Emerging privacy challenges and approaches in CAV systems

The growth of Internet-connected devices, Internet-enabled services and Internet of Things systems continues at a rapid pace, and their application to transport systems is heralded as game-changing. Numerous developing CAV (Connected and Autonomous Vehicle) functions, such as traffic planning, optimisation, management, safety-critical and cooperative autonomous driving applications, rely on data from various sources. The efficacy of these functions is highly dependent on the dimensionality, amount and accuracy of the data being shared. It holds, in general, that the greater the amount of data available, the greater the efficacy of the function. However, much of this data is privacy-sensitive, including personal, commercial and research data. Location data and its correlation with identity and temporal data can help infer other personal information, such as home/work locations, age, job, behavioural features, habits, social relationships. This work categorises the emerging privacy challenges and solutions for CAV systems and identifies the knowledge gap for future research, which will minimise and mitigate privacy concerns without hampering the efficacy of the functions

Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials

Electronic tickets (e-tickets) are electronic versions of paper tickets, which enable users to access intended services and improve services' efficiency. However, privacy may be a concern of e-ticket users. In this paper, a privacy-preserving electronic ticket scheme with attribute-based credentials is proposed to protect users' privacy and facilitate ticketing based on a user's attributes. Our proposed scheme makes the following contributions: (1) users can buy different tickets from ticket sellers without releasing their exact attributes; (2) two tickets of the same user cannot be linked; (3) a ticket cannot be transferred to another user; (4) a ticket cannot be double spent; (5) the security of the proposed scheme is formally proven and reduced to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme has been implemented and its performance empirically evaluated. To the best of our knowledge, our privacy-preserving attribute-based e-ticket scheme is the first one providing these five features. Application areas of our scheme include event or transport tickets where users must convince ticket sellers that their attributes (e.g. age, profession, location) satisfy the ticket price policies to buy discounted tickets. More generally, our scheme can be used in any system where access to services is only dependent on a user's attributes (or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table

Location Tracking by Police: The Regulation of ‘Tireless and Absolute Surveillance’

Location information reveals people’s whereabouts, but can also tell much about their habits, preferences, and, ultimately, much of their private lives. Current surveillance technologies used in criminal investigation include many techniques to track someone’s movements; not all are equally intrusive. This raises the following questions: how do jurisdictions draw boundaries between lesser and more serious privacy intrusions? What factors play a role? How are geolocational privacy interests framed? In this Article, we answer these questions through a comparative analysis of location-tracking regulation in eight jurisdictions: Canada, Czechia, Germany, Italy, the Netherlands, Poland, the United Kingdom, and the United States. We analyze the legal status of location tracking through human observation, GPS tracking, cell-phone tracking, IMSI catchers (Stingrays), silent SMS, automated license-plate recognition, and directional Wi-Fi tracking in these countries. This results in highly context-dependent and case-specific assessments, in which eight factors play a role: use of a technical device, place, intensity, duration, degree of suspicion, object of tracking, covertness, and active generation of data. At a deeper level of analysis, we identify different conceptualizations of privacy underlying these assessments: not only classic privacy frames, such as communications secrecy, protection of home and body, and informational privacy, but also two new privacy frames: freedom of movement in combination with anonymity, and the mosaic theory. Thus, we discern a tentative but unmistakable shift in how lawmakers and courts assess the intrusiveness of location tracking, particularly of people’s movements in public space. Traditional privacy frames tend to downplay the seriousness of the privacy infringement enabled by location tracking, and our analysis demonstrates an increasing discomfort with this tendency, leading to the emergence of novel privacy frames (or theories) to regulate what might easily turn into what the Supreme Court of the United States has called “tireless and absolute surveillance.” We conclude that legal privacy frameworks developed in past centuries prove ill-suited for assessing the privacy-intrusiveness of contemporary location-tracking investigation methods, and that emerging, novel frameworks for understanding and protecting privacy may provide lawmakers and courts with the tools needed to address the challenge of preserving (geolocational) privacy in the twenty-first century

Location Tracking by Police: The Regulation of ‘Tireless and Absolute Surveillance’

Location information reveals people’s whereabouts, but can also tell much about their habits, preferences, and, ultimately, much of their private lives. Current surveillance technologies used in criminal investigation include many techniques to track someone’s movements; not all are equally intrusive. This raises the following questions: how do jurisdictions draw boundaries between lesser and more serious privacy intrusions? What factors play a role? How are geolocational privacy interests framed? In this Article, we answer these questions through a comparative analysis of location-tracking regulation in eight jurisdictions: Canada, Czechia, Germany, Italy, the Netherlands, Poland, the United Kingdom, and the United States. We analyze the legal status of location tracking through human observation, GPS tracking, cell-phone tracking, IMSI catchers (Stingrays), silent SMS, automated license-plate recognition, and directional Wi-Fi tracking in these countries. This results in highly context-dependent and case-specific assessments, in which eight factors play a role: use of a technical device, place, intensity, duration, degree of suspicion, object of tracking, covertness, and active generation of data. At a deeper level of analysis, we identify different conceptualizations of privacy underlying these assessments: not only classic privacy frames, such as communications secrecy, protection of home and body, and informational privacy, but also two new privacy frames: freedom of movement in combination with anonymity, and the mosaic theory. Thus, we discern a tentative but unmistakable shift in how lawmakers and courts assess the intrusiveness of location tracking, particularly of people’s movements in public space. Traditional privacy frames tend to downplay the seriousness of the privacy infringement enabled by location tracking, and our analysis demonstrates an increasing discomfort with this tendency, leading to the emergence of novel privacy frames (or theories) to regulate what might easily turn into what the Supreme Court of the United States has called “tireless and absolute surveillance.” We conclude that legal privacy frameworks developed in past centuries prove ill-suited for assessing the privacy-intrusiveness of contemporary location-tracking investigation methods, and that emerging, novel frameworks for understanding and protecting privacy may provide lawmakers and courts with the tools needed to address the challenge of preserving (geolocational) privacy in the twenty-first century