Subsequently, we integrate the GLP and FRP algorithms into a general recommendation system and build a privacy-preserving recommendation system. The novel system enjoys the privacy guarantee under the metric differential entropy through theoretical analysis. Experimental results demonstrate a good trade-off between privacy and accuracy of the proposed recommendation system

Anonymous subject identification and privacy information management in video surveillance

The widespread deployment of surveillance cameras has raised serious privacy concerns, and many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. Of equal importance are the privacy and efficiency of techniques to first, identify those individuals for privacy protection and second, provide access to original surveillance video contents for security analysis. In this paper, we propose an anonymous subject identification and privacy data management system to be used in privacy-aware video surveillance. The anonymous subject identification system uses iris patterns to identify individuals for privacy protection. Anonymity of the iris-matching process is guaranteed through the use of a garbled-circuit (GC)-based iris matching protocol. A novel GC complexity reduction scheme is proposed by simplifying the iris masking process in the protocol. A user-centric privacy information management system is also proposed that allows subjects to anonymously access their privacy information via their iris patterns. The system is composed of two encrypted-domain protocols: The privacy information encryption protocol encrypts the original video records using the iris pattern acquired during the subject identification phase; the privacy information retrieval protocol allows the video records to be anonymously retrieved through a GC-based iris pattern matching process. Experimental results on a public iris biometric database demonstrate the validity of our framework

Robustness, Security and Privacy in Location-Based Services for Future IoT : A Survey

Internet of Things (IoT) connects sensing devices to the Internet for the purpose of exchanging information. Location information is one of the most crucial pieces of information required to achieve intelligent and context-aware IoT systems. Recently, positioning and localization functions have been realized in a large amount of IoT systems. However, security and privacy threats related to positioning in IoT have not been sufficiently addressed so far. In this paper, we survey solutions for improving the robustness, security, and privacy of location-based services in IoT systems. First, we provide an in-depth evaluation of the threats and solutions related to both global navigation satellite system (GNSS) and non-GNSS-based solutions. Second, we describe certain cryptographic solutions for security and privacy of positioning and location-based services in IoT. Finally, we discuss the state-of-the-art of policy regulations regarding security of positioning solutions and legal instruments to location data privacy in detail. This survey paper addresses a broad range of security and privacy aspects in IoT-based positioning and localization from both technical and legal points of view and aims to give insight and recommendations for future IoT systems providing more robust, secure, and privacy-preserving location-based services.Peer reviewe

Onondaga, County of and CSEA Local 1000, AFSCME, AFL-CIO, Onondaga County Local 843

In the matter of the fact-finding between the Onondaga County, employer, and the CSEA Local 1000, AFSCME, AFL-CIO, Onondaga County Local 843, union. PERB case no. M2013-298. Before: Michael G. Whelan, fact finder

SciTech News Volume 71, No. 1 (2017)

Columns and Reports From the Editor 3 Division News Science-Technology Division 5 Chemistry Division 8 Engineering Division Aerospace Section of the Engineering Division 9 Architecture, Building Engineering, Construction and Design Section of the Engineering Division 11 Reviews Sci-Tech Book News Reviews 12 Advertisements IEEE